T10154] Bluetooth: hci7: Frame reassembly failed (-84) [ 608.595018][T12853] CPU: 1 PID: 12853 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 608.604700][T12853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.614789][T12853] Call Trace: [ 608.618082][T12853] dump_stack_lvl+0xcd/0x134 [ 608.622710][T12853] should_fail.cold+0x5/0xa [ 608.627262][T12853] should_failslab+0x5/0x10 [ 608.631796][T12853] __kmalloc_track_caller+0x79/0x310 [ 608.637117][T12853] ? kasprintf+0xbb/0xf0 [ 608.641404][T12853] kvasprintf+0xb5/0x150 [ 608.645683][T12853] ? bust_spinlocks+0xe0/0xe0 [ 608.650413][T12853] kasprintf+0xbb/0xf0 [ 608.654511][T12853] ? kvasprintf_const+0x190/0x190 [ 608.659566][T12853] ? call_rcu_zapped+0xb0/0xb0 [ 608.664362][T12853] ? lockdep_unlock+0x11c/0x290 [ 608.669248][T12853] alloc_workqueue+0x45d/0xef0 [ 608.674038][T12853] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 608.680305][T12853] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 608.686056][T12853] ? vsnprintf+0x283/0x14f0 [ 608.690683][T12853] hci_register_dev+0x1c4/0xbd0 [ 608.695544][T12853] ? __raw_spin_lock_init+0x36/0x110 [ 608.700843][T12853] hci_uart_tty_ioctl+0x8c5/0xc50 [ 608.706580][T12853] tty_ioctl+0xc69/0x1670 [ 608.710915][T12853] ? hci_uart_init_work+0x170/0x170 [ 608.716222][T12853] ? tty_lookup_driver+0x550/0x550 [ 608.721449][T12853] ? lock_downgrade+0x6e0/0x6e0 [ 608.726349][T12853] ? __fget_files+0x23d/0x3e0 [ 608.731037][T12853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 608.737290][T12853] ? tty_lookup_driver+0x550/0x550 [ 608.742410][T12853] __x64_sys_ioctl+0x193/0x200 [ 608.747191][T12853] do_syscall_64+0x35/0xb0 [ 608.751614][T12853] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 608.757515][T12853] RIP: 0033:0x4665f9 [ 608.761411][T12853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 608.781022][T12853] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 608.789463][T12853] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 608.797434][T12853] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 608.805401][T12853] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 608.813370][T12853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.821337][T12853] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:38:57 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:38:57 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 609.107421][T12876] Bluetooth: hci11: Frame reassembly failed (-84) [ 609.115245][T11096] Bluetooth: hci11: Frame reassembly failed (-84) [ 609.652374][ T20] Bluetooth: hci8: command 0x1003 tx timeout [ 609.659789][ T6579] Bluetooth: hci8: sending frame failed (-49) [ 610.462442][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 610.469933][ T6579] Bluetooth: hci6: sending frame failed (-49) [ 610.612311][ T20] Bluetooth: hci7: command 0x1003 tx timeout [ 610.619143][ T6579] Bluetooth: hci7: sending frame failed (-49) [ 610.932976][ T20] Bluetooth: hci9: command 0x1003 tx timeout [ 610.940004][ T6579] Bluetooth: hci9: sending frame failed (-49) [ 610.949017][ T20] Bluetooth: hci10: command 0x1003 tx timeout [ 610.962355][ T6579] Bluetooth: hci10: sending frame failed (-49) [ 611.182317][ T7] Bluetooth: hci11: command 0x1003 tx timeout [ 611.189620][ T6579] Bluetooth: hci11: sending frame failed (-49) [ 611.732170][ T8552] Bluetooth: hci8: command 0x1001 tx timeout [ 611.738277][ T6579] Bluetooth: hci8: sending frame failed (-49) [ 612.532197][ T8458] Bluetooth: hci6: command 0x1001 tx timeout [ 612.545726][ T6579] Bluetooth: hci6: sending frame failed (-49) [ 612.692189][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 612.698317][ T6579] Bluetooth: hci7: sending frame failed (-49) [ 613.012487][ T20] Bluetooth: hci10: command 0x1001 tx timeout [ 613.018748][ T6579] Bluetooth: hci10: sending frame failed (-49) [ 613.025278][ T20] Bluetooth: hci9: command 0x1001 tx timeout [ 613.031378][ T6579] Bluetooth: hci9: sending frame failed (-49) [ 613.252175][ T1052] Bluetooth: hci11: command 0x1001 tx timeout [ 613.258441][ T6579] Bluetooth: hci11: sending frame failed (-49) [ 613.812150][ T1052] Bluetooth: hci8: command 0x1009 tx timeout [ 614.612141][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 614.772001][ T1052] Bluetooth: hci7: command 0x1009 tx timeout [ 615.102511][ T25] Bluetooth: hci9: command 0x1009 tx timeout [ 615.108917][ T25] Bluetooth: hci10: command 0x1009 tx timeout [ 615.331960][ T25] Bluetooth: hci11: command 0x1009 tx timeout 09:39:05 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 617.797406][ T6579] Bluetooth: hci8: sending frame failed (-49) 09:39:07 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:39:07 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) 09:39:07 executing program 1 (fault-call:4 fault-nth:8): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 619.082956][T12908] Bluetooth: hci6: Frame reassembly failed (-84) 09:39:07 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 619.198640][T12914] FAULT_INJECTION: forcing a failure. [ 619.198640][T12914] name failslab, interval 1, probability 0, space 0, times 0 [ 619.224198][T12914] CPU: 0 PID: 12914 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 619.233879][T12914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.243957][T12914] Call Trace: [ 619.247254][T12914] dump_stack_lvl+0xcd/0x134 [ 619.251881][T12914] should_fail.cold+0x5/0xa [ 619.256416][T12914] ? alloc_workqueue_attrs+0x38/0x80 [ 619.261728][T12914] should_failslab+0x5/0x10 [ 619.266264][T12914] kmem_cache_alloc_trace+0x55/0x3c0 [ 619.271578][T12914] alloc_workqueue_attrs+0x38/0x80 [ 619.276709][T12914] apply_wqattrs_prepare+0xb4/0x890 [ 619.281962][T12914] apply_workqueue_attrs_locked+0xc1/0x140 [ 619.287801][T12914] alloc_workqueue+0xa10/0xef0 [ 619.292597][T12914] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 619.298357][T12914] ? vsnprintf+0x283/0x14f0 [ 619.302884][T12914] hci_register_dev+0x1c4/0xbd0 [ 619.307757][T12914] ? __raw_spin_lock_init+0x36/0x110 [ 619.313083][T12914] hci_uart_tty_ioctl+0x8c5/0xc50 [ 619.318150][T12914] tty_ioctl+0xc69/0x1670 [ 619.322572][T12914] ? hci_uart_init_work+0x170/0x170 [ 619.327882][T12914] ? tty_lookup_driver+0x550/0x550 [ 619.333012][T12914] ? lock_downgrade+0x6e0/0x6e0 [ 619.337902][T12914] ? __fget_files+0x23d/0x3e0 [ 619.342592][T12914] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 619.348840][T12914] ? tty_lookup_driver+0x550/0x550 [ 619.353957][T12914] __x64_sys_ioctl+0x193/0x200 [ 619.358745][T12914] do_syscall_64+0x35/0xb0 [ 619.363169][T12914] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 619.369158][T12914] RIP: 0033:0x4665f9 [ 619.373409][T12914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 619.393217][T12914] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.401652][T12914] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 619.409626][T12914] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 619.417691][T12914] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 619.425661][T12914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 619.433643][T12914] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 619.537949][T12914] Bluetooth: Can't register HCI device 09:39:07 executing program 1 (fault-call:4 fault-nth:9): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:39:07 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 619.677204][T10154] Bluetooth: hci7: Frame reassembly failed (-84) [ 619.686496][T12935] Bluetooth: hci7: Frame reassembly failed (-84) [ 619.721117][T12939] FAULT_INJECTION: forcing a failure. [ 619.721117][T12939] name failslab, interval 1, probability 0, space 0, times 0 [ 619.747266][T12939] CPU: 0 PID: 12939 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 619.757034][T12939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.767134][T12939] Call Trace: [ 619.770511][T12939] dump_stack_lvl+0xcd/0x134 [ 619.775131][T12939] should_fail.cold+0x5/0xa [ 619.779662][T12939] ? alloc_workqueue_attrs+0x38/0x80 [ 619.784973][T12939] should_failslab+0x5/0x10 [ 619.789496][T12939] kmem_cache_alloc_trace+0x55/0x3c0 [ 619.794807][T12939] alloc_workqueue_attrs+0x38/0x80 [ 619.799940][T12939] apply_wqattrs_prepare+0xb4/0x890 [ 619.805187][T12939] apply_workqueue_attrs_locked+0xc1/0x140 [ 619.811121][T12939] alloc_workqueue+0xa10/0xef0 [ 619.811735][ T1052] Bluetooth: hci8: command 0x1003 tx timeout [ 619.815909][T12939] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 619.828029][T12939] ? vsnprintf+0x283/0x14f0 [ 619.832568][T12939] hci_register_dev+0x1c4/0xbd0 [ 619.837433][T12939] ? __raw_spin_lock_init+0x36/0x110 [ 619.842826][T12939] hci_uart_tty_ioctl+0x8c5/0xc50 [ 619.847865][T12939] tty_ioctl+0xc69/0x1670 [ 619.852284][T12939] ? hci_uart_init_work+0x170/0x170 [ 619.857508][T12939] ? tty_lookup_driver+0x550/0x550 [ 619.862821][T12939] ? lock_downgrade+0x6e0/0x6e0 [ 619.867697][T12939] ? __fget_files+0x23d/0x3e0 [ 619.872388][T12939] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 619.878640][T12939] ? tty_lookup_driver+0x550/0x550 [ 619.883757][T12939] __x64_sys_ioctl+0x193/0x200 [ 619.888547][T12939] do_syscall_64+0x35/0xb0 [ 619.892966][T12939] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 619.898870][T12939] RIP: 0033:0x4665f9 [ 619.902773][T12939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 619.922474][T12939] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.930911][T12939] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 619.938890][T12939] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 619.946867][T12939] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 619.954851][T12939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 619.962845][T12939] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 619.976942][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 620.029141][T12939] Bluetooth: Can't register HCI device 09:39:08 executing program 1 (fault-call:4 fault-nth:10): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 620.150898][T12945] FAULT_INJECTION: forcing a failure. [ 620.150898][T12945] name failslab, interval 1, probability 0, space 0, times 0 [ 620.199522][T12945] CPU: 1 PID: 12945 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 620.209209][T12945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.219284][T12945] Call Trace: [ 620.222576][T12945] dump_stack_lvl+0xcd/0x134 [ 620.227206][T12945] should_fail.cold+0x5/0xa [ 620.231741][T12945] should_failslab+0x5/0x10 [ 620.236277][T12945] kmem_cache_alloc_node+0x65/0x3d0 [ 620.241510][T12945] ? alloc_unbound_pwq+0x4a5/0xcd0 [ 620.246664][T12945] alloc_unbound_pwq+0x4a5/0xcd0 [ 620.252074][T12945] apply_wqattrs_prepare+0x2b6/0x890 [ 620.257490][T12945] apply_workqueue_attrs_locked+0xc1/0x140 [ 620.263325][T12945] alloc_workqueue+0xa10/0xef0 [ 620.268128][T12945] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 620.273894][T12945] ? vsnprintf+0x283/0x14f0 [ 620.278427][T12945] hci_register_dev+0x1c4/0xbd0 [ 620.283305][T12945] ? __raw_spin_lock_init+0x36/0x110 [ 620.288629][T12945] hci_uart_tty_ioctl+0x8c5/0xc50 [ 620.293699][T12945] tty_ioctl+0xc69/0x1670 [ 620.298048][T12945] ? hci_uart_init_work+0x170/0x170 [ 620.303281][T12945] ? tty_lookup_driver+0x550/0x550 [ 620.308440][T12945] ? lock_downgrade+0x6e0/0x6e0 [ 620.313331][T12945] ? __fget_files+0x23d/0x3e0 [ 620.318042][T12945] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 620.324397][T12945] ? tty_lookup_driver+0x550/0x550 [ 620.329538][T12945] __x64_sys_ioctl+0x193/0x200 [ 620.334338][T12945] do_syscall_64+0x35/0xb0 [ 620.338841][T12945] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 620.344766][T12945] RIP: 0033:0x4665f9 [ 620.348683][T12945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 620.368636][T12945] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.377082][T12945] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 620.385256][T12945] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 620.393433][T12945] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 620.401866][T12945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 620.409945][T12945] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 620.452931][T12945] Bluetooth: Can't register HCI device 09:39:08 executing program 1 (fault-call:4 fault-nth:11): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 620.698348][T12953] FAULT_INJECTION: forcing a failure. [ 620.698348][T12953] name failslab, interval 1, probability 0, space 0, times 0 [ 620.711385][T12953] CPU: 0 PID: 12953 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 620.721043][T12953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.731114][T12953] Call Trace: [ 620.734410][T12953] dump_stack_lvl+0xcd/0x134 [ 620.739030][T12953] should_fail.cold+0x5/0xa [ 620.743566][T12953] ? alloc_workqueue+0x16d/0xef0 [ 620.748533][T12953] should_failslab+0x5/0x10 [ 620.753058][T12953] __kmalloc+0x72/0x320 [ 620.757243][T12953] alloc_workqueue+0x16d/0xef0 [ 620.762036][T12953] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 620.767804][T12953] ? vsnprintf+0x283/0x14f0 [ 620.772337][T12953] hci_register_dev+0x216/0xbd0 [ 620.777219][T12953] hci_uart_tty_ioctl+0x8c5/0xc50 [ 620.782278][T12953] tty_ioctl+0xc69/0x1670 [ 620.786750][T12953] ? hci_uart_init_work+0x170/0x170 [ 620.791979][T12953] ? tty_lookup_driver+0x550/0x550 [ 620.797121][T12953] ? lock_downgrade+0x6e0/0x6e0 [ 620.802010][T12953] ? __fget_files+0x23d/0x3e0 [ 620.806709][T12953] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 620.812973][T12953] ? tty_lookup_driver+0x550/0x550 [ 620.818112][T12953] __x64_sys_ioctl+0x193/0x200 [ 620.822906][T12953] do_syscall_64+0x35/0xb0 [ 620.827339][T12953] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 620.833258][T12953] RIP: 0033:0x4665f9 [ 620.837162][T12953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 620.856937][T12953] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.865612][T12953] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 620.873606][T12953] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 620.881569][T12953] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 620.889560][T12953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 09:39:09 executing program 1 (fault-call:4 fault-nth:12): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 620.897536][T12953] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 620.926923][T12953] Bluetooth: Can't register HCI device [ 621.026112][T12958] FAULT_INJECTION: forcing a failure. [ 621.026112][T12958] name failslab, interval 1, probability 0, space 0, times 0 [ 621.040081][T12958] CPU: 0 PID: 12958 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 621.049750][T12958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.059826][T12958] Call Trace: [ 621.063139][T12958] dump_stack_lvl+0xcd/0x134 [ 621.067766][T12958] should_fail.cold+0x5/0xa [ 621.072292][T12958] ? alloc_workqueue+0x16d/0xef0 [ 621.077258][T12958] should_failslab+0x5/0x10 [ 621.081876][T12958] __kmalloc+0x72/0x320 [ 621.086058][T12958] alloc_workqueue+0x16d/0xef0 [ 621.091013][T12958] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 621.096762][T12958] ? vsnprintf+0x283/0x14f0 [ 621.101293][T12958] hci_register_dev+0x216/0xbd0 [ 621.105753][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 621.106173][T12958] hci_uart_tty_ioctl+0x8c5/0xc50 [ 621.117171][T12958] tty_ioctl+0xc69/0x1670 [ 621.121521][T12958] ? hci_uart_init_work+0x170/0x170 [ 621.126752][T12958] ? tty_lookup_driver+0x550/0x550 [ 621.132059][T12958] ? lock_downgrade+0x6e0/0x6e0 [ 621.137302][T12958] ? __fget_files+0x23d/0x3e0 [ 621.141992][T12958] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 621.148241][T12958] ? tty_lookup_driver+0x550/0x550 [ 621.153449][T12958] __x64_sys_ioctl+0x193/0x200 [ 621.158227][T12958] do_syscall_64+0x35/0xb0 [ 621.162741][T12958] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 621.168646][T12958] RIP: 0033:0x4665f9 [ 621.172721][T12958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 621.192329][T12958] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.200744][T12958] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 621.208802][T12958] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 621.216772][T12958] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 621.224743][T12958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 621.232980][T12958] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 621.241659][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 621.263026][T12958] Bluetooth: Can't register HCI device 09:39:09 executing program 1 (fault-call:4 fault-nth:13): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 621.362077][T12963] FAULT_INJECTION: forcing a failure. [ 621.362077][T12963] name failslab, interval 1, probability 0, space 0, times 0 [ 621.377613][T12963] CPU: 0 PID: 12963 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 621.387306][T12963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.397404][T12963] Call Trace: [ 621.400697][T12963] dump_stack_lvl+0xcd/0x134 [ 621.405318][T12963] should_fail.cold+0x5/0xa [ 621.409863][T12963] should_failslab+0x5/0x10 [ 621.414604][T12963] __kmalloc_track_caller+0x79/0x310 [ 621.419918][T12963] ? kasprintf+0xbb/0xf0 [ 621.424364][T12963] kvasprintf+0xb5/0x150 [ 621.428635][T12963] ? bust_spinlocks+0xe0/0xe0 [ 621.433356][T12963] kasprintf+0xbb/0xf0 [ 621.437534][T12963] ? kvasprintf_const+0x190/0x190 [ 621.442592][T12963] ? call_rcu_zapped+0xb0/0xb0 [ 621.447386][T12963] ? lockdep_unlock+0x11c/0x290 [ 621.452266][T12963] alloc_workqueue+0x45d/0xef0 [ 621.457059][T12963] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 621.462810][T12963] ? vsnprintf+0x283/0x14f0 [ 621.467363][T12963] hci_register_dev+0x216/0xbd0 [ 621.472243][T12963] hci_uart_tty_ioctl+0x8c5/0xc50 [ 621.477288][T12963] tty_ioctl+0xc69/0x1670 [ 621.481622][T12963] ? hci_uart_init_work+0x170/0x170 [ 621.486920][T12963] ? tty_lookup_driver+0x550/0x550 [ 621.492042][T12963] ? lock_downgrade+0x6e0/0x6e0 [ 621.496913][T12963] ? __fget_files+0x23d/0x3e0 [ 621.501639][T12963] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 621.507900][T12963] ? tty_lookup_driver+0x550/0x550 [ 621.513019][T12963] __x64_sys_ioctl+0x193/0x200 [ 621.517790][T12963] do_syscall_64+0x35/0xb0 [ 621.522312][T12963] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 621.528237][T12963] RIP: 0033:0x4665f9 [ 621.532133][T12963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 621.551754][T12963] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.560179][T12963] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 621.568148][T12963] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 621.576116][T12963] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 621.584086][T12963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 621.592055][T12963] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 621.602219][ T25] Bluetooth: hci10: command 0x1003 tx timeout [ 621.605173][ T8416] Bluetooth: hci9: command 0x1003 tx timeout [ 621.609757][ T6581] Bluetooth: hci10: sending frame failed (-49) [ 621.651047][ T1136] Bluetooth: hci11: Frame reassembly failed (-84) [ 621.664962][ T6579] Bluetooth: hci9: sending frame failed (-49) [ 621.731724][ T8458] Bluetooth: hci7: command 0x1003 tx timeout [ 621.738247][ T6579] Bluetooth: hci7: sending frame failed (-49) [ 622.052227][ T8458] Bluetooth: hci8: command 0x1001 tx timeout [ 622.058549][ T6579] Bluetooth: hci8: sending frame failed (-49) [ 623.251659][ T25] Bluetooth: hci6: command 0x1001 tx timeout [ 623.258878][ T6579] Bluetooth: hci6: sending frame failed (-49) [ 623.661804][ T25] Bluetooth: hci11: command 0x1003 tx timeout [ 623.669326][ T6579] Bluetooth: hci11: sending frame failed (-49) [ 623.677696][ T25] Bluetooth: hci10: command 0x1001 tx timeout [ 623.684120][ T6579] Bluetooth: hci10: sending frame failed (-49) [ 623.731726][ T8458] Bluetooth: hci9: command 0x1001 tx timeout [ 623.737996][ T6579] Bluetooth: hci9: sending frame failed (-49) [ 623.811447][ T8458] Bluetooth: hci7: command 0x1001 tx timeout [ 623.817746][ T6579] Bluetooth: hci7: sending frame failed (-49) [ 624.052757][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.059161][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.131570][ T8458] Bluetooth: hci8: command 0x1009 tx timeout [ 625.341450][ T8458] Bluetooth: hci6: command 0x1009 tx timeout [ 625.731483][ T8458] Bluetooth: hci10: command 0x1009 tx timeout [ 625.738177][ T8458] Bluetooth: hci11: command 0x1001 tx timeout [ 625.744899][ T6579] Bluetooth: hci11: sending frame failed (-49) [ 625.811528][ T1052] Bluetooth: hci9: command 0x1009 tx timeout [ 625.891294][ T1052] Bluetooth: hci7: command 0x1009 tx timeout [ 627.811430][ T8458] Bluetooth: hci11: command 0x1009 tx timeout 09:39:16 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 628.096079][T11096] Bluetooth: hci8: Frame reassembly failed (-84) 09:39:17 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 629.323289][T12987] Bluetooth: hci6: Frame reassembly failed (-84) [ 629.350188][T11096] Bluetooth: hci6: Frame reassembly failed (-84) 09:39:18 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:39:18 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:39:18 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 629.989288][T11096] Bluetooth: hci7: Frame reassembly failed (-84) [ 630.014938][T13004] Bluetooth: hci7: Frame reassembly failed (-84) [ 630.074724][ T8] Bluetooth: hci10: Frame reassembly failed (-84) [ 630.082842][T13012] Bluetooth: hci10: Frame reassembly failed (-84) [ 630.131121][ T1052] Bluetooth: hci8: command 0x1003 tx timeout [ 630.137578][ T6579] Bluetooth: hci8: sending frame failed (-49) [ 631.341053][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 631.348535][ T6579] Bluetooth: hci6: sending frame failed (-49) 09:39:19 executing program 1 (fault-call:4 fault-nth:14): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 631.816769][T13028] FAULT_INJECTION: forcing a failure. [ 631.816769][T13028] name failslab, interval 1, probability 0, space 0, times 0 [ 631.840538][T13028] CPU: 1 PID: 13028 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 631.850516][T13028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.860620][T13028] Call Trace: [ 631.863914][T13028] dump_stack_lvl+0xcd/0x134 [ 631.868540][T13028] should_fail.cold+0x5/0xa [ 631.873077][T13028] should_failslab+0x5/0x10 [ 631.877602][T13028] __kmalloc_track_caller+0x79/0x310 [ 631.882912][T13028] ? kasprintf+0xbb/0xf0 [ 631.887189][T13028] kvasprintf+0xb5/0x150 [ 631.891467][T13028] ? bust_spinlocks+0xe0/0xe0 [ 631.896186][T13028] kasprintf+0xbb/0xf0 [ 631.900300][T13028] ? kvasprintf_const+0x190/0x190 [ 631.905452][T13028] ? call_rcu_zapped+0xb0/0xb0 [ 631.910245][T13028] ? lockdep_unlock+0x11c/0x290 [ 631.915124][T13028] alloc_workqueue+0x45d/0xef0 [ 631.919927][T13028] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 631.925691][T13028] ? vsnprintf+0x283/0x14f0 [ 631.930222][T13028] hci_register_dev+0x216/0xbd0 [ 631.935107][T13028] hci_uart_tty_ioctl+0x8c5/0xc50 [ 631.940137][T13028] tty_ioctl+0xc69/0x1670 [ 631.944498][T13028] ? hci_uart_init_work+0x170/0x170 [ 631.949726][T13028] ? tty_lookup_driver+0x550/0x550 [ 631.954872][T13028] ? lock_downgrade+0x6e0/0x6e0 [ 631.959815][T13028] ? __fget_files+0x23d/0x3e0 [ 631.964517][T13028] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 631.970864][T13028] ? tty_lookup_driver+0x550/0x550 [ 631.975991][T13028] __x64_sys_ioctl+0x193/0x200 [ 631.980751][T13028] do_syscall_64+0x35/0xb0 [ 631.985188][T13028] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 631.991080][T13028] RIP: 0033:0x4665f9 [ 631.994998][T13028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 632.014689][T13028] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 632.023121][T13028] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 632.031084][T13028] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 632.039153][T13028] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 632.047290][T13028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 632.052222][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 632.055259][T13028] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 632.061906][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 632.083520][ T20] Bluetooth: hci9: command 0x1003 tx timeout [ 632.089700][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 632.141655][ T20] Bluetooth: hci10: command 0x1003 tx timeout [ 632.158819][ T6579] Bluetooth: hci10: sending frame failed (-49) [ 632.211051][ T20] Bluetooth: hci8: command 0x1001 tx timeout [ 632.218823][ T6579] Bluetooth: hci8: sending frame failed (-49) [ 633.413831][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 633.421069][ T6579] Bluetooth: hci6: sending frame failed (-49) [ 634.130836][ T8552] Bluetooth: hci9: command 0x1001 tx timeout [ 634.131155][ T20] Bluetooth: hci11: command 0x1003 tx timeout [ 634.137790][ T8552] Bluetooth: hci7: command 0x1001 tx timeout [ 634.144585][ T6579] Bluetooth: hci9: sending frame failed (-49) [ 634.154321][T11051] Bluetooth: hci7: sending frame failed (-49) [ 634.167628][T11051] Bluetooth: hci11: sending frame failed (-49) [ 634.211003][ T20] Bluetooth: hci10: command 0x1001 tx timeout [ 634.217441][T11051] Bluetooth: hci10: sending frame failed (-49) [ 634.290933][ T20] Bluetooth: hci8: command 0x1009 tx timeout [ 635.490756][ T8458] Bluetooth: hci6: command 0x1009 tx timeout [ 636.210699][ T8552] Bluetooth: hci11: command 0x1001 tx timeout [ 636.210831][ T20] Bluetooth: hci9: command 0x1009 tx timeout [ 636.218300][T11051] Bluetooth: hci11: sending frame failed (-49) [ 636.231758][ T8552] Bluetooth: hci7: command 0x1009 tx timeout [ 636.300725][ T8552] Bluetooth: hci10: command 0x1009 tx timeout 09:39:26 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 638.290690][ T8552] Bluetooth: hci11: command 0x1009 tx timeout [ 638.315458][T13042] Bluetooth: hci8: Frame reassembly failed (-84) [ 638.329334][ T8] Bluetooth: hci8: Frame reassembly failed (-84) 09:39:27 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) [ 639.542293][T11051] Bluetooth: hci6: sending frame failed (-49) 09:39:28 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:39:28 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 640.176455][ T8] Bluetooth: hci7: Frame reassembly failed (-84) [ 640.236712][T10154] Bluetooth: hci9: Frame reassembly failed (-84) [ 640.251805][T13072] Bluetooth: hci9: Frame reassembly failed (-84) [ 640.370454][ T8416] Bluetooth: hci8: command 0x1003 tx timeout [ 640.376638][T11051] Bluetooth: hci8: sending frame failed (-49) 09:39:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) [ 641.580464][ T8416] Bluetooth: hci6: command 0x1003 tx timeout [ 641.587581][T11051] Bluetooth: hci6: sending frame failed (-49) [ 642.220338][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 642.228438][T11051] Bluetooth: hci7: sending frame failed (-49) [ 642.290369][ T7582] Bluetooth: hci9: command 0x1003 tx timeout [ 642.296786][T11051] Bluetooth: hci9: sending frame failed (-49) [ 642.450404][ T7582] Bluetooth: hci8: command 0x1001 tx timeout [ 642.457183][T11051] Bluetooth: hci8: sending frame failed (-49) 09:39:30 executing program 1 (fault-call:4 fault-nth:15): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 642.744780][T13095] FAULT_INJECTION: forcing a failure. [ 642.744780][T13095] name failslab, interval 1, probability 0, space 0, times 0 [ 642.768795][T13095] CPU: 1 PID: 13095 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 642.778477][T13095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.788560][T13095] Call Trace: [ 642.791852][T13095] dump_stack_lvl+0xcd/0x134 [ 642.796442][T13095] should_fail.cold+0x5/0xa [ 642.801059][T13095] ? alloc_workqueue_attrs+0x38/0x80 [ 642.806335][T13095] should_failslab+0x5/0x10 [ 642.810828][T13095] kmem_cache_alloc_trace+0x55/0x3c0 [ 642.816105][T13095] alloc_workqueue_attrs+0x38/0x80 [ 642.821206][T13095] apply_wqattrs_prepare+0xb4/0x890 [ 642.826410][T13095] apply_workqueue_attrs_locked+0xc1/0x140 [ 642.832319][T13095] alloc_workqueue+0xa10/0xef0 [ 642.837088][T13095] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 642.842810][T13095] ? vsnprintf+0x283/0x14f0 [ 642.847338][T13095] hci_register_dev+0x216/0xbd0 [ 642.852280][T13095] hci_uart_tty_ioctl+0x8c5/0xc50 [ 642.857302][T13095] tty_ioctl+0xc69/0x1670 [ 642.861623][T13095] ? hci_uart_init_work+0x170/0x170 [ 642.866834][T13095] ? tty_lookup_driver+0x550/0x550 [ 642.871937][T13095] ? lock_downgrade+0x6e0/0x6e0 [ 642.876780][T13095] ? __fget_files+0x23d/0x3e0 [ 642.881446][T13095] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 642.887763][T13095] ? tty_lookup_driver+0x550/0x550 [ 642.892862][T13095] __x64_sys_ioctl+0x193/0x200 [ 642.897631][T13095] do_syscall_64+0x35/0xb0 [ 642.902038][T13095] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 642.908015][T13095] RIP: 0033:0x4665f9 [ 642.911911][T13095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 642.931872][T13095] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 642.940286][T13095] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 642.948401][T13095] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 642.956381][T13095] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 642.964571][T13095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 642.972546][T13095] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:39:31 executing program 1 (fault-call:4 fault-nth:16): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 642.993868][ T8416] Bluetooth: hci10: command 0x1003 tx timeout [ 643.001983][ T6581] Bluetooth: hci10: sending frame failed (-49) [ 643.010944][T13095] Bluetooth: Can't register HCI device [ 643.097938][T13100] FAULT_INJECTION: forcing a failure. [ 643.097938][T13100] name failslab, interval 1, probability 0, space 0, times 0 [ 643.125762][T13100] CPU: 1 PID: 13100 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 643.135631][T13100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.145716][T13100] Call Trace: [ 643.149009][T13100] dump_stack_lvl+0xcd/0x134 [ 643.153633][T13100] should_fail.cold+0x5/0xa [ 643.158172][T13100] ? alloc_workqueue_attrs+0x38/0x80 [ 643.163568][T13100] should_failslab+0x5/0x10 [ 643.168093][T13100] kmem_cache_alloc_trace+0x55/0x3c0 [ 643.173417][T13100] alloc_workqueue_attrs+0x38/0x80 [ 643.178643][T13100] apply_wqattrs_prepare+0xb4/0x890 [ 643.183856][T13100] apply_workqueue_attrs_locked+0xc1/0x140 [ 643.189670][T13100] alloc_workqueue+0xa10/0xef0 [ 643.194443][T13100] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 643.200191][T13100] ? vsnprintf+0x283/0x14f0 [ 643.204779][T13100] hci_register_dev+0x216/0xbd0 [ 643.210410][T13100] hci_uart_tty_ioctl+0x8c5/0xc50 [ 643.215449][T13100] tty_ioctl+0xc69/0x1670 [ 643.219783][T13100] ? hci_uart_init_work+0x170/0x170 [ 643.224974][T13100] ? tty_lookup_driver+0x550/0x550 [ 643.230080][T13100] ? lock_downgrade+0x6e0/0x6e0 [ 643.234944][T13100] ? __fget_files+0x23d/0x3e0 [ 643.239620][T13100] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 643.245871][T13100] ? tty_lookup_driver+0x550/0x550 [ 643.250985][T13100] __x64_sys_ioctl+0x193/0x200 [ 643.255744][T13100] do_syscall_64+0x35/0xb0 [ 643.260166][T13100] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 643.266053][T13100] RIP: 0033:0x4665f9 [ 643.269947][T13100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 643.290615][T13100] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 643.299058][T13100] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 643.307285][T13100] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 643.315251][T13100] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 643.323294][T13100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 643.331337][T13100] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:39:31 executing program 1 (fault-call:4 fault-nth:17): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 643.355624][T13100] Bluetooth: Can't register HCI device [ 643.422529][T13105] FAULT_INJECTION: forcing a failure. [ 643.422529][T13105] name failslab, interval 1, probability 0, space 0, times 0 [ 643.436204][T13105] CPU: 1 PID: 13105 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 643.445870][T13105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.455943][T13105] Call Trace: [ 643.459237][T13105] dump_stack_lvl+0xcd/0x134 [ 643.464123][T13105] should_fail.cold+0x5/0xa [ 643.468744][T13105] should_failslab+0x5/0x10 [ 643.473269][T13105] kmem_cache_alloc_node+0x65/0x3d0 [ 643.478499][T13105] ? alloc_unbound_pwq+0x4a5/0xcd0 [ 643.483735][T13105] alloc_unbound_pwq+0x4a5/0xcd0 [ 643.488710][T13105] apply_wqattrs_prepare+0x2b6/0x890 [ 643.494218][T13105] apply_workqueue_attrs_locked+0xc1/0x140 [ 643.500053][T13105] alloc_workqueue+0xa10/0xef0 [ 643.504857][T13105] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 643.510622][T13105] ? vsnprintf+0x283/0x14f0 [ 643.515156][T13105] hci_register_dev+0x216/0xbd0 [ 643.520082][T13105] hci_uart_tty_ioctl+0x8c5/0xc50 [ 643.525144][T13105] tty_ioctl+0xc69/0x1670 [ 643.529494][T13105] ? hci_uart_init_work+0x170/0x170 [ 643.534725][T13105] ? tty_lookup_driver+0x550/0x550 [ 643.539951][T13105] ? lock_downgrade+0x6e0/0x6e0 [ 643.544817][T13105] ? __fget_files+0x23d/0x3e0 [ 643.549509][T13105] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 643.555760][T13105] ? tty_lookup_driver+0x550/0x550 [ 643.560959][T13105] __x64_sys_ioctl+0x193/0x200 [ 643.565752][T13105] do_syscall_64+0x35/0xb0 [ 643.570164][T13105] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 643.576049][T13105] RIP: 0033:0x4665f9 [ 643.579943][T13105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 643.599655][T13105] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 643.608272][T13105] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 643.616415][T13105] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 643.624391][T13105] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 643.632512][T13105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 643.640553][T13105] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 643.662333][ T8552] Bluetooth: hci6: command 0x1001 tx timeout 09:39:31 executing program 1 (fault-call:4 fault-nth:18): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 643.677521][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 643.681350][T13105] Bluetooth: Can't register HCI device [ 643.792494][T13110] FAULT_INJECTION: forcing a failure. [ 643.792494][T13110] name failslab, interval 1, probability 0, space 0, times 0 [ 643.805904][T13110] CPU: 1 PID: 13110 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 643.815574][T13110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.825641][T13110] Call Trace: [ 643.828931][T13110] dump_stack_lvl+0xcd/0x134 [ 643.833537][T13110] should_fail.cold+0x5/0xa [ 643.838270][T13110] should_failslab+0x5/0x10 [ 643.842777][T13110] kmem_cache_alloc_node+0x65/0x3d0 [ 643.847996][T13110] ? alloc_unbound_pwq+0x4a5/0xcd0 [ 643.853119][T13110] alloc_unbound_pwq+0x4a5/0xcd0 [ 643.858071][T13110] apply_wqattrs_prepare+0x2b6/0x890 [ 643.863376][T13110] apply_workqueue_attrs_locked+0xc1/0x140 [ 643.869196][T13110] alloc_workqueue+0xa10/0xef0 [ 643.873978][T13110] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 643.879823][T13110] ? vsnprintf+0x283/0x14f0 [ 643.884364][T13110] hci_register_dev+0x216/0xbd0 [ 643.889232][T13110] hci_uart_tty_ioctl+0x8c5/0xc50 [ 643.894270][T13110] tty_ioctl+0xc69/0x1670 [ 643.898688][T13110] ? hci_uart_init_work+0x170/0x170 [ 643.903903][T13110] ? tty_lookup_driver+0x550/0x550 [ 643.909025][T13110] ? lock_downgrade+0x6e0/0x6e0 [ 643.913905][T13110] ? __fget_files+0x23d/0x3e0 [ 643.918593][T13110] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 643.924843][T13110] ? tty_lookup_driver+0x550/0x550 [ 643.929963][T13110] __x64_sys_ioctl+0x193/0x200 [ 643.934734][T13110] do_syscall_64+0x35/0xb0 [ 643.939242][T13110] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 643.945204][T13110] RIP: 0033:0x4665f9 [ 643.949103][T13110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 643.968801][T13110] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 643.977223][T13110] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 643.985280][T13110] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 643.993282][T13110] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 644.001258][T13110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 644.009254][T13110] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:39:32 executing program 1 (fault-call:4 fault-nth:19): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 644.044076][T13110] Bluetooth: Can't register HCI device [ 644.155397][T13115] FAULT_INJECTION: forcing a failure. [ 644.155397][T13115] name failslab, interval 1, probability 0, space 0, times 0 [ 644.177862][T13115] CPU: 1 PID: 13115 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 644.187627][T13115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 644.197704][T13115] Call Trace: [ 644.200998][T13115] dump_stack_lvl+0xcd/0x134 [ 644.205741][T13115] should_fail.cold+0x5/0xa [ 644.210450][T13115] ? alloc_inode+0x161/0x230 [ 644.215060][T13115] should_failslab+0x5/0x10 [ 644.219554][T13115] kmem_cache_alloc+0x5e/0x390 [ 644.224316][T13115] alloc_inode+0x161/0x230 [ 644.228779][T13115] new_inode+0x27/0x2f0 [ 644.232943][T13115] debugfs_get_inode+0x1a/0x130 [ 644.237894][T13115] debugfs_create_dir+0xde/0x500 [ 644.242827][T13115] hci_register_dev+0x2a7/0xbd0 [ 644.247670][T13115] hci_uart_tty_ioctl+0x8c5/0xc50 [ 644.252687][T13115] tty_ioctl+0xc69/0x1670 [ 644.257003][T13115] ? hci_uart_init_work+0x170/0x170 [ 644.262199][T13115] ? tty_lookup_driver+0x550/0x550 [ 644.267299][T13115] ? lock_downgrade+0x6e0/0x6e0 [ 644.272149][T13115] ? __fget_files+0x23d/0x3e0 [ 644.276823][T13115] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 644.283066][T13115] ? tty_lookup_driver+0x550/0x550 [ 644.288163][T13115] __x64_sys_ioctl+0x193/0x200 [ 644.292917][T13115] do_syscall_64+0x35/0xb0 [ 644.297339][T13115] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 644.303227][T13115] RIP: 0033:0x4665f9 [ 644.307109][T13115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 644.326711][T13115] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 644.335116][T13115] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 644.343159][T13115] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 644.351122][T13115] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 644.359084][T13115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 644.367045][T13115] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 644.382625][ T8552] Bluetooth: hci7: command 0x1001 tx timeout [ 644.389323][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 644.397136][T13115] debugfs: out of free dentries, can not create directory 'hci11' [ 644.405429][ T8552] Bluetooth: hci9: command 0x1001 tx timeout [ 644.411716][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 644.431295][ T8] Bluetooth: hci11: Frame reassembly failed (-84) [ 644.540287][ T8552] Bluetooth: hci8: command 0x1009 tx timeout [ 645.010116][ T8552] Bluetooth: hci10: command 0x1001 tx timeout [ 645.018106][T11051] Bluetooth: hci10: sending frame failed (-49) [ 645.730133][ T8552] Bluetooth: hci6: command 0x1009 tx timeout [ 646.450115][ T7582] Bluetooth: hci11: command 0x1003 tx timeout [ 646.456971][T11051] Bluetooth: hci11: sending frame failed (-49) [ 646.463869][ T7582] Bluetooth: hci9: command 0x1009 tx timeout [ 646.469994][ T7582] Bluetooth: hci7: command 0x1009 tx timeout [ 647.090191][ T8552] Bluetooth: hci10: command 0x1009 tx timeout 09:39:36 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 648.466034][T13126] Bluetooth: hci8: Frame reassembly failed (-84) [ 648.529952][ T8552] Bluetooth: hci11: command 0x1001 tx timeout [ 648.536242][T11051] Bluetooth: hci11: sending frame failed (-49) 09:39:37 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) 09:39:38 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:39:38 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 650.445488][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) [ 650.499856][ T8] Bluetooth: hci9: Frame reassembly failed (-84) [ 650.515818][T13156] Bluetooth: hci9: Frame reassembly failed (-84) [ 650.530007][ T8416] Bluetooth: hci8: command 0x1003 tx timeout [ 650.537461][T11051] Bluetooth: hci8: sending frame failed (-49) [ 650.609933][ T8416] Bluetooth: hci11: command 0x1009 tx timeout 09:39:39 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) [ 651.809706][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 651.817403][T11051] Bluetooth: hci6: sending frame failed (-49) [ 652.449716][ T8458] Bluetooth: hci7: command 0x1003 tx timeout [ 652.456915][T11051] Bluetooth: hci7: sending frame failed (-49) [ 652.529713][ T8552] Bluetooth: hci9: command 0x1003 tx timeout [ 652.536897][T11051] Bluetooth: hci9: sending frame failed (-49) [ 652.609807][ T8552] Bluetooth: hci8: command 0x1001 tx timeout [ 652.616106][T11051] Bluetooth: hci8: sending frame failed (-49) [ 653.099690][ T8552] Bluetooth: hci10: command 0x1003 tx timeout [ 653.107439][T11051] Bluetooth: hci10: sending frame failed (-49) [ 653.889812][ T8552] Bluetooth: hci6: command 0x1001 tx timeout [ 653.897765][T11051] Bluetooth: hci6: sending frame failed (-49) [ 654.529643][ T8552] Bluetooth: hci7: command 0x1001 tx timeout [ 654.536201][T11051] Bluetooth: hci7: sending frame failed (-49) [ 654.609667][ T8552] Bluetooth: hci9: command 0x1001 tx timeout [ 654.616326][T11051] Bluetooth: hci9: sending frame failed (-49) [ 654.689616][ T8552] Bluetooth: hci8: command 0x1009 tx timeout 09:39:42 executing program 1 (fault-call:4 fault-nth:20): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 654.859395][T13181] FAULT_INJECTION: forcing a failure. [ 654.859395][T13181] name failslab, interval 1, probability 0, space 0, times 0 [ 654.874977][T13181] CPU: 1 PID: 13181 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 654.884829][T13181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 654.894902][T13181] Call Trace: [ 654.898198][T13181] dump_stack_lvl+0xcd/0x134 [ 654.902993][T13181] should_fail.cold+0x5/0xa [ 654.907648][T13181] ? security_inode_alloc+0x34/0x160 [ 654.912974][T13181] should_failslab+0x5/0x10 [ 654.917506][T13181] kmem_cache_alloc+0x5e/0x390 [ 654.922307][T13181] security_inode_alloc+0x34/0x160 [ 654.927460][T13181] inode_init_always+0x5d8/0xdb0 [ 654.932439][T13181] alloc_inode+0x82/0x230 [ 654.936800][T13181] new_inode+0x27/0x2f0 [ 654.941006][T13181] debugfs_get_inode+0x1a/0x130 [ 654.946127][T13181] debugfs_create_dir+0xde/0x500 [ 654.951106][T13181] hci_register_dev+0x2a7/0xbd0 [ 654.956199][T13181] hci_uart_tty_ioctl+0x8c5/0xc50 [ 654.961224][T13181] tty_ioctl+0xc69/0x1670 [ 654.965541][T13181] ? hci_uart_init_work+0x170/0x170 [ 654.970731][T13181] ? tty_lookup_driver+0x550/0x550 [ 654.975855][T13181] ? lock_downgrade+0x6e0/0x6e0 [ 654.980705][T13181] ? __fget_files+0x23d/0x3e0 [ 654.985381][T13181] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 654.991610][T13181] ? tty_lookup_driver+0x550/0x550 [ 654.996710][T13181] __x64_sys_ioctl+0x193/0x200 [ 655.001556][T13181] do_syscall_64+0x35/0xb0 [ 655.005960][T13181] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 655.012026][T13181] RIP: 0033:0x4665f9 [ 655.016002][T13181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 655.035610][T13181] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 655.044016][T13181] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 655.051971][T13181] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 655.059936][T13181] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 655.068094][T13181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 655.076062][T13181] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 655.086117][T13181] debugfs: out of free dentries, can not create directory 'hci11' [ 655.127612][ T1136] Bluetooth: hci11: Frame reassembly failed (-84) [ 655.169554][ T8552] Bluetooth: hci10: command 0x1001 tx timeout [ 655.175848][T11051] Bluetooth: hci10: sending frame failed (-49) [ 655.969493][ T8416] Bluetooth: hci6: command 0x1009 tx timeout [ 656.609697][ T8416] Bluetooth: hci7: command 0x1009 tx timeout [ 656.699516][ T8416] Bluetooth: hci9: command 0x1009 tx timeout [ 657.169550][ T7582] Bluetooth: hci11: command 0x1003 tx timeout [ 657.177711][T11051] Bluetooth: hci11: sending frame failed (-49) [ 657.249583][ T7582] Bluetooth: hci10: command 0x1009 tx timeout 09:39:46 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 658.704703][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) [ 658.719371][T13192] Bluetooth: hci8: Frame reassembly failed (-84) [ 659.259416][ T8552] Bluetooth: hci11: command 0x1001 tx timeout [ 659.266397][T11051] Bluetooth: hci11: sending frame failed (-49) 09:39:48 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) 09:39:48 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:39:48 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 660.692117][T13217] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 660.717554][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) [ 660.759919][ T1136] Bluetooth: hci9: Frame reassembly failed (-84) [ 660.768220][T13222] Bluetooth: hci9: Frame reassembly failed (-84) [ 660.776038][ T8552] Bluetooth: hci8: command 0x1003 tx timeout [ 660.783020][T11051] Bluetooth: hci8: sending frame failed (-49) 09:39:49 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) [ 661.262654][T11096] Bluetooth: hci10: Frame reassembly failed (-84) [ 661.329248][ T7] Bluetooth: hci11: command 0x1009 tx timeout [ 662.059319][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 662.066382][T11051] Bluetooth: hci6: sending frame failed (-49) [ 662.769324][ T8458] Bluetooth: hci7: command 0x1003 tx timeout [ 662.776573][T11051] Bluetooth: hci7: sending frame failed (-49) [ 662.784779][ T7582] Bluetooth: hci9: command 0x1003 tx timeout [ 662.794256][T11051] Bluetooth: hci9: sending frame failed (-49) [ 662.859186][ T7582] Bluetooth: hci8: command 0x1001 tx timeout [ 662.865846][T11051] Bluetooth: hci8: sending frame failed (-49) [ 663.329063][ T7] Bluetooth: hci10: command 0x1003 tx timeout [ 663.335917][T11051] Bluetooth: hci10: sending frame failed (-49) [ 664.129016][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 664.136792][T11051] Bluetooth: hci6: sending frame failed (-49) [ 664.849161][ T7582] Bluetooth: hci9: command 0x1001 tx timeout [ 664.857176][T11051] Bluetooth: hci9: sending frame failed (-49) [ 664.864316][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 664.870797][T11051] Bluetooth: hci7: sending frame failed (-49) [ 664.929063][ T7582] Bluetooth: hci8: command 0x1009 tx timeout [ 665.418939][ T7582] Bluetooth: hci10: command 0x1001 tx timeout [ 665.425524][T11051] Bluetooth: hci10: sending frame failed (-49) 09:39:53 executing program 1 (fault-call:4 fault-nth:21): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 665.747421][T13246] FAULT_INJECTION: forcing a failure. [ 665.747421][T13246] name failslab, interval 1, probability 0, space 0, times 0 [ 665.768914][T13246] CPU: 1 PID: 13246 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 665.778599][T13246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.788853][T13246] Call Trace: [ 665.792162][T13246] dump_stack_lvl+0xcd/0x134 [ 665.796787][T13246] should_fail.cold+0x5/0xa [ 665.801466][T13246] should_failslab+0x5/0x10 [ 665.806255][T13246] __kmalloc_track_caller+0x79/0x310 [ 665.811579][T13246] ? kstrdup_const+0x53/0x80 [ 665.816372][T13246] kstrdup+0x36/0x70 [ 665.820299][T13246] kstrdup_const+0x53/0x80 [ 665.824759][T13246] kvasprintf_const+0x108/0x190 [ 665.829643][T13246] kobject_set_name_vargs+0x56/0x150 [ 665.835099][T13246] dev_set_name+0xbb/0xf0 [ 665.839546][T13246] ? device_initialize+0x560/0x560 [ 665.844661][T13246] ? up_write+0x148/0x470 [ 665.849152][T13246] hci_register_dev+0x2ee/0xbd0 [ 665.854030][T13246] hci_uart_tty_ioctl+0x8c5/0xc50 [ 665.859151][T13246] tty_ioctl+0xc69/0x1670 [ 665.863498][T13246] ? hci_uart_init_work+0x170/0x170 [ 665.868720][T13246] ? tty_lookup_driver+0x550/0x550 [ 665.874005][T13246] ? lock_downgrade+0x6e0/0x6e0 [ 665.878870][T13246] ? __fget_files+0x23d/0x3e0 [ 665.883634][T13246] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 665.890009][T13246] ? tty_lookup_driver+0x550/0x550 [ 665.895197][T13246] __x64_sys_ioctl+0x193/0x200 [ 665.900075][T13246] do_syscall_64+0x35/0xb0 [ 665.904629][T13246] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 665.910542][T13246] RIP: 0033:0x4665f9 [ 665.914521][T13246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 665.934472][T13246] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 665.942877][T13246] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 665.950842][T13246] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 665.958812][T13246] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 665.966801][T13246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 665.974940][T13246] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 665.996303][T13246] Bluetooth: Can't register HCI device 09:39:54 executing program 1 (fault-call:4 fault-nth:22): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 666.072446][T13251] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 666.081798][T13251] FAULT_INJECTION: forcing a failure. [ 666.081798][T13251] name failslab, interval 1, probability 0, space 0, times 0 [ 666.097638][T13251] CPU: 1 PID: 13251 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 666.107308][T13251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.117483][T13251] Call Trace: [ 666.120780][T13251] dump_stack_lvl+0xcd/0x134 [ 666.125409][T13251] should_fail.cold+0x5/0xa [ 666.129941][T13251] ? __kernfs_new_node+0xd4/0x8b0 [ 666.135082][T13251] should_failslab+0x5/0x10 [ 666.139611][T13251] kmem_cache_alloc+0x5e/0x390 [ 666.144449][T13251] __kernfs_new_node+0xd4/0x8b0 [ 666.149337][T13251] ? kernfs_path_from_node+0x60/0x60 [ 666.154722][T13251] ? kernfs_add_one+0x122/0x4c0 [ 666.159639][T13251] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 666.165753][T13251] kernfs_new_node+0x93/0x120 [ 666.170462][T13251] __kernfs_create_file+0x51/0x350 [ 666.175594][T13251] sysfs_add_file_mode_ns+0x226/0x540 [ 666.180972][T13251] sysfs_create_file_ns+0x131/0x1c0 [ 666.186177][T13251] ? sysfs_add_file_mode_ns+0x540/0x540 [ 666.191722][T13251] ? up_write+0x470/0x470 [ 666.196056][T13251] ? lockdep_init_map_type+0x2c3/0x7b0 [ 666.201531][T13251] device_create_file+0xea/0x1d0 [ 666.206469][T13251] device_add+0x57c/0x21b0 [ 666.210879][T13251] ? device_initialize+0x560/0x560 [ 666.215999][T13251] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 666.222240][T13251] ? start_creating.part.0+0x18f/0x290 [ 666.227710][T13251] hci_register_dev+0x2f6/0xbd0 [ 666.232558][T13251] hci_uart_tty_ioctl+0x8c5/0xc50 [ 666.237579][T13251] tty_ioctl+0xc69/0x1670 [ 666.242080][T13251] ? hci_uart_init_work+0x170/0x170 [ 666.247300][T13251] ? tty_lookup_driver+0x550/0x550 [ 666.252423][T13251] ? lock_downgrade+0x6e0/0x6e0 [ 666.257287][T13251] ? __fget_files+0x23d/0x3e0 [ 666.261959][T13251] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 666.268195][T13251] ? tty_lookup_driver+0x550/0x550 [ 666.273299][T13251] __x64_sys_ioctl+0x193/0x200 [ 666.278071][T13251] do_syscall_64+0x35/0xb0 [ 666.282591][T13251] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 666.289107][T13251] RIP: 0033:0x4665f9 [ 666.292987][T13251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 666.312670][T13251] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 666.321160][T13251] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 666.329215][T13251] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 666.337261][T13251] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 666.345221][T13251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 666.353185][T13251] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:39:54 executing program 1 (fault-call:4 fault-nth:23): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 666.374838][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 666.376173][T13251] Bluetooth: Can't register HCI device [ 666.485275][T13258] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 666.503110][T13258] FAULT_INJECTION: forcing a failure. [ 666.503110][T13258] name failslab, interval 1, probability 0, space 0, times 0 [ 666.524406][T13258] CPU: 1 PID: 13258 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 666.534184][T13258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.544340][T13258] Call Trace: [ 666.547634][T13258] dump_stack_lvl+0xcd/0x134 [ 666.552259][T13258] should_fail.cold+0x5/0xa [ 666.556798][T13258] ? __kernfs_new_node+0xd4/0x8b0 [ 666.561846][T13258] should_failslab+0x5/0x10 [ 666.566864][T13258] kmem_cache_alloc+0x5e/0x390 [ 666.571636][T13258] __kernfs_new_node+0xd4/0x8b0 [ 666.576482][T13258] ? kernfs_path_from_node+0x60/0x60 [ 666.581860][T13258] ? find_held_lock+0x2d/0x110 [ 666.586621][T13258] ? sysfs_do_create_link_sd+0x82/0x140 [ 666.592166][T13258] kernfs_new_node+0x93/0x120 [ 666.596865][T13258] kernfs_create_link+0xcb/0x230 [ 666.601972][T13258] sysfs_do_create_link_sd+0x90/0x140 [ 666.607340][T13258] sysfs_create_link+0x5f/0xc0 [ 666.612200][T13258] device_add+0x66b/0x21b0 [ 666.616610][T13258] ? device_initialize+0x560/0x560 [ 666.621715][T13258] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 666.627946][T13258] ? start_creating.part.0+0x18f/0x290 [ 666.633525][T13258] hci_register_dev+0x2f6/0xbd0 [ 666.638545][T13258] hci_uart_tty_ioctl+0x8c5/0xc50 [ 666.643720][T13258] tty_ioctl+0xc69/0x1670 [ 666.648051][T13258] ? hci_uart_init_work+0x170/0x170 [ 666.653342][T13258] ? tty_lookup_driver+0x550/0x550 [ 666.658467][T13258] ? lock_downgrade+0x6e0/0x6e0 [ 666.663328][T13258] ? __fget_files+0x23d/0x3e0 [ 666.668048][T13258] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 666.674286][T13258] ? tty_lookup_driver+0x550/0x550 [ 666.679404][T13258] __x64_sys_ioctl+0x193/0x200 [ 666.684163][T13258] do_syscall_64+0x35/0xb0 [ 666.688589][T13258] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 666.694665][T13258] RIP: 0033:0x4665f9 [ 666.698553][T13258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 666.718159][T13258] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 666.726576][T13258] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 666.734562][T13258] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 666.742551][T13258] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 666.750533][T13258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 666.758509][T13258] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 666.780413][T13258] Bluetooth: Can't register HCI device 09:39:54 executing program 1 (fault-call:4 fault-nth:24): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 666.878024][T13265] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 666.890182][T13265] FAULT_INJECTION: forcing a failure. [ 666.890182][T13265] name failslab, interval 1, probability 0, space 0, times 0 [ 666.903933][T13265] CPU: 1 PID: 13265 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 666.913603][T13265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.923678][T13265] Call Trace: [ 666.926979][T13265] dump_stack_lvl+0xcd/0x134 [ 666.931616][T13265] should_fail.cold+0x5/0xa [ 666.936157][T13265] ? __kernfs_new_node+0xd4/0x8b0 [ 666.941217][T13265] should_failslab+0x5/0x10 [ 666.945748][T13265] kmem_cache_alloc+0x5e/0x390 [ 666.950562][T13265] __kernfs_new_node+0xd4/0x8b0 [ 666.955450][T13265] ? kernfs_path_from_node+0x60/0x60 [ 666.960814][T13265] ? find_held_lock+0x2d/0x110 [ 666.965624][T13265] ? sysfs_do_create_link_sd+0x82/0x140 [ 666.971201][T13265] kernfs_new_node+0x93/0x120 [ 666.975904][T13265] kernfs_create_link+0xcb/0x230 [ 666.980870][T13265] sysfs_do_create_link_sd+0x90/0x140 [ 666.986408][T13265] sysfs_create_link+0x5f/0xc0 [ 666.991256][T13265] device_add+0x66b/0x21b0 [ 666.995687][T13265] ? device_initialize+0x560/0x560 [ 667.000884][T13265] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 667.007130][T13265] ? start_creating.part.0+0x18f/0x290 [ 667.012727][T13265] hci_register_dev+0x2f6/0xbd0 [ 667.017610][T13265] hci_uart_tty_ioctl+0x8c5/0xc50 [ 667.022658][T13265] tty_ioctl+0xc69/0x1670 [ 667.026993][T13265] ? hci_uart_init_work+0x170/0x170 [ 667.032199][T13265] ? tty_lookup_driver+0x550/0x550 [ 667.037342][T13265] ? lock_downgrade+0x6e0/0x6e0 [ 667.042204][T13265] ? __fget_files+0x23d/0x3e0 [ 667.046887][T13265] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 667.053121][T13265] ? tty_lookup_driver+0x550/0x550 [ 667.058227][T13265] __x64_sys_ioctl+0x193/0x200 [ 667.062994][T13265] do_syscall_64+0x35/0xb0 [ 667.067428][T13265] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 667.073323][T13265] RIP: 0033:0x4665f9 [ 667.077213][T13265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 667.096817][T13265] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 667.105233][T13265] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 667.113231][T13265] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 667.121345][T13265] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 667.129538][T13265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 667.137559][T13265] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 667.149621][ T7582] Bluetooth: hci7: command 0x1009 tx timeout [ 667.168864][ T7582] Bluetooth: hci9: command 0x1009 tx timeout [ 667.169243][T13265] Bluetooth: Can't register HCI device 09:39:55 executing program 1 (fault-call:4 fault-nth:25): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 667.255149][T13272] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 667.266145][T13272] FAULT_INJECTION: forcing a failure. [ 667.266145][T13272] name failslab, interval 1, probability 0, space 0, times 0 [ 667.279527][T13272] CPU: 1 PID: 13272 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 667.289198][T13272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.299291][T13272] Call Trace: [ 667.302588][T13272] dump_stack_lvl+0xcd/0x134 [ 667.307284][T13272] should_fail.cold+0x5/0xa [ 667.311796][T13272] should_failslab+0x5/0x10 [ 667.316319][T13272] __kmalloc_track_caller+0x79/0x310 [ 667.321617][T13272] ? kstrdup_const+0x53/0x80 [ 667.326250][T13272] kstrdup+0x36/0x70 [ 667.330241][T13272] kstrdup_const+0x53/0x80 [ 667.334667][T13272] __kernfs_new_node+0x9d/0x8b0 [ 667.339555][T13272] ? kernfs_path_from_node+0x60/0x60 [ 667.344859][T13272] ? find_held_lock+0x2d/0x110 [ 667.349730][T13272] ? sysfs_do_create_link_sd+0x82/0x140 [ 667.355465][T13272] kernfs_new_node+0x93/0x120 [ 667.360153][T13272] kernfs_create_link+0xcb/0x230 [ 667.365098][T13272] sysfs_do_create_link_sd+0x90/0x140 [ 667.370660][T13272] sysfs_create_link+0x5f/0xc0 [ 667.375431][T13272] device_add+0x78f/0x21b0 [ 667.379866][T13272] ? device_initialize+0x560/0x560 [ 667.384988][T13272] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 667.391240][T13272] ? start_creating.part.0+0x18f/0x290 [ 667.396830][T13272] hci_register_dev+0x2f6/0xbd0 [ 667.401691][T13272] hci_uart_tty_ioctl+0x8c5/0xc50 [ 667.406918][T13272] tty_ioctl+0xc69/0x1670 [ 667.411257][T13272] ? hci_uart_init_work+0x170/0x170 [ 667.416467][T13272] ? tty_lookup_driver+0x550/0x550 [ 667.421595][T13272] ? lock_downgrade+0x6e0/0x6e0 [ 667.426472][T13272] ? __fget_files+0x23d/0x3e0 [ 667.431164][T13272] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 667.437425][T13272] ? tty_lookup_driver+0x550/0x550 [ 667.442544][T13272] __x64_sys_ioctl+0x193/0x200 [ 667.447404][T13272] do_syscall_64+0x35/0xb0 [ 667.451830][T13272] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 667.457728][T13272] RIP: 0033:0x4665f9 [ 667.461620][T13272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 667.481228][T13272] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 667.489653][T13272] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 667.497622][T13272] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 667.505677][T13272] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 667.513659][T13272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 667.521626][T13272] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 667.541871][ T7582] Bluetooth: hci10: command 0x1009 tx timeout [ 667.555475][T13272] Bluetooth: Can't register HCI device 09:39:55 executing program 1 (fault-call:4 fault-nth:26): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 667.683088][T13279] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 667.699562][T13279] FAULT_INJECTION: forcing a failure. [ 667.699562][T13279] name failslab, interval 1, probability 0, space 0, times 0 [ 667.713816][T13279] CPU: 0 PID: 13279 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 667.723482][T13279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.733552][T13279] Call Trace: [ 667.736844][T13279] dump_stack_lvl+0xcd/0x134 [ 667.741558][T13279] should_fail.cold+0x5/0xa [ 667.746366][T13279] ? __kernfs_new_node+0xd4/0x8b0 [ 667.751427][T13279] should_failslab+0x5/0x10 [ 667.756049][T13279] kmem_cache_alloc+0x5e/0x390 [ 667.760842][T13279] __kernfs_new_node+0xd4/0x8b0 [ 667.765737][T13279] ? kernfs_path_from_node+0x60/0x60 [ 667.771061][T13279] ? find_held_lock+0x2d/0x110 [ 667.775863][T13279] ? kernfs_add_one+0x368/0x4c0 [ 667.780734][T13279] ? lock_downgrade+0x6e0/0x6e0 [ 667.785610][T13279] kernfs_create_dir_ns+0x9c/0x220 [ 667.790725][T13279] internal_create_group+0x798/0xb20 [ 667.796108][T13279] ? sysfs_remove_group+0x170/0x170 [ 667.801404][T13279] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 667.807650][T13279] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 667.813982][T13279] ? kernfs_put+0x31/0x50 [ 667.818350][T13279] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 667.824622][T13279] dpm_sysfs_add+0x7e/0x290 [ 667.829220][T13279] device_add+0xad8/0x21b0 [ 667.833725][T13279] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 667.840056][T13279] ? start_creating.part.0+0x18f/0x290 [ 667.845603][T13279] hci_register_dev+0x2f6/0xbd0 [ 667.850493][T13279] hci_uart_tty_ioctl+0x8c5/0xc50 [ 667.855515][T13279] tty_ioctl+0xc69/0x1670 [ 667.859843][T13279] ? hci_uart_init_work+0x170/0x170 [ 667.865062][T13279] ? tty_lookup_driver+0x550/0x550 [ 667.870341][T13279] ? lock_downgrade+0x6e0/0x6e0 [ 667.875220][T13279] ? __fget_files+0x23d/0x3e0 [ 667.880098][T13279] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 667.886360][T13279] ? tty_lookup_driver+0x550/0x550 [ 667.891562][T13279] __x64_sys_ioctl+0x193/0x200 [ 667.896353][T13279] do_syscall_64+0x35/0xb0 [ 667.900793][T13279] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 667.906715][T13279] RIP: 0033:0x4665f9 [ 667.910619][T13279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 667.930467][T13279] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 667.938877][T13279] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 667.946865][T13279] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 667.954949][T13279] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 667.962922][T13279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 667.971372][T13279] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:39:56 executing program 1 (fault-call:4 fault-nth:27): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 667.995773][T13279] Bluetooth: Can't register HCI device [ 668.093831][T13286] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 668.113348][T13286] FAULT_INJECTION: forcing a failure. [ 668.113348][T13286] name failslab, interval 1, probability 0, space 0, times 0 [ 668.126764][T13286] CPU: 0 PID: 13286 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 668.136430][T13286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.146506][T13286] Call Trace: [ 668.149801][T13286] dump_stack_lvl+0xcd/0x134 [ 668.154512][T13286] should_fail.cold+0x5/0xa [ 668.159224][T13286] ? __kernfs_new_node+0xd4/0x8b0 [ 668.164291][T13286] should_failslab+0x5/0x10 [ 668.168819][T13286] kmem_cache_alloc+0x5e/0x390 [ 668.173618][T13286] __kernfs_new_node+0xd4/0x8b0 [ 668.178500][T13286] ? kernfs_path_from_node+0x60/0x60 [ 668.183803][T13286] ? find_held_lock+0x2d/0x110 [ 668.188599][T13286] ? kernfs_add_one+0x368/0x4c0 [ 668.193462][T13286] ? lock_downgrade+0x6e0/0x6e0 [ 668.198402][T13286] kernfs_create_dir_ns+0x9c/0x220 [ 668.203516][T13286] internal_create_group+0x798/0xb20 [ 668.208815][T13286] ? sysfs_remove_group+0x170/0x170 [ 668.214038][T13286] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 668.220318][T13286] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 668.226669][T13286] ? kernfs_put+0x31/0x50 [ 668.231010][T13286] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 668.237266][T13286] dpm_sysfs_add+0x7e/0x290 [ 668.241787][T13286] device_add+0xad8/0x21b0 [ 668.246224][T13286] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 668.252483][T13286] ? start_creating.part.0+0x18f/0x290 [ 668.257960][T13286] hci_register_dev+0x2f6/0xbd0 [ 668.262829][T13286] hci_uart_tty_ioctl+0x8c5/0xc50 [ 668.267884][T13286] tty_ioctl+0xc69/0x1670 [ 668.272217][T13286] ? hci_uart_init_work+0x170/0x170 [ 668.277444][T13286] ? tty_lookup_driver+0x550/0x550 [ 668.282579][T13286] ? lock_downgrade+0x6e0/0x6e0 [ 668.287455][T13286] ? __fget_files+0x23d/0x3e0 [ 668.292157][T13286] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 668.298414][T13286] ? tty_lookup_driver+0x550/0x550 [ 668.303531][T13286] __x64_sys_ioctl+0x193/0x200 [ 668.308316][T13286] do_syscall_64+0x35/0xb0 [ 668.312739][T13286] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 668.318638][T13286] RIP: 0033:0x4665f9 [ 668.322546][T13286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 668.342240][T13286] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 668.350674][T13286] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 668.358642][T13286] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 668.366614][T13286] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 668.374668][T13286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 668.382634][T13286] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 668.409479][T13286] Bluetooth: Can't register HCI device 09:39:57 executing program 1 (fault-call:4 fault-nth:28): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 668.970087][T13298] FAULT_INJECTION: forcing a failure. [ 668.970087][T13298] name failslab, interval 1, probability 0, space 0, times 0 [ 668.990713][T13298] CPU: 1 PID: 13298 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 669.000417][T13298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.010579][T13298] Call Trace: [ 669.013969][T13298] dump_stack_lvl+0xcd/0x134 [ 669.018593][T13298] should_fail.cold+0x5/0xa [ 669.023210][T13298] ? __kernfs_new_node+0xd4/0x8b0 [ 669.028281][T13298] should_failslab+0x5/0x10 [ 669.032809][T13298] kmem_cache_alloc+0x5e/0x390 [ 669.037606][T13298] __kernfs_new_node+0xd4/0x8b0 [ 669.042489][T13298] ? kernfs_path_from_node+0x60/0x60 [ 669.047813][T13298] ? find_held_lock+0x2d/0x110 [ 669.052650][T13298] ? sysfs_do_create_link_sd+0x82/0x140 [ 669.058200][T13298] kernfs_new_node+0x93/0x120 [ 669.062878][T13298] kernfs_create_link+0xcb/0x230 [ 669.067818][T13298] sysfs_do_create_link_sd+0x90/0x140 [ 669.073194][T13298] sysfs_create_link+0x5f/0xc0 [ 669.077954][T13298] device_add+0x78f/0x21b0 [ 669.082365][T13298] ? device_initialize+0x560/0x560 [ 669.087474][T13298] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 669.093714][T13298] hci_register_dev+0x2f6/0xbd0 [ 669.098557][T13298] hci_uart_tty_ioctl+0x8c5/0xc50 [ 669.103690][T13298] tty_ioctl+0xc69/0x1670 [ 669.108099][T13298] ? hci_uart_init_work+0x170/0x170 [ 669.113381][T13298] ? tty_lookup_driver+0x550/0x550 [ 669.118603][T13298] ? lock_downgrade+0x6e0/0x6e0 [ 669.123486][T13298] ? __fget_files+0x23d/0x3e0 [ 669.128158][T13298] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 669.134392][T13298] ? tty_lookup_driver+0x550/0x550 [ 669.139496][T13298] __x64_sys_ioctl+0x193/0x200 [ 669.144261][T13298] do_syscall_64+0x35/0xb0 [ 669.148675][T13298] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 669.154655][T13298] RIP: 0033:0x4665f9 [ 669.158554][T13298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 669.178153][T13298] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 669.186696][T13298] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 669.194767][T13298] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 669.202857][T13298] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 669.211045][T13298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 669.219015][T13298] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 669.243124][T13298] Bluetooth: Can't register HCI device 09:39:58 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 09:39:58 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:39:58 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 670.929321][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) [ 670.938831][T13324] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 670.946973][T11096] Bluetooth: hci7: Frame reassembly failed (-84) [ 670.985362][T13329] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 671.007525][ T9149] Bluetooth: hci8: Frame reassembly failed (-84) [ 671.023261][T13329] Bluetooth: hci8: Frame reassembly failed (-84) 09:39:59 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 09:39:59 executing program 5 (fault-call:5 fault-nth:0): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:39:59 executing program 1 (fault-call:4 fault-nth:29): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 671.546135][T13343] FAULT_INJECTION: forcing a failure. [ 671.546135][T13343] name failslab, interval 1, probability 0, space 0, times 0 [ 671.569708][T13343] CPU: 1 PID: 13343 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 671.579562][T13343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.589725][T13343] Call Trace: [ 671.593006][T13343] dump_stack_lvl+0xcd/0x134 [ 671.597612][T13343] should_fail.cold+0x5/0xa [ 671.602121][T13343] ? __kernfs_new_node+0xd4/0x8b0 [ 671.607160][T13343] should_failslab+0x5/0x10 [ 671.611681][T13343] kmem_cache_alloc+0x5e/0x390 [ 671.616455][T13343] __kernfs_new_node+0xd4/0x8b0 [ 671.621318][T13343] ? kernfs_path_from_node+0x60/0x60 [ 671.626618][T13343] ? find_held_lock+0x2d/0x110 [ 671.631390][T13343] ? kernfs_add_one+0x368/0x4c0 [ 671.636247][T13343] ? lock_downgrade+0x6e0/0x6e0 [ 671.641114][T13343] kernfs_create_dir_ns+0x9c/0x220 [ 671.646354][T13343] internal_create_group+0x798/0xb20 [ 671.651738][T13343] ? sysfs_remove_group+0x170/0x170 [ 671.656944][T13343] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 671.663282][T13343] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 671.669532][T13343] ? kernfs_put+0x31/0x50 [ 671.673963][T13343] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 671.680302][T13343] dpm_sysfs_add+0x7e/0x290 [ 671.684812][T13343] device_add+0xad8/0x21b0 [ 671.689243][T13343] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 671.695502][T13343] hci_register_dev+0x2f6/0xbd0 [ 671.700372][T13343] hci_uart_tty_ioctl+0x8c5/0xc50 [ 671.705512][T13343] tty_ioctl+0xc69/0x1670 [ 671.709855][T13343] ? hci_uart_init_work+0x170/0x170 [ 671.715077][T13343] ? tty_lookup_driver+0x550/0x550 [ 671.720293][T13343] ? lock_downgrade+0x6e0/0x6e0 [ 671.725163][T13343] ? __fget_files+0x23d/0x3e0 [ 671.729847][T13343] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 671.736184][T13343] ? tty_lookup_driver+0x550/0x550 [ 671.741560][T13343] __x64_sys_ioctl+0x193/0x200 [ 671.746336][T13343] do_syscall_64+0x35/0xb0 [ 671.750852][T13343] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 671.756939][T13343] RIP: 0033:0x4665f9 [ 671.760831][T13343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 671.780527][T13343] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 671.789056][T13343] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 671.797059][T13343] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 671.805058][T13343] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 671.813116][T13343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 671.821086][T13343] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 671.832547][T13342] FAULT_INJECTION: forcing a failure. [ 671.832547][T13342] name failslab, interval 1, probability 0, space 0, times 0 [ 671.852682][T11096] Bluetooth: hci9: Frame reassembly failed (-84) [ 671.861905][T13343] Bluetooth: Can't register HCI device [ 671.882341][T13342] CPU: 1 PID: 13342 Comm: syz-executor.5 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 671.892027][T13342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.902100][T13342] Call Trace: [ 671.905395][T13342] dump_stack_lvl+0xcd/0x134 [ 671.910016][T13342] should_fail.cold+0x5/0xa [ 671.914808][T13342] ? tomoyo_realpath_from_path+0xc3/0x620 [ 671.920559][T13342] should_failslab+0x5/0x10 [ 671.925091][T13342] __kmalloc+0x72/0x320 [ 671.929524][T13342] tomoyo_realpath_from_path+0xc3/0x620 [ 671.935294][T13342] ? tomoyo_profile+0x42/0x50 [ 671.940004][T13342] tomoyo_path_number_perm+0x1d5/0x590 [ 671.945555][T13342] ? tomoyo_path_number_perm+0x18d/0x590 [ 671.951224][T13342] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 671.957096][T13342] ? lock_downgrade+0x6e0/0x6e0 [ 671.961989][T13342] ? __fget_files+0x23d/0x3e0 [ 671.967386][T13342] security_file_ioctl+0x50/0xb0 [ 671.972359][T13342] __x64_sys_ioctl+0xb3/0x200 [ 671.977066][T13342] do_syscall_64+0x35/0xb0 [ 671.981508][T13342] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 671.987601][T13342] RIP: 0033:0x4665f9 [ 671.991518][T13342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 672.011323][T13342] RSP: 002b:00007f6c9bbb9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 672.019763][T13342] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 672.027759][T13342] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 672.035835][T13342] RBP: 00007f6c9bbb91d0 R08: 0000000000000000 R09: 0000000000000000 [ 672.043917][T13342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 09:40:00 executing program 1 (fault-call:4 fault-nth:30): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 672.051995][T13342] R13: 00007fff53215a7f R14: 00007f6c9bbb9300 R15: 0000000000022000 09:40:00 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 672.132589][T13342] ERROR: Out of memory at tomoyo_realpath_from_path. [ 672.138263][T13355] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 672.144498][T13342] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 672.153921][T13355] FAULT_INJECTION: forcing a failure. [ 672.153921][T13355] name failslab, interval 1, probability 0, space 0, times 0 [ 672.192855][T13355] CPU: 0 PID: 13355 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 672.203685][T13355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.206227][T13361] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 672.213756][T13355] Call Trace: [ 672.213772][T13355] dump_stack_lvl+0xcd/0x134 [ 672.213811][T13355] should_fail.cold+0x5/0xa [ 672.213841][T13355] ? __kernfs_new_node+0xd4/0x8b0 [ 672.213874][T13355] should_failslab+0x5/0x10 [ 672.213896][T13355] kmem_cache_alloc+0x5e/0x390 [ 672.213925][T13355] __kernfs_new_node+0xd4/0x8b0 [ 672.213958][T13355] ? kernfs_path_from_node+0x60/0x60 [ 672.258893][T13355] ? lock_downgrade+0x6e0/0x6e0 [ 672.263876][T13355] ? up_write+0x148/0x470 [ 672.268224][T13355] ? kernfs_activate+0x167/0x1d0 [ 672.273189][T13355] kernfs_new_node+0x93/0x120 [ 672.277896][T13355] __kernfs_create_file+0x51/0x350 [ 672.283036][T13355] sysfs_add_file_mode_ns+0x226/0x540 [ 672.288441][T13355] sysfs_merge_group+0x198/0x320 [ 672.293573][T13355] ? sysfs_update_group+0x30/0x30 [ 672.298611][T13355] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 672.304860][T13355] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 672.311106][T13355] ? kernfs_put+0x31/0x50 [ 672.315446][T13355] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 672.321698][T13355] dpm_sysfs_add+0x241/0x290 [ 672.326297][T13355] device_add+0xad8/0x21b0 [ 672.330729][T13355] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 672.337002][T13355] ? start_creating.part.0+0x18f/0x290 [ 672.342477][T13355] hci_register_dev+0x2f6/0xbd0 [ 672.347340][T13355] hci_uart_tty_ioctl+0x8c5/0xc50 [ 672.352386][T13355] tty_ioctl+0xc69/0x1670 [ 672.356888][T13355] ? hci_uart_init_work+0x170/0x170 [ 672.362100][T13355] ? tty_lookup_driver+0x550/0x550 [ 672.367311][T13355] ? lock_downgrade+0x6e0/0x6e0 [ 672.372199][T13355] ? __fget_files+0x23d/0x3e0 [ 672.376971][T13355] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 672.383304][T13355] ? tty_lookup_driver+0x550/0x550 [ 672.388508][T13355] __x64_sys_ioctl+0x193/0x200 [ 672.393365][T13355] do_syscall_64+0x35/0xb0 [ 672.397788][T13355] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 672.403776][T13355] RIP: 0033:0x4665f9 [ 672.407671][T13355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 672.427556][T13355] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 672.435972][T13355] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 672.443943][T13355] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 672.451921][T13355] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 672.459890][T13355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 672.467951][T13355] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 672.477790][ T8552] Bluetooth: hci6: command 0x1003 tx timeout 09:40:00 executing program 1 (fault-call:4 fault-nth:31): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 672.494542][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 672.495060][T13355] Bluetooth: Can't register HCI device [ 672.582926][T13367] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 672.593244][T13367] FAULT_INJECTION: forcing a failure. [ 672.593244][T13367] name failslab, interval 1, probability 0, space 0, times 0 [ 672.606261][T13367] CPU: 1 PID: 13367 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 672.616089][T13367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.626166][T13367] Call Trace: [ 672.629455][T13367] dump_stack_lvl+0xcd/0x134 [ 672.634078][T13367] should_fail.cold+0x5/0xa [ 672.638620][T13367] ? __kernfs_new_node+0xd4/0x8b0 [ 672.643679][T13367] should_failslab+0x5/0x10 [ 672.648337][T13367] kmem_cache_alloc+0x5e/0x390 [ 672.653333][T13367] __kernfs_new_node+0xd4/0x8b0 [ 672.658224][T13367] ? kernfs_path_from_node+0x60/0x60 [ 672.663547][T13367] ? lock_downgrade+0x6e0/0x6e0 [ 672.668441][T13367] ? up_write+0x148/0x470 [ 672.672788][T13367] ? kernfs_activate+0x167/0x1d0 [ 672.677759][T13367] kernfs_new_node+0x93/0x120 [ 672.682558][T13367] __kernfs_create_file+0x51/0x350 [ 672.687711][T13367] sysfs_add_file_mode_ns+0x226/0x540 [ 672.693125][T13367] sysfs_merge_group+0x198/0x320 [ 672.698095][T13367] ? sysfs_update_group+0x30/0x30 [ 672.703154][T13367] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 672.709427][T13367] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 672.715689][T13367] ? kernfs_put+0x31/0x50 [ 672.720028][T13367] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 672.726283][T13367] dpm_sysfs_add+0x241/0x290 [ 672.730906][T13367] device_add+0xad8/0x21b0 [ 672.735338][T13367] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 672.741617][T13367] ? start_creating.part.0+0x18f/0x290 [ 672.747107][T13367] hci_register_dev+0x2f6/0xbd0 [ 672.751993][T13367] hci_uart_tty_ioctl+0x8c5/0xc50 [ 672.757044][T13367] tty_ioctl+0xc69/0x1670 [ 672.761462][T13367] ? hci_uart_init_work+0x170/0x170 [ 672.766672][T13367] ? tty_lookup_driver+0x550/0x550 [ 672.771967][T13367] ? lock_downgrade+0x6e0/0x6e0 [ 672.776938][T13367] ? __fget_files+0x23d/0x3e0 [ 672.781623][T13367] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 672.787883][T13367] ? tty_lookup_driver+0x550/0x550 [ 672.793006][T13367] __x64_sys_ioctl+0x193/0x200 [ 672.797779][T13367] do_syscall_64+0x35/0xb0 [ 672.802199][T13367] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 672.808301][T13367] RIP: 0033:0x4665f9 [ 672.812215][T13367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 672.831842][T13367] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 672.840401][T13367] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 672.848404][T13367] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 672.856397][T13367] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 672.864367][T13367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 672.872367][T13367] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 672.897298][T13367] Bluetooth: Can't register HCI device [ 672.933103][ T25] Bluetooth: hci7: command 0x1003 tx timeout 09:40:01 executing program 1 (fault-call:4 fault-nth:32): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 672.954080][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 673.018623][ T8552] Bluetooth: hci8: command 0x1003 tx timeout [ 673.032525][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 673.042967][T13373] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 673.052263][T13373] FAULT_INJECTION: forcing a failure. [ 673.052263][T13373] name failslab, interval 1, probability 0, space 0, times 0 [ 673.065722][T13373] CPU: 1 PID: 13373 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 673.075390][T13373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 673.085477][T13373] Call Trace: [ 673.088773][T13373] dump_stack_lvl+0xcd/0x134 [ 673.093403][T13373] should_fail.cold+0x5/0xa [ 673.097944][T13373] ? __kernfs_new_node+0xd4/0x8b0 [ 673.103006][T13373] should_failslab+0x5/0x10 [ 673.107532][T13373] kmem_cache_alloc+0x5e/0x390 [ 673.112349][T13373] __kernfs_new_node+0xd4/0x8b0 [ 673.117246][T13373] ? kernfs_path_from_node+0x60/0x60 [ 673.122567][T13373] ? lock_downgrade+0x6e0/0x6e0 [ 673.127477][T13373] ? up_write+0x148/0x470 [ 673.132006][T13373] ? kernfs_activate+0x167/0x1d0 [ 673.136972][T13373] kernfs_new_node+0x93/0x120 [ 673.141682][T13373] __kernfs_create_file+0x51/0x350 [ 673.146826][T13373] sysfs_add_file_mode_ns+0x226/0x540 [ 673.152238][T13373] sysfs_merge_group+0x198/0x320 [ 673.157216][T13373] ? sysfs_update_group+0x30/0x30 [ 673.162279][T13373] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 673.168552][T13373] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 673.174858][T13373] ? kernfs_put+0x31/0x50 [ 673.179245][T13373] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 673.185524][T13373] dpm_sysfs_add+0x241/0x290 [ 673.190148][T13373] device_add+0xad8/0x21b0 [ 673.194607][T13373] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 673.200883][T13373] ? start_creating.part.0+0x18f/0x290 [ 673.206383][T13373] hci_register_dev+0x2f6/0xbd0 [ 673.211265][T13373] hci_uart_tty_ioctl+0x8c5/0xc50 [ 673.216320][T13373] tty_ioctl+0xc69/0x1670 [ 673.220672][T13373] ? hci_uart_init_work+0x170/0x170 [ 673.225906][T13373] ? tty_lookup_driver+0x550/0x550 [ 673.231057][T13373] ? lock_downgrade+0x6e0/0x6e0 [ 673.235955][T13373] ? __fget_files+0x23d/0x3e0 [ 673.240665][T13373] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 673.246949][T13373] ? tty_lookup_driver+0x550/0x550 [ 673.252093][T13373] __x64_sys_ioctl+0x193/0x200 [ 673.256898][T13373] do_syscall_64+0x35/0xb0 [ 673.261348][T13373] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 673.267308][T13373] RIP: 0033:0x4665f9 [ 673.271222][T13373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 673.291032][T13373] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 673.299470][T13373] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 673.307554][T13373] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 673.315554][T13373] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 673.323553][T13373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 673.331636][T13373] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:40:01 executing program 1 (fault-call:4 fault-nth:33): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 673.396158][T13373] Bluetooth: Can't register HCI device [ 673.495206][T13381] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 673.503993][T13381] FAULT_INJECTION: forcing a failure. [ 673.503993][T13381] name failslab, interval 1, probability 0, space 0, times 0 [ 673.517417][T13381] CPU: 0 PID: 13381 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 673.527182][T13381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 673.537541][T13381] Call Trace: [ 673.540842][T13381] dump_stack_lvl+0xcd/0x134 [ 673.545476][T13381] should_fail.cold+0x5/0xa [ 673.550090][T13381] ? __kernfs_new_node+0xd4/0x8b0 [ 673.555148][T13381] should_failslab+0x5/0x10 [ 673.559680][T13381] kmem_cache_alloc+0x5e/0x390 [ 673.564474][T13381] __kernfs_new_node+0xd4/0x8b0 [ 673.569357][T13381] ? kernfs_path_from_node+0x60/0x60 [ 673.574683][T13381] ? lock_downgrade+0x6e0/0x6e0 [ 673.579569][T13381] ? up_write+0x148/0x470 [ 673.583918][T13381] ? kernfs_activate+0x167/0x1d0 [ 673.588867][T13381] kernfs_new_node+0x93/0x120 [ 673.593555][T13381] __kernfs_create_file+0x51/0x350 [ 673.598856][T13381] sysfs_add_file_mode_ns+0x226/0x540 [ 673.604247][T13381] sysfs_merge_group+0x198/0x320 [ 673.609199][T13381] ? sysfs_update_group+0x30/0x30 [ 673.614319][T13381] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 673.620661][T13381] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 673.626924][T13381] ? kernfs_put+0x31/0x50 [ 673.631279][T13381] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 673.637532][T13381] dpm_sysfs_add+0x241/0x290 [ 673.642151][T13381] device_add+0xad8/0x21b0 [ 673.646585][T13381] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 673.652851][T13381] ? start_creating.part.0+0x18f/0x290 [ 673.658326][T13381] hci_register_dev+0x2f6/0xbd0 [ 673.663194][T13381] hci_uart_tty_ioctl+0x8c5/0xc50 [ 673.668232][T13381] tty_ioctl+0xc69/0x1670 [ 673.672564][T13381] ? hci_uart_init_work+0x170/0x170 [ 673.677884][T13381] ? tty_lookup_driver+0x550/0x550 [ 673.683007][T13381] ? lock_downgrade+0x6e0/0x6e0 [ 673.687879][T13381] ? __fget_files+0x23d/0x3e0 [ 673.692569][T13381] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 673.698818][T13381] ? tty_lookup_driver+0x550/0x550 [ 673.703939][T13381] __x64_sys_ioctl+0x193/0x200 [ 673.708716][T13381] do_syscall_64+0x35/0xb0 [ 673.713137][T13381] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 673.719058][T13381] RIP: 0033:0x4665f9 [ 673.722953][T13381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 673.744336][T13381] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 673.752841][T13381] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 673.760813][T13381] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 673.768793][T13381] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 673.778521][T13381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 673.786689][T13381] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 673.810590][ T7582] Bluetooth: hci9: command 0x1003 tx timeout [ 673.816875][ T6581] Bluetooth: hci9: sending frame failed (-49) 09:40:02 executing program 1 (fault-call:4 fault-nth:34): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 673.875314][T13381] Bluetooth: Can't register HCI device [ 673.953074][T13388] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 673.962236][T13388] FAULT_INJECTION: forcing a failure. [ 673.962236][T13388] name failslab, interval 1, probability 0, space 0, times 0 [ 673.975959][T13388] CPU: 1 PID: 13388 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 673.985792][T13388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 673.995856][T13388] Call Trace: [ 673.999144][T13388] dump_stack_lvl+0xcd/0x134 [ 674.003748][T13388] should_fail.cold+0x5/0xa [ 674.008267][T13388] ? kobject_uevent_env+0x240/0x1650 [ 674.013563][T13388] should_failslab+0x5/0x10 [ 674.018070][T13388] kmem_cache_alloc_trace+0x55/0x3c0 [ 674.023374][T13388] ? dev_uevent_filter+0xd0/0xd0 [ 674.028675][T13388] kobject_uevent_env+0x240/0x1650 [ 674.033868][T13388] device_add+0xbc6/0x21b0 [ 674.038307][T13388] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 674.044575][T13388] ? start_creating.part.0+0x18f/0x290 [ 674.050075][T13388] hci_register_dev+0x2f6/0xbd0 [ 674.054940][T13388] hci_uart_tty_ioctl+0x8c5/0xc50 [ 674.059990][T13388] tty_ioctl+0xc69/0x1670 [ 674.064319][T13388] ? hci_uart_init_work+0x170/0x170 [ 674.069527][T13388] ? tty_lookup_driver+0x550/0x550 [ 674.074651][T13388] ? lock_downgrade+0x6e0/0x6e0 [ 674.079519][T13388] ? __fget_files+0x23d/0x3e0 [ 674.084224][T13388] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 674.090483][T13388] ? tty_lookup_driver+0x550/0x550 [ 674.095618][T13388] __x64_sys_ioctl+0x193/0x200 [ 674.100395][T13388] do_syscall_64+0x35/0xb0 [ 674.104831][T13388] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 674.110828][T13388] RIP: 0033:0x4665f9 [ 674.114719][T13388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 674.134595][T13388] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 674.143014][T13388] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 674.151019][T13388] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 674.158989][T13388] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 674.167045][T13388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 674.175017][T13388] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 674.528539][ T25] Bluetooth: hci6: command 0x1001 tx timeout [ 674.534803][ T25] Bluetooth: hci11: command 0x1003 tx timeout [ 674.535960][T11051] Bluetooth: hci6: sending frame failed (-49) [ 674.550272][T11051] Bluetooth: hci11: sending frame failed (-49) [ 675.008405][ T25] Bluetooth: hci7: command 0x1001 tx timeout [ 675.015299][T11051] Bluetooth: hci7: sending frame failed (-49) [ 675.088429][ T25] Bluetooth: hci8: command 0x1001 tx timeout [ 675.095787][T11051] Bluetooth: hci8: sending frame failed (-49) [ 675.888579][ T25] Bluetooth: hci9: command 0x1001 tx timeout [ 675.896056][T11051] Bluetooth: hci9: sending frame failed (-49) [ 676.208484][ T8552] Bluetooth: hci10: command 0x1003 tx timeout [ 676.216406][T11051] Bluetooth: hci10: sending frame failed (-49) [ 676.608375][ T7582] Bluetooth: hci11: command 0x1001 tx timeout [ 676.615491][T11051] Bluetooth: hci11: sending frame failed (-49) [ 676.623709][ T7582] Bluetooth: hci6: command 0x1009 tx timeout [ 677.098433][ T8552] Bluetooth: hci7: command 0x1009 tx timeout [ 677.168312][ T8552] Bluetooth: hci8: command 0x1009 tx timeout [ 677.978463][ T7582] Bluetooth: hci9: command 0x1009 tx timeout [ 678.288327][ T7582] Bluetooth: hci10: command 0x1001 tx timeout [ 678.295425][T11051] Bluetooth: hci10: sending frame failed (-49) [ 678.698333][ T7582] Bluetooth: hci11: command 0x1009 tx timeout [ 680.368465][ T8552] Bluetooth: hci10: command 0x1009 tx timeout 09:40:08 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 680.552106][T10154] Bluetooth: hci6: Frame reassembly failed (-84) 09:40:09 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:40:09 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:40:09 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 681.177833][ T8] Bluetooth: hci7: Frame reassembly failed (-84) [ 681.186814][T13415] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:40:09 executing program 5 (fault-call:5 fault-nth:1): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:40:09 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:40:09 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 681.804448][T13437] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 681.834647][T10154] Bluetooth: hci8: Frame reassembly failed (-84) [ 681.837296][T13437] FAULT_INJECTION: forcing a failure. [ 681.837296][T13437] name failslab, interval 1, probability 0, space 0, times 0 [ 681.854568][T13437] CPU: 0 PID: 13437 Comm: syz-executor.5 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 681.864235][T13437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.874310][T13437] Call Trace: [ 681.877605][T13437] dump_stack_lvl+0xcd/0x134 [ 681.882339][T13437] should_fail.cold+0x5/0xa [ 681.886872][T13437] ? tomoyo_encode2.part.0+0xe9/0x3a0 [ 681.892278][T13437] should_failslab+0x5/0x10 [ 681.896805][T13437] __kmalloc+0x72/0x320 [ 681.901090][T13437] tomoyo_encode2.part.0+0xe9/0x3a0 [ 681.906325][T13437] tomoyo_encode+0x28/0x50 [ 681.910863][T13437] tomoyo_realpath_from_path+0x186/0x620 [ 681.916537][T13437] tomoyo_path_number_perm+0x1d5/0x590 [ 681.922025][T13437] ? tomoyo_path_number_perm+0x18d/0x590 [ 681.927695][T13437] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 681.933565][T13437] ? lock_downgrade+0x6e0/0x6e0 [ 681.938452][T13437] ? __fget_files+0x23d/0x3e0 [ 681.943171][T13437] security_file_ioctl+0x50/0xb0 [ 681.948136][T13437] __x64_sys_ioctl+0xb3/0x200 [ 681.952923][T13437] do_syscall_64+0x35/0xb0 [ 681.957360][T13437] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 681.963399][T13437] RIP: 0033:0x4665f9 [ 681.967328][T13437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 681.986958][T13437] RSP: 002b:00007f6c9bbb9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 681.995396][T13437] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 682.003388][T13437] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 682.011639][T13437] RBP: 00007f6c9bbb91d0 R08: 0000000000000000 R09: 0000000000000000 [ 682.019800][T13437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 682.028010][T13437] R13: 00007fff53215a7f R14: 00007f6c9bbb9300 R15: 0000000000022000 [ 682.067814][T13437] ERROR: Out of memory at tomoyo_realpath_from_path. [ 682.075568][T13437] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:40:10 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 09:40:10 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:40:10 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 682.439095][T11358] Bluetooth: hci9: sending frame failed (-49) 09:40:10 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)) [ 682.618152][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 682.631498][T11358] Bluetooth: hci6: sending frame failed (-49) [ 683.247976][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 683.255003][T11358] Bluetooth: hci7: sending frame failed (-49) [ 683.888015][ T8552] Bluetooth: hci8: command 0x1003 tx timeout [ 683.895017][T11358] Bluetooth: hci8: sending frame failed (-49) 09:40:12 executing program 1 (fault-call:4 fault-nth:35): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 684.330057][T13477] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 684.350051][T13477] FAULT_INJECTION: forcing a failure. [ 684.350051][T13477] name failslab, interval 1, probability 0, space 0, times 0 [ 684.366012][T13477] CPU: 0 PID: 13477 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 684.375688][T13477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.385762][T13477] Call Trace: [ 684.389060][T13477] dump_stack_lvl+0xcd/0x134 [ 684.393679][T13477] should_fail.cold+0x5/0xa [ 684.398180][T13477] should_failslab+0x5/0x10 [ 684.402847][T13477] __kmalloc_node_track_caller+0x7d/0x340 [ 684.408740][T13477] ? alloc_uevent_skb+0x7b/0x210 [ 684.413677][T13477] __alloc_skb+0xde/0x340 [ 684.418054][T13477] alloc_uevent_skb+0x7b/0x210 [ 684.422812][T13477] kobject_uevent_env+0xb09/0x1650 [ 684.427925][T13477] device_add+0xbc6/0x21b0 [ 684.432338][T13477] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 684.438569][T13477] ? start_creating.part.0+0x18f/0x290 [ 684.444022][T13477] hci_register_dev+0x2f6/0xbd0 [ 684.448875][T13477] hci_uart_tty_ioctl+0x8c5/0xc50 [ 684.453890][T13477] tty_ioctl+0xc69/0x1670 [ 684.458291][T13477] ? hci_uart_init_work+0x170/0x170 [ 684.463568][T13477] ? tty_lookup_driver+0x550/0x550 [ 684.468696][T13477] ? lock_downgrade+0x6e0/0x6e0 [ 684.473552][T13477] ? __fget_files+0x23d/0x3e0 [ 684.478414][T13477] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 684.484645][T13477] ? tty_lookup_driver+0x550/0x550 [ 684.489744][T13477] __x64_sys_ioctl+0x193/0x200 [ 684.494524][T13477] do_syscall_64+0x35/0xb0 [ 684.498929][T13477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 684.504829][T13477] RIP: 0033:0x4665f9 [ 684.508730][T13477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 684.528362][T13477] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 684.536765][T13477] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 684.544725][T13477] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 684.552788][T13477] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 684.560832][T13477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 684.568792][T13477] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 684.580785][ T1052] Bluetooth: hci9: command 0x1003 tx timeout [ 684.586904][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 684.606570][T11096] Bluetooth: hci10: Frame reassembly failed (-84) [ 684.688013][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 684.694211][T11358] Bluetooth: hci6: sending frame failed (-49) [ 685.327959][ T25] Bluetooth: hci7: command 0x1001 tx timeout [ 685.334926][T11358] Bluetooth: hci7: sending frame failed (-49) [ 685.488798][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.495305][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.967975][ T1052] Bluetooth: hci8: command 0x1001 tx timeout [ 685.974899][T11358] Bluetooth: hci8: sending frame failed (-49) [ 686.617954][ T1052] Bluetooth: hci10: command 0x1003 tx timeout [ 686.625348][T11358] Bluetooth: hci10: sending frame failed (-49) [ 686.632312][ T1052] Bluetooth: hci9: command 0x1001 tx timeout [ 686.638780][T11358] Bluetooth: hci9: sending frame failed (-49) [ 686.767774][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 687.407970][ T1052] Bluetooth: hci7: command 0x1009 tx timeout [ 688.057871][ T8458] Bluetooth: hci8: command 0x1009 tx timeout [ 688.698155][ T8458] Bluetooth: hci9: command 0x1009 tx timeout [ 688.707971][ T8458] Bluetooth: hci10: command 0x1001 tx timeout [ 688.714571][T11358] Bluetooth: hci10: sending frame failed (-49) 09:40:18 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 690.753131][T10154] Bluetooth: hci6: Frame reassembly failed (-84) [ 690.767848][ T8458] Bluetooth: hci10: command 0x1009 tx timeout 09:40:19 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:40:19 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)) 09:40:19 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)) [ 691.436282][T13507] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 691.453763][ T1136] Bluetooth: hci7: Frame reassembly failed (-84) 09:40:20 executing program 5 (fault-call:5 fault-nth:2): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:40:20 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 691.985183][T13521] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 692.009381][T13521] Bluetooth: hci8: Frame reassembly failed (-84) [ 692.022811][T13524] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 692.039409][T10154] Bluetooth: hci11: Frame reassembly failed (-84) [ 692.048650][T13524] FAULT_INJECTION: forcing a failure. [ 692.048650][T13524] name failslab, interval 1, probability 0, space 0, times 0 [ 692.061538][T13524] CPU: 1 PID: 13524 Comm: syz-executor.5 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 692.064159][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) [ 692.071193][T13524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.071213][T13524] Call Trace: [ 692.071224][T13524] dump_stack_lvl+0xcd/0x134 [ 692.071264][T13524] should_fail.cold+0x5/0xa [ 692.071298][T13524] should_failslab+0x5/0x10 [ 692.071323][T13524] kmem_cache_alloc_node+0x65/0x3d0 [ 692.071356][T13524] ? __alloc_skb+0x20b/0x340 [ 692.071386][T13524] __alloc_skb+0x20b/0x340 [ 692.071417][T13524] h4_recv_buf+0x573/0xdb0 [ 692.071461][T13524] ll_recv+0xec/0x200 [ 692.127758][T13524] hci_uart_tty_receive+0x24d/0x710 [ 692.133009][T13524] ? hci_uart_send_frame+0x6c0/0x6c0 [ 692.138312][T13524] tty_ioctl+0x909/0x1670 [ 692.142664][T13524] ? tty_lookup_driver+0x550/0x550 [ 692.147792][T13524] ? lock_downgrade+0x6e0/0x6e0 [ 692.152673][T13524] ? __fget_files+0x23d/0x3e0 [ 692.157372][T13524] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 692.163623][T13524] ? tty_lookup_driver+0x550/0x550 [ 692.168768][T13524] __x64_sys_ioctl+0x193/0x200 [ 692.173556][T13524] do_syscall_64+0x35/0xb0 [ 692.178081][T13524] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 692.183998][T13524] RIP: 0033:0x4665f9 [ 692.187909][T13524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 692.207537][T13524] RSP: 002b:00007f6c9bbb9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 692.216045][T13524] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 692.224022][T13524] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 692.231993][T13524] RBP: 00007f6c9bbb91d0 R08: 0000000000000000 R09: 0000000000000000 [ 692.240142][T13524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 692.248110][T13524] R13: 00007fff53215a7f R14: 00007f6c9bbb9300 R15: 0000000000022000 [ 692.406227][T13524] Bluetooth: hci11: Frame reassembly failed (-12) 09:40:20 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 692.633053][T13537] Bluetooth: hci9: Frame reassembly failed (-84) [ 692.643447][ T9149] Bluetooth: hci9: Frame reassembly failed (-84) [ 692.767513][ T8458] Bluetooth: hci6: command 0x1003 tx timeout [ 692.773900][T11051] Bluetooth: hci6: sending frame failed (-49) [ 693.487514][ T8458] Bluetooth: hci7: command 0x1003 tx timeout [ 693.494630][T11051] Bluetooth: hci7: sending frame failed (-49) [ 694.047405][ T1052] Bluetooth: hci8: command 0x1003 tx timeout [ 694.049306][ T7638] Bluetooth: hci11: command 0x1003 tx timeout [ 694.060032][T11051] Bluetooth: hci8: sending frame failed (-49) [ 694.073683][T11051] Bluetooth: hci11: sending frame failed (-49) [ 694.697390][ T7582] Bluetooth: hci9: command 0x1003 tx timeout [ 694.704461][T11051] Bluetooth: hci9: sending frame failed (-49) [ 694.847497][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 694.855021][T11051] Bluetooth: hci6: sending frame failed (-49) 09:40:23 executing program 1 (fault-call:4 fault-nth:36): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 695.172812][T13548] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 695.182066][T13548] FAULT_INJECTION: forcing a failure. [ 695.182066][T13548] name failslab, interval 1, probability 0, space 0, times 0 [ 695.195553][T13548] CPU: 1 PID: 13548 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 695.205210][T13548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.215371][T13548] Call Trace: [ 695.218655][T13548] dump_stack_lvl+0xcd/0x134 [ 695.223260][T13548] should_fail.cold+0x5/0xa [ 695.227779][T13548] ? skb_clone+0x170/0x3c0 [ 695.232198][T13548] should_failslab+0x5/0x10 [ 695.236701][T13548] kmem_cache_alloc+0x5e/0x390 [ 695.241483][T13548] skb_clone+0x170/0x3c0 [ 695.245740][T13548] netlink_broadcast_filtered+0xa0a/0xdc0 [ 695.251647][T13548] netlink_broadcast+0x35/0x40 [ 695.256422][T13548] kobject_uevent_env+0xad0/0x1650 [ 695.261569][T13548] device_add+0xbc6/0x21b0 [ 695.266008][T13548] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 695.272348][T13548] ? start_creating.part.0+0x18f/0x290 [ 695.277850][T13548] hci_register_dev+0x2f6/0xbd0 [ 695.282802][T13548] hci_uart_tty_ioctl+0x8c5/0xc50 [ 695.287839][T13548] tty_ioctl+0xc69/0x1670 [ 695.292177][T13548] ? hci_uart_init_work+0x170/0x170 [ 695.297387][T13548] ? tty_lookup_driver+0x550/0x550 [ 695.302507][T13548] ? lock_downgrade+0x6e0/0x6e0 [ 695.307376][T13548] ? __fget_files+0x23d/0x3e0 [ 695.312154][T13548] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 695.318401][T13548] ? tty_lookup_driver+0x550/0x550 [ 695.323514][T13548] __x64_sys_ioctl+0x193/0x200 [ 695.328283][T13548] do_syscall_64+0x35/0xb0 [ 695.332704][T13548] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 695.338618][T13548] RIP: 0033:0x4665f9 [ 695.344507][T13548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 695.364118][T13548] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.372640][T13548] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 695.380791][T13548] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 695.388846][T13548] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 695.396828][T13548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 695.404798][T13548] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 695.438764][T10154] Bluetooth: hci10: Frame reassembly failed (-84) [ 695.567426][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 695.575783][T11051] Bluetooth: hci7: sending frame failed (-49) [ 696.137395][ T7582] Bluetooth: hci11: command 0x1001 tx timeout [ 696.144299][T11051] Bluetooth: hci11: sending frame failed (-49) [ 696.152211][ T7582] Bluetooth: hci8: command 0x1001 tx timeout [ 696.159184][T11051] Bluetooth: hci8: sending frame failed (-49) [ 696.767382][ T8552] Bluetooth: hci9: command 0x1001 tx timeout [ 696.774006][T11051] Bluetooth: hci9: sending frame failed (-49) [ 696.937275][ T8552] Bluetooth: hci6: command 0x1009 tx timeout [ 697.497261][ T8552] Bluetooth: hci10: command 0x1003 tx timeout [ 697.504460][T11051] Bluetooth: hci10: sending frame failed (-49) [ 697.647374][ T8552] Bluetooth: hci7: command 0x1009 tx timeout [ 698.207217][ T8552] Bluetooth: hci8: command 0x1009 tx timeout [ 698.213344][ T8552] Bluetooth: hci11: command 0x1009 tx timeout [ 698.857163][ T8552] Bluetooth: hci9: command 0x1009 tx timeout [ 699.577252][ T8552] Bluetooth: hci10: command 0x1001 tx timeout [ 699.583826][T11051] Bluetooth: hci10: sending frame failed (-49) 09:40:29 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 700.941336][T13557] Bluetooth: hci6: Frame reassembly failed (-84) [ 700.951636][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) 09:40:29 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 701.581644][T11051] Bluetooth: hci7: sending frame failed (-49) [ 701.583823][T13568] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 701.666928][ T7582] Bluetooth: hci10: command 0x1009 tx timeout 09:40:30 executing program 5 (fault-call:5 fault-nth:3): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:40:30 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 702.225255][T13582] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 702.243726][T11096] Bluetooth: hci8: Frame reassembly failed (-84) [ 702.277080][T13582] FAULT_INJECTION: forcing a failure. [ 702.277080][T13582] name failslab, interval 1, probability 0, space 0, times 0 [ 702.309321][T13582] CPU: 0 PID: 13582 Comm: syz-executor.5 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 702.319007][T13582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.329086][T13582] Call Trace: [ 702.332379][T13582] dump_stack_lvl+0xcd/0x134 [ 702.337003][T13582] should_fail.cold+0x5/0xa [ 702.341540][T13582] should_failslab+0x5/0x10 [ 702.346063][T13582] __kmalloc_node_track_caller+0x7d/0x340 [ 702.351901][T13582] ? h4_recv_buf+0x573/0xdb0 [ 702.356537][T13582] __alloc_skb+0xde/0x340 [ 702.361167][T13582] h4_recv_buf+0x573/0xdb0 [ 702.365804][T13582] ll_recv+0xec/0x200 [ 702.369908][T13582] hci_uart_tty_receive+0x24d/0x710 [ 702.375575][T13582] ? hci_uart_send_frame+0x6c0/0x6c0 [ 702.380982][T13582] tty_ioctl+0x909/0x1670 [ 702.385340][T13582] ? tty_lookup_driver+0x550/0x550 [ 702.387204][T13590] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 702.390566][T13582] ? lock_downgrade+0x6e0/0x6e0 [ 702.390619][T13582] ? __fget_files+0x23d/0x3e0 [ 702.408493][T13582] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 702.414853][T13582] ? tty_lookup_driver+0x550/0x550 [ 702.420080][T13582] __x64_sys_ioctl+0x193/0x200 [ 702.424966][T13582] do_syscall_64+0x35/0xb0 [ 702.426508][T13590] Bluetooth: hci11: Frame reassembly failed (-84) [ 702.429399][T13582] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 702.429437][T13582] RIP: 0033:0x4665f9 [ 702.429459][T13582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 702.429485][T13582] RSP: 002b:00007f6c9bbb9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 702.429512][T13582] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 702.481902][T13582] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 702.489987][T13582] RBP: 00007f6c9bbb91d0 R08: 0000000000000000 R09: 0000000000000000 [ 702.497980][T13582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 702.505973][T13582] R13: 00007fff53215a7f R14: 00007f6c9bbb9300 R15: 0000000000022000 [ 702.525452][T10154] Bluetooth: hci11: Frame reassembly failed (-84) [ 702.562789][T13582] Bluetooth: hci8: Frame reassembly failed (-12) 09:40:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 702.902053][T13602] Bluetooth: hci9: Frame reassembly failed (-84) [ 702.923934][ T1136] Bluetooth: hci9: Frame reassembly failed (-84) [ 703.006971][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 703.013370][T11051] Bluetooth: hci6: sending frame failed (-49) [ 703.646939][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 703.655298][T11051] Bluetooth: hci7: sending frame failed (-49) [ 704.286910][ T25] Bluetooth: hci8: command 0x1003 tx timeout [ 704.293392][T11051] Bluetooth: hci8: sending frame failed (-49) [ 704.527002][ T25] Bluetooth: hci11: command 0x1003 tx timeout [ 704.534159][T11051] Bluetooth: hci11: sending frame failed (-49) [ 704.926878][ T1052] Bluetooth: hci9: command 0x1003 tx timeout [ 704.933953][T11051] Bluetooth: hci9: sending frame failed (-49) [ 705.086831][ T25] Bluetooth: hci6: command 0x1001 tx timeout [ 705.093078][T11051] Bluetooth: hci6: sending frame failed (-49) [ 705.726916][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 705.734213][T11051] Bluetooth: hci7: sending frame failed (-49) 09:40:34 executing program 1 (fault-call:4 fault-nth:37): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 706.055585][T13613] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 706.064968][T13613] FAULT_INJECTION: forcing a failure. [ 706.064968][T13613] name failslab, interval 1, probability 0, space 0, times 0 [ 706.080931][T13613] CPU: 0 PID: 13613 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 706.090602][T13613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.100674][T13613] Call Trace: [ 706.103969][T13613] dump_stack_lvl+0xcd/0x134 [ 706.108601][T13613] should_fail.cold+0x5/0xa [ 706.113162][T13613] ? call_usermodehelper_setup+0x97/0x340 [ 706.119074][T13613] should_failslab+0x5/0x10 [ 706.123598][T13613] kmem_cache_alloc_trace+0x55/0x3c0 [ 706.128904][T13613] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 706.134830][T13613] call_usermodehelper_setup+0x97/0x340 [ 706.140413][T13613] ? kobj_ns_initial+0x90/0x90 [ 706.145211][T13613] kobject_uevent_env+0xf73/0x1650 [ 706.150372][T13613] device_add+0xbc6/0x21b0 [ 706.154833][T13613] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 706.161114][T13613] ? start_creating.part.0+0x18f/0x290 [ 706.166706][T13613] hci_register_dev+0x2f6/0xbd0 [ 706.171586][T13613] hci_uart_tty_ioctl+0x8c5/0xc50 [ 706.176642][T13613] tty_ioctl+0xc69/0x1670 [ 706.181155][T13613] ? hci_uart_init_work+0x170/0x170 [ 706.186793][T13613] ? tty_lookup_driver+0x550/0x550 [ 706.191934][T13613] ? lock_downgrade+0x6e0/0x6e0 [ 706.196782][T13613] ? __fget_files+0x23d/0x3e0 [ 706.201584][T13613] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 706.207906][T13613] ? tty_lookup_driver+0x550/0x550 [ 706.213212][T13613] __x64_sys_ioctl+0x193/0x200 [ 706.218142][T13613] do_syscall_64+0x35/0xb0 [ 706.222577][T13613] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 706.228466][T13613] RIP: 0033:0x4665f9 [ 706.232440][T13613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 706.252160][T13613] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 706.260572][T13613] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 706.268532][T13613] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 706.276490][T13613] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 706.284446][T13613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 706.292401][T13613] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 706.327556][T11051] Bluetooth: hci10: sending frame failed (-49) [ 706.366716][ T1052] Bluetooth: hci8: command 0x1001 tx timeout [ 706.372819][T11051] Bluetooth: hci8: sending frame failed (-49) [ 706.616736][ T1052] Bluetooth: hci11: command 0x1001 tx timeout [ 706.623559][T11051] Bluetooth: hci11: sending frame failed (-49) [ 707.006765][ T1052] Bluetooth: hci9: command 0x1001 tx timeout [ 707.014003][T11051] Bluetooth: hci9: sending frame failed (-49) [ 707.166727][ T25] Bluetooth: hci6: command 0x1009 tx timeout [ 707.806688][ T25] Bluetooth: hci7: command 0x1009 tx timeout [ 708.366763][ T7] Bluetooth: hci10: command 0x1003 tx timeout [ 708.374226][T11051] Bluetooth: hci10: sending frame failed (-49) [ 708.446667][ T7] Bluetooth: hci8: command 0x1009 tx timeout [ 708.687309][ T7] Bluetooth: hci11: command 0x1009 tx timeout [ 709.086855][ T8552] Bluetooth: hci9: command 0x1009 tx timeout [ 710.446757][ T8552] Bluetooth: hci10: command 0x1001 tx timeout [ 710.453510][T11051] Bluetooth: hci10: sending frame failed (-49) 09:40:39 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 711.194672][T13624] Bluetooth: hci6: Frame reassembly failed (-84) [ 711.207830][ T8] Bluetooth: hci6: Frame reassembly failed (-84) 09:40:39 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 711.840308][T13635] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:40:40 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:40:40 executing program 5 (fault-call:5 fault-nth:4): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 712.508675][T13650] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 712.526682][ T8552] Bluetooth: hci10: command 0x1009 tx timeout [ 712.534798][T13651] debugfs: Directory 'hci11' with parent 'bluetooth' already present! [ 712.542868][T13650] Bluetooth: hci8: Frame reassembly failed (-84) [ 712.572549][T13655] FAULT_INJECTION: forcing a failure. [ 712.572549][T13655] name failslab, interval 1, probability 0, space 0, times 0 [ 712.586613][ T8] Bluetooth: hci8: Frame reassembly failed (-84) [ 712.604969][T13655] CPU: 1 PID: 13655 Comm: syz-executor.5 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 712.614647][T13655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 712.624718][T13655] Call Trace: [ 712.628013][T13655] dump_stack_lvl+0xcd/0x134 [ 712.632639][T13655] should_fail.cold+0x5/0xa [ 712.637176][T13655] should_failslab+0x5/0x10 [ 712.641882][T13655] __kmalloc_node_track_caller+0x7d/0x340 [ 712.647635][T13655] ? h4_recv_buf+0x573/0xdb0 [ 712.652300][T13655] __alloc_skb+0xde/0x340 [ 712.656666][T13655] h4_recv_buf+0x573/0xdb0 [ 712.661214][T13655] ll_recv+0xec/0x200 [ 712.665229][T13655] hci_uart_tty_receive+0x24d/0x710 [ 712.670457][T13655] ? hci_uart_send_frame+0x6c0/0x6c0 [ 712.675777][T13655] tty_ioctl+0x909/0x1670 [ 712.680145][T13655] ? tty_lookup_driver+0x550/0x550 [ 712.685296][T13655] ? lock_downgrade+0x6e0/0x6e0 [ 712.690200][T13655] ? __fget_files+0x23d/0x3e0 [ 712.694927][T13655] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 712.701200][T13655] ? tty_lookup_driver+0x550/0x550 [ 712.706338][T13655] __x64_sys_ioctl+0x193/0x200 [ 712.711124][T13655] do_syscall_64+0x35/0xb0 [ 712.715555][T13655] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 712.721460][T13655] RIP: 0033:0x4665f9 [ 712.725359][T13655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 712.745494][T13655] RSP: 002b:00007f6c9bb98188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 712.753920][T13655] RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 [ 712.761890][T13655] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 712.769948][T13655] RBP: 00007f6c9bb981d0 R08: 0000000000000000 R09: 0000000000000000 [ 712.777926][T13655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 712.785908][T13655] R13: 00007fff53215a7f R14: 00007f6c9bb98300 R15: 0000000000022000 [ 712.904260][T13655] Bluetooth: hci11: Frame reassembly failed (-12) [ 712.937420][ T1124] Bluetooth: hci11: Frame reassembly failed (-84) 09:40:41 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 713.097708][T13666] Bluetooth: hci9: Frame reassembly failed (-84) [ 713.246922][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 713.253289][T11051] Bluetooth: hci6: sending frame failed (-49) [ 713.886361][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 713.893203][T11051] Bluetooth: hci7: sending frame failed (-49) [ 714.606414][ T8552] Bluetooth: hci8: command 0x1003 tx timeout [ 714.606537][ T8458] Bluetooth: hci11: command 0x1003 tx timeout [ 714.619853][T11051] Bluetooth: hci8: sending frame failed (-49) [ 714.627100][T11051] Bluetooth: hci11: sending frame failed (-49) [ 715.167001][ T20] Bluetooth: hci9: command 0x1003 tx timeout [ 715.174032][T11051] Bluetooth: hci9: sending frame failed (-49) [ 715.336304][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 715.343180][T11051] Bluetooth: hci6: sending frame failed (-49) [ 715.966236][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 715.973446][T11051] Bluetooth: hci7: sending frame failed (-49) [ 716.696661][ T20] Bluetooth: hci11: command 0x1001 tx timeout [ 716.703980][T11051] Bluetooth: hci11: sending frame failed (-49) [ 716.710658][ T20] Bluetooth: hci8: command 0x1001 tx timeout [ 716.717057][T11051] Bluetooth: hci8: sending frame failed (-49) 09:40:45 executing program 1 (fault-call:4 fault-nth:38): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 716.927701][T13677] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 716.936793][T13677] FAULT_INJECTION: forcing a failure. [ 716.936793][T13677] name failslab, interval 1, probability 0, space 0, times 0 [ 716.951457][T13677] CPU: 1 PID: 13677 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 716.961139][T13677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.971213][T13677] Call Trace: [ 716.974507][T13677] dump_stack_lvl+0xcd/0x134 [ 716.979125][T13677] should_fail.cold+0x5/0xa [ 716.983652][T13677] ? skb_clone+0x170/0x3c0 [ 716.988081][T13677] should_failslab+0x5/0x10 [ 716.992611][T13677] kmem_cache_alloc+0x5e/0x390 [ 716.997391][T13677] skb_clone+0x170/0x3c0 [ 717.001635][T13677] netlink_broadcast_filtered+0xa0a/0xdc0 [ 717.007383][T13677] netlink_broadcast+0x35/0x40 [ 717.012184][T13677] kobject_uevent_env+0xad0/0x1650 [ 717.017380][T13677] device_add+0xbc6/0x21b0 [ 717.021917][T13677] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 717.028154][T13677] ? start_creating.part.0+0x18f/0x290 [ 717.033682][T13677] hci_register_dev+0x2f6/0xbd0 [ 717.038528][T13677] hci_uart_tty_ioctl+0x8c5/0xc50 [ 717.043548][T13677] tty_ioctl+0xc69/0x1670 [ 717.047870][T13677] ? hci_uart_init_work+0x170/0x170 [ 717.053098][T13677] ? tty_lookup_driver+0x550/0x550 [ 717.058228][T13677] ? lock_downgrade+0x6e0/0x6e0 [ 717.063197][T13677] ? __fget_files+0x23d/0x3e0 [ 717.067872][T13677] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 717.074151][T13677] ? tty_lookup_driver+0x550/0x550 [ 717.079275][T13677] __x64_sys_ioctl+0x193/0x200 [ 717.084808][T13677] do_syscall_64+0x35/0xb0 [ 717.089309][T13677] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 717.095222][T13677] RIP: 0033:0x4665f9 [ 717.099125][T13677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 717.118896][T13677] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 717.127307][T13677] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 717.135297][T13677] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 717.143255][T13677] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 717.151235][T13677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 717.159296][T13677] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 717.185600][T10154] Bluetooth: hci10: Frame reassembly failed (-84) [ 717.257065][ T8458] Bluetooth: hci9: command 0x1001 tx timeout [ 717.263636][T11051] Bluetooth: hci9: sending frame failed (-49) [ 717.406188][ T8458] Bluetooth: hci6: command 0x1009 tx timeout [ 718.046209][ T8458] Bluetooth: hci7: command 0x1009 tx timeout [ 718.766364][ T1052] Bluetooth: hci8: command 0x1009 tx timeout [ 718.772527][ T1052] Bluetooth: hci11: command 0x1009 tx timeout [ 719.246183][ T1052] Bluetooth: hci10: command 0x1003 tx timeout [ 719.252479][T11051] Bluetooth: hci10: sending frame failed (-49) [ 719.326858][ T8458] Bluetooth: hci9: command 0x1009 tx timeout [ 721.329770][ T20] Bluetooth: hci10: command 0x1001 tx timeout [ 721.338868][T11364] Bluetooth: hci10: sending frame failed (-49) 09:40:49 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 721.456843][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 721.465762][T13686] Bluetooth: hci6: Frame reassembly failed (-84) [ 721.480378][T10154] Bluetooth: hci6: Frame reassembly failed (-84) 09:40:50 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 722.051499][T11096] Bluetooth: hci7: Frame reassembly failed (-84) [ 722.060723][T13697] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:40:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:40:50 executing program 5 (fault-call:5 fault-nth:5): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:40:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 722.801160][T13713] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 722.835797][ T8] Bluetooth: hci8: Frame reassembly failed (-84) [ 722.850732][T13713] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 722.877921][T13713] FAULT_INJECTION: forcing a failure. [ 722.877921][T13713] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 722.927324][T13713] CPU: 0 PID: 13713 Comm: syz-executor.5 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 722.937010][T13713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.947090][T13713] Call Trace: [ 722.950386][T13713] dump_stack_lvl+0xcd/0x134 [ 722.955014][T13713] should_fail.cold+0x5/0xa [ 722.959569][T13713] _copy_from_user+0x2c/0x180 [ 722.964350][T13713] kstrtouint_from_user+0xb5/0x240 [ 722.969493][T13713] ? kstrtou8_from_user+0x210/0x210 [ 722.974749][T13713] proc_fail_nth_write+0x79/0x220 [ 722.979886][T13713] ? proc_task_getattr+0x1f0/0x1f0 [ 722.985132][T13713] ? proc_task_getattr+0x1f0/0x1f0 [ 722.990297][T13713] vfs_write+0x28e/0xae0 [ 722.994685][T13713] ksys_write+0x12d/0x250 [ 722.999042][T13713] ? __ia32_sys_read+0xb0/0xb0 [ 723.003841][T13713] ? syscall_enter_from_user_mode+0x21/0x70 [ 723.009773][T13713] do_syscall_64+0x35/0xb0 [ 723.014217][T13713] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 723.020144][T13713] RIP: 0033:0x4192df [ 723.024054][T13713] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 723.043683][T13713] RSP: 002b:00007f6c9bbb9170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 723.052126][T13713] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004192df [ 723.060126][T13713] RDX: 0000000000000001 RSI: 00007f6c9bbb91e0 RDI: 0000000000000004 [ 723.068467][T13713] RBP: 00007f6c9bbb91d0 R08: 0000000000000000 R09: 0000000000000000 09:40:51 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 723.076463][T13713] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 723.084480][T13713] R13: 00007fff53215a7f R14: 00007f6c9bbb9300 R15: 0000000000022000 09:40:51 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:40:51 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:40:51 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 723.384727][T13732] Bluetooth: hci9: Frame reassembly failed (-84) [ 723.392679][T10154] Bluetooth: hci9: Frame reassembly failed (-84) [ 723.416093][ T8458] Bluetooth: hci10: command 0x1009 tx timeout 09:40:51 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 723.486614][ T8458] Bluetooth: hci6: command 0x1003 tx timeout [ 723.497822][T11389] Bluetooth: hci6: sending frame failed (-49) 09:40:51 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 724.125837][ T20] Bluetooth: hci7: command 0x1003 tx timeout [ 724.133237][T11389] Bluetooth: hci7: sending frame failed (-49) [ 724.856638][ T7] Bluetooth: hci8: command 0x1003 tx timeout [ 724.865181][T11389] Bluetooth: hci8: sending frame failed (-49) [ 725.405757][ T8552] Bluetooth: hci9: command 0x1003 tx timeout [ 725.412872][T11389] Bluetooth: hci9: sending frame failed (-49) [ 725.565806][ T8552] Bluetooth: hci6: command 0x1001 tx timeout [ 725.571913][T11389] Bluetooth: hci6: sending frame failed (-49) [ 726.205900][ T8552] Bluetooth: hci7: command 0x1001 tx timeout [ 726.212726][T11389] Bluetooth: hci7: sending frame failed (-49) [ 726.925763][ T8552] Bluetooth: hci8: command 0x1001 tx timeout [ 726.932725][T11389] Bluetooth: hci8: sending frame failed (-49) [ 727.485807][ T8552] Bluetooth: hci9: command 0x1001 tx timeout [ 727.492199][T11389] Bluetooth: hci9: sending frame failed (-49) [ 727.645711][ T8552] Bluetooth: hci6: command 0x1009 tx timeout 09:40:55 executing program 1 (fault-call:4 fault-nth:39): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 727.841313][T13750] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 727.853099][T13750] FAULT_INJECTION: forcing a failure. [ 727.853099][T13750] name failslab, interval 1, probability 0, space 0, times 0 [ 727.876019][T13750] CPU: 0 PID: 13750 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 727.885871][T13750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 727.896205][T13750] Call Trace: [ 727.899497][T13750] dump_stack_lvl+0xcd/0x134 [ 727.904138][T13750] should_fail.cold+0x5/0xa [ 727.908677][T13750] should_failslab+0x5/0x10 [ 727.913216][T13750] __kmalloc_node_track_caller+0x7d/0x340 [ 727.918982][T13750] ? hci_leds_init+0x2d/0x1c0 [ 727.923914][T13750] devm_kmalloc+0x99/0x200 [ 727.928368][T13750] hci_leds_init+0x2d/0x1c0 [ 727.932902][T13750] hci_register_dev+0x318/0xbd0 [ 727.937791][T13750] hci_uart_tty_ioctl+0x8c5/0xc50 [ 727.942856][T13750] tty_ioctl+0xc69/0x1670 [ 727.947221][T13750] ? hci_uart_init_work+0x170/0x170 [ 727.952474][T13750] ? tty_lookup_driver+0x550/0x550 [ 727.957608][T13750] ? lock_downgrade+0x6e0/0x6e0 [ 727.962479][T13750] ? __fget_files+0x23d/0x3e0 [ 727.967168][T13750] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 727.973573][T13750] ? tty_lookup_driver+0x550/0x550 [ 727.978748][T13750] __x64_sys_ioctl+0x193/0x200 [ 727.983567][T13750] do_syscall_64+0x35/0xb0 [ 727.988106][T13750] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 727.994011][T13750] RIP: 0033:0x4665f9 [ 727.997906][T13750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 728.017624][T13750] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 728.026058][T13750] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 728.034046][T13750] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 728.042169][T13750] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 728.050156][T13750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 728.058225][T13750] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 728.285665][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 729.005654][ T7] Bluetooth: hci8: command 0x1009 tx timeout [ 729.566061][ T7] Bluetooth: hci9: command 0x1009 tx timeout [ 730.135795][ T7] Bluetooth: hci10: command 0x1003 tx timeout [ 730.143102][T11389] Bluetooth: hci10: sending frame failed (-49) 09:40:59 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:41:00 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:41:00 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 732.205729][ T8552] Bluetooth: hci10: command 0x1001 tx timeout [ 732.223487][T11339] Bluetooth: hci10: sending frame failed (-49) [ 732.312526][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) [ 732.360510][T13771] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 732.420795][T10154] Bluetooth: hci7: Frame reassembly failed (-84) [ 732.437833][T13778] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:41:00 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:41:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:41:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 732.939039][T13788] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 732.955160][T10154] Bluetooth: hci8: Frame reassembly failed (-84) [ 732.971469][T13788] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:41:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:41:01 executing program 2 (fault-call:5 fault-nth:0): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:41:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 733.604780][T13808] FAULT_INJECTION: forcing a failure. [ 733.604780][T13808] name failslab, interval 1, probability 0, space 0, times 0 [ 733.619771][T10154] Bluetooth: hci9: Frame reassembly failed (-84) 09:41:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 733.651886][T13808] CPU: 1 PID: 13808 Comm: syz-executor.2 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 733.661736][T13808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.671922][T13808] Call Trace: [ 733.675220][T13808] dump_stack_lvl+0xcd/0x134 [ 733.679842][T13808] should_fail.cold+0x5/0xa [ 733.684378][T13808] ? tomoyo_realpath_from_path+0xc3/0x620 [ 733.690136][T13808] should_failslab+0x5/0x10 [ 733.694665][T13808] __kmalloc+0x72/0x320 [ 733.699120][T13808] tomoyo_realpath_from_path+0xc3/0x620 [ 733.704703][T13808] ? tomoyo_profile+0x42/0x50 [ 733.709412][T13808] tomoyo_path_number_perm+0x1d5/0x590 [ 733.714903][T13808] ? tomoyo_path_number_perm+0x18d/0x590 [ 733.720572][T13808] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 733.726444][T13808] ? lock_downgrade+0x6e0/0x6e0 [ 733.731338][T13808] ? __fget_files+0x23d/0x3e0 [ 733.736132][T13808] security_file_ioctl+0x50/0xb0 [ 733.741101][T13808] __x64_sys_ioctl+0xb3/0x200 [ 733.745806][T13808] do_syscall_64+0x35/0xb0 [ 733.750428][T13808] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 733.756442][T13808] RIP: 0033:0x4665f9 [ 733.760355][T13808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 733.780767][T13808] RSP: 002b:00007f5e27997188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 733.789300][T13808] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 733.797467][T13808] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 733.805467][T13808] RBP: 00007f5e279971d0 R08: 0000000000000000 R09: 0000000000000000 [ 733.813551][T13808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 733.821555][T13808] R13: 00007fff9368acdf R14: 00007f5e27997300 R15: 0000000000022000 [ 733.914943][T13808] ERROR: Out of memory at tomoyo_realpath_from_path. [ 733.921875][T13808] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:41:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 734.295553][ T25] Bluetooth: hci10: command 0x1009 tx timeout [ 734.365508][ T25] Bluetooth: hci6: command 0x1003 tx timeout [ 734.372520][T11389] Bluetooth: hci6: sending frame failed (-49) [ 734.445377][ T8416] Bluetooth: hci7: command 0x1003 tx timeout [ 734.452328][T11389] Bluetooth: hci7: sending frame failed (-49) [ 735.005341][ T8416] Bluetooth: hci8: command 0x1003 tx timeout [ 735.012831][T11389] Bluetooth: hci8: sending frame failed (-49) [ 735.645292][ T8416] Bluetooth: hci9: command 0x1003 tx timeout [ 735.652244][T11389] Bluetooth: hci9: sending frame failed (-49) [ 736.445352][ T8416] Bluetooth: hci6: command 0x1001 tx timeout [ 736.452259][T11389] Bluetooth: hci6: sending frame failed (-49) [ 736.525253][ T8416] Bluetooth: hci7: command 0x1001 tx timeout [ 736.532466][T11389] Bluetooth: hci7: sending frame failed (-49) [ 737.085379][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 737.092353][T11389] Bluetooth: hci8: sending frame failed (-49) [ 737.725152][ T7] Bluetooth: hci9: command 0x1001 tx timeout [ 737.732376][T11389] Bluetooth: hci9: sending frame failed (-49) [ 738.525156][ T7] Bluetooth: hci6: command 0x1009 tx timeout 09:41:06 executing program 1 (fault-call:4 fault-nth:40): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:41:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 738.605289][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 738.732978][T13830] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 738.749874][T13830] FAULT_INJECTION: forcing a failure. [ 738.749874][T13830] name failslab, interval 1, probability 0, space 0, times 0 [ 738.763819][T13830] CPU: 1 PID: 13830 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 738.773487][T13830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.784218][T13830] Call Trace: [ 738.787508][T13830] dump_stack_lvl+0xcd/0x134 [ 738.792308][T13830] should_fail.cold+0x5/0xa [ 738.797030][T13830] should_failslab+0x5/0x10 [ 738.801560][T13830] __kmalloc_node_track_caller+0x7d/0x340 [ 738.807291][T13830] ? devm_led_trigger_register+0x32/0xc0 [ 738.813192][T13830] ? led_trigger_unregister+0x2f0/0x2f0 [ 738.818745][T13830] __devres_alloc_node+0x5c/0x180 [ 738.823790][T13830] devm_led_trigger_register+0x32/0xc0 [ 738.829348][T13830] hci_leds_init+0xeb/0x1c0 [ 738.833861][T13830] hci_register_dev+0x318/0xbd0 [ 738.838722][T13830] hci_uart_tty_ioctl+0x8c5/0xc50 [ 738.843845][T13830] tty_ioctl+0xc69/0x1670 [ 738.848187][T13830] ? hci_uart_init_work+0x170/0x170 [ 738.853402][T13830] ? tty_lookup_driver+0x550/0x550 [ 738.858566][T13830] ? lock_downgrade+0x6e0/0x6e0 [ 738.863442][T13830] ? __fget_files+0x23d/0x3e0 [ 738.868138][T13830] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 738.874394][T13830] ? tty_lookup_driver+0x550/0x550 [ 738.879514][T13830] __x64_sys_ioctl+0x193/0x200 [ 738.884290][T13830] do_syscall_64+0x35/0xb0 [ 738.888801][T13830] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 738.894715][T13830] RIP: 0033:0x4665f9 [ 738.899389][T13830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 738.919302][T13830] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 738.927725][T13830] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 738.936143][T13830] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 738.944209][T13830] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 738.952191][T13830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 738.960174][T13830] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 739.174862][ T8416] Bluetooth: hci8: command 0x1009 tx timeout [ 739.805630][ T7] Bluetooth: hci9: command 0x1009 tx timeout [ 741.005049][ T8458] Bluetooth: hci10: command 0x1003 tx timeout [ 741.012397][T11389] Bluetooth: hci10: sending frame failed (-49) 09:41:10 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:41:10 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 742.601990][T13847] Bluetooth: hci7: Frame reassembly failed (-84) [ 742.614552][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) [ 742.629723][T13848] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 742.629791][T10154] Bluetooth: hci7: Frame reassembly failed (-84) [ 743.085065][ T8416] Bluetooth: hci10: command 0x1001 tx timeout [ 743.103930][T11358] Bluetooth: hci10: sending frame failed (-49) 09:41:11 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x2, &(0x7f0000000000)=0x32) 09:41:11 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r0, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0}, 0x0) 09:41:11 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug', 0x0, 0x0) ioctl$FIOCLEX(r0, 0x5451) 09:41:11 executing program 0: openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x230000, 0x0) [ 743.263149][T13866] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 743.299132][T11096] Bluetooth: hci8: Frame reassembly failed (-84) 09:41:11 executing program 2 (fault-call:5 fault-nth:1): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:41:11 executing program 0: syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYRESHEX], 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000240)={@random="022dcbb5e1b4", @remote, @val, {@generic={0xaa6205c281090ffb, "f51629a3680c35b4187a18f7eb40317635aae3b70d126fe6ccb9dd0f6cc6ec6d7423116a54fdd42d1248775600ddb59d194f30be9fb13446db889590c8560d98046f17f31afbe6306640a0080a1e193deb9870444b4192ba86a17103fa38514ab61b869bc4f6c9e36b94d4b51405ea6e"}}}, 0x0) semctl$SETALL(0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000080)=[0x6, 0x8, 0x5, 0xf27c, 0x2]) syz_emit_ethernet(0x45, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaa001000876ba7aab84e2c797693b8903952ebe6fdd1ac4225de04a112e2e022a01415734f11c002b6dadd74893a3a0f7b1875a55653d3a18500"/69], 0x0) r0 = semget$private(0x0, 0x4000000009, 0x4a2) semop(r0, &(0x7f0000000380)=[{0x0, 0xffff, 0xe5ce97ab354d86be}, {0x7, 0x6, 0x800}, {0x0, 0x4, 0x800}, {0x2, 0x2, 0x3800}], 0x4) semop(r0, &(0x7f00000000c0)=[{0x0, 0x1, 0x1000}, {0x2, 0x23, 0x1000}, {0x2, 0x1, 0x400}], 0x3) semctl$SETALL(r0, 0x0, 0x9, &(0x7f0000000180)=[0x6, 0x2004, 0x0]) semop(r0, &(0x7f0000000100)=[{0x4, 0x1f, 0x1800}, {0x2, 0x40, 0x1000}, {0x7, 0x4007, 0x1000}, {0x3, 0x9}], 0x4) semctl$GETALL(r0, 0x0, 0x6, &(0x7f00000001c0)=""/83) semop(r0, &(0x7f0000000100)=[{0x3, 0x0, 0x1800}, {0x2, 0x40}, {0x2, 0x40}], 0x3) [ 743.840438][ T1124] Bluetooth: hci9: Frame reassembly failed (-84) [ 743.848040][T13884] FAULT_INJECTION: forcing a failure. [ 743.848040][T13884] name failslab, interval 1, probability 0, space 0, times 0 [ 743.869598][T13884] CPU: 0 PID: 13884 Comm: syz-executor.2 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 743.879279][T13884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 743.889354][T13884] Call Trace: [ 743.892647][T13884] dump_stack_lvl+0xcd/0x134 [ 743.897271][T13884] should_fail.cold+0x5/0xa [ 743.901807][T13884] ? tomoyo_encode2.part.0+0xe9/0x3a0 [ 743.907316][T13884] should_failslab+0x5/0x10 [ 743.911846][T13884] __kmalloc+0x72/0x320 [ 743.916040][T13884] tomoyo_encode2.part.0+0xe9/0x3a0 [ 743.921278][T13884] tomoyo_encode+0x28/0x50 [ 743.925905][T13884] tomoyo_realpath_from_path+0x186/0x620 [ 743.931579][T13884] tomoyo_path_number_perm+0x1d5/0x590 [ 743.937067][T13884] ? tomoyo_path_number_perm+0x18d/0x590 [ 743.942747][T13884] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 743.948666][T13884] ? lock_downgrade+0x6e0/0x6e0 [ 743.953743][T13884] ? __fget_files+0x23d/0x3e0 [ 743.958450][T13884] security_file_ioctl+0x50/0xb0 [ 743.963418][T13884] __x64_sys_ioctl+0xb3/0x200 [ 743.968128][T13884] do_syscall_64+0x35/0xb0 [ 743.972573][T13884] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 743.978522][T13884] RIP: 0033:0x4665f9 [ 743.982450][T13884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 744.002261][T13884] RSP: 002b:00007f5e27997188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 744.010717][T13884] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 744.018719][T13884] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 744.026694][T13884] RBP: 00007f5e279971d0 R08: 0000000000000000 R09: 0000000000000000 09:41:12 executing program 0: openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x6840, 0x0) [ 744.034777][T13884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 744.042751][T13884] R13: 00007fff9368acdf R14: 00007f5e27997300 R15: 0000000000022000 [ 744.066939][T13884] ERROR: Out of memory at tomoyo_realpath_from_path. [ 744.074206][T13884] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:41:12 executing program 0: getgroups(0x1, &(0x7f0000000900)=[0x0]) [ 744.684937][ T25] Bluetooth: hci7: command 0x1003 tx timeout [ 744.692022][T11051] Bluetooth: hci7: sending frame failed (-49) [ 744.695009][ T8416] Bluetooth: hci6: command 0x1003 tx timeout [ 744.706405][T11051] Bluetooth: hci6: sending frame failed (-49) [ 745.164899][ T25] Bluetooth: hci10: command 0x1009 tx timeout [ 745.324935][ T25] Bluetooth: hci8: command 0x1003 tx timeout [ 745.331209][T11051] Bluetooth: hci8: sending frame failed (-49) [ 745.884778][ T25] Bluetooth: hci9: command 0x1003 tx timeout [ 745.891725][T11051] Bluetooth: hci9: sending frame failed (-49) [ 746.764837][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 746.772076][T11051] Bluetooth: hci6: sending frame failed (-49) [ 746.780356][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 746.787173][T11051] Bluetooth: hci7: sending frame failed (-49) [ 746.925694][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.932032][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.404957][ T1052] Bluetooth: hci8: command 0x1001 tx timeout [ 747.411071][T11051] Bluetooth: hci8: sending frame failed (-49) [ 747.974719][ T1052] Bluetooth: hci9: command 0x1001 tx timeout [ 747.982341][T11051] Bluetooth: hci9: sending frame failed (-49) [ 748.844775][ T1052] Bluetooth: hci7: command 0x1009 tx timeout [ 748.850975][ T8458] Bluetooth: hci6: command 0x1009 tx timeout [ 749.487758][ T1052] Bluetooth: hci8: command 0x1009 tx timeout 09:41:17 executing program 1 (fault-call:4 fault-nth:41): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:41:17 executing program 0: msgget$private(0x0, 0x0) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000680)=""/53) [ 749.653595][T13906] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 749.673161][T13906] FAULT_INJECTION: forcing a failure. [ 749.673161][T13906] name failslab, interval 1, probability 0, space 0, times 0 [ 749.701416][T13906] CPU: 1 PID: 13906 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 749.711095][T13906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 749.721173][T13906] Call Trace: [ 749.724471][T13906] dump_stack_lvl+0xcd/0x134 [ 749.729092][T13906] should_fail.cold+0x5/0xa [ 749.733714][T13906] ? rfkill_alloc+0xa6/0x2c0 [ 749.738441][T13906] should_failslab+0x5/0x10 [ 749.742975][T13906] __kmalloc+0x72/0x320 [ 749.747166][T13906] rfkill_alloc+0xa6/0x2c0 [ 749.751615][T13906] ? hci_leds_init+0x101/0x1c0 [ 749.756497][T13906] hci_register_dev+0x332/0xbd0 [ 749.761384][T13906] hci_uart_tty_ioctl+0x8c5/0xc50 [ 749.766439][T13906] tty_ioctl+0xc69/0x1670 [ 749.770794][T13906] ? hci_uart_init_work+0x170/0x170 [ 749.776023][T13906] ? tty_lookup_driver+0x550/0x550 [ 749.781167][T13906] ? lock_downgrade+0x6e0/0x6e0 [ 749.786060][T13906] ? __fget_files+0x23d/0x3e0 [ 749.790767][T13906] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 749.797041][T13906] ? tty_lookup_driver+0x550/0x550 [ 749.802182][T13906] __x64_sys_ioctl+0x193/0x200 [ 749.806977][T13906] do_syscall_64+0x35/0xb0 [ 749.811426][T13906] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 749.817460][T13906] RIP: 0033:0x4665f9 [ 749.821375][T13906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 749.841093][T13906] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 749.849536][T13906] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 749.857573][T13906] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 749.865565][T13906] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 749.873561][T13906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 749.881551][T13906] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 749.946764][ T1136] Bluetooth: hci10: Frame reassembly failed (-84) [ 749.953360][ T1136] Bluetooth: hci10: Frame reassembly failed (-84) [ 750.044517][ T1052] Bluetooth: hci9: command 0x1009 tx timeout [ 751.964531][ T8458] Bluetooth: hci10: command 0x1003 tx timeout [ 751.971399][T11051] Bluetooth: hci10: sending frame failed (-49) 09:41:20 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:41:20 executing program 0: setresuid(0xee00, 0xffffffffffffffff, 0x0) [ 752.863452][T13923] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 752.889577][ T8] Bluetooth: hci6: Frame reassembly failed (-84) 09:41:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:41:21 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x10, &(0x7f0000000000)=0x32) 09:41:21 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOWNER(r0, 0x400454cc, 0xee00) [ 753.430977][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) [ 753.440615][T13939] Bluetooth: hci7: Frame reassembly failed (-84) [ 753.470660][T13944] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:41:21 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0) [ 753.487040][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) 09:41:22 executing program 2 (fault-call:5 fault-nth:2): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:41:22 executing program 0: r0 = msgget(0x2, 0x0) msgsnd(r0, &(0x7f00000000c0)={0x1}, 0x8, 0x800) 09:41:22 executing program 0: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000001d00), 0x4000, 0x0) [ 754.044551][T13921] Bluetooth: hci10: command 0x1001 tx timeout [ 754.059220][T11097] Bluetooth: hci10: sending frame failed (-49) 09:41:22 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, 0x0) [ 754.131621][ T8] Bluetooth: hci9: Frame reassembly failed (-84) [ 754.143917][ T8] Bluetooth: hci9: Frame reassembly failed (-84) [ 754.171515][T13963] FAULT_INJECTION: forcing a failure. [ 754.171515][T13963] name failslab, interval 1, probability 0, space 0, times 0 [ 754.189301][T13963] CPU: 0 PID: 13963 Comm: syz-executor.2 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 754.198972][T13963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.209049][T13963] Call Trace: [ 754.212340][T13963] dump_stack_lvl+0xcd/0x134 [ 754.216964][T13963] should_fail.cold+0x5/0xa [ 754.221492][T13963] ? do_raw_spin_lock+0x120/0x2b0 [ 754.226550][T13963] should_failslab+0x5/0x10 [ 754.231074][T13963] kmem_cache_alloc_node+0x65/0x3d0 [ 754.236310][T13963] ? __alloc_skb+0x20b/0x340 [ 754.240931][T13963] __alloc_skb+0x20b/0x340 [ 754.245384][T13963] h4_recv_buf+0x573/0xdb0 [ 754.249864][T13963] ll_recv+0xec/0x200 [ 754.253875][T13963] hci_uart_tty_receive+0x24d/0x710 [ 754.259103][T13963] ? hci_uart_send_frame+0x6c0/0x6c0 [ 754.264419][T13963] tty_ioctl+0x909/0x1670 [ 754.268790][T13963] ? tty_lookup_driver+0x550/0x550 [ 754.273938][T13963] ? lock_downgrade+0x6e0/0x6e0 [ 754.278940][T13963] ? __fget_files+0x23d/0x3e0 [ 754.283649][T13963] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 754.289927][T13963] ? tty_lookup_driver+0x550/0x550 [ 754.295153][T13963] __x64_sys_ioctl+0x193/0x200 [ 754.299947][T13963] do_syscall_64+0x35/0xb0 [ 754.304385][T13963] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 754.310314][T13963] RIP: 0033:0x4665f9 [ 754.314223][T13963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 754.333937][T13963] RSP: 002b:00007f5e27997188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 754.342378][T13963] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 754.350417][T13963] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 754.358412][T13963] RBP: 00007f5e279971d0 R08: 0000000000000000 R09: 0000000000000000 [ 754.366408][T13963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 754.374404][T13963] R13: 00007fff9368acdf R14: 00007f5e27997300 R15: 0000000000022000 [ 754.438952][T13963] Bluetooth: hci9: Frame reassembly failed (-12) [ 754.924438][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 754.931352][T11051] Bluetooth: hci6: sending frame failed (-49) [ 755.484354][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 755.491740][T11051] Bluetooth: hci7: sending frame failed (-49) [ 755.564392][T10442] Bluetooth: hci8: command 0x1003 tx timeout [ 755.571948][T11051] Bluetooth: hci8: sending frame failed (-49) [ 756.124633][ T8552] Bluetooth: hci10: command 0x1009 tx timeout [ 756.204778][T13921] Bluetooth: hci9: command 0x1003 tx timeout [ 756.211235][T11051] Bluetooth: hci9: sending frame failed (-49) [ 757.004272][T10442] Bluetooth: hci6: command 0x1001 tx timeout [ 757.011071][T11051] Bluetooth: hci6: sending frame failed (-49) [ 757.564381][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 757.570738][T11051] Bluetooth: hci7: sending frame failed (-49) [ 757.654220][T10442] Bluetooth: hci8: command 0x1001 tx timeout [ 757.664787][T11051] Bluetooth: hci8: sending frame failed (-49) [ 758.284299][T10442] Bluetooth: hci9: command 0x1001 tx timeout [ 758.290968][T11051] Bluetooth: hci9: sending frame failed (-49) [ 759.094178][T10442] Bluetooth: hci6: command 0x1009 tx timeout [ 759.644120][T10442] Bluetooth: hci7: command 0x1009 tx timeout [ 759.724438][T10442] Bluetooth: hci8: command 0x1009 tx timeout 09:41:28 executing program 1 (fault-call:4 fault-nth:42): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:41:28 executing program 0: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x17ef, 0x60b5, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x0, 0x3, 0x1, 0x0, 0x2, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x8e}}}}}]}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x30, &(0x7f0000000100)={0x5, 0xf, 0x30, 0x3, [@generic={0x3, 0x10, 0xb}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "df68c7745a6e193330eb134fe2f276b5"}, @ssp_cap={0x14, 0x10, 0xa, 0x0, 0x2, 0x0, 0x0, 0x0, [0x0, 0x0]}]}}) syz_open_dev$evdev(0x0, 0x0, 0x0) [ 760.376971][T10442] Bluetooth: hci9: command 0x1009 tx timeout [ 760.478250][T13983] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 760.495608][T13983] FAULT_INJECTION: forcing a failure. [ 760.495608][T13983] name failslab, interval 1, probability 0, space 0, times 0 [ 760.520344][T13983] CPU: 0 PID: 13983 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 760.530024][T13983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 760.540097][T13983] Call Trace: [ 760.543405][T13983] dump_stack_lvl+0xcd/0x134 [ 760.548034][T13983] should_fail.cold+0x5/0xa [ 760.552593][T13983] should_failslab+0x5/0x10 [ 760.557119][T13983] __kmalloc_track_caller+0x79/0x310 [ 760.562527][T13983] ? kvasprintf_const+0x60/0x190 [ 760.567503][T13983] kvasprintf+0xb5/0x150 [ 760.571783][T13983] ? bust_spinlocks+0xe0/0xe0 [ 760.576511][T13983] kvasprintf_const+0x60/0x190 [ 760.581308][T13983] kobject_set_name_vargs+0x56/0x150 [ 760.586649][T13983] dev_set_name+0xbb/0xf0 [ 760.591007][T13983] ? device_initialize+0x560/0x560 [ 760.596154][T13983] ? lockdep_init_map_type+0x2c3/0x7b0 [ 760.601645][T13983] ? lockdep_init_map_type+0x2c3/0x7b0 [ 760.607139][T13983] ? __raw_spin_lock_init+0x36/0x110 [ 760.612556][T13983] rfkill_register+0xe6/0xb00 [ 760.617257][T13983] ? hci_leds_init+0x101/0x1c0 [ 760.622225][T13983] hci_register_dev+0x38a/0xbd0 [ 760.627109][T13983] hci_uart_tty_ioctl+0x8c5/0xc50 [ 760.632236][T13983] tty_ioctl+0xc69/0x1670 [ 760.636562][T13983] ? hci_uart_init_work+0x170/0x170 [ 760.641770][T13983] ? tty_lookup_driver+0x550/0x550 [ 760.646879][T13983] ? lock_downgrade+0x6e0/0x6e0 [ 760.651890][T13983] ? __fget_files+0x23d/0x3e0 [ 760.656568][T13983] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 760.662808][T13983] ? tty_lookup_driver+0x550/0x550 [ 760.667922][T13983] __x64_sys_ioctl+0x193/0x200 [ 760.672810][T13983] do_syscall_64+0x35/0xb0 [ 760.677241][T13983] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 760.683137][T13983] RIP: 0033:0x4665f9 [ 760.687030][T13983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 760.706755][T13983] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 760.715179][T13983] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 760.723196][T13983] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 760.731253][T13983] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 760.739239][T13983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 760.747215][T13983] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 760.776800][ T1124] Bluetooth: hci10: Frame reassembly failed (-84) [ 760.783603][ T1124] Bluetooth: hci10: Frame reassembly failed (-84) [ 760.914006][T10442] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 761.164512][T10442] usb 1-1: Using ep0 maxpacket: 32 [ 761.364224][T10442] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 761.377214][T10442] usb 1-1: config 1 interface 0 has no altsetting 0 [ 761.544183][T10442] usb 1-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.40 [ 761.553270][T10442] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.561864][T10442] usb 1-1: Product: syz [ 761.566565][T10442] usb 1-1: Manufacturer: syz [ 761.571231][T10442] usb 1-1: SerialNumber: syz [ 761.886578][T10442] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 761.903318][T10442] usb 1-1: USB disconnect, device number 9 [ 762.603990][T10442] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 762.843927][T13921] Bluetooth: hci10: command 0x1003 tx timeout [ 762.851480][T11051] Bluetooth: hci10: sending frame failed (-49) [ 762.863946][T10442] usb 1-1: Using ep0 maxpacket: 32 09:41:31 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 763.068831][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) [ 763.080577][T14011] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 763.094297][T10442] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 763.116235][T10442] usb 1-1: config 1 interface 0 has no altsetting 0 [ 763.315007][T10442] usb 1-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.40 [ 763.324258][T10442] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 763.332359][T10442] usb 1-1: Product: syz [ 763.338880][T10442] usb 1-1: Manufacturer: syz [ 763.343515][T10442] usb 1-1: SerialNumber: syz 09:41:31 executing program 0: syz_usb_connect$uac1(0x0, 0xa3, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x91, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@selector_unit={0x8, 0x24, 0x5, 0x0, 0x0, "806059"}, @input_terminal={0xc}, @extension_unit={0xd, 0x24, 0x8, 0x0, 0x0, 0x0, "ec39b37e384a"}, @processing_unit={0x7, 0x24, 0x7, 0x0, 0x5}, @extension_unit={0xa, 0x24, 0x8, 0x4, 0x0, 0x0, "959e96"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x7, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) [ 763.496266][T10442] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 763.520746][T10442] usb 1-1: USB disconnect, device number 10 09:41:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:41:31 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4c00, &(0x7f0000000000)=0x32) [ 763.724954][T11096] Bluetooth: hci7: Frame reassembly failed (-84) [ 763.738551][T14043] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 763.765019][T14043] Bluetooth: hci8: Frame reassembly failed (-84) [ 763.772733][ T8] Bluetooth: hci8: Frame reassembly failed (-84) [ 763.933942][T10442] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 764.193838][T10442] usb 1-1: Using ep0 maxpacket: 16 09:41:32 executing program 2 (fault-call:5 fault-nth:3): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 764.334124][T10442] usb 1-1: config 1 has an invalid interface descriptor of length 8, skipping [ 764.351905][T14055] FAULT_INJECTION: forcing a failure. [ 764.351905][T14055] name failslab, interval 1, probability 0, space 0, times 0 [ 764.364795][T10442] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 764.375993][T10442] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 764.389890][T10442] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 764.391255][T14055] CPU: 0 PID: 14055 Comm: syz-executor.2 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 764.401302][T10442] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 764.410353][T14055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 764.410373][T14055] Call Trace: [ 764.410385][T14055] dump_stack_lvl+0xcd/0x134 [ 764.410421][T14055] should_fail.cold+0x5/0xa [ 764.410457][T14055] should_failslab+0x5/0x10 [ 764.420607][T10442] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 764.430165][T14055] __kmalloc_node_track_caller+0x7d/0x340 [ 764.430203][T14055] ? h4_recv_buf+0x573/0xdb0 [ 764.430241][T14055] __alloc_skb+0xde/0x340 [ 764.430273][T14055] h4_recv_buf+0x573/0xdb0 [ 764.476656][T14055] ll_recv+0xec/0x200 [ 764.480672][T14055] hci_uart_tty_receive+0x24d/0x710 [ 764.485902][T14055] ? hci_uart_send_frame+0x6c0/0x6c0 [ 764.491246][T14055] tty_ioctl+0x909/0x1670 [ 764.495599][T14055] ? tty_lookup_driver+0x550/0x550 [ 764.501021][T14055] ? lock_downgrade+0x6e0/0x6e0 [ 764.505905][T14055] ? __fget_files+0x23d/0x3e0 [ 764.510603][T14055] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 764.516916][T14055] ? tty_lookup_driver+0x550/0x550 [ 764.522054][T14055] __x64_sys_ioctl+0x193/0x200 [ 764.526836][T14055] do_syscall_64+0x35/0xb0 [ 764.531702][T14055] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 764.537700][T14055] RIP: 0033:0x4665f9 [ 764.541614][T14055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 764.561229][T14055] RSP: 002b:00007f5e27997188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 764.569655][T14055] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 764.577740][T14055] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 764.585712][T14055] RBP: 00007f5e279971d0 R08: 0000000000000000 R09: 0000000000000000 [ 764.593684][T14055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 764.601681][T14055] R13: 00007fff9368acdf R14: 00007f5e27997300 R15: 0000000000022000 [ 764.658277][T14055] Bluetooth: hci9: Frame reassembly failed (-12) [ 764.665020][T11096] Bluetooth: hci9: Frame reassembly failed (-84) [ 764.764067][T10442] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 764.773408][T10442] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 764.783581][T10442] usb 1-1: Product: syz [ 764.789342][T10442] usb 1-1: Manufacturer: syz [ 764.795519][T10442] usb 1-1: SerialNumber: syz [ 764.923876][ T20] Bluetooth: hci10: command 0x1001 tx timeout [ 764.930177][T11051] Bluetooth: hci10: sending frame failed (-49) [ 765.084227][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 765.090570][T11051] Bluetooth: hci6: sending frame failed (-49) [ 765.160415][T10442] usb 1-1: USB disconnect, device number 11 [ 765.814735][T13921] Bluetooth: hci8: command 0x1003 tx timeout [ 765.821097][T11051] Bluetooth: hci8: sending frame failed (-49) [ 765.823975][ T7] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 765.829789][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 765.842083][T11051] Bluetooth: hci7: sending frame failed (-49) [ 766.073855][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 766.194792][ T7] usb 1-1: config 1 has an invalid interface descriptor of length 8, skipping [ 766.204155][ T7] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 766.216742][ T7] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 766.232127][ T7] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 766.244270][ T7] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 766.254824][ T7] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 766.373944][T13921] Bluetooth: hci9: command 0x1003 tx timeout [ 766.380489][T11051] Bluetooth: hci9: sending frame failed (-49) [ 766.423983][ T7] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 766.433994][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.442899][ T7] usb 1-1: Product: syz [ 766.449365][ T7] usb 1-1: Manufacturer: syz [ 766.455157][ T7] usb 1-1: SerialNumber: syz 09:41:34 executing program 0: syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x127000) 09:41:34 executing program 0: syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x84, 0xd0, 0x2d, 0x10, 0x5ac, 0x9222, 0xbaf0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x15, 0x0, 0x0, [], [{{0x9, 0x5, 0x4, 0x0, 0x0, 0x0, 0x5, 0x7f}}, {{0x9, 0x5, 0xf, 0x2}}]}}]}}]}}, 0x0) [ 766.686489][ T7] usb 1-1: USB disconnect, device number 12 [ 767.017941][T10442] Bluetooth: hci10: command 0x1009 tx timeout [ 767.133923][ T7] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 767.163949][T10442] Bluetooth: hci6: command 0x1001 tx timeout [ 767.170747][T11051] Bluetooth: hci6: sending frame failed (-49) [ 767.393788][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 767.513915][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 767.523788][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 767.533423][ T7] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0 [ 767.703870][ T7] usb 1-1: New USB device found, idVendor=05ac, idProduct=9222, bcdDevice=ba.f0 [ 767.712944][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.721583][ T7] usb 1-1: Product: syz [ 767.725981][ T7] usb 1-1: Manufacturer: syz [ 767.730820][ T7] usb 1-1: SerialNumber: syz [ 767.742570][ T7] usb 1-1: config 0 descriptor?? [ 767.784852][ T7] appledisplay 1-1:0.0: Could not find int-in endpoint [ 767.792307][ T7] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 767.893753][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 767.900017][T11051] Bluetooth: hci7: sending frame failed (-49) [ 767.907588][T10442] Bluetooth: hci8: command 0x1001 tx timeout [ 767.914940][T11051] Bluetooth: hci8: sending frame failed (-49) [ 767.995428][T10442] usb 1-1: USB disconnect, device number 13 [ 768.454052][ T20] Bluetooth: hci9: command 0x1001 tx timeout [ 768.461273][T11051] Bluetooth: hci9: sending frame failed (-49) [ 768.803667][ T20] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 769.046115][ T20] usb 1-1: Using ep0 maxpacket: 16 [ 769.164117][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 769.173997][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 769.184855][ T20] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0 [ 769.243863][T10442] Bluetooth: hci6: command 0x1009 tx timeout [ 769.353748][ T20] usb 1-1: New USB device found, idVendor=05ac, idProduct=9222, bcdDevice=ba.f0 [ 769.362915][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 769.372199][ T20] usb 1-1: Product: syz [ 769.377466][ T20] usb 1-1: Manufacturer: syz [ 769.382065][ T20] usb 1-1: SerialNumber: syz [ 769.392837][ T20] usb 1-1: config 0 descriptor?? [ 769.445381][ T20] appledisplay 1-1:0.0: Could not find int-in endpoint [ 769.453280][ T20] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 769.654612][ T20] usb 1-1: USB disconnect, device number 14 09:41:37 executing program 0: syz_usb_connect$uac1(0x0, 0x79, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x67, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x3, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8}]}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000000180)=@lang_id={0x4}}, {0x2, &(0x7f00000001c0)=@string={0x2}}]}) [ 769.973951][ T1052] Bluetooth: hci8: command 0x1009 tx timeout [ 769.980217][ T1052] Bluetooth: hci7: command 0x1009 tx timeout [ 770.223563][ T20] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 770.463570][ T20] usb 1-1: Using ep0 maxpacket: 16 [ 770.523716][T10442] Bluetooth: hci9: command 0x1009 tx timeout [ 770.583635][ T20] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 770.592439][ T20] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 770.603227][ T20] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 770.763652][ T20] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 770.772722][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.787964][ T20] usb 1-1: Product: syz [ 770.792145][ T20] usb 1-1: SerialNumber: syz [ 771.113698][ T20] usb 1-1: 0:2 : does not exist [ 771.145634][ T20] usb 1-1: USB disconnect, device number 15 09:41:39 executing program 1 (fault-call:4 fault-nth:43): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 771.340676][T14178] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 771.362511][T14178] FAULT_INJECTION: forcing a failure. [ 771.362511][T14178] name failslab, interval 1, probability 0, space 0, times 0 [ 771.377284][T14178] CPU: 0 PID: 14178 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 771.386954][T14178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 771.397122][T14178] Call Trace: [ 771.400506][T14178] dump_stack_lvl+0xcd/0x134 [ 771.405131][T14178] should_fail.cold+0x5/0xa [ 771.409666][T14178] should_failslab+0x5/0x10 [ 771.414199][T14178] __kmalloc_track_caller+0x79/0x310 [ 771.419517][T14178] ? kvasprintf_const+0x60/0x190 [ 771.424494][T14178] kvasprintf+0xb5/0x150 [ 771.428766][T14178] ? bust_spinlocks+0xe0/0xe0 [ 771.433488][T14178] kvasprintf_const+0x60/0x190 [ 771.438278][T14178] kobject_set_name_vargs+0x56/0x150 [ 771.443595][T14178] dev_set_name+0xbb/0xf0 [ 771.447955][T14178] ? device_initialize+0x560/0x560 [ 771.453104][T14178] ? lockdep_init_map_type+0x2c3/0x7b0 [ 771.458588][T14178] ? lockdep_init_map_type+0x2c3/0x7b0 [ 771.464081][T14178] ? __raw_spin_lock_init+0x36/0x110 [ 771.469402][T14178] rfkill_register+0xe6/0xb00 [ 771.474108][T14178] ? hci_leds_init+0x101/0x1c0 [ 771.478896][T14178] hci_register_dev+0x38a/0xbd0 [ 771.483772][T14178] hci_uart_tty_ioctl+0x8c5/0xc50 [ 771.488845][T14178] tty_ioctl+0xc69/0x1670 [ 771.493178][T14178] ? hci_uart_init_work+0x170/0x170 [ 771.498386][T14178] ? tty_lookup_driver+0x550/0x550 [ 771.503513][T14178] ? lock_downgrade+0x6e0/0x6e0 [ 771.508409][T14178] ? __fget_files+0x23d/0x3e0 [ 771.513186][T14178] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 771.519449][T14178] ? tty_lookup_driver+0x550/0x550 [ 771.524592][T14178] __x64_sys_ioctl+0x193/0x200 [ 771.529381][T14178] do_syscall_64+0x35/0xb0 [ 771.533808][T14178] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 771.539716][T14178] RIP: 0033:0x4665f9 [ 771.543614][T14178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 771.563591][T14178] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 771.572014][T14178] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 771.579989][T14178] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 771.588048][T14178] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 771.596027][T14178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 771.604103][T14178] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 771.667656][T10154] Bluetooth: hci10: Frame reassembly failed (-84) [ 771.923490][T10442] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 772.194874][T10442] usb 1-1: Using ep0 maxpacket: 16 [ 772.333545][T10442] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 772.342544][T10442] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 772.354533][T10442] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 772.525908][T10442] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 772.535293][T10442] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.545637][T10442] usb 1-1: Product: syz [ 772.549831][T10442] usb 1-1: SerialNumber: syz 09:41:40 executing program 0: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x17ef, 0x60b5, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0}) [ 772.873618][T10442] usb 1-1: 0:2 : does not exist [ 772.906726][T10442] usb 1-1: USB disconnect, device number 16 09:41:41 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, 0x0, 0x0, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 773.274174][T11096] Bluetooth: hci6: Frame reassembly failed (-84) [ 773.287039][T14214] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 773.313434][T10442] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 773.563508][T10442] usb 1-1: Using ep0 maxpacket: 32 [ 773.723785][ T20] Bluetooth: hci10: command 0x1003 tx timeout [ 773.730085][T10442] usb 1-1: unable to get BOS descriptor or descriptor too short [ 773.738006][T11051] Bluetooth: hci10: sending frame failed (-49) [ 773.823706][T10442] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 09:41:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)) 09:41:42 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4c01, &(0x7f0000000000)=0x32) [ 774.006909][T10442] usb 1-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.40 [ 774.018916][T14232] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 774.030821][T10442] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.046758][T10442] usb 1-1: Product: syz [ 774.052590][T10442] usb 1-1: Manufacturer: syz [ 774.060079][T10442] usb 1-1: SerialNumber: syz [ 774.106261][T10442] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 774.315170][ T8552] usb 1-1: USB disconnect, device number 17 09:41:42 executing program 2 (fault-call:5 fault-nth:4): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 774.570224][T14254] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 774.581745][T10154] Bluetooth: hci9: Frame reassembly failed (-84) [ 774.592531][T14254] FAULT_INJECTION: forcing a failure. [ 774.592531][T14254] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 774.623068][T14254] CPU: 1 PID: 14254 Comm: syz-executor.2 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 774.632752][T14254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 774.642820][T14254] Call Trace: [ 774.646118][T14254] dump_stack_lvl+0xcd/0x134 [ 774.650824][T14254] should_fail.cold+0x5/0xa [ 774.655365][T14254] _copy_to_user+0x2c/0x150 [ 774.659996][T14254] simple_read_from_buffer+0xcc/0x160 [ 774.665993][T14254] proc_fail_nth_read+0x187/0x220 [ 774.671068][T14254] ? proc_sessionid_read+0x220/0x220 [ 774.676387][T14254] ? security_file_permission+0xab/0xd0 [ 774.681969][T14254] ? proc_sessionid_read+0x220/0x220 [ 774.687294][T14254] vfs_read+0x1b5/0x600 [ 774.691567][T14254] ksys_read+0x12d/0x250 [ 774.695831][T14254] ? vfs_write+0xae0/0xae0 [ 774.700275][T14254] ? syscall_enter_from_user_mode+0x21/0x70 [ 774.706200][T14254] do_syscall_64+0x35/0xb0 [ 774.710631][T14254] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 774.716545][T14254] RIP: 0033:0x41937c [ 774.720427][T14254] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 774.740200][T14254] RSP: 002b:00007f5e27997170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 774.748606][T14254] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041937c [ 774.756565][T14254] RDX: 000000000000000f RSI: 00007f5e279971e0 RDI: 0000000000000004 [ 774.764526][T14254] RBP: 00007f5e279971d0 R08: 0000000000000000 R09: 0000000000000000 [ 774.772681][T14254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 774.780652][T14254] R13: 00007fff9368acdf R14: 00007f5e27997300 R15: 0000000000022000 [ 775.123452][ T8552] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 775.323415][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 775.329824][T11051] Bluetooth: hci6: sending frame failed (-49) [ 775.393331][ T8552] usb 1-1: Using ep0 maxpacket: 32 [ 775.593548][ T8552] usb 1-1: unable to get BOS descriptor or descriptor too short [ 775.693907][ T8552] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 775.803411][ T1052] Bluetooth: hci10: command 0x1001 tx timeout [ 775.809636][T11051] Bluetooth: hci10: sending frame failed (-49) 09:41:44 executing program 0: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) getpgrp(0xffffffffffffffff) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) open(&(0x7f0000000400)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r2, 0x0, 0xffffdffa) lseek(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) [ 775.873479][ C0] raw-gadget gadget: ignoring, device is not running [ 775.925094][ T8552] usb 1-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.40 [ 775.951951][ T8552] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 775.969703][ T8552] usb 1-1: Product: syz [ 775.977908][ T8552] usb 1-1: Manufacturer: syz [ 775.985918][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 775.992084][T11051] Bluetooth: hci7: sending frame failed (-49) [ 776.031680][ T8552] usb 1-1: can't set config #1, error -71 [ 776.042900][ T8552] usb 1-1: USB disconnect, device number 18 [ 776.123617][T10442] Bluetooth: hci8: command 0x1003 tx timeout [ 776.129811][T11051] Bluetooth: hci8: sending frame failed (-49) [ 776.264357][T14275] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 776.277377][T14275] File: /root/syzkaller-testdir874985962/syzkaller.7OvDtK/128/bus PID: 14275 Comm: syz-executor.0 09:41:44 executing program 0: perf_event_open(&(0x7f0000000740)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x10103e, 0x0) socket$alg(0x26, 0x5, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000bc7ef9642d29ba564165605dca29708efdf9b15a5c10a126fc1a2751f642635bcd9a8bf7a928a5d054b0d2c54d519ea75c52f41ed6f2886973626b684c8bcede3294f6e73d06ad16dc2d26725ff833b5f83b499918e6a6ec245b781d41aee9624c847e2f2312d6a1db45bad354fc1a3f20340547860f97d30d407ffe406483a0524937ee7559e4bf70136746b37fdfbbb152758d37ed8bcac41eb7243bdcd536249c7996e898b61927eaa5a8790054ba13d3ade593220f96027090234aaf7ea92f41aab73e7a85eef87e956bb7c5c76a347264fd99359f4e57b0dcc2bcc188ea880a4b11a8bb81eb22b0ddfc689e3218cf310dcc61cab354149d9107d8a88b0aa5b5661555f00443aee5e714009e52cee5e88f008148ddbc0fa81bf938bed4a1ac778d5337cc0311d0772eeac3eab38426e8d1472ff514aa5379ed21551790cc10148410b4fc27582fd7106a8887a9a0b613dfe10aee77542d887208f5534f5d8ba943f258fc9ef975834e1917666e2aff1cebfc3ce2c1e8ff66bba1d9aa3300b67b279a2378db7024bf321636bede8651e672ed4f01ba5da2c3f9042a8552bd3f2c9ad546ad0ea20b4d35fb0a15c6239f67c7747a40fe26a88adf727fd1b801b4e56fbffcad99ce68fe2af0d94fdc78d27268de435021dca51acaa7a9e0944bdf579c170db6405944b6791a7713ee54f650fdf71b57c3629fb185efce700620ef5744623be08ec935dd563e6ba0b461bda98b364acf3dcdafa9b0e68c21ea509212c2938aa09cc31aa4ee5bfb8e507181909f5854b13997af4888cd61c8aab5fdfd701a16d546e5a533cd9b985dcc582b67979551dcc750fc51f2c9b6814edeffc76a86ea9f58b7c66fa24540daf14c2163d064f8cf0b4878f81e6b8bc4dabc10dac82b39e033963a6d02434cb783a198829d1373790a85c0e01a362d89e80165d280283af3c261bc5534c2a5c0f734b12a73b0c53bfae5d2f6e55728052247adfe0966c6c5eca57918c4540c979a70a281ba00e408c9fe1b20fa208976dd6a56f9bd9a74d81447c9b265d8c23f0e983e9112d3ecea0694721a847342d5eff8a5"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1c, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x2}}, &(0x7f00000000c0)='GPL\x00', 0x4, 0xbf9, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x9000000, 0x0, r1}, 0x78) openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, 0xffffffffffffffff, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x5) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080)) 09:41:44 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x40) 09:41:44 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000040)={'erspan0\x00', 0x0}) 09:41:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc01, 0x3, 0x268, 0x90, 0x5002004a, 0x0, 0x90, 0x0, 0x1d0, 0x3c8, 0x3c8, 0x1d0, 0x3c8, 0x3, 0x0, {[{{@uncond, 0x60, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@ip={@loopback, @dev, 0x0, 0x0, 'wlan0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0xd8, 0x140, 0x0, {}, [@common=@set={{0x40}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2c8) [ 776.614919][ T1052] Bluetooth: hci9: command 0x1003 tx timeout [ 776.622500][T11051] Bluetooth: hci9: sending frame failed (-49) [ 776.676069][T14287] Cannot find set identified by id 0 to match 09:41:44 executing program 0: sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465c4d4049fc564e0b9cc7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6e69f403ff0e80677eeba68562eb8ae2bcd87cef9000000a39c15a7ef365cc27dfeac7bb40e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a17e9b5381791cbf0ceb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc08c2daa235197f1496679a9813c1efa26001b3f486eb6954871b4344faae85c4d0b96778478ae5355e6f923b1105696904fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000200)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f736530000000000000000000000000000000000000000000000000000000000000e4ff0800000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000200000000000000000000000000400000000000000000000000000000070009000000000094100000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000004000000000000000000000000000000000000000000000feffffff"], 0x1) perf_event_open(&(0x7f0000000840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2f9, 0x304, &(0x7f0000000040)="b90103600040f000009e0ff008071fffffe100004000638477fbac141414e0000001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28) [ 777.403230][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 777.410112][T11051] Bluetooth: hci6: sending frame failed (-49) [ 777.883210][ T1052] Bluetooth: hci10: command 0x1009 tx timeout [ 778.043252][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 778.050420][T11051] Bluetooth: hci7: sending frame failed (-49) [ 778.203198][ T1052] Bluetooth: hci8: command 0x1001 tx timeout [ 778.209944][T11051] Bluetooth: hci8: sending frame failed (-49) [ 778.683196][ T20] Bluetooth: hci9: command 0x1001 tx timeout [ 778.689831][T11051] Bluetooth: hci9: sending frame failed (-49) [ 779.483271][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 780.133212][ T1052] Bluetooth: hci7: command 0x1009 tx timeout [ 780.283163][ T20] Bluetooth: hci8: command 0x1009 tx timeout [ 780.763348][ T1052] Bluetooth: hci9: command 0x1009 tx timeout 09:41:50 executing program 1 (fault-call:4 fault-nth:44): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:41:50 executing program 0: r0 = socket(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000100)={'veth0_to_team\x00'}) [ 782.260498][T14303] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 782.279859][T14303] FAULT_INJECTION: forcing a failure. [ 782.279859][T14303] name failslab, interval 1, probability 0, space 0, times 0 [ 782.306310][T14303] CPU: 0 PID: 14303 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 782.315984][T14303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.326055][T14303] Call Trace: [ 782.329356][T14303] dump_stack_lvl+0xcd/0x134 [ 782.333983][T14303] should_fail.cold+0x5/0xa [ 782.338698][T14303] should_failslab+0x5/0x10 [ 782.343227][T14303] __kmalloc_track_caller+0x79/0x310 [ 782.348646][T14303] ? kstrdup_const+0x53/0x80 [ 782.353276][T14303] kstrdup+0x36/0x70 [ 782.357214][T14303] kstrdup_const+0x53/0x80 [ 782.362010][T14303] __kernfs_new_node+0x9d/0x8b0 [ 782.366978][T14303] ? kernfs_path_from_node+0x60/0x60 [ 782.372469][T14303] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 782.378492][T14303] ? stack_trace_save+0x8c/0xc0 [ 782.383491][T14303] kernfs_create_dir_ns+0x9c/0x220 [ 782.388651][T14303] sysfs_create_dir_ns+0x128/0x290 [ 782.393791][T14303] ? sysfs_create_mount_point+0xb0/0xb0 [ 782.399362][T14303] ? rwlock_bug.part.0+0x90/0x90 [ 782.404331][T14303] ? do_raw_spin_unlock+0x171/0x230 [ 782.409557][T14303] kobject_add_internal+0x2d2/0xa60 [ 782.414788][T14303] kobject_add+0x150/0x1c0 [ 782.419228][T14303] ? kset_create_and_add+0x190/0x190 [ 782.424546][T14303] ? lockdep_init_map_type+0x2c3/0x7b0 [ 782.430042][T14303] ? __raw_spin_lock_init+0x36/0x110 [ 782.435882][T14303] device_add+0x36a/0x21b0 [ 782.440326][T14303] ? device_initialize+0x560/0x560 [ 782.445466][T14303] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 782.451746][T14303] ? __raw_spin_lock_init+0x36/0x110 [ 782.457063][T14303] rfkill_register+0x1a5/0xb00 [ 782.461932][T14303] ? hci_leds_init+0x101/0x1c0 [ 782.466715][T14303] hci_register_dev+0x38a/0xbd0 [ 782.471609][T14303] hci_uart_tty_ioctl+0x8c5/0xc50 [ 782.476628][T14303] tty_ioctl+0xc69/0x1670 [ 782.480942][T14303] ? hci_uart_init_work+0x170/0x170 [ 782.486130][T14303] ? tty_lookup_driver+0x550/0x550 [ 782.491232][T14303] ? lock_downgrade+0x6e0/0x6e0 [ 782.496081][T14303] ? __fget_files+0x23d/0x3e0 [ 782.500750][T14303] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 782.507070][T14303] ? tty_lookup_driver+0x550/0x550 [ 782.512207][T14303] __x64_sys_ioctl+0x193/0x200 [ 782.517011][T14303] do_syscall_64+0x35/0xb0 [ 782.521502][T14303] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 782.527432][T14303] RIP: 0033:0x4665f9 [ 782.531312][T14303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 782.551117][T14303] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 782.559623][T14303] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 782.567588][T14303] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 782.575638][T14303] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 782.583615][T14303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 782.593219][T14303] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 782.615550][T14303] kobject_add_internal failed for rfkill194 (error: -12 parent: hci10) [ 782.636310][ T1136] Bluetooth: hci10: Frame reassembly failed (-84) 09:41:51 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 783.538502][T10154] Bluetooth: hci6: Frame reassembly failed (-84) [ 783.546748][T14316] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:41:52 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)) 09:41:52 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5409, &(0x7f0000000000)=0x32) 09:41:52 executing program 0: request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f00000000c0)='$}\x00', 0xffffffffffffffff) 09:41:52 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 784.697341][ T8416] Bluetooth: hci10: command 0x1003 tx timeout [ 784.718105][T11339] Bluetooth: hci10: sending frame failed (-49) 09:41:52 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001200)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xc}]}}, &(0x7f0000000200)=""/4096, 0x26, 0x1000, 0x1}, 0x20) [ 784.844973][T14345] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 784.905363][ T8] Bluetooth: hci9: Frame reassembly failed (-84) [ 784.926218][T14344] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:41:53 executing program 0: r0 = socket(0x2, 0x2, 0x0) bind$qrtr(r0, 0x0, 0x0) 09:41:53 executing program 0: syz_mount_image$bfs(0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)=[{0x0}], 0x0, 0x0) 09:41:53 executing program 0: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000080)={0x0, 0x5, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "c4a83037"}, 0x0, 0x0, @planes=0x0}) 09:41:53 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000600)={&(0x7f0000000700)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1c000000840000000a000000ff0100000000000000000000000000011400000084"], 0x70}, 0x100) [ 785.570242][ T8416] Bluetooth: hci6: command 0x1003 tx timeout [ 785.577820][T11051] Bluetooth: hci6: sending frame failed (-49) [ 786.212891][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 786.220047][T11051] Bluetooth: hci7: sending frame failed (-49) [ 786.773016][ T8552] Bluetooth: hci10: command 0x1001 tx timeout [ 786.779290][T11051] Bluetooth: hci10: sending frame failed (-49) [ 786.922803][ T8552] Bluetooth: hci9: command 0x1003 tx timeout [ 786.929656][T11051] Bluetooth: hci9: sending frame failed (-49) [ 786.933056][T10442] Bluetooth: hci8: command 0x1003 tx timeout [ 786.942776][T11051] Bluetooth: hci8: sending frame failed (-49) [ 787.642774][ T8552] Bluetooth: hci6: command 0x1001 tx timeout [ 787.649718][T11051] Bluetooth: hci6: sending frame failed (-49) [ 788.292869][ T8552] Bluetooth: hci7: command 0x1001 tx timeout [ 788.299583][T11051] Bluetooth: hci7: sending frame failed (-49) [ 788.842774][ T8552] Bluetooth: hci10: command 0x1009 tx timeout [ 789.002735][ T8552] Bluetooth: hci8: command 0x1001 tx timeout [ 789.008999][T11051] Bluetooth: hci8: sending frame failed (-49) [ 789.015653][ T8552] Bluetooth: hci9: command 0x1001 tx timeout [ 789.021735][T11051] Bluetooth: hci9: sending frame failed (-49) [ 789.722691][ T8416] Bluetooth: hci6: command 0x1009 tx timeout [ 790.372611][ T8416] Bluetooth: hci7: command 0x1009 tx timeout [ 791.082863][ T7] Bluetooth: hci9: command 0x1009 tx timeout [ 791.089342][ T7] Bluetooth: hci8: command 0x1009 tx timeout 09:42:01 executing program 1 (fault-call:4 fault-nth:45): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:42:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x107, &(0x7f0000000080), &(0x7f00000000c0)=0x18) [ 793.109151][T14381] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 793.118824][T14381] FAULT_INJECTION: forcing a failure. [ 793.118824][T14381] name failslab, interval 1, probability 0, space 0, times 0 [ 793.137238][T14381] CPU: 1 PID: 14381 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 793.146918][T14381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 793.156991][T14381] Call Trace: [ 793.160285][T14381] dump_stack_lvl+0xcd/0x134 [ 793.164922][T14381] should_fail.cold+0x5/0xa [ 793.169547][T14381] ? __kernfs_new_node+0xd4/0x8b0 [ 793.174608][T14381] should_failslab+0x5/0x10 [ 793.179135][T14381] kmem_cache_alloc+0x5e/0x390 [ 793.184108][T14381] __kernfs_new_node+0xd4/0x8b0 [ 793.189003][T14381] ? kernfs_path_from_node+0x60/0x60 [ 793.194327][T14381] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 793.200336][T14381] ? stack_trace_save+0x8c/0xc0 [ 793.205225][T14381] kernfs_create_dir_ns+0x9c/0x220 [ 793.210384][T14381] sysfs_create_dir_ns+0x128/0x290 [ 793.215530][T14381] ? sysfs_create_mount_point+0xb0/0xb0 [ 793.221105][T14381] ? rwlock_bug.part.0+0x90/0x90 [ 793.226163][T14381] ? do_raw_spin_unlock+0x171/0x230 [ 793.231402][T14381] kobject_add_internal+0x2d2/0xa60 [ 793.236637][T14381] kobject_add+0x150/0x1c0 [ 793.241228][T14381] ? kset_create_and_add+0x190/0x190 [ 793.246523][T14381] ? lockdep_init_map_type+0x2c3/0x7b0 [ 793.251979][T14381] ? __raw_spin_lock_init+0x36/0x110 [ 793.258043][T14381] device_add+0x36a/0x21b0 [ 793.262591][T14381] ? device_initialize+0x560/0x560 [ 793.267867][T14381] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 793.274138][T14381] ? __raw_spin_lock_init+0x36/0x110 [ 793.279410][T14381] rfkill_register+0x1a5/0xb00 [ 793.284159][T14381] ? hci_leds_init+0x101/0x1c0 [ 793.288911][T14381] hci_register_dev+0x38a/0xbd0 [ 793.293928][T14381] hci_uart_tty_ioctl+0x8c5/0xc50 [ 793.298961][T14381] tty_ioctl+0xc69/0x1670 [ 793.303532][T14381] ? hci_uart_init_work+0x170/0x170 [ 793.308714][T14381] ? tty_lookup_driver+0x550/0x550 [ 793.313822][T14381] ? lock_downgrade+0x6e0/0x6e0 [ 793.318666][T14381] ? __fget_files+0x23d/0x3e0 [ 793.323536][T14381] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 793.330284][T14381] ? tty_lookup_driver+0x550/0x550 [ 793.335399][T14381] __x64_sys_ioctl+0x193/0x200 [ 793.340152][T14381] do_syscall_64+0x35/0xb0 [ 793.344558][T14381] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 793.350439][T14381] RIP: 0033:0x4665f9 [ 793.354328][T14381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 793.374096][T14381] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 793.382498][T14381] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 793.390452][T14381] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 793.398417][T14381] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 793.406369][T14381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 793.414411][T14381] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 793.436865][T14381] kobject_add_internal failed for rfkill199 (error: -12 parent: hci10) [ 793.457463][T10154] Bluetooth: hci10: Frame reassembly failed (-84) 09:42:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x900, &(0x7f0000000040)={0x0, 0x8}, 0x8) 09:42:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)) 09:42:03 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540b, &(0x7f0000000000)=0x32) 09:42:03 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:42:03 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup(r0) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x2, 0x0, 0x0) 09:42:03 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x2, &(0x7f0000000000)=0x32) [ 795.078230][ T8] Bluetooth: hci7: Frame reassembly failed (-84) [ 795.092555][T14417] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:42:03 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000380)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0090"], 0x14}, 0x20100) [ 795.145576][T14427] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 795.175143][ T8] Bluetooth: hci9: Frame reassembly failed (-84) [ 795.187149][T11096] Bluetooth: hci8: Frame reassembly failed (-84) 09:42:03 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800000}, 0x14) 09:42:03 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) readv(r0, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/234, 0xea}], 0x1) 09:42:03 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x10, &(0x7f0000000040), 0x4) [ 795.485030][ T7] Bluetooth: hci10: command 0x1003 tx timeout [ 795.491298][T11051] Bluetooth: hci10: sending frame failed (-49) [ 796.442422][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 796.448994][T11051] Bluetooth: hci6: sending frame failed (-49) [ 797.082347][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 797.089815][T11051] Bluetooth: hci7: sending frame failed (-49) [ 797.252330][ T8552] Bluetooth: hci8: command 0x1003 tx timeout [ 797.259320][T11051] Bluetooth: hci8: sending frame failed (-49) [ 797.267124][ T8552] Bluetooth: hci9: command 0x1003 tx timeout [ 797.273951][T11051] Bluetooth: hci9: sending frame failed (-49) [ 797.572493][ T7] Bluetooth: hci10: command 0x1001 tx timeout [ 797.579631][T11051] Bluetooth: hci10: sending frame failed (-49) [ 798.522234][ T8552] Bluetooth: hci6: command 0x1001 tx timeout [ 798.529251][T11051] Bluetooth: hci6: sending frame failed (-49) [ 799.172509][ T8552] Bluetooth: hci7: command 0x1001 tx timeout [ 799.179237][T11051] Bluetooth: hci7: sending frame failed (-49) [ 799.332294][ T8552] Bluetooth: hci9: command 0x1001 tx timeout [ 799.338457][T11051] Bluetooth: hci9: sending frame failed (-49) [ 799.345653][ T8552] Bluetooth: hci8: command 0x1001 tx timeout [ 799.352301][T11051] Bluetooth: hci8: sending frame failed (-49) [ 799.642278][ T8416] Bluetooth: hci10: command 0x1009 tx timeout [ 800.602240][ T8552] Bluetooth: hci6: command 0x1009 tx timeout [ 801.242670][ T8552] Bluetooth: hci7: command 0x1009 tx timeout [ 801.412206][ T8552] Bluetooth: hci8: command 0x1009 tx timeout [ 801.418303][ T8552] Bluetooth: hci9: command 0x1009 tx timeout 09:42:12 executing program 1 (fault-call:4 fault-nth:46): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:42:12 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000440)=[{&(0x7f0000000280)=""/112, 0x70}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) r2 = socket$inet_udplite(0x2, 0x2, 0x88) poll(&(0x7f0000000080)=[{0xffffffffffffff9c}, {}], 0x2, 0x8000000000049) recvfrom$inet(r2, 0x0, 0xccf3, 0x40042, 0x0, 0x800e005b2) poll(&(0x7f0000000000)=[{r2, 0x80}], 0x1, 0x0) shutdown(r2, 0x0) [ 803.995963][T14458] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 804.005093][T14458] FAULT_INJECTION: forcing a failure. [ 804.005093][T14458] name failslab, interval 1, probability 0, space 0, times 0 [ 804.019119][T14458] CPU: 1 PID: 14458 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 804.028784][T14458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.038868][T14458] Call Trace: [ 804.042158][T14458] dump_stack_lvl+0xcd/0x134 [ 804.046765][T14458] should_fail.cold+0x5/0xa [ 804.051371][T14458] ? __kernfs_new_node+0xd4/0x8b0 [ 804.056422][T14458] should_failslab+0x5/0x10 [ 804.061018][T14458] kmem_cache_alloc+0x5e/0x390 [ 804.065793][T14458] __kernfs_new_node+0xd4/0x8b0 [ 804.070661][T14458] ? kernfs_path_from_node+0x60/0x60 [ 804.075983][T14458] ? kernfs_add_one+0x122/0x4c0 [ 804.080838][T14458] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 804.086839][T14458] kernfs_new_node+0x93/0x120 [ 804.091540][T14458] __kernfs_create_file+0x51/0x350 [ 804.096674][T14458] sysfs_add_file_mode_ns+0x226/0x540 [ 804.102068][T14458] sysfs_create_file_ns+0x131/0x1c0 [ 804.107284][T14458] ? sysfs_add_file_mode_ns+0x540/0x540 [ 804.112839][T14458] ? up_write+0x470/0x470 [ 804.117175][T14458] ? lockdep_init_map_type+0x2c3/0x7b0 [ 804.122666][T14458] device_create_file+0xea/0x1d0 [ 804.127618][T14458] device_add+0x57c/0x21b0 [ 804.132048][T14458] ? device_initialize+0x560/0x560 [ 804.137173][T14458] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 804.143429][T14458] ? __raw_spin_lock_init+0x36/0x110 [ 804.148759][T14458] rfkill_register+0x1a5/0xb00 [ 804.153704][T14458] ? hci_leds_init+0x101/0x1c0 [ 804.158478][T14458] hci_register_dev+0x38a/0xbd0 [ 804.163340][T14458] hci_uart_tty_ioctl+0x8c5/0xc50 [ 804.168378][T14458] tty_ioctl+0xc69/0x1670 [ 804.172709][T14458] ? hci_uart_init_work+0x170/0x170 [ 804.177918][T14458] ? tty_lookup_driver+0x550/0x550 [ 804.183039][T14458] ? lock_downgrade+0x6e0/0x6e0 [ 804.187909][T14458] ? __fget_files+0x23d/0x3e0 [ 804.192600][T14458] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 804.198848][T14458] ? tty_lookup_driver+0x550/0x550 [ 804.203967][T14458] __x64_sys_ioctl+0x193/0x200 [ 804.208739][T14458] do_syscall_64+0x35/0xb0 [ 804.213179][T14458] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 804.219085][T14458] RIP: 0033:0x4665f9 [ 804.222981][T14458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 804.242589][T14458] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 804.251109][T14458] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 804.259095][T14458] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 804.267066][T14458] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 804.275036][T14458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 804.283006][T14458] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:42:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 804.623852][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:42:12 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) 09:42:14 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540c, &(0x7f0000000000)=0x32) 09:42:14 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f00000000c0), &(0x7f0000000180)=0x90) 09:42:14 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:42:14 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x10, &(0x7f0000000000)=0x32) 09:42:14 executing program 0: sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x3}, 0x1c) r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x24, &(0x7f0000000000)=0x1c00, 0xfe6a) [ 805.980609][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) [ 805.991392][T14500] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 806.041848][T14506] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 806.064867][T11339] Bluetooth: hci8: sending frame failed (-49) 09:42:14 executing program 0: r0 = socket(0x2, 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)=@in={0x10, 0x2}, 0x10) 09:42:14 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0, 0x0, 0x0, 0x20}, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x18, &(0x7f0000000080), 0x4) 09:42:14 executing program 0: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000200)=0x3, 0x4) connect$inet(r0, &(0x7f0000000240)={0x10, 0x2}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f0000000100)=0xffff, 0x4) sendto(r0, &(0x7f0000002280)="1d", 0x1, 0x105, &(0x7f0000000480)=@in6={0x1c, 0x1c, 0x2}, 0x1c) [ 806.363058][ T8552] Bluetooth: hci10: command 0x1003 tx timeout [ 806.373124][T11051] Bluetooth: hci10: sending frame failed (-49) [ 806.691868][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 806.699222][T11051] Bluetooth: hci6: sending frame failed (-49) [ 808.041952][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 808.049118][T11051] Bluetooth: hci7: sending frame failed (-49) [ 808.121901][ T7638] Bluetooth: hci9: command 0x1003 tx timeout [ 808.122032][ T1052] Bluetooth: hci8: command 0x1003 tx timeout [ 808.128279][T11051] Bluetooth: hci9: sending frame failed (-49) [ 808.140687][T11389] Bluetooth: hci8: sending frame failed (-49) [ 808.364340][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.370746][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.442005][ T7638] Bluetooth: hci10: command 0x1001 tx timeout [ 808.449353][T11389] Bluetooth: hci10: sending frame failed (-49) [ 808.761802][ T8416] Bluetooth: hci6: command 0x1001 tx timeout [ 808.767977][T11389] Bluetooth: hci6: sending frame failed (-49) [ 810.121789][ T7638] Bluetooth: hci7: command 0x1001 tx timeout [ 810.128889][T11389] Bluetooth: hci7: sending frame failed (-49) [ 810.211857][ T8416] Bluetooth: hci8: command 0x1001 tx timeout [ 810.218769][T11389] Bluetooth: hci8: sending frame failed (-49) [ 810.226371][ T8416] Bluetooth: hci9: command 0x1001 tx timeout [ 810.233588][T11389] Bluetooth: hci9: sending frame failed (-49) [ 810.531807][ T7638] Bluetooth: hci10: command 0x1009 tx timeout [ 810.841688][ T7638] Bluetooth: hci6: command 0x1009 tx timeout [ 812.211962][ T7638] Bluetooth: hci7: command 0x1009 tx timeout [ 812.281784][ T7638] Bluetooth: hci9: command 0x1009 tx timeout [ 812.296770][ T7638] Bluetooth: hci8: command 0x1009 tx timeout 09:42:22 executing program 1 (fault-call:4 fault-nth:47): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:42:22 executing program 0: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x31, &(0x7f0000000000)={0x0, 0x0, '\x00', [@enc_lim]}, 0x10) 09:42:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 814.967326][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 814.967426][T14551] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 815.003435][T14551] FAULT_INJECTION: forcing a failure. [ 815.003435][T14551] name failslab, interval 1, probability 0, space 0, times 0 [ 815.034417][T14551] CPU: 0 PID: 14551 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 815.044184][T14551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.054261][T14551] Call Trace: [ 815.057582][T14551] dump_stack_lvl+0xcd/0x134 [ 815.062204][T14551] should_fail.cold+0x5/0xa [ 815.066739][T14551] ? __kernfs_new_node+0xd4/0x8b0 [ 815.071802][T14551] should_failslab+0x5/0x10 [ 815.076329][T14551] kmem_cache_alloc+0x5e/0x390 [ 815.081211][T14551] __kernfs_new_node+0xd4/0x8b0 [ 815.086095][T14551] ? kernfs_path_from_node+0x60/0x60 [ 815.091419][T14551] ? kernfs_add_one+0x122/0x4c0 [ 815.096293][T14551] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 815.102310][T14551] kernfs_new_node+0x93/0x120 [ 815.107012][T14551] __kernfs_create_file+0x51/0x350 [ 815.112151][T14551] sysfs_add_file_mode_ns+0x226/0x540 [ 815.117679][T14551] sysfs_create_file_ns+0x131/0x1c0 [ 815.122994][T14551] ? sysfs_add_file_mode_ns+0x540/0x540 [ 815.128569][T14551] ? up_write+0x470/0x470 [ 815.132918][T14551] ? lockdep_init_map_type+0x2c3/0x7b0 [ 815.138415][T14551] device_create_file+0xea/0x1d0 [ 815.143385][T14551] device_add+0x57c/0x21b0 [ 815.147828][T14551] ? device_initialize+0x560/0x560 [ 815.152965][T14551] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 815.159239][T14551] ? __raw_spin_lock_init+0x36/0x110 [ 815.164561][T14551] rfkill_register+0x1a5/0xb00 [ 815.169355][T14551] ? hci_leds_init+0x101/0x1c0 [ 815.174132][T14551] hci_register_dev+0x38a/0xbd0 [ 815.179013][T14551] hci_uart_tty_ioctl+0x8c5/0xc50 [ 815.184075][T14551] tty_ioctl+0xc69/0x1670 [ 815.188410][T14551] ? hci_uart_init_work+0x170/0x170 [ 815.193618][T14551] ? tty_lookup_driver+0x550/0x550 [ 815.198738][T14551] ? lock_downgrade+0x6e0/0x6e0 [ 815.203609][T14551] ? __fget_files+0x23d/0x3e0 [ 815.208319][T14551] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 815.214754][T14551] ? tty_lookup_driver+0x550/0x550 [ 815.219872][T14551] __x64_sys_ioctl+0x193/0x200 [ 815.224659][T14551] do_syscall_64+0x35/0xb0 [ 815.229094][T14551] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 815.234996][T14551] RIP: 0033:0x4665f9 [ 815.238892][T14551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 815.258602][T14551] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 815.267214][T14551] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 815.275274][T14551] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 09:42:23 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f00000000c0)={0x1c, 0x1c}, 0x1c) [ 815.283258][T14551] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 815.291232][T14551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 815.299202][T14551] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:42:24 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540d, &(0x7f0000000000)=0x32) 09:42:24 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x32, 0x1}, 0xb) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000040), &(0x7f00000000c0)=0xb) 09:42:24 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) 09:42:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4c00, &(0x7f0000000000)=0x32) 09:42:25 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000280), &(0x7f00000002c0)=0x10) [ 816.887205][ T8] Bluetooth: hci7: Frame reassembly failed (-84) [ 816.906894][T14587] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 816.947138][ T8] Bluetooth: hci9: Frame reassembly failed (-84) [ 816.959990][ T9149] Bluetooth: hci8: Frame reassembly failed (-84) 09:42:25 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x19, &(0x7f0000000080), &(0x7f00000000c0)=0x8) [ 817.020071][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 817.026483][T11389] Bluetooth: hci6: sending frame failed (-49) 09:42:25 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x29, &(0x7f0000001400), &(0x7f0000001440)=0x8) 09:42:25 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f00000006c0), &(0x7f0000000700)=0x8) [ 817.401680][ T8416] Bluetooth: hci10: command 0x1003 tx timeout [ 817.408234][T11389] Bluetooth: hci10: sending frame failed (-49) [ 818.921403][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 818.928710][T11389] Bluetooth: hci7: sending frame failed (-49) [ 819.001416][ T1052] Bluetooth: hci9: command 0x1003 tx timeout [ 819.001441][ T8416] Bluetooth: hci8: command 0x1003 tx timeout [ 819.010111][T11389] Bluetooth: hci9: sending frame failed (-49) [ 819.013597][T11051] Bluetooth: hci8: sending frame failed (-49) [ 819.081519][ T8416] Bluetooth: hci6: command 0x1001 tx timeout [ 819.087850][T11051] Bluetooth: hci6: sending frame failed (-49) [ 819.481544][ T8416] Bluetooth: hci10: command 0x1001 tx timeout [ 819.488615][T11051] Bluetooth: hci10: sending frame failed (-49) [ 821.011935][ T8416] Bluetooth: hci7: command 0x1001 tx timeout [ 821.018588][T11051] Bluetooth: hci7: sending frame failed (-49) [ 821.081332][ T8416] Bluetooth: hci8: command 0x1001 tx timeout [ 821.081517][ T20] Bluetooth: hci9: command 0x1001 tx timeout [ 821.088487][T11051] Bluetooth: hci8: sending frame failed (-49) [ 821.101287][T11051] Bluetooth: hci9: sending frame failed (-49) [ 821.161544][ T7638] Bluetooth: hci6: command 0x1009 tx timeout [ 821.561402][ T8416] Bluetooth: hci10: command 0x1009 tx timeout [ 823.081950][ T8416] Bluetooth: hci7: command 0x1009 tx timeout [ 823.171205][ T8416] Bluetooth: hci9: command 0x1009 tx timeout [ 823.177259][ T8416] Bluetooth: hci8: command 0x1009 tx timeout 09:42:33 executing program 1 (fault-call:4 fault-nth:48): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:42:33 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000011c0)=@in={0x10, 0x2}, 0x10) 09:42:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 09:42:33 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/164, 0xa4}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000240)=""/125, 0x7d}], 0x1}, 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0xffffff68, 0x0, 0x0, 0x800e005dd) shutdown(r2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545) shutdown(r3, 0x0) [ 825.715141][T14630] raw_sendmsg: syz-executor.0 forgot to set AF_INET. Fix it! [ 825.770667][T14633] debugfs: Directory 'hci10' with parent 'bluetooth' already present! [ 825.785573][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 825.810614][T14633] FAULT_INJECTION: forcing a failure. [ 825.810614][T14633] name failslab, interval 1, probability 0, space 0, times 0 [ 825.831700][T14633] CPU: 1 PID: 14633 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 825.841382][T14633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 825.851453][T14633] Call Trace: [ 825.854748][T14633] dump_stack_lvl+0xcd/0x134 [ 825.859457][T14633] should_fail.cold+0x5/0xa [ 825.863990][T14633] ? __kernfs_new_node+0xd4/0x8b0 [ 825.869045][T14633] should_failslab+0x5/0x10 [ 825.873566][T14633] kmem_cache_alloc+0x5e/0x390 [ 825.878361][T14633] __kernfs_new_node+0xd4/0x8b0 [ 825.883345][T14633] ? kernfs_path_from_node+0x60/0x60 [ 825.888759][T14633] ? find_held_lock+0x2d/0x110 [ 825.893694][T14633] ? sysfs_do_create_link_sd+0x82/0x140 [ 825.899544][T14633] kernfs_new_node+0x93/0x120 [ 825.904255][T14633] kernfs_create_link+0xcb/0x230 [ 825.909223][T14633] sysfs_do_create_link_sd+0x90/0x140 [ 825.914625][T14633] sysfs_create_link+0x5f/0xc0 [ 825.919426][T14633] device_add+0x66b/0x21b0 [ 825.923893][T14633] ? device_initialize+0x560/0x560 [ 825.929038][T14633] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 825.935355][T14633] ? __raw_spin_lock_init+0x36/0x110 [ 825.940706][T14633] rfkill_register+0x1a5/0xb00 [ 825.945495][T14633] ? hci_leds_init+0x101/0x1c0 [ 825.950297][T14633] hci_register_dev+0x38a/0xbd0 [ 825.955212][T14633] hci_uart_tty_ioctl+0x8c5/0xc50 [ 825.960449][T14633] tty_ioctl+0xc69/0x1670 [ 825.964829][T14633] ? hci_uart_init_work+0x170/0x170 [ 825.970090][T14633] ? tty_lookup_driver+0x550/0x550 [ 825.975412][T14633] ? lock_downgrade+0x6e0/0x6e0 [ 825.980308][T14633] ? __fget_files+0x23d/0x3e0 [ 825.985028][T14633] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 825.991297][T14633] ? tty_lookup_driver+0x550/0x550 [ 825.996447][T14633] __x64_sys_ioctl+0x193/0x200 [ 826.001469][T14633] do_syscall_64+0x35/0xb0 [ 826.005999][T14633] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 826.011923][T14633] RIP: 0033:0x4665f9 [ 826.015848][T14633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 826.035667][T14633] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 826.044110][T14633] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 826.052806][T14633] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 826.060798][T14633] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 826.068793][T14633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 826.076794][T14633] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 826.153361][ T9149] Bluetooth: hci10: Frame reassembly failed (-84) 09:42:35 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5413, &(0x7f0000000000)=0x32) 09:42:35 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000001440)={0x0, 0x0, 0x0, 0xfffffffd}, 0x14) 09:42:35 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) 09:42:35 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4c01, &(0x7f0000000000)=0x32) 09:42:35 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r0, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/125, 0x7d}], 0x1}, 0x2) r2 = socket$inet_udplite(0x2, 0x2, 0x88) open(0x0, 0x2000b02, 0x0) recvfrom$inet(r2, 0x0, 0xffffff68, 0x0, 0x0, 0x800e005dd) shutdown(r2, 0x0) [ 827.747656][T14670] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 827.801255][ T7638] Bluetooth: hci6: command 0x1003 tx timeout [ 827.801262][ T1136] Bluetooth: hci8: Frame reassembly failed (-84) [ 827.819746][T11097] Bluetooth: hci6: sending frame failed (-49) 09:42:36 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5414, &(0x7f0000000000)=0x32) [ 828.103983][ T1124] Bluetooth: hci9: Frame reassembly failed (-84) [ 828.201182][ T8552] Bluetooth: hci10: command 0x1003 tx timeout [ 828.207451][T11097] Bluetooth: hci10: sending frame failed (-49) 09:42:36 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x20100) shutdown(r0, 0x1) 09:42:36 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0xa, &(0x7f0000000200)={0x0, @in, 0x0, 0x0, 0x12}, 0x98) [ 829.800826][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 829.800875][ T8416] Bluetooth: hci8: command 0x1003 tx timeout [ 829.808220][T11097] Bluetooth: hci7: sending frame failed (-49) [ 829.814831][T11389] Bluetooth: hci8: sending frame failed (-49) [ 829.881028][ T8416] Bluetooth: hci6: command 0x1001 tx timeout [ 829.887904][T11389] Bluetooth: hci6: sending frame failed (-49) [ 830.120880][ T8416] Bluetooth: hci9: command 0x1003 tx timeout [ 830.127712][T11389] Bluetooth: hci9: sending frame failed (-49) [ 830.281192][ T8416] Bluetooth: hci10: command 0x1001 tx timeout [ 830.287943][T11389] Bluetooth: hci10: sending frame failed (-49) [ 831.880838][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 831.880897][ T8416] Bluetooth: hci8: command 0x1001 tx timeout [ 831.893833][T11389] Bluetooth: hci7: sending frame failed (-49) [ 831.900004][T11389] Bluetooth: hci8: sending frame failed (-49) [ 831.961439][ T7638] Bluetooth: hci6: command 0x1009 tx timeout [ 832.210758][ T7638] Bluetooth: hci9: command 0x1001 tx timeout [ 832.216969][T11389] Bluetooth: hci9: sending frame failed (-49) [ 832.361038][ T7638] Bluetooth: hci10: command 0x1009 tx timeout [ 833.971367][ T8416] Bluetooth: hci8: command 0x1009 tx timeout [ 833.977472][ T8416] Bluetooth: hci7: command 0x1009 tx timeout [ 834.290673][ T8416] Bluetooth: hci9: command 0x1009 tx timeout 09:42:44 executing program 1 (fault-call:4 fault-nth:49): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:42:44 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000040)=@in={0x10, 0x2}, 0x10) 09:42:44 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000004c0)='B', 0x1}], 0x1}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x20100) sendmsg$inet_sctp(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000080)="9c", 0x1}], 0x1}, 0x0) [ 836.618235][T14735] FAULT_INJECTION: forcing a failure. [ 836.618235][T14735] name failslab, interval 1, probability 0, space 0, times 0 [ 836.639710][T14735] CPU: 0 PID: 14735 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 836.649420][T14735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.659490][T14735] Call Trace: [ 836.662787][T14735] dump_stack_lvl+0xcd/0x134 [ 836.667432][T14735] should_fail.cold+0x5/0xa [ 836.672141][T14735] ? __kernfs_new_node+0xd4/0x8b0 [ 836.677197][T14735] should_failslab+0x5/0x10 [ 836.681717][T14735] kmem_cache_alloc+0x5e/0x390 [ 836.686538][T14735] __kernfs_new_node+0xd4/0x8b0 [ 836.691427][T14735] ? kernfs_path_from_node+0x60/0x60 [ 836.696752][T14735] ? kernfs_add_one+0x122/0x4c0 [ 836.701625][T14735] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 836.707637][T14735] kernfs_new_node+0x93/0x120 [ 836.712327][T14735] __kernfs_create_file+0x51/0x350 [ 836.717543][T14735] sysfs_add_file_mode_ns+0x226/0x540 [ 836.722941][T14735] sysfs_create_file_ns+0x131/0x1c0 [ 836.728146][T14735] ? sysfs_add_file_mode_ns+0x540/0x540 [ 836.733706][T14735] ? up_write+0x470/0x470 [ 836.738040][T14735] ? lockdep_init_map_type+0x2c3/0x7b0 [ 836.743515][T14735] device_create_file+0xea/0x1d0 [ 836.748500][T14735] device_add+0x57c/0x21b0 [ 836.752939][T14735] ? device_initialize+0x560/0x560 [ 836.758062][T14735] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 836.764317][T14735] ? __raw_spin_lock_init+0x36/0x110 [ 836.769632][T14735] rfkill_register+0x1a5/0xb00 [ 836.774417][T14735] ? hci_leds_init+0x101/0x1c0 [ 836.779203][T14735] hci_register_dev+0x38a/0xbd0 [ 836.784082][T14735] hci_uart_tty_ioctl+0x8c5/0xc50 [ 836.789122][T14735] tty_ioctl+0xc69/0x1670 [ 836.793456][T14735] ? hci_uart_init_work+0x170/0x170 [ 836.798667][T14735] ? tty_lookup_driver+0x550/0x550 [ 836.803788][T14735] ? lock_downgrade+0x6e0/0x6e0 [ 836.808761][T14735] ? __fget_files+0x23d/0x3e0 [ 836.813534][T14735] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 836.819781][T14735] ? tty_lookup_driver+0x550/0x550 [ 836.824910][T14735] __x64_sys_ioctl+0x193/0x200 [ 836.829701][T14735] do_syscall_64+0x35/0xb0 [ 836.834138][T14735] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 836.840054][T14735] RIP: 0033:0x4665f9 [ 836.843965][T14735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 09:42:44 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x26, &(0x7f0000000200), &(0x7f0000000240)=0x8) [ 836.863606][T14735] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 836.872200][T14735] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 836.880171][T14735] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 836.888140][T14735] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 836.896197][T14735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 836.905160][T14735] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:42:45 executing program 0: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0x40, &(0x7f00000000c0)='vegas\x00', 0x6) 09:42:45 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000240), 0xc) [ 837.099728][T10154] Bluetooth: hci6: Frame reassembly failed (-84) 09:42:46 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x32) 09:42:46 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000200)="a28d95f70f22d8c8a836b81513a07f82c7420e91ec70", 0x16}, {&(0x7f0000000440)="0cb4d9c3cc1bea8bfa6499d656da663e89dc90c4017f80833313b7987b8348b21397f03f61131c7899d664f93eb7262fefdae5cc0d90bc87f4f9e9f8abc7a9b54799cf0692eea49a46efd5b8dce335827d2573964c36877277f34c7c94740e031aac44cd530ae1ac5924dfb9d094d81002471c1598bdb964fd3bebea88b729d3b9efae5775f34db5d26a0c917ca1cb49609e855d7dde66e41df95f00"/171, 0xab}, {&(0x7f00000006c0)="b5d82236635bb6a56dffa1aa45b791c586352fb772bd26db1987b796726a7acae1bab5c3e2874f1e288e3b541ed783d75ba2bbfbfb216282ab962bc781aa1d8cfa84c3b388cb26ab130750a39d0cf657fc7ce8999bbf197c7dc9975babab7f850c12872f89812d1d8bc8f1c61a68deae17eb42360764747aa37b4c4133fcba7071b1447fdf6780b4b9e3e32da9ac05", 0x8f}, {&(0x7f0000000a00)="3f7375fbd63afe8461fe95d19107d3f8e0536e0a12a7bc4ba803c8a50788437279b1df83c0e5c9ce8db2dbff9ff33814b9ae68adfffc1d8a5ee79a59e2cd6329e645bae8f42106a2a0da206275949991ad015003a9854c7b3a58df87b427d331c8ef9ba0ff4fa35987c7d5a655117a4313b1cd1717ab3175da0e3eb033d8dc85461c0f96746c2ebe6316e82be6043738978e04b03d10602aa5eb0bd927bb78e489042b40338c3dbddcac2708d21f6a50236ef411dc91e2f861e4ca1a3ac55a3ea397cc006714f407c22c5e560eecdf67604925cf8738784f8ff1a5dfac6f12cbc85be65ebe853c68b82d2f749e020a68c6bc658ce31bcf2bb3d096ebdc55827a08bd961a1ee38a974952c3232c32d5737e762b8a0e77b9814ba40c26bd01f2d888e23f50a5ce3e4c0b6e5db66c62a2d5458565b8478d00b45a871674d6f6ce9f52438af971007b9d0d92fb51f25d51acdbfadcab285635231b39b1845bb34cc0c19ddb35cfb61508032f51c97f60ef7ce60f896aa7913e48f464ab0b28d336edd960e8548a8f9e7df16e824cb44e8520529926f143ce900e7d33abc03ce84b534d304bbd143b4c4b152ea334ade0aa263b58d1d3f60baf73213762cc76d2c01596daffb99712c19a6b1e0ba534c17cf1b10d1197e222cab7ea497b7c7f9c28348638cdfd2b29f3734bb053278a439bd94d727872594348f0f18354da88a553ae06d3b2bc895f0469c772e91268a6edde26b33c1c26306aba20cb80e1aef5249b8de754daa2fabaf088af1886ca394e340c859cb0c15612bd2c72ee11704f45d07ff18a1c1a6538321fc417758a7e9c72e99702fdd3f2a740cc39af0a4f9c33911f51f5b3e526da9721b10a428c2fac2c132fa8eedd8c01be0bcbd45852c3d2682ec593494f7060cbfacf644bfe61e7f09c420ee751a719fd648bc8641a18776b660d821a13497130e99d962055d57af9549e34f44361b686a3f5b5575c80117316d7f9d1229965363bf6deb8def115d4c764f21764c8879ba8a9cf3e7e1046c20dc1a4860311e02dced2746180b7d5c0c28ae80a0d8b53995f568a7ae3022824de78b2abfe9601259c188c26f9f3f6761dfae48f4e6b58654e918d24d8c2e59176f3b4a4311a382ce67f218fce8e5c84e5b2b6dc121a4949e12e8fc5f5dc04168ff2e45a36febecaea5be78d147ab80c8ce57e6d38ea91eb03b5aff4cb0df9a53080b120e15d89f193905ddb3d240fb2074adc032a9ea7253b2dd7c8447f08350f537f4dbc1bd80d2c698241baf59817ed947edad74f24ba5310443b41cc003a33273b80e7cc4527905fddbac26bc4536642b8ab71486d8c699a21f1d4a1953c9630d304ab5969bab6f4be35b74bfdf8829f41a06261e2599be701068b15deee34afb97ca6024579092bf5838c0331985c34b3e755931f5e617993b04acc0a23f10e48fd4559d769c7028b375a8e29637daf4ca9b7ad0a225dffe502f8ba088d511cb37ca10f06c4845937c1e554b4979e878a97c7fbd2227661fca12cf7c2e2bdb2b0e105068e95fa3456190890b5528807643d9d7eefaf4e3e366f326729bedf3fa107", 0x464}, {&(0x7f0000001e80)="f13e5de7b755bcdc3cab08a39925cd5dc0f91c6fe63b89e4ada6d3c453a0c3d5352db55a93dee514f2392c15a2c4c1857dc94e38496f8ba5d6c162b1f0c985397a20d370d3833ceb630aef8d2b51026b59dad4a311a4e40b3d09846144feeb4c999f761756b6d9949dbc6bdb97fefabb19d15011ef7c748c5aa81d0544a03fff0edec826f75b2bb782026f9f6d75061d87a30922635ce956f8b1c733204bb33d4c722d8f1ff2778db874ddef6264cc806419c445299d170527c834df59379e5a2ecdf57fddc2d76e3f462844934c6ba4a4a4cb48909c8ee74b4bae93d424e5e905f4be2c14c40cb4ac319458d3e18d9603ddb73a6499fe03b21c781708533677acd267ce624e99a9a95b18cdb8d9c3466faddcb18fc1110f72c8c5e40b6f7ec7933710a56f0795de4ac18bfe13c0a67bcbfadf1b4e2692cbef10935f64a03a57999b37ec14874a9777fe7d5acaeccfb4a8c77673d040bdf88d0085d87964fa1a4406635528ceb4038ff93a6373ab6d4f04380d98a6116a776ef78b1a5c56a8dd3f36e78050e62bdef1035487c3f279955171d251ce3c961b24a3cbcfe6c1e6a2c56cd28fd6cc7d080e63034b826ee12cceb032c11292c05f134a21f7392ad15d0405a44b101cebbc04c1cb7990e6dca7870b36e073402f43159e27dd6221f987380bb08a04ef9f575c4fc2e0c1f2f2810bdfe30062621e7ebc0f9c3766ebe91985c6c5cad16d9cfc8c96115a299ca41e52d7ccead18a1d332f4db35fbc8d9232eba52c46d7f1640f11e7bc1299ded98a590fd8dbeed0a51a3bc79ff1e230b9050d3daa0d6f4c4ccb48a650c5fc1ff9229e7042048ea4cd6c07fde2d3e3aebcc0f305af2dc88d1cf9a396a41ffd46c1ba1461764991b2b362a963be8d043780a37dba92a0768c265cb09a0d2ede1ddb26a68d6e30f0dc8b019f54b44550492cf4b624e2a6d50b28fa261330f721e92c3f7c9910e334bbd8ba1293c448496dbb7acc45c78978ec275e1b7e25b9f534e6eb2f551794c885a8466422c7101acfe6ea8550312e3b9ef7b246843e9453683f802a412e13e6ee4597092482e32b74303ff3396e02f3daefd7f399ffff9b336b4e324a0bef68e972c3c4c1756b92c7f7d2eb4756aaaca8f95d79579247ab273236d6b6edbce366d8b05abf7a90377fc7df7e173beda0fb85514bcf1f73d370c7bce3c5780ea66d4ffee7c1bd58193396a6f4063ea553274e77c720ca9baca6f52b6ed0b73fefda9d8fc2697baf8e7c0e54f22406e5502690fd233561d14dabb24b9d5dd5e1c60957156d44fa71ce197575c2dd7a83b83b7402ff1dae7e3220fed4bb2c98b2e69203b5fbabeba95b1b037146dfef39b2e8bf67b44cf738f3b6bdbfb2dade6e9ae2639655a799810f9e11252116d6687af3639949b9a98a029465375c57a2006ad1ba1b5511542456390a04edfdd105df64f754fb0c6f05520da1ffef26fa8095b33902211490382a6d917053d7961c0b53a57685903a06516e6f7fde2227c9eadcec0efba035f468a4af6a428641f2ac83bd35001da03c832900d3bf62189e50be794161e806855ebc894d83a88f497b426adc94f91be6f5be51e87dc0f0102f715b7dc57a7f86283ed8e0d19b178e3054e9ae767e7c158e68066764cafff5b6f541cbc4c327440207b1c089486a442e13d4a0bbbd0af691c83b13e504e2082785a77b00e2f0922deee1f1da6b5a6140028ba74b9fcae9ef1cd617d2bc2981eb664a68ca72d9fc6f74593b79457b54fac03f143063d5789febc4b8b38f47c64406f503edfefffad42e881b5b3efd770b92cce02f8508750d8379879efde105c0b71f09e7c055b8730d876e45b7af726cbc12548146cd866d1058c0c66a6b5ea2b49a0a994ca055d53759f4cf10506367e28e32933935885ca725daac709a28e1f21bc6598200cbb0b469f40c2d650b783f966cdb60e7a2b9ca0bbc978e98f832ee062f9d0a64adaeec913d30d36b9db828ced5d557c12aae5b75af", 0x590}], 0x5}, 0x0) 09:42:46 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) shutdown(r0, 0x1) [ 838.021299][ T8] Bluetooth: hci7: Frame reassembly failed (-84) 09:42:46 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5415, &(0x7f0000000000)=0x32) 09:42:46 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4c80, &(0x7f0000000000)=0x32) 09:42:46 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$sock_linger(r0, 0xffff, 0x80, &(0x7f0000000300), 0x8) [ 838.532043][T14787] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 838.556501][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) [ 839.160555][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 839.168148][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 840.040473][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 840.047520][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 840.600500][ T20] Bluetooth: hci8: command 0x1003 tx timeout [ 840.607663][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 840.680500][ T20] Bluetooth: hci9: command 0x1003 tx timeout [ 840.686926][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 841.250385][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 841.256503][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 842.120471][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 842.127708][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 842.680268][ T1052] Bluetooth: hci8: command 0x1001 tx timeout [ 842.686666][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 842.760320][ T20] Bluetooth: hci9: command 0x1001 tx timeout [ 842.766536][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 843.320292][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 844.200594][ T20] Bluetooth: hci7: command 0x1009 tx timeout [ 844.760226][ T20] Bluetooth: hci8: command 0x1009 tx timeout [ 844.840280][ T20] Bluetooth: hci9: command 0x1009 tx timeout 09:42:55 executing program 1 (fault-call:4 fault-nth:50): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:42:55 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f00000000c0)={0x1c, 0x1c, 0x2}, 0x1c) 09:42:55 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r1, r0) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x32, &(0x7f0000000100), 0x7) [ 847.510964][T14810] FAULT_INJECTION: forcing a failure. [ 847.510964][T14810] name failslab, interval 1, probability 0, space 0, times 0 [ 847.526647][T14810] CPU: 0 PID: 14810 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 847.536676][T14810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 847.546750][T14810] Call Trace: [ 847.550087][T14810] dump_stack_lvl+0xcd/0x134 [ 847.554715][T14810] should_fail.cold+0x5/0xa [ 847.559272][T14810] ? __kernfs_new_node+0xd4/0x8b0 [ 847.564333][T14810] should_failslab+0x5/0x10 [ 847.568952][T14810] kmem_cache_alloc+0x5e/0x390 [ 847.573842][T14810] __kernfs_new_node+0xd4/0x8b0 [ 847.578731][T14810] ? kernfs_path_from_node+0x60/0x60 [ 847.584070][T14810] ? kernfs_add_one+0x122/0x4c0 [ 847.588952][T14810] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 847.595014][T14810] kernfs_new_node+0x93/0x120 [ 847.599726][T14810] __kernfs_create_file+0x51/0x350 [ 847.604872][T14810] sysfs_add_file_mode_ns+0x226/0x540 [ 847.610285][T14810] sysfs_create_file_ns+0x131/0x1c0 [ 847.615516][T14810] ? sysfs_add_file_mode_ns+0x540/0x540 [ 847.621086][T14810] ? up_write+0x470/0x470 [ 847.625445][T14810] ? lockdep_init_map_type+0x2c3/0x7b0 [ 847.630947][T14810] device_create_file+0xea/0x1d0 [ 847.635920][T14810] device_add+0x57c/0x21b0 [ 847.640395][T14810] ? device_initialize+0x560/0x560 [ 847.645537][T14810] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 847.651813][T14810] ? __raw_spin_lock_init+0x36/0x110 [ 847.657137][T14810] rfkill_register+0x1a5/0xb00 [ 847.661926][T14810] ? hci_leds_init+0x101/0x1c0 [ 847.666715][T14810] hci_register_dev+0x38a/0xbd0 [ 847.671597][T14810] hci_uart_tty_ioctl+0x8c5/0xc50 [ 847.676656][T14810] tty_ioctl+0xc69/0x1670 [ 847.681003][T14810] ? hci_uart_init_work+0x170/0x170 [ 847.686407][T14810] ? tty_lookup_driver+0x550/0x550 [ 847.691550][T14810] ? lock_downgrade+0x6e0/0x6e0 [ 847.696438][T14810] ? __fget_files+0x23d/0x3e0 [ 847.701144][T14810] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 847.707430][T14810] ? tty_lookup_driver+0x550/0x550 [ 847.712569][T14810] __x64_sys_ioctl+0x193/0x200 [ 847.717357][T14810] do_syscall_64+0x35/0xb0 [ 847.721796][T14810] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 847.727713][T14810] RIP: 0033:0x4665f9 [ 847.731621][T14810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 847.751337][T14810] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 09:42:55 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, &(0x7f0000000000), 0x8) 09:42:55 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind(r0, &(0x7f0000000000)=@in={0x10, 0x2}, 0x16) [ 847.759779][T14810] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 847.767771][T14810] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 847.775763][T14810] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 847.783752][T14810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 847.791741][T14810] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:42:55 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x1, &(0x7f0000000080), 0x10) 09:42:56 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) recvmsg(r0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=""/218, 0xda}, 0x1) 09:42:56 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, 0x0) 09:42:56 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto(r0, &(0x7f0000000040)='?', 0x1, 0x20180, &(0x7f0000000140)=@in6={0x1c, 0x1c, 0x3}, 0x1c) [ 848.176536][T10154] Bluetooth: hci7: Frame reassembly failed (-84) 09:42:56 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5416, &(0x7f0000000000)=0x32) 09:42:56 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4c81, &(0x7f0000000000)=0x32) 09:42:56 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f00000007c0)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000080)="e7", 0x1}], 0x1, &(0x7f0000000780)=[@prinfo={0x14}], 0x14}, 0x0) [ 848.794307][T14865] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 848.827192][T11096] Bluetooth: hci8: Frame reassembly failed (-84) [ 848.913811][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 849.880675][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 849.887624][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 850.200282][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 850.206448][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 850.839919][ T1052] Bluetooth: hci8: command 0x1003 tx timeout [ 850.847323][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 851.000029][ T20] Bluetooth: hci9: command 0x1003 tx timeout [ 851.007690][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 851.960035][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 851.966889][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 852.281447][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 852.288300][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 852.929864][ T20] Bluetooth: hci8: command 0x1001 tx timeout [ 852.936764][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 853.080178][ T1052] Bluetooth: hci9: command 0x1001 tx timeout [ 853.086594][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 854.049783][ T7638] Bluetooth: hci6: command 0x1009 tx timeout [ 854.369972][ T8552] Bluetooth: hci7: command 0x1009 tx timeout [ 855.000406][ T8552] Bluetooth: hci8: command 0x1009 tx timeout [ 855.169801][ T8416] Bluetooth: hci9: command 0x1009 tx timeout 09:43:06 executing program 1 (fault-call:4 fault-nth:51): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:43:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x3, &(0x7f00000001c0)={0x1}, 0x8) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20104, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000240)={0x0, 0x5600}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:43:06 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) sendmsg$inet_sctp(r0, &(0x7f00000004c0)={&(0x7f0000000000)=@in6={0x1c, 0x1c}, 0x1c, 0x0, 0x0, &(0x7f0000000440)=[@init={0x14}, @sndrcv={0x2c}], 0x40}, 0x20189) 09:43:06 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, 0x0) 09:43:06 executing program 0: r0 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x33, &(0x7f0000000000)={0x0, 0x0, 0x1}, 0x8) [ 858.493544][T10154] Bluetooth: hci6: Frame reassembly failed (-84) 09:43:06 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f0000003880)=[{&(0x7f0000001240)='F', 0x1}], 0x1, &(0x7f0000000140)=[{0x21}, {0x10}, {0x0, 0x0, 0x0, "fbd0bc98bb0fb10bd5701b4f8a835ae3a26896250fdafd219cea527d374b37fa8074c988b1422137ebd00a1d99d1951eff7dec08e8f44af147266db84f1a5b63e58aa98e3bc462fc8de8af331d7d168a861ca6f857bc3ccce3bb153f328bbcc6040549b04b2f0eeaf33b384af8a73fd4865781649d36e278eb5f79829db7cfca2cb6e09a2f219005125fabc5c2c6007232af47a9ab04a7d849d08ebb32b8c16f6e88b7c51a2c9981819ad5d57667f673295629c7cae4d4a0608144e112a43a4ede53074eb739ad0b403af084a318cab603a9dedf9da7934b76704d58edd68b9b96d49fbf0cf887591c41d6a78ffdcced8f7357606a250f6206783d6ab04a2de216a89a82628526edc12e3fe59c78c3153ca06afe141b83ee848483e0a9937cc4bbecb0d290edd42706d78b23b765105453409072e2964261d37c5d79b6457d16a0e07fbfc30b37943d71844c8fbf5848ec030267bb5c4a38c63cc475863bac4b3f3a6d1b553d669b88764d03918daf6d2a282c7ddfe8267249ed5945bd8ca00a91f03de06f12a776ca5aaed39d2967819df4ab8147b2fa305cb13f0f5e52f2e2cf85ff6a42a6f1eb6fef164c1cc349660abe4ecc171ffa75a638a2661cc5a5ab0c7479253762f5b121e093d05c20f7a17b5f347e7d5ad71b669a8659042fb67848a873dbba7e4f3b54815089509996ef24e52da79ce66e6bf30e3e24dc9bbf7d45dfc3282ba3f16221b9439eb3304ad0adcb526f5475e1a661e339de0fd9f85c5fa7378b2f97dc28616bd0b57c368e9e4d1c320b0265039debf04250d697b475268028703152aed45f4bf59fd5e640a9544621be4811e2d657ca4aaae02c1a5419a99cbd766c681fa8e28b4ef8e11e4eb4d5607df5525e0286daf3854ec98730e2f3b0ddbf001f1142530af21752aba0887df826d4b904ef9d3712feedf98c4d0b4683e645aaae88190be45c8c74dc79ff757e56277e72d5a7842e48d7d98a4d6c536f9afc250aedb1df839b0d5b9a2c038ed9175b19dbe0119a6230882bea24585cf964a00d60ea7b1260492005a1e82890511ee06156990be23c834211080577dbaa47d43567f006c8e3b48bd20ee8d46ea78e0c004352e4659a5542ee7e2824b4190aa8028121e05168ddf6d98ffc063d86d533c3e35398afc3bd8b08d12572ecdc3e038abf20dec298d14da28444e97de1929540b5b44c9cb6a6ea03c85752eec984446efea30597afe623a34256f483a7b1d9f95beca32cc235e274a5d93b64a7f06ac97a65d912feabea5e1ddb70726692740161f38e9fcdc13894684b81073dbc310c4d41602284a1bd464278500dad3e4390e275c5dd806b9838c01bb46c91d3948e1afb4bf488c0d68647b47699d14e82229754db0a254027ae662b1c416e492a0290a63bc06d0059f0ac871903dd41179b3ebc9cbb21be9b12e7716e28fb94c5d24dc588222e59468b7712c4c5a8c167ceab0e28a82f007a317e1a5d4d93def101b265327736f6763a90fa8859339665801ee7bc67ab6d0cad52d8a47919415383fe38d4e938145722f7f60aa093782472f6b22f1ce7746c0c20c924aca50d3687a3d66d903a69d634d37523a45e1df9251460873f75bfbf1b00a1fe2b0ed748b522bc5773e13f6b7113f3f66d6faa556e6766551c62d4429fd4435c99e398e522d6c13e843fa3a7793ebc91a3c685cd14e3a50babcc65ced79a5b22edcb24ababb08b58502c794db68774f114e98625f291a1d63f79d6895eb629a82677904ea234daa7e6fd3c93d34eeea9156743022ef22dde4dbe5bfae53db8ce9cea23ecc62357c78117ad33778ce6e7ec7e221337a7f44ab76b0633d0d9e4663360a4e771bc5ceeab443c5c145e82a83665eff8cce2c3ff95a8bf21605fe85682bdd3a4c56b99f91cb0cb72ae967b68f698f9a3aa1c0a1b116c7b255f276ed1b4e768ae8c62fd7b12d073467bf5f438cb3bb10e7ad9873c08e67d58555df72a3caf071f7b47f5b1ef1d6c984f1806df8500419a2c08ba6c1b316d473d9686e0d2ac7335158e4528ededaf77c6e3bdc13e2b79d99ad7235df42a2aa66fd191ab5a270bf4ccb7e93dbb92ef08102e8edfc99ea41e069853b71a860eeef390c2d9980454509f586bb3d4ea6335a739279c0eb9ec92b095c37a75a736d1fc1ed0f6e6d1994f506f524f63ef7ba23c5e8ec67bdb2db3ce3be83548ecb0e6f493405378c013b02e33f2e9d377418c7a844f7e3781e3c77fc5976713ec6bebc2407ac317808ff288721d846d9601afcee878ec34c4d56ee38107541bdb4cde592004a3638b5dcbf070a42c4a6ab2069d72eb347a764f36599b8ba5ab134ba5c5955242ccaa2cb3c0df0cfe72fe5cb8e94fe5515dd314883e63035d5d5d2919eb27bd80f8c654c59865dca3a52f888f3f33a026744bd1e62bc7bd6110615abc9790076a664c62017c7145b3985e005e7ae5f4350a782131092c3f28b37a520b09b22cbaeda1e75940c3efc7995af27f01e6863049435ac2b706ad8716a92c0209eb95c07fa79e0f6871d447ba194eaf10b9b073bc6c9fad33f67afe1cc8be533d98807b919f86d86459933961c23a666d6884543dffe60541cf093262a9019f43a42c75f5c8d085fb5a6d7d65507f3e3ab1e9902b5a82bde4b6516b42c891e7ed87b614d657b09b923a49886cc80ec36a4007f122859e9572e4bb5c97509d82df81d81e951e5ec1f2b68937eae7706003473e89a7bba2f89684dfa2a63220bd17d2a6670f3177daf4d75d200e28cfd8af6790b419f269ffe1a280ed102055e8b7ad05550edcf95e482843d03283a8d6b18cc8d3a6185adcda03ae4e9a16b756bb720f30e511989c78ffde2f451f13a2230f92b1bb2f3b1461fb2f0bf906a22f1687c759ddbc786f50fd2e9b74c521f3e6c7acd4ecf98039e68bcfc871e4bfbe80a1640a9ac8616b651c3435910bd1cf81cb774a1a36bd8d70b711aebf70b02df72f411d599150865eac83de1cc6dea9d96b403b2fe15a811abed4e3249b227b5d0aa7cf62c4aad32c3706b45bbe6bce467c4d31f0030b7ed77b7091751caf0257ab9480b23536ccc965cd8ed4d9dd18072eff10a078e5dd868a1e9d2355d233a07e0b560936ae2b6bb3094c38a8e1efa58fbeda2be49f5b5bfb2b78fb5a0629f8b40af33f77bd596f86cfca58c226f25aa2e27fcc5d1253f9d4ceeee47e296e6c04ce957dd2cb1bbbe702214cf7cea0a5a1c36c04fa9ad6ff7c5d3b8c6f39fecae1908b7710f5d3793e9fd43b8296e163b7ae3ba4aea2a4370e5e3ffdcf81b884ed3213204efafcaa2c3f682772433aa375d76f83bbf96a98a544e7b0e317da81ae8665eb018ffe51607faa08b1f0b2147d608b61b353078c0b33998749c9e8946e2cc0e2cdf0c2f2ef058efc734b32350d7d643c0172ddcaa736227c1912a866c7f7dfd176dc6fd86ab5d153af831c6bdb00d17f983b789cd2983038d57821bc34a4f5d870fde137f40784eda3940de4890e36b08cf492e1bc1f4b15ca90cf775ba49532dc7f3295a48498410a1d716a00a62d79dd0c303e2be2671af645067433c1779e2a1e050a830bb8d654de2cb6aa8d755120cb61a09a89a9536db4e5724c09d29d7cd48ead5c9d6b645b47e8665a95a97de10fd676f92caff5906a4d8e690cbc189d0debcd7adf91c3a6a533444dc1d82b7a2bd500587ada7edfc8feacb2a6bd801b58716a76d48a06c3863aea135f41952615f1f9806c78b1aae1063adbd63d47d922a404bba7a85ea83dafb0414318b96206d74ec2b77773bc31ccd49918172c9d6dd8fafeddc72e4ee89474de1212158f044d27ea19754204dc7a4cadf95962cf1e99251fb0b4f7167f518cfc6fd4d632f2189f0cd72c200f1ff1178c5970fb5b6020c9e7707a0a8098d64bc48d94993d5a56ae0636f9b4f00d751cfe815862afaad5960cb9b640f80e4c35744362f08307a58f29202f0ea9887eabc10197acff4b3715a9e7c251355d5a74312635b73dd7308ad9d498c56a85409d704dd4203b3a7f5c46c385711b82c4f071e9d81a2bf106c09c69c30fec15113713e23eabf796e6bc0379c7d14c7f6ea06f1faab71bf157eec7b260f940c2501c7a9ed7528afa8e309855a7fa478b45bde8177bebea7e59b363faa578e061c19de3546367b45fb1038e2adfe9b6f6d441ab099bd32608057d3ee58dab45286a42fa43fd13a48d55ada795212732b6f0f8ac385a0cb6d7aaa559b838fec0ff14c0b8bd51a1c7f5e407a59bd4a06b4254ff94f195726e392ac8ff0aed941d28ff9e43a35f0b75ad33c163d78aa9370c78501ccf00f19d2746a82e3cf18cb919cb80da691bd2ed643f9a97ad0dd2a3b66c07b9f8b224a0912cf334f5fc8ce104d4b619c7581136706dd40e7116a3e3dbef41449dc7b22d6c79aa3eadde7cb722f7f7b1e987033930fb89cb544018ed19cbbcc589335e7759368146accc358631f2baa942bd268ba99fb48b3216bc412928abb1241cb8616071885d474a3865941aafcaa52f18f8d64bd492f5bd4b1e14a60e5ebc80de928960097e68a8beb2b5a287e7698ab62b97727c51c9ec513180137ea13cd924299686d61a2046cc0938f1cccfe97f342e5adc654d0117e03b70b05503d177b4a79e43a7bf1c0e90d23716ee17ab1e33df463328a5c7383b7cb19dddb055b8ee0fc3d51ddad81a8e86b259254a7532d00f374d6559e334080b0ba5c8f0ae404ec406044b72c4cd1df295cdf9612af30d84c15b1464afff7c25b84f9943ad60966c8d1e730b082506b058f8edc29c00765c03028564f5edd68a04576b3a14d90b0adec024aafa63eaa06cc48dbd5c3532aaae6ee06808fd0292e0a624e1dff9fafdbb33788924f8814182c699f9854557f3e0bdb74ce2b966bb29858c98a3bf5a09ff96e73d5604aa60304bb9f09d677774794663834539f43e205612a69220a5a882863a2fb2c22c13829c8d1d788e631fb8c71f2bc21b8d584ff6d9e34ad56ab2870d3f60f27af842fd0e93aa67392b1459a2d1d29f06c587a679c2f7b27e443be5c4720d33727d64e6f39721ad685d7c65707cb2fc004c4576aa055da482e8a8badda61e91e2f5071fcc5e8542500743a90eaae64665395f469461ebf79d6246ae895b1e52431ca52456933da2b8d644a04f824b95b15d1328a814bcc38e9e9ea3ac31c25681a7ef568532d456e6c7704a7858d2b8cd06a00d747e856f80d6c4d7a2a3d56595df066796bfeb3af0306a6a9042ea9fc7db5d30c30a37c03772c36c8bfb642a5e7088b220377620a6f88a0589623c7e6ef2c32cec104324fcded0abfb8c10507abf2631dbff5563b8ab4f4736126d456e04553c2d4db23930f0c49040246776fa802273fec17f1263ce41fd5ca0351e3e980ce80b6c4f2b45ccb5746220397a5eb87a292e612b8169a9dcae61163bfa84a4fe776494d4fad291f4033b8b9df9c8098536437aefddd8b04384202aa835721e65b875cf30fcf6f7a68751cec6f5d737707535ab0d0a2a7da97ad72f22578dc0cd420106e8f591c89919bd295b652337106d4ef38aef939dd5eb090515f65e8cb2951e75e015a5abce7595ea1c9fd5bf9c6e07d5a9797d04981feb0752d5e2ba975600da6c4bd05dbd89de9b4a10a67833551d85a737379476c6f1eff05200e974e01d5b4b4f2cb1d74b29335da0680f5f88b9aa6d7956a68d3f8b64940d520da0cc55bdde4e5eb66783c0c03665c7b0861bd527d3f79123d081488c0620dcb5a9a7ff97653e6c6dcdd7e599f63ac89fc957a2fc0ab7"}, {0x0, 0x0, 0x0, "d4f34b27122c62e990c8fe2698279a04810c635ef249bb22674db88621587b0f26c5c4488a3850c4811c222db41b734b1f376a280a514959236dcdba"}], 0x20}, 0x0) [ 858.594439][T14903] FAULT_INJECTION: forcing a failure. [ 858.594439][T14903] name failslab, interval 1, probability 0, space 0, times 0 [ 858.633061][T14903] CPU: 1 PID: 14903 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 858.642746][T14903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.652996][T14903] Call Trace: [ 858.656305][T14903] dump_stack_lvl+0xcd/0x134 [ 858.660934][T14903] should_fail.cold+0x5/0xa [ 858.665654][T14903] ? __kernfs_new_node+0xd4/0x8b0 [ 858.670723][T14903] should_failslab+0x5/0x10 [ 858.675256][T14903] kmem_cache_alloc+0x5e/0x390 [ 858.680069][T14903] __kernfs_new_node+0xd4/0x8b0 [ 858.685818][T14903] ? kernfs_path_from_node+0x60/0x60 [ 858.691147][T14903] ? find_held_lock+0x2d/0x110 [ 858.695949][T14903] ? sysfs_do_create_link_sd+0x82/0x140 [ 858.701624][T14903] kernfs_new_node+0x93/0x120 [ 858.706339][T14903] kernfs_create_link+0xcb/0x230 [ 858.711316][T14903] sysfs_do_create_link_sd+0x90/0x140 [ 858.716725][T14903] sysfs_create_link+0x5f/0xc0 [ 858.721524][T14903] device_add+0x66b/0x21b0 [ 858.725976][T14903] ? device_initialize+0x560/0x560 [ 858.731320][T14903] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 858.737602][T14903] ? __raw_spin_lock_init+0x36/0x110 09:43:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x20, &(0x7f0000000340), 0x4) [ 858.742929][T14903] rfkill_register+0x1a5/0xb00 [ 858.747722][T14903] ? hci_leds_init+0x101/0x1c0 [ 858.752525][T14903] hci_register_dev+0x38a/0xbd0 [ 858.757530][T14903] hci_uart_tty_ioctl+0x8c5/0xc50 [ 858.762588][T14903] tty_ioctl+0xc69/0x1670 [ 858.766940][T14903] ? hci_uart_init_work+0x170/0x170 [ 858.772354][T14903] ? tty_lookup_driver+0x550/0x550 [ 858.777499][T14903] ? lock_downgrade+0x6e0/0x6e0 [ 858.782488][T14903] ? __fget_files+0x23d/0x3e0 [ 858.787287][T14903] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 858.793564][T14903] ? tty_lookup_driver+0x550/0x550 [ 858.798707][T14903] __x64_sys_ioctl+0x193/0x200 [ 858.803505][T14903] do_syscall_64+0x35/0xb0 [ 858.807954][T14903] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 858.813879][T14903] RIP: 0033:0x4665f9 [ 858.817796][T14903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 09:43:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x28, &(0x7f0000000380)=ANY=[@ANYBLOB="01"], &(0x7f0000000280)=0x8) [ 858.837602][T14903] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 858.846050][T14903] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 858.854085][T14903] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 858.862161][T14903] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 858.870146][T14903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 858.878235][T14903] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:43:07 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0, 0x0, 0x0, 0x20}, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000080), 0x90) 09:43:07 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5418, &(0x7f0000000000)=0x32) 09:43:07 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5409, &(0x7f0000000000)=0x32) 09:43:07 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000380)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x2}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=[@init={0x14}], 0x14}, 0x20188) [ 859.206825][T14934] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 859.255033][T11096] Bluetooth: hci8: Frame reassembly failed (-84) [ 860.519628][T13921] Bluetooth: hci6: command 0x1003 tx timeout [ 860.526700][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 860.999686][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 861.006902][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 861.319818][ T1052] Bluetooth: hci8: command 0x1003 tx timeout [ 861.327143][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 861.336541][ T7] Bluetooth: hci9: command 0x1003 tx timeout [ 861.343664][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 862.600310][ T7] Bluetooth: hci6: command 0x1001 tx timeout [ 862.607302][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 863.079442][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 863.086528][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 863.409528][ T7] Bluetooth: hci9: command 0x1001 tx timeout [ 863.416428][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 863.423075][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 863.429149][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 864.680524][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 865.159359][ T1265] Bluetooth: hci7: command 0x1009 tx timeout [ 865.479511][ T7] Bluetooth: hci8: command 0x1009 tx timeout [ 865.485671][ T7] Bluetooth: hci9: command 0x1009 tx timeout 09:43:17 executing program 1 (fault-call:4 fault-nth:52): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:43:17 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg(r0, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x109) 09:43:17 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind$inet6(r0, &(0x7f00000002c0)={0x1c, 0x1c, 0x1}, 0x1c) 09:43:17 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, 0x0) 09:43:17 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f00000001c0), &(0x7f0000000280)=0xb0) [ 869.292302][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 869.306626][T14974] FAULT_INJECTION: forcing a failure. [ 869.306626][T14974] name failslab, interval 1, probability 0, space 0, times 0 [ 869.332354][T14974] CPU: 1 PID: 14974 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 869.342047][T14974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 869.352159][T14974] Call Trace: [ 869.355479][T14974] dump_stack_lvl+0xcd/0x134 [ 869.360105][T14974] should_fail.cold+0x5/0xa [ 869.364825][T14974] should_failslab+0x5/0x10 [ 869.369351][T14974] __kmalloc_track_caller+0x79/0x310 [ 869.374671][T14974] ? kstrdup_const+0x53/0x80 [ 869.379298][T14974] kstrdup+0x36/0x70 [ 869.383219][T14974] kstrdup_const+0x53/0x80 [ 869.387778][T14974] __kernfs_new_node+0x9d/0x8b0 [ 869.392696][T14974] ? kernfs_path_from_node+0x60/0x60 [ 869.398196][T14974] ? find_held_lock+0x2d/0x110 [ 869.402990][T14974] ? sysfs_do_create_link_sd+0x82/0x140 [ 869.408564][T14974] kernfs_new_node+0x93/0x120 [ 869.413265][T14974] kernfs_create_link+0xcb/0x230 [ 869.418226][T14974] sysfs_do_create_link_sd+0x90/0x140 [ 869.423628][T14974] sysfs_create_link+0x5f/0xc0 [ 869.428418][T14974] device_add+0x78f/0x21b0 [ 869.432861][T14974] ? device_initialize+0x560/0x560 [ 869.438007][T14974] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 869.444280][T14974] ? __raw_spin_lock_init+0x36/0x110 [ 869.449603][T14974] rfkill_register+0x1a5/0xb00 [ 869.454394][T14974] ? hci_leds_init+0x101/0x1c0 [ 869.459195][T14974] hci_register_dev+0x38a/0xbd0 [ 869.464082][T14974] hci_uart_tty_ioctl+0x8c5/0xc50 [ 869.469223][T14974] tty_ioctl+0xc69/0x1670 [ 869.473569][T14974] ? hci_uart_init_work+0x170/0x170 [ 869.478793][T14974] ? tty_lookup_driver+0x550/0x550 [ 869.483935][T14974] ? lock_downgrade+0x6e0/0x6e0 [ 869.488824][T14974] ? __fget_files+0x23d/0x3e0 [ 869.493572][T14974] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 869.499842][T14974] ? tty_lookup_driver+0x550/0x550 [ 869.504978][T14974] __x64_sys_ioctl+0x193/0x200 [ 869.509784][T14974] do_syscall_64+0x35/0xb0 [ 869.514219][T14974] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 869.520139][T14974] RIP: 0033:0x4665f9 [ 869.524042][T14974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 869.543753][T14974] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 869.552276][T14974] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 869.560269][T14974] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 869.568779][T14974] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 869.576769][T14974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 869.584779][T14974] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:43:17 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x3}, 0x1c) 09:43:17 executing program 0: r0 = socket(0x1c, 0x10000001, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup2(r0, r1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x8002, &(0x7f0000000140), 0x98) [ 869.802442][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 869.808808][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 09:43:18 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540b, &(0x7f0000000000)=0x32) 09:43:18 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541b, &(0x7f0000000000)=0x32) 09:43:18 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) recvmsg(r0, &(0x7f0000000880)={0x0, 0x0, 0x0}, 0x83) 09:43:18 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000001440)={0x0, 0x0, 0x0, 0xfffffffd, 0x8}, 0x14) [ 870.013965][T15006] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:43:18 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000000)={0x0, 0xb430}, 0x10) sendmsg$inet_sctp(r0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=[@authinfo={0x10}], 0x10}, 0x0) [ 871.329147][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 871.336169][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 871.799077][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 871.805413][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 872.118954][ T1052] Bluetooth: hci9: command 0x1003 tx timeout [ 872.119056][ T7] Bluetooth: hci8: command 0x1003 tx timeout [ 872.127147][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 872.132078][T11389] Bluetooth: hci8: sending frame failed (-49) [ 873.398924][ T8552] Bluetooth: hci6: command 0x1001 tx timeout [ 873.406254][T11389] Bluetooth: hci6: sending frame failed (-49) [ 873.879010][ T7] Bluetooth: hci7: command 0x1001 tx timeout [ 873.886109][T11389] Bluetooth: hci7: sending frame failed (-49) [ 874.198858][ T20] Bluetooth: hci9: command 0x1001 tx timeout [ 874.200783][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 874.212538][T11389] Bluetooth: hci9: sending frame failed (-49) [ 874.214406][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 875.479914][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 875.968921][ T8552] Bluetooth: hci7: command 0x1009 tx timeout [ 876.278873][ T20] Bluetooth: hci9: command 0x1009 tx timeout [ 876.278873][ T8552] Bluetooth: hci8: command 0x1009 tx timeout 09:43:28 executing program 1 (fault-call:4 fault-nth:53): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:43:28 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) sendto$inet6(r1, &(0x7f0000000640)="99", 0x1, 0x0, &(0x7f00000000c0)={0x1c, 0x1c, 0x3}, 0x1c) sendto(r1, &(0x7f0000000180)="9f", 0x1, 0x20100, 0x0, 0x0) 09:43:28 executing program 4: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=@in6={0x1c, 0x1c}, 0x1c) sendto(r0, 0x0, 0x0, 0x100, &(0x7f0000000080)=@un=@file={0xa}, 0xa) 09:43:28 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 880.170372][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 880.179690][T15045] Bluetooth: hci6: Frame reassembly failed (-84) 09:43:28 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = dup2(r0, r0) connect$inet6(r1, &(0x7f0000000080)={0x1c, 0x1c, 0x1}, 0x1c) [ 880.260736][T15056] FAULT_INJECTION: forcing a failure. [ 880.260736][T15056] name failslab, interval 1, probability 0, space 0, times 0 [ 880.297181][T15056] CPU: 0 PID: 15056 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 880.306865][T15056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 880.316941][T15056] Call Trace: [ 880.320255][T15056] dump_stack_lvl+0xcd/0x134 [ 880.324876][T15056] should_fail.cold+0x5/0xa [ 880.329403][T15056] ? __kernfs_new_node+0xd4/0x8b0 [ 880.334448][T15056] should_failslab+0x5/0x10 [ 880.338981][T15056] kmem_cache_alloc+0x5e/0x390 [ 880.343758][T15056] __kernfs_new_node+0xd4/0x8b0 [ 880.348625][T15056] ? kernfs_path_from_node+0x60/0x60 [ 880.353937][T15056] ? find_held_lock+0x2d/0x110 [ 880.358711][T15056] ? sysfs_do_create_link_sd+0x82/0x140 [ 880.364279][T15056] kernfs_new_node+0x93/0x120 [ 880.368991][T15056] kernfs_create_link+0xcb/0x230 [ 880.374030][T15056] sysfs_do_create_link_sd+0x90/0x140 [ 880.379411][T15056] sysfs_create_link+0x5f/0xc0 [ 880.384182][T15056] device_add+0x78f/0x21b0 [ 880.388635][T15056] ? device_initialize+0x560/0x560 [ 880.393777][T15056] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 880.400035][T15056] ? __raw_spin_lock_init+0x36/0x110 [ 880.405358][T15056] rfkill_register+0x1a5/0xb00 [ 880.410229][T15056] ? hci_leds_init+0x101/0x1c0 [ 880.415004][T15056] hci_register_dev+0x38a/0xbd0 [ 880.419953][T15056] hci_uart_tty_ioctl+0x8c5/0xc50 [ 880.424994][T15056] tty_ioctl+0xc69/0x1670 [ 880.429343][T15056] ? hci_uart_init_work+0x170/0x170 [ 880.434552][T15056] ? tty_lookup_driver+0x550/0x550 [ 880.439683][T15056] ? lock_downgrade+0x6e0/0x6e0 [ 880.444572][T15056] ? __fget_files+0x23d/0x3e0 [ 880.449353][T15056] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 880.455600][T15056] ? tty_lookup_driver+0x550/0x550 [ 880.460716][T15056] __x64_sys_ioctl+0x193/0x200 [ 880.465487][T15056] do_syscall_64+0x35/0xb0 [ 880.469907][T15056] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 880.475818][T15056] RIP: 0033:0x4665f9 [ 880.479720][T15056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 880.499612][T15056] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 880.508048][T15056] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 880.516022][T15056] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 880.523992][T15056] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 880.532050][T15056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 880.540018][T15056] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:43:28 executing program 0: r0 = socket(0x2, 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)=@in={0x10, 0x2}, 0x10) [ 880.575989][T11096] Bluetooth: hci7: Frame reassembly failed (-84) 09:43:28 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000180), &(0x7f0000000240)=0x98) 09:43:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540c, &(0x7f0000000000)=0x32) 09:43:28 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) shutdown(r0, 0x1) sendmsg$inet_sctp(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@init={0x14}], 0x14}, 0x0) 09:43:28 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541c, &(0x7f0000000000)=0x32) 09:43:29 executing program 4: open$dir(&(0x7f0000001240)='./file0\x00', 0x40000000ac5, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = getpid() fcntl$lock(r0, 0xe, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x400100040000004e, r1}) 09:43:29 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000040), &(0x7f0000000100)=0x90) [ 880.952724][T15084] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 881.014250][ T8] Bluetooth: hci8: Frame reassembly failed (-84) [ 881.023195][ T26] audit: type=1804 audit(1630921409.129:22): pid=15089 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir620526630/syzkaller.zpHD7o/164/file0" dev="sda1" ino=14034 res=1 errno=0 [ 882.198726][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 882.206429][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 882.598690][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 882.605337][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 883.078490][ T1265] Bluetooth: hci8: command 0x1003 tx timeout [ 883.078527][T13921] Bluetooth: hci9: command 0x1003 tx timeout [ 883.085518][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 883.099730][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 884.278661][ T7] Bluetooth: hci6: command 0x1001 tx timeout [ 884.286137][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 884.678498][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 884.685346][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 885.168988][ T7582] Bluetooth: hci9: command 0x1001 tx timeout [ 885.175888][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 885.184537][ T7582] Bluetooth: hci8: command 0x1001 tx timeout [ 885.191063][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 886.359968][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 886.758408][ T7582] Bluetooth: hci7: command 0x1009 tx timeout [ 887.238475][ T7582] Bluetooth: hci8: command 0x1009 tx timeout [ 887.249385][ T7582] Bluetooth: hci9: command 0x1009 tx timeout 09:43:39 executing program 1 (fault-call:4 fault-nth:54): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:43:39 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)=@in6={0x1c, 0x1c, 0x1}, 0x1c) 09:43:39 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup(r0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x26, &(0x7f0000000a00), &(0x7f0000000a40)=0x8) 09:43:39 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) [ 891.026746][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 891.050185][T15120] Bluetooth: hci6: Frame reassembly failed (-84) 09:43:39 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000240)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@init={0x14}, @sndinfo={0x1c}], 0x30}, 0x108) [ 891.143861][T15132] FAULT_INJECTION: forcing a failure. [ 891.143861][T15132] name failslab, interval 1, probability 0, space 0, times 0 [ 891.198970][T15132] CPU: 1 PID: 15132 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 891.208693][T15132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 891.218771][T15132] Call Trace: [ 891.222069][T15132] dump_stack_lvl+0xcd/0x134 [ 891.226698][T15132] should_fail.cold+0x5/0xa [ 891.231238][T15132] ? __kernfs_new_node+0xd4/0x8b0 [ 891.236301][T15132] should_failslab+0x5/0x10 [ 891.240835][T15132] kmem_cache_alloc+0x5e/0x390 [ 891.245724][T15132] __kernfs_new_node+0xd4/0x8b0 [ 891.251229][T15132] ? kernfs_path_from_node+0x60/0x60 [ 891.256899][T15132] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 891.263113][T15132] kernfs_new_node+0x93/0x120 [ 891.267949][T15132] __kernfs_create_file+0x51/0x350 [ 891.273091][T15132] sysfs_add_file_mode_ns+0x226/0x540 [ 891.278503][T15132] internal_create_group+0x328/0xb20 [ 891.283914][T15132] ? sysfs_remove_group+0x170/0x170 [ 891.289227][T15132] ? kernfs_add_one+0x122/0x4c0 [ 891.294104][T15132] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 891.300373][T15132] ? kernfs_create_link+0x1b3/0x230 [ 891.306045][T15132] internal_create_groups.part.0+0x90/0x140 [ 891.311973][T15132] sysfs_create_groups+0x25/0x50 [ 891.317036][T15132] device_add+0x82a/0x21b0 [ 891.321489][T15132] ? device_initialize+0x560/0x560 [ 891.326723][T15132] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 891.333784][T15132] ? __raw_spin_lock_init+0x36/0x110 [ 891.339108][T15132] rfkill_register+0x1a5/0xb00 [ 891.343902][T15132] ? hci_leds_init+0x101/0x1c0 [ 891.348696][T15132] hci_register_dev+0x38a/0xbd0 [ 891.353593][T15132] hci_uart_tty_ioctl+0x8c5/0xc50 [ 891.358651][T15132] tty_ioctl+0xc69/0x1670 [ 891.363007][T15132] ? hci_uart_init_work+0x170/0x170 [ 891.368255][T15132] ? tty_lookup_driver+0x550/0x550 [ 891.373495][T15132] ? lock_downgrade+0x6e0/0x6e0 [ 891.378404][T15132] ? __fget_files+0x23d/0x3e0 [ 891.383897][T15132] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 891.391128][T15132] ? tty_lookup_driver+0x550/0x550 09:43:39 executing program 0: setuid(0xee01) r0 = socket$inet6_udplite(0x1c, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000100)={0x1c, 0x1c, 0x3}, 0x1c) r1 = socket$inet6_udplite(0x1c, 0x2, 0x88) bind$inet6(r1, &(0x7f0000000280)={0x1c, 0x1c, 0x3}, 0x1c) [ 891.396351][T15132] __x64_sys_ioctl+0x193/0x200 [ 891.401272][T15132] do_syscall_64+0x35/0xb0 [ 891.405713][T15132] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 891.411639][T15132] RIP: 0033:0x4665f9 [ 891.415652][T15132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 891.435289][T15132] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 891.443731][T15132] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 891.451726][T15132] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 891.459720][T15132] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 891.468608][T15132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 891.476687][T15132] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:43:39 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540d, &(0x7f0000000000)=0x32) 09:43:39 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541d, &(0x7f0000000000)=0x32) 09:43:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/164, 0xa4}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/125, 0x7d}, {0x0}], 0x2}, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0xffffff68, 0x0, 0x0, 0x800e005dd) shutdown(r2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545) shutdown(r3, 0x0) 09:43:39 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000280)={&(0x7f0000000180)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) [ 891.822522][T15168] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 891.847154][ T9149] Bluetooth: hci9: Frame reassembly failed (-84) [ 891.871594][T10154] Bluetooth: hci8: Frame reassembly failed (-84) 09:43:40 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) 09:43:40 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x2001, &(0x7f0000000040)=ANY=[], 0x1c) [ 893.078142][ T7582] Bluetooth: hci6: command 0x1003 tx timeout [ 893.085131][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 893.558108][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 893.564506][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 893.878122][ T1052] Bluetooth: hci9: command 0x1003 tx timeout [ 893.878195][ T7] Bluetooth: hci8: command 0x1003 tx timeout [ 893.890488][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 893.897480][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 895.158025][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 895.164567][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 895.637982][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 895.644933][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 895.968094][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 895.974259][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 895.980668][ T7] Bluetooth: hci9: command 0x1001 tx timeout [ 895.986755][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 897.247991][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 897.727903][ T1265] Bluetooth: hci7: command 0x1009 tx timeout [ 898.047868][ T7] Bluetooth: hci9: command 0x1009 tx timeout [ 898.053976][ T7] Bluetooth: hci8: command 0x1009 tx timeout 09:43:49 executing program 1 (fault-call:4 fault-nth:55): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:43:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/115, 0x73}], 0x1}, 0x0) r1 = socket(0x1c, 0x5, 0x0) recvfrom$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)=""/50, 0x32}], 0x1}, 0x42) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0x1e51de7a2ef3af5, 0x0, 0x0, 0x800e00746) shutdown(r2, 0x0) r4 = socket(0x2, 0x1, 0x0) connect$inet(r4, &(0x7f00000002c0)={0x10, 0x2}, 0x10) shutdown(r3, 0x0) 09:43:49 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 09:43:49 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f000001a700)=""/102400, 0x19000, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r3, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) readv(r1, &(0x7f0000000340)=[{&(0x7f0000000680)=""/37, 0x25}], 0x1) recvfrom$inet(r2, 0x0, 0x1e51de7a2ef3af5, 0x0, 0x0, 0x800e0072e) shutdown(r1, 0x0) ppoll(&(0x7f00000000c0)=[{}], 0x1, 0x0, &(0x7f0000000140), 0x10) shutdown(r2, 0x0) [ 901.933324][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) [ 901.943936][T15213] Bluetooth: hci6: Frame reassembly failed (-84) [ 901.977259][T15216] FAULT_INJECTION: forcing a failure. [ 901.977259][T15216] name failslab, interval 1, probability 0, space 0, times 0 [ 902.002107][T15216] CPU: 1 PID: 15216 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 902.011899][T15216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 902.021985][T15216] Call Trace: [ 902.025290][T15216] dump_stack_lvl+0xcd/0x134 [ 902.030000][T15216] should_fail.cold+0x5/0xa [ 902.034541][T15216] ? __kernfs_new_node+0xd4/0x8b0 [ 902.039688][T15216] should_failslab+0x5/0x10 [ 902.044395][T15216] kmem_cache_alloc+0x5e/0x390 [ 902.049201][T15216] __kernfs_new_node+0xd4/0x8b0 [ 902.054183][T15216] ? kernfs_path_from_node+0x60/0x60 [ 902.059504][T15216] ? lock_downgrade+0x6e0/0x6e0 [ 902.064404][T15216] ? up_write+0x148/0x470 [ 902.068761][T15216] ? kernfs_activate+0x167/0x1d0 [ 902.073754][T15216] kernfs_new_node+0x93/0x120 [ 902.078468][T15216] __kernfs_create_file+0x51/0x350 [ 902.083645][T15216] sysfs_add_file_mode_ns+0x226/0x540 [ 902.089154][T15216] internal_create_group+0x328/0xb20 [ 902.094482][T15216] ? sysfs_remove_group+0x170/0x170 [ 902.099710][T15216] ? kernfs_add_one+0x122/0x4c0 [ 902.104598][T15216] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 902.110872][T15216] ? kernfs_create_link+0x1b3/0x230 [ 902.116110][T15216] internal_create_groups.part.0+0x90/0x140 [ 902.122053][T15216] sysfs_create_groups+0x25/0x50 [ 902.127040][T15216] device_add+0x82a/0x21b0 [ 902.131546][T15216] ? device_initialize+0x560/0x560 [ 902.136689][T15216] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 902.143059][T15216] ? __raw_spin_lock_init+0x36/0x110 [ 902.148393][T15216] rfkill_register+0x1a5/0xb00 [ 902.153190][T15216] ? hci_leds_init+0x101/0x1c0 [ 902.158076][T15216] hci_register_dev+0x38a/0xbd0 [ 902.163055][T15216] hci_uart_tty_ioctl+0x8c5/0xc50 [ 902.168120][T15216] tty_ioctl+0xc69/0x1670 [ 902.172517][T15216] ? hci_uart_init_work+0x170/0x170 [ 902.177728][T15216] ? tty_lookup_driver+0x550/0x550 [ 902.182902][T15216] ? lock_downgrade+0x6e0/0x6e0 [ 902.187864][T15216] ? __fget_files+0x23d/0x3e0 [ 902.192558][T15216] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 902.198809][T15216] ? tty_lookup_driver+0x550/0x550 [ 902.203941][T15216] __x64_sys_ioctl+0x193/0x200 [ 902.208722][T15216] do_syscall_64+0x35/0xb0 [ 902.213143][T15216] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 902.219045][T15216] RIP: 0033:0x4665f9 [ 902.222931][T15216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 902.242530][T15216] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 902.251114][T15216] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 902.259282][T15216] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 902.267246][T15216] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 902.275231][T15216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 902.283212][T15216] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 [ 902.316125][T11096] Bluetooth: hci7: Frame reassembly failed (-84) 09:43:50 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541e, &(0x7f0000000000)=0x32) 09:43:50 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5413, &(0x7f0000000000)=0x32) [ 902.570587][T15242] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 902.593829][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) [ 902.649425][ T6581] Bluetooth: hci9: sending frame failed (-49) 09:43:50 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup(r0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x23, &(0x7f0000000380), &(0x7f0000000440)=0x90) 09:43:51 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20104, 0x0, 0x0) shutdown(r0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000240)={0x0, 0x5600}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:43:51 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x107, &(0x7f0000000100), &(0x7f0000000140)=0x18) 09:43:51 executing program 0: r0 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a) sendto(r0, &(0x7f0000001880)="e7a33d0f2e3d1e61", 0x8, 0x0, &(0x7f0000000780)=@in6={0x1c, 0x1c, 0x2}, 0x1c) 09:43:51 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x1200, &(0x7f0000000340), &(0x7f0000000380)=0x4) 09:43:51 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c, 0x1}, 0x1c) [ 903.967713][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 903.968875][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 904.368109][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 904.375066][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 904.597686][ T7582] Bluetooth: hci8: command 0x1003 tx timeout [ 904.598803][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 904.677626][ T7582] Bluetooth: hci9: command 0x1003 tx timeout [ 904.684020][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 906.047590][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 906.053761][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 906.438208][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 906.444992][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 906.677634][ T1265] Bluetooth: hci8: command 0x1001 tx timeout [ 906.684155][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 906.757648][ T1265] Bluetooth: hci9: command 0x1001 tx timeout [ 906.763761][ T6581] Bluetooth: hci9: sending frame failed (-49) [ 908.117554][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 908.518176][ T7582] Bluetooth: hci7: command 0x1009 tx timeout [ 908.767488][ T7582] Bluetooth: hci8: command 0x1009 tx timeout [ 908.837745][ T7582] Bluetooth: hci9: command 0x1009 tx timeout 09:44:00 executing program 1 (fault-call:4 fault-nth:56): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:44:00 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000100)=0x8) 09:44:00 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f0000000140), 0x8) 09:44:00 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000000000)="d4", 0x1, 0x0, &(0x7f0000000080)={0x10, 0x2}, 0x10) 09:44:00 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541e, &(0x7f0000000000)=0x32) 09:44:00 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5414, &(0x7f0000000000)=0x32) [ 912.882088][T11358] Bluetooth: hci6: sending frame failed (-49) 09:44:01 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0, 0x0, 0x0, 0x20}, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000100)=0x88) [ 912.968515][T10154] Bluetooth: hci7: Frame reassembly failed (-84) [ 913.008345][T15318] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:44:01 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) dup2(r1, r0) 09:44:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) dup2(r0, r1) [ 913.078258][T15318] FAULT_INJECTION: forcing a failure. [ 913.078258][T15318] name failslab, interval 1, probability 0, space 0, times 0 [ 913.113556][T15318] CPU: 0 PID: 15318 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 913.123416][T15318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 913.133671][T15318] Call Trace: [ 913.136969][T15318] dump_stack_lvl+0xcd/0x134 [ 913.142290][T15318] should_fail.cold+0x5/0xa [ 913.146863][T15318] ? __kernfs_new_node+0xd4/0x8b0 [ 913.151936][T15318] should_failslab+0x5/0x10 [ 913.156475][T15318] kmem_cache_alloc+0x5e/0x390 [ 913.161276][T15318] __kernfs_new_node+0xd4/0x8b0 [ 913.166162][T15318] ? kernfs_path_from_node+0x60/0x60 [ 913.171565][T15318] ? lock_downgrade+0x6e0/0x6e0 [ 913.176462][T15318] ? up_write+0x148/0x470 [ 913.180908][T15318] ? kernfs_activate+0x167/0x1d0 [ 913.185881][T15318] kernfs_new_node+0x93/0x120 [ 913.190603][T15318] __kernfs_create_file+0x51/0x350 [ 913.195738][T15318] sysfs_add_file_mode_ns+0x226/0x540 [ 913.201203][T15318] internal_create_group+0x328/0xb20 [ 913.206615][T15318] ? sysfs_remove_group+0x170/0x170 [ 913.211840][T15318] ? kernfs_add_one+0x122/0x4c0 [ 913.216726][T15318] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 913.223082][T15318] ? kernfs_create_link+0x1b3/0x230 [ 913.228566][T15318] internal_create_groups.part.0+0x90/0x140 [ 913.234676][T15318] sysfs_create_groups+0x25/0x50 [ 913.239661][T15318] device_add+0x82a/0x21b0 [ 913.244109][T15318] ? device_initialize+0x560/0x560 [ 913.249246][T15318] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 913.255528][T15318] ? __raw_spin_lock_init+0x36/0x110 [ 913.260843][T15318] rfkill_register+0x1a5/0xb00 [ 913.265633][T15318] ? hci_leds_init+0x101/0x1c0 [ 913.270424][T15318] hci_register_dev+0x38a/0xbd0 [ 913.275302][T15318] hci_uart_tty_ioctl+0x8c5/0xc50 [ 913.280360][T15318] tty_ioctl+0xc69/0x1670 [ 913.284707][T15318] ? hci_uart_init_work+0x170/0x170 [ 913.289932][T15318] ? tty_lookup_driver+0x550/0x550 [ 913.295081][T15318] ? lock_downgrade+0x6e0/0x6e0 [ 913.299971][T15318] ? __fget_files+0x23d/0x3e0 [ 913.304673][T15318] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 913.310945][T15318] ? tty_lookup_driver+0x550/0x550 [ 913.316085][T15318] __x64_sys_ioctl+0x193/0x200 [ 913.320881][T15318] do_syscall_64+0x35/0xb0 [ 913.325324][T15318] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 913.331245][T15318] RIP: 0033:0x4665f9 [ 913.335158][T15318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 913.354829][T15318] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 913.363627][T15318] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 913.371620][T15318] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 09:44:01 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000340)=""/242, 0xf2}], 0x1) [ 913.379626][T15318] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 913.387704][T15318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 913.395695][T15318] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:44:01 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c}, 0x1c) connect$inet6(r0, &(0x7f0000000200)={0x1c, 0x1c}, 0x1c) 09:44:01 executing program 3: r0 = socket(0x2, 0x1, 0x0) sendto(r0, &(0x7f0000001280)="1d", 0x1, 0x0, &(0x7f0000000280)=@in={0x10, 0x2}, 0x10) [ 913.534649][ T1136] Bluetooth: hci8: Frame reassembly failed (-84) [ 914.917123][ T7582] Bluetooth: hci6: command 0x1003 tx timeout [ 914.924183][T11339] Bluetooth: hci6: sending frame failed (-49) [ 914.997354][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 915.004755][T11339] Bluetooth: hci7: sending frame failed (-49) [ 915.557173][ T20] Bluetooth: hci8: command 0x1003 tx timeout [ 915.564503][T11339] Bluetooth: hci8: sending frame failed (-49) [ 916.997190][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 917.004006][T11339] Bluetooth: hci6: sending frame failed (-49) [ 917.077075][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 917.083953][T11339] Bluetooth: hci7: sending frame failed (-49) [ 917.637053][ T20] Bluetooth: hci8: command 0x1001 tx timeout [ 917.643855][T11339] Bluetooth: hci8: sending frame failed (-49) [ 919.077171][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 919.156989][ T20] Bluetooth: hci7: command 0x1009 tx timeout [ 919.727060][ T20] Bluetooth: hci8: command 0x1009 tx timeout 09:44:11 executing program 1 (fault-call:4 fault-nth:57): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:44:11 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000040), &(0x7f0000000100)=0x98) 09:44:11 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x14, &(0x7f0000000340)={0x1, [0x0]}, 0x6) 09:44:11 executing program 0: r0 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000780)=@in6={0x1c, 0x1c, 0x2}, 0x1c) 09:44:11 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5421, &(0x7f0000000000)=0x32) 09:44:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5415, &(0x7f0000000000)=0x32) [ 923.783906][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) [ 923.806203][T15389] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 923.822181][T15389] FAULT_INJECTION: forcing a failure. 09:44:11 executing program 3: r0 = socket(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000001840)="b4", 0x1, 0x0, &(0x7f0000000000)={0x10, 0x2}, 0x10) [ 923.822181][T15389] name failslab, interval 1, probability 0, space 0, times 0 [ 923.860005][T15389] CPU: 0 PID: 15389 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 923.869697][T15389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 923.879869][T15389] Call Trace: [ 923.883170][T15389] dump_stack_lvl+0xcd/0x134 [ 923.887803][T15389] should_fail.cold+0x5/0xa [ 923.892338][T15389] ? __kernfs_new_node+0xd4/0x8b0 [ 923.897393][T15389] should_failslab+0x5/0x10 [ 923.901917][T15389] kmem_cache_alloc+0x5e/0x390 09:44:12 executing program 4: shmat(0x0, &(0x7f0000d81000/0x4000)=nil, 0x0) shmat(0x0, &(0x7f0000d7e000/0x4000)=nil, 0x0) [ 923.906704][T15389] __kernfs_new_node+0xd4/0x8b0 [ 923.911590][T15389] ? kernfs_path_from_node+0x60/0x60 [ 923.916919][T15389] ? lock_downgrade+0x6e0/0x6e0 [ 923.921823][T15389] ? up_write+0x148/0x470 [ 923.926207][T15389] ? kernfs_activate+0x167/0x1d0 [ 923.931177][T15389] kernfs_new_node+0x93/0x120 [ 923.935905][T15389] __kernfs_create_file+0x51/0x350 [ 923.941752][T15389] sysfs_add_file_mode_ns+0x226/0x540 [ 923.947172][T15389] internal_create_group+0x328/0xb20 [ 923.952496][T15389] ? sysfs_remove_group+0x170/0x170 [ 923.957727][T15389] ? kernfs_add_one+0x122/0x4c0 [ 923.962690][T15389] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 923.969045][T15389] ? kernfs_create_link+0x1b3/0x230 [ 923.974277][T15389] internal_create_groups.part.0+0x90/0x140 [ 923.980201][T15389] sysfs_create_groups+0x25/0x50 [ 923.985161][T15389] device_add+0x82a/0x21b0 [ 923.989605][T15389] ? device_initialize+0x560/0x560 [ 923.994902][T15389] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 924.001965][T15389] ? __raw_spin_lock_init+0x36/0x110 09:44:12 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup(r0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x23, &(0x7f0000000440), &(0x7f0000000500)=0x90) [ 924.007289][T15389] rfkill_register+0x1a5/0xb00 [ 924.012077][T15389] ? hci_leds_init+0x101/0x1c0 [ 924.016867][T15389] hci_register_dev+0x38a/0xbd0 [ 924.021748][T15389] hci_uart_tty_ioctl+0x8c5/0xc50 [ 924.026805][T15389] tty_ioctl+0xc69/0x1670 [ 924.031153][T15389] ? hci_uart_init_work+0x170/0x170 [ 924.036381][T15389] ? tty_lookup_driver+0x550/0x550 [ 924.041524][T15389] ? lock_downgrade+0x6e0/0x6e0 [ 924.046424][T15389] ? __fget_files+0x23d/0x3e0 [ 924.051142][T15389] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 924.057413][T15389] ? tty_lookup_driver+0x550/0x550 [ 924.062552][T15389] __x64_sys_ioctl+0x193/0x200 [ 924.067443][T15389] do_syscall_64+0x35/0xb0 [ 924.071887][T15389] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 924.077812][T15389] RIP: 0033:0x4665f9 [ 924.081726][T15389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 924.101617][T15389] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 09:44:12 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0x1c, 0x1c}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c, 0x3}, 0x1c) [ 924.111098][T15389] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 924.119179][T15389] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 924.127178][T15389] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 924.135170][T15389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 924.143159][T15389] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:44:12 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) setsockopt(r0, 0x84, 0x8009, &(0x7f0000000000)="a6", 0x1) 09:44:12 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r0, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0], &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000140), &(0x7f0000000100)=0xc) [ 924.335905][ T8] Bluetooth: hci8: Frame reassembly failed (-84) [ 925.796669][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 925.803762][T11339] Bluetooth: hci6: sending frame failed (-49) [ 925.886628][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 925.893537][T11339] Bluetooth: hci7: sending frame failed (-49) [ 926.356733][ T1265] Bluetooth: hci8: command 0x1003 tx timeout [ 926.364317][T11339] Bluetooth: hci8: sending frame failed (-49) [ 927.886701][ T7] Bluetooth: hci6: command 0x1001 tx timeout [ 927.893568][T11339] Bluetooth: hci6: sending frame failed (-49) [ 927.966576][ T7] Bluetooth: hci7: command 0x1001 tx timeout [ 927.973189][T11339] Bluetooth: hci7: sending frame failed (-49) [ 928.436633][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 928.443413][T11339] Bluetooth: hci8: sending frame failed (-49) [ 929.956549][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 930.036597][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 930.526528][ T7582] Bluetooth: hci8: command 0x1009 tx timeout [ 931.237247][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.243635][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 09:44:22 executing program 1 (fault-call:4 fault-nth:58): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:44:22 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000100)=0x88) 09:44:22 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000001400)={&(0x7f0000000140)=@in={0x10, 0x2}, 0x10, &(0x7f00000011c0)=[{&(0x7f0000000180)='\a', 0x1}], 0x1, &(0x7f0000001380)=[@sndinfo={0x1c}], 0x1c}, 0x0) 09:44:22 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)=@in6={0x1c, 0x1c, 0x3}, 0x1c) 09:44:22 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5416, &(0x7f0000000000)=0x32) 09:44:22 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x32) 09:44:22 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r1, &(0x7f0000000040)=[{&(0x7f0000000400)=""/137, 0x89}], 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) dup2(r2, r3) recvmsg(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) recvfrom$inet(r4, 0x0, 0x1e51de7a2ef3af5, 0x0, 0x0, 0x800e0077f) shutdown(r3, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0xcd52, 0x0, 0x0, 0x800e00546) r6 = socket$inet_sctp(0x2, 0x0, 0x84) connect$inet(r6, &(0x7f0000000100)={0x10, 0x2}, 0x10) shutdown(r4, 0x0) [ 934.624582][T15471] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 934.649689][T15471] FAULT_INJECTION: forcing a failure. [ 934.649689][T15471] name failslab, interval 1, probability 0, space 0, times 0 09:44:22 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) writev(r0, &(0x7f0000001880)=[{&(0x7f0000000540)="9f066fdd8713c990ac7486285f3ac61326a36f9e7ac21c684075227c06e9c25d506efcccbe3b3e83e446a47f494bbc29f12afcb0898b8b6a7e50c512357891993603427f82f1f52d081241dc7b8fda6c5e9812c57ea50adb10170a0f93a83b79d259e9c84432edbe6549a5d921347bdd6b04f2b3e360769b5cf79a3829bd73dff350e9ea2c5a8d1f14f7049ec6ad3aed001eb609a39bf71374e9f8bf92859944c9f9f661209ae83b8e60e6c0682e9f9e90cea99f336fa419a1f6066fcaf4fafaf21763571b2461ac646a0b3027a9079652c482d2daafd4ee3ddbe3929190e523b1d8c77630bf8fb9a40b32b657647ab1b53c56f567353ca757f5b1076b9dd755be3fe08d08fb7412879045d057b086f97180b41e34b38d7c4c002d96d4ab263c9d40e63d29f7e0aaacae50a753275b0bc3a7589f6491f42b69afdce9005bf92cf2695690b0714d609abf843da14ae36a1d57e947ec5b6f369e341db82f6c95d7d5ebca3b3bd1ada8cd61dd7d8709bbd7ed29ccfdf5cd0a077126655f4715f85d8270062a62f62859ec3e5df3975eec8d1747f964999dc0c827e2e24840e94a6b13c98712e58ae70b5c404ebac9cf9131f3dbf81482973f3e80f46f6f4e76eeb5fb7499e7e3cba13b01433dfa3a6b90f9662993547ad4dd39235112fda488a58fa89a108b0c5553f021969ce01245ef4bc0e1f02c8541b253292060f29c9029975658bb023a8080681ef2329a801904d2cd69d137f4fc9e3e20863ad8af5a1bca493b44e761c1b517cf168c79f2e6c7108da00b060a00b81828957899d5674dfb4330b34fa72fb923a3c8bd48dc668de32d52bcf847f3cd95e159d9cbdac80782708c34715ab5eb1baa245c7cf2f67fbc7a448a44fd5739ed1eefdee3674a660b46eaf68b383451ef4e15a5aeaa043fea877e2190b6ed61a6aab250936c29f722915ac77c568ecbc8db68bf5ed81a55a803268e06b8ef66f7236750e2630448648adca43c466f56a48725ce90a3ca5359baed277d485966fe339b7b66b8ae4a844a5013bfaf07f4f23027f0d8abde75a5ad5ea4b4260469c8da1a552e65ac8ab944b74211c76e7d40b40fe0c8203c2eba6500f8ef72de9a225e2562fd8f7a14f6e931c0ec5b55a903a82cb66282b7f06d8fcc0e1f9735b0f2f3b2a81e09d70979e954173cc699ba5d245a4bcffd4f1902379a251b85e4d6101854d028e6b4bb4c220ddfc4f3bc0555262729317b60c1790324ab6824e732381bd8bb312818321cfc6081b33bde01e69c6e97320bc3552ab39f8a5a1d2d5fba9f2afea60aa4313153de0ed102044efb662ef0f1de4f9314797ba1b4d7c6c569fdf821eeca6df12b94cd61cad86698335900e4d8eb1edc368e56d9990a5176c7cbed8415a69c27d5c9c0188a7471b3523c908f13c4a43c61cc44b5ad5d6fd01bd4137030c2f549896e3470893e0e0fc60928d51ffef7dd7d953dccc4a806acfd35237f2f3e0ef22a2fffe8dcba141a9b669b209d681f747a207d863ac1398fcd54ba295aea274698089f581a74ea26d1888f92ba63f923ca5ada819d7e78ede37d844ce86027e6705bf39c609b054cf5034aef5042eb8789b5f444d4c191fa25db6100d98b972b0bb5470c0d2ad9ff014ea852ad18f029bfbd08678cb4f4f6297b14086d9959be995a66ee3189d65002835c72db0c97875e8410d656c4cf99305440facabae5d203a1aeecfb6ac3e16f8e5a7513e44a296c701e125f211254b62238e44b22522a232184e212ce5c40c5dc709b2f1ae586af54eb51ce78d5185d058c24fc3cbbc6cdbb93c00b3c2838ab849371494b179e4daffd3a2979a505332d590a3824475c675a397a1234feaa342203b323f99268ac18567c313620124d37e101d84bb2a3beca333c3542b52bc0f44593d53960cdf4f6ac547e1edeb200ebdebef867eeb368819deb480bfbb9a1f35e4c6d248fe14c7054e20f3f3528ab1b65477eca56e170bb76e19f2a6a95a35192c382917b04bad8c366a342daccf2b3f6c65b8521691214d4452e256e521a83c7e405bcb35cf6338082741660e7685753845990c8e4aa6b63d5ca13c924bf587e71762b7c5fd5284d1711e39cfbfd48498b9e2c166726ccf2d24e3d23f8f025b96af00e787cddc2abdfff3f2d17dfefdb17a6d34b17da8d63bc53d3c7d07e8cf57e024bcfd040485d4897d1019235a4a5823cb63c43321a10c8128f11d85f331231f657007eeabe34d38564abc57521a7195abf2067326d31e1f0a2e9734edec7f5c67c87146f037fe199a413d100d3657555cb82e93c286736938c2ea4bb29c0fdbcf0446c48a54d61944eb8f9eec4738d8b7b16b9104b58309d235ad18e463b03b09e3fd102ed41b1a2d8b937e95e7bedadaad8140d5a30dedb8d69ac548246b12a55a9ebc4ec9571c3a61351d09fd0af442ca323b7ead0e11d796356eab346a4c64417529a9eb037965b0def00205857fc0d5787151c345a41eae29e4aa69af7a38f56d6242f347e8643344c73052d260349cd11d744b1dd69d690309a3b62b6243e5baa9beb64ba81226cf725bf87c038e81dd372ef3559b25bb371218f1ab96787e0a9b3512d6fe924e4c8fa97185d534881249f6ea046a1e1a570a2e6bdd6334046cfbc1dbe005ac6ba4779da02c331824355d003c38b1dc2ddbf559445aec06d69cf983a6390b0389261d21534f921044cabc68220609693f9ec1cf27896861de4c2d267c88966be35a7086f48144e6241fe9c362a77f358047a2c2ef150260d78cc0abaaeaffdba406a9832403f181908116d61d8de7dbf5fb4452eeb3dd4d30eef940bcddf2053a20e714ffbc46f1d26880d107f506101f1b14192e3dbe87812115fd983d89d1cb7d552406cf67dc5f969ebf87462a3f4954fd03be933e3b7a5c44558c625f4cabdf887eec0bb47ec220516ffc02ecd4b472b50a330fdebb447f2fcbf06463c4e56b1b96a1bb9e57eee0775a5237bad0c1cd4eeb401086ccbc55fe64a4ea086cff8845f7dfd63aa7f57215d1fda11d3219739d46f59050f0153849e2d4b5b5d1e551264fb168265fdb09beaa9027620c110f195e4462a512282366afa55a5c541586f0ec40bd356a78516300348b92b50328386d0650e90d677b1011c17c41c062a044d92a4461ba9f6b4f572f0423b2b5ffc935930fd2f5c8550b7bbc36c2d35b84e78b8bc77b9ea8d1e3bec3c6a027a243055ac53ab62aeef28764ec122281b39da0fbc7f9086c18c1f6c90b75f6506c80c5798f2974b26b0bd5581693709b64666eea0eb2e6087da5dae1639e49f5720a7accd9387005e3ebca4c737568ada3a484ba9fa2d0b423c5d0f301948311eeda0575362bf483c541236aa23a9bee25990da1bdb05523add9da39827b77616ff93c0c23422a1052af30cc1d95c343f19bcf85b2f92ed2cd5c573d386fdb6118f76a17eb47d0945a664ec1718ec9a048a0a88ad429a73d34621a50a41f7866ab1fb55cb9a3f139c774133ef03a27fe597ab5e89939790d42c47b5c4a83487f9c58098934064b485798fef5803a07ace8d3111c75351017b084cd2d71c59ff2622d541f04e43949dad5f860476a22938222da09dc1a10ea4ac8c5ea0c6b57b2c956609000da59efe8d97d91b3fb51aa670613f97d80bb054381e1f2e5fe7f6696b8b95dadebf026e776e697bf55937416692f7a79202a527e64bcd241799577b8b7cda2f84e3a51d549c369308b664e8f33fe1c449df8441a53f0aab0dc79e543129ccc34fbfbcf8fe23f56abd1b81340f8682817d7c0ec40b40f2ccf0a6a77c6b695f28581a46351fd1857a19c24c0dc248e1bd379afbf74d1c0a1093c6f8b7d978bf8ab6af6638322d6bf3aac8c67fef1179532f45bf6bbdd5610e00d7c4161f6c1ab88ea298e459ca7400200552dc0b297baf16a66265206338f2ce23628abf221658f1a47484b27247287de19a589530994dc4a5ea1ab3dd63cfbda2f35bbca9fd05ac51788556ada97665e2bba531e3f8ae47294f95b38209ca5d7ae179a204ba6f95076836a5f0dae29a8c1cafb8e344515297a9908db25ba5e6f8d45c71bb3f4a53f4b094505d9a8f473fb491569b395abf0ba4313dc02ceef36ebd2df44bd8d45b950635fefbc174e2167ee4ba20cab7f2af469755ad392e4e5c73a2dbbc5315087eda4d81b00729227a81e2c4b7125a55635d83922f029fc24ae139ad1a9c437c7fd6500984c62eba52a85248b3949a8f09e944d6d6c593aa21dfc612b0d3ae75d14ae95fc9973a6a3517ddd317c74a4a7bcf6ea9cc9dfbfed617e253ada8302c1fec08", 0xbed}], 0x1) 09:44:22 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000300), &(0x7f00000004c0)=0x98) [ 934.697291][T15471] CPU: 0 PID: 15471 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 934.706976][T15471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 934.718097][T15471] Call Trace: [ 934.721394][T15471] dump_stack_lvl+0xcd/0x134 [ 934.726019][T15471] should_fail.cold+0x5/0xa [ 934.730559][T15471] ? __kernfs_new_node+0xd4/0x8b0 [ 934.735615][T15471] should_failslab+0x5/0x10 [ 934.740140][T15471] kmem_cache_alloc+0x5e/0x390 [ 934.744936][T15471] __kernfs_new_node+0xd4/0x8b0 [ 934.749915][T15471] ? kernfs_path_from_node+0x60/0x60 [ 934.755258][T15471] ? lock_downgrade+0x6e0/0x6e0 [ 934.760153][T15471] ? up_write+0x148/0x470 [ 934.764506][T15471] ? kernfs_activate+0x167/0x1d0 [ 934.769478][T15471] kernfs_new_node+0x93/0x120 [ 934.774282][T15471] __kernfs_create_file+0x51/0x350 [ 934.779433][T15471] sysfs_add_file_mode_ns+0x226/0x540 [ 934.784839][T15471] internal_create_group+0x328/0xb20 [ 934.790165][T15471] ? sysfs_remove_group+0x170/0x170 09:44:22 executing program 3: r0 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000000)="68c9163d", 0x4) [ 934.795385][T15471] ? kernfs_add_one+0x122/0x4c0 [ 934.800261][T15471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 934.806530][T15471] ? kernfs_create_link+0x1b3/0x230 [ 934.811767][T15471] internal_create_groups.part.0+0x90/0x140 [ 934.817787][T15471] sysfs_create_groups+0x25/0x50 [ 934.822755][T15471] device_add+0x82a/0x21b0 [ 934.827204][T15471] ? device_initialize+0x560/0x560 [ 934.832438][T15471] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 934.838898][T15471] ? __raw_spin_lock_init+0x36/0x110 [ 934.844651][T15471] rfkill_register+0x1a5/0xb00 [ 934.849443][T15471] ? hci_leds_init+0x101/0x1c0 [ 934.854238][T15471] hci_register_dev+0x38a/0xbd0 [ 934.859125][T15471] hci_uart_tty_ioctl+0x8c5/0xc50 [ 934.864183][T15471] tty_ioctl+0xc69/0x1670 [ 934.868534][T15471] ? hci_uart_init_work+0x170/0x170 [ 934.873772][T15471] ? tty_lookup_driver+0x550/0x550 [ 934.878919][T15471] ? lock_downgrade+0x6e0/0x6e0 [ 934.883818][T15471] ? __fget_files+0x23d/0x3e0 [ 934.888539][T15471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 934.894807][T15471] ? tty_lookup_driver+0x550/0x550 [ 934.899948][T15471] __x64_sys_ioctl+0x193/0x200 [ 934.904742][T15471] do_syscall_64+0x35/0xb0 [ 934.909189][T15471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 934.915110][T15471] RIP: 0033:0x4665f9 [ 934.919024][T15471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 934.938916][T15471] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 934.947355][T15471] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 934.955440][T15471] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 934.963433][T15471] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 934.971426][T15471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 934.979416][T15471] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:44:23 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x19, &(0x7f0000000140), &(0x7f0000000180)=0x8) 09:44:23 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x24, &(0x7f0000000000), 0x4) [ 935.105338][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) [ 936.596169][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 936.602932][T11339] Bluetooth: hci6: sending frame failed (-49) [ 936.612999][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 936.619852][T11339] Bluetooth: hci7: sending frame failed (-49) [ 937.156333][ T8552] Bluetooth: hci8: command 0x1003 tx timeout [ 937.164046][T11339] Bluetooth: hci8: sending frame failed (-49) [ 938.686372][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 938.693500][T11339] Bluetooth: hci7: sending frame failed (-49) [ 938.701586][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 938.707995][T11339] Bluetooth: hci6: sending frame failed (-49) [ 939.236267][ T8552] Bluetooth: hci8: command 0x1001 tx timeout [ 939.243258][T11339] Bluetooth: hci8: sending frame failed (-49) [ 940.756226][ T8552] Bluetooth: hci6: command 0x1009 tx timeout [ 940.762364][ T8552] Bluetooth: hci7: command 0x1009 tx timeout [ 941.316228][ T8552] Bluetooth: hci8: command 0x1009 tx timeout 09:44:33 executing program 1 (fault-call:4 fault-nth:59): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:44:33 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0x1c, 0x1c, 0x2}, 0x1c, &(0x7f00000003c0)=[{&(0x7f00000000c0)='a', 0x1}], 0x1, &(0x7f00000004c0)=[@sndrcv={0x2c}], 0x2c}, 0x0) 09:44:33 executing program 4: syz_emit_ethernet(0x32, &(0x7f0000000080)={@random="9b66927b16c9", @broadcast, @val, {@ipv4}}, 0x0) 09:44:33 executing program 0: r0 = socket$inet(0x2, 0x3, 0x0) sendto$inet(r0, 0x0, 0x0, 0x180, &(0x7f0000000100)={0x10, 0x2}, 0x10) 09:44:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5418, &(0x7f0000000000)=0x32) 09:44:33 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5424, &(0x7f0000000000)=0x32) 09:44:33 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x14) [ 945.482760][T11339] Bluetooth: hci6: sending frame failed (-49) [ 945.484167][ T1136] Bluetooth: hci7: Frame reassembly failed (-84) 09:44:33 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x14) [ 945.593703][T15551] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 945.677217][T15551] FAULT_INJECTION: forcing a failure. [ 945.677217][T15551] name failslab, interval 1, probability 0, space 0, times 0 [ 945.724902][T15551] CPU: 1 PID: 15551 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 945.734586][T15551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 945.744666][T15551] Call Trace: [ 945.747969][T15551] dump_stack_lvl+0xcd/0x134 [ 945.752684][T15551] should_fail.cold+0x5/0xa [ 945.757223][T15551] ? __kernfs_new_node+0xd4/0x8b0 [ 945.762279][T15551] should_failslab+0x5/0x10 [ 945.766806][T15551] kmem_cache_alloc+0x5e/0x390 [ 945.771605][T15551] __kernfs_new_node+0xd4/0x8b0 [ 945.776579][T15551] ? kernfs_path_from_node+0x60/0x60 [ 945.781900][T15551] ? lock_downgrade+0x6e0/0x6e0 [ 945.786797][T15551] ? up_write+0x148/0x470 [ 945.791173][T15551] ? kernfs_activate+0x167/0x1d0 [ 945.796144][T15551] kernfs_new_node+0x93/0x120 [ 945.800943][T15551] __kernfs_create_file+0x51/0x350 [ 945.806173][T15551] sysfs_add_file_mode_ns+0x226/0x540 [ 945.811597][T15551] internal_create_group+0x328/0xb20 [ 945.816927][T15551] ? sysfs_remove_group+0x170/0x170 [ 945.822147][T15551] ? kernfs_add_one+0x122/0x4c0 [ 945.827064][T15551] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 945.833330][T15551] ? kernfs_create_link+0x1b3/0x230 [ 945.838561][T15551] internal_create_groups.part.0+0x90/0x140 [ 945.844575][T15551] sysfs_create_groups+0x25/0x50 [ 945.849541][T15551] device_add+0x82a/0x21b0 [ 945.853996][T15551] ? device_initialize+0x560/0x560 [ 945.859143][T15551] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 945.865530][T15551] ? __raw_spin_lock_init+0x36/0x110 [ 945.870856][T15551] rfkill_register+0x1a5/0xb00 [ 945.875648][T15551] ? hci_leds_init+0x101/0x1c0 [ 945.880451][T15551] hci_register_dev+0x38a/0xbd0 [ 945.885336][T15551] hci_uart_tty_ioctl+0x8c5/0xc50 [ 945.890401][T15551] tty_ioctl+0xc69/0x1670 [ 945.894758][T15551] ? hci_uart_init_work+0x170/0x170 [ 945.899988][T15551] ? tty_lookup_driver+0x550/0x550 [ 945.905136][T15551] ? lock_downgrade+0x6e0/0x6e0 [ 945.910063][T15551] ? __fget_files+0x23d/0x3e0 [ 945.914766][T15551] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 945.921054][T15551] ? tty_lookup_driver+0x550/0x550 [ 945.926199][T15551] __x64_sys_ioctl+0x193/0x200 [ 945.930996][T15551] do_syscall_64+0x35/0xb0 [ 945.935436][T15551] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 945.941368][T15551] RIP: 0033:0x4665f9 [ 945.945288][T15551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 945.965007][T15551] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 09:44:34 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) 09:44:34 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) connect$inet6(r0, &(0x7f00000001c0)={0x1c, 0x1c, 0x2}, 0x1c) sendto(r0, &(0x7f0000000080)="f9", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000200)='\v', 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) [ 945.973455][T15551] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 945.981448][T15551] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 945.989438][T15551] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 945.997424][T15551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 946.005428][T15551] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:44:34 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000400), 0x88) 09:44:34 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000340)=""/66, 0x42}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) recvfrom$unix(r1, &(0x7f0000001700)=""/102400, 0x19000, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r2, &(0x7f0000000940)=[{&(0x7f0000000080)=""/92, 0x5c}], 0x1) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0x16918a88e5dfbfd, 0x0, 0x0, 0x800e0079e) shutdown(r2, 0x0) recvmsg(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/92, 0x5c}, {0x0}], 0x2}, 0x0) shutdown(r3, 0x0) [ 946.197797][T10154] Bluetooth: hci8: Frame reassembly failed (-84) [ 947.555870][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 947.555929][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 947.562668][T11358] Bluetooth: hci7: sending frame failed (-49) [ 947.569271][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 948.195781][ T20] Bluetooth: hci8: command 0x1003 tx timeout [ 948.203242][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 949.635746][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 949.635746][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 949.636590][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 949.644586][T11358] Bluetooth: hci6: sending frame failed (-49) [ 950.275725][ T1265] Bluetooth: hci8: command 0x1001 tx timeout [ 950.282732][T11358] Bluetooth: hci8: sending frame failed (-49) [ 951.715584][ T1052] Bluetooth: hci7: command 0x1009 tx timeout [ 951.726124][ T8552] Bluetooth: hci6: command 0x1009 tx timeout [ 952.365720][ T8552] Bluetooth: hci8: command 0x1009 tx timeout 09:44:44 executing program 1 (fault-call:4 fault-nth:60): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:44:44 executing program 3: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c, 0x1}, 0x1c) 09:44:44 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x15, &(0x7f0000000040)={0x0, 0x400}, 0xfc2f) 09:44:44 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup(r0) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x2, &(0x7f0000000000), 0x2e) 09:44:44 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541b, &(0x7f0000000000)=0x32) 09:44:44 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5425, &(0x7f0000000000)=0x32) [ 956.312018][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 956.385920][T15630] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 956.409054][T15630] FAULT_INJECTION: forcing a failure. [ 956.409054][T15630] name failslab, interval 1, probability 0, space 0, times 0 [ 956.428476][T15630] CPU: 0 PID: 15630 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 956.439368][T15630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 956.451052][T15630] Call Trace: [ 956.454443][T15630] dump_stack_lvl+0xcd/0x134 [ 956.459093][T15630] should_fail.cold+0x5/0xa [ 956.463723][T15630] ? __kernfs_new_node+0xd4/0x8b0 [ 956.468785][T15630] should_failslab+0x5/0x10 [ 956.473317][T15630] kmem_cache_alloc+0x5e/0x390 [ 956.478116][T15630] __kernfs_new_node+0xd4/0x8b0 [ 956.483024][T15630] ? up_write+0x148/0x470 [ 956.487406][T15630] ? kernfs_path_from_node+0x60/0x60 [ 956.492742][T15630] ? kernfs_add_one+0x122/0x4c0 [ 956.497629][T15630] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 956.503923][T15630] ? __kernfs_create_file+0x2b0/0x350 [ 956.509337][T15630] ? sysfs_add_file_mode_ns+0x226/0x540 [ 956.514922][T15630] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 956.521211][T15630] kernfs_create_dir_ns+0x9c/0x220 [ 956.526711][T15630] internal_create_group+0x798/0xb20 [ 956.532123][T15630] ? sysfs_remove_group+0x170/0x170 [ 956.537533][T15630] ? sysfs_remove_group+0x170/0x170 [ 956.543087][T15630] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 956.549381][T15630] dpm_sysfs_add+0x7e/0x290 [ 956.553938][T15630] device_add+0xad8/0x21b0 [ 956.558397][T15630] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 956.564680][T15630] ? __raw_spin_lock_init+0x36/0x110 [ 956.570007][T15630] rfkill_register+0x1a5/0xb00 [ 956.574807][T15630] ? hci_leds_init+0x101/0x1c0 [ 956.579778][T15630] hci_register_dev+0x38a/0xbd0 [ 956.584668][T15630] hci_uart_tty_ioctl+0x8c5/0xc50 [ 956.589774][T15630] tty_ioctl+0xc69/0x1670 [ 956.594132][T15630] ? hci_uart_init_work+0x170/0x170 [ 956.599637][T15630] ? tty_lookup_driver+0x550/0x550 [ 956.604876][T15630] ? lock_downgrade+0x6e0/0x6e0 [ 956.609860][T15630] ? __fget_files+0x23d/0x3e0 [ 956.614567][T15630] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 956.620840][T15630] ? tty_lookup_driver+0x550/0x550 [ 956.625988][T15630] __x64_sys_ioctl+0x193/0x200 [ 956.630792][T15630] do_syscall_64+0x35/0xb0 [ 956.635234][T15630] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 956.641165][T15630] RIP: 0033:0x4665f9 [ 956.645078][T15630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 956.665322][T15630] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 956.673767][T15630] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 09:44:44 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) writev(r0, &(0x7f0000001880)=[{&(0x7f0000000540)="9f066fdd8713c990ac7486285f3ac61326a36f9e7ac21c684075227c06e9c25d506efcccbe3b3e83e446a47f494bbc29f12afcb0898b8b6a7e50c512357891993603427f82f1f52d081241dc7b8fda6c5e9812c57ea50adb10170a0f93a83b79d259e9c84432edbe6549a5d921347bdd6b04f2b3e360769b5cf79a3829bd73dff350e9ea2c5a8d1f14f7049ec6ad3aed001eb609a39bf71374e9f8bf92859944c9f9f661209ae83b8e60e6c0682e9f9e90cea99f336fa419a1f6066fcaf4fafaf21763571b2461ac646a0b3027a9079652c482d2daafd4ee3ddbe3929190e523b1d8c77630bf8fb9a40b32b657647ab1b53c56f567353ca757f5b1076b9dd755be3fe08d08fb7412879045d057b086f97180b41e34b38d7c4c002d96d4ab263c9d40e63d29f7e0aaacae50a753275b0bc3a7589f6491f42b69afdce9005bf92cf2695690b0714d609abf843da14ae36a1d57e947ec5b6f369e341db82f6c95d7d5ebca3b3bd1ada8cd61dd7d8709bbd7ed29ccfdf5cd0a077126655f4715f85d8270062a62f62859ec3e5df3975eec8d1747f964999dc0c827e2e24840e94a6b13c98712e58ae70b5c404ebac9cf9131f3dbf81482973f3e80f46f6f4e76eeb5fb7499e7e3cba13b01433dfa3a6b90f9662993547ad4dd39235112fda488a58fa89a108b0c5553f021969ce01245ef4bc0e1f02c8541b253292060f29c9029975658bb023a8080681ef2329a801904d2cd69d137f4fc9e3e20863ad8af5a1bca493b44e761c1b517cf168c79f2e6c7108da00b060a00b81828957899d5674dfb4330b34fa72fb923a3c8bd48dc668de32d52bcf847f3cd95e159d9cbdac80782708c34715ab5eb1baa245c7cf2f67fbc7a448a44fd5739ed1eefdee3674a660b46eaf68b383451ef4e15a5aeaa043fea877e2190b6ed61a6aab250936c29f722915ac77c568ecbc8db68bf5ed81a55a803268e06b8ef66f7236750e2630448648adca43c466f56a48725ce90a3ca5359baed277d485966fe339b7b66b8ae4a844a5013bfaf07f4f23027f0d8abde75a5ad5ea4b4260469c8da1a552e65ac8ab944b74211c76e7d40b40fe0c8203c2eba6500f8ef72de9a225e2562fd8f7a14f6e931c0ec5b55a903a82cb66282b7f06d8fcc0e1f9735b0f2f3b2a81e09d70979e954173cc699ba5d245a4bcffd4f1902379a251b85e4d6101854d028e6b4bb4c220ddfc4f3bc0555262729317b60c1790324ab6824e732381bd8bb312818321cfc6081b33bde01e69c6e97320bc3552ab39f8a5a1d2d5fba9f2afea60aa4313153de0ed102044efb662ef0f1de4f9314797ba1b4d7c6c569fdf821eeca6df12b94cd61cad86698335900e4d8eb1edc368e56d9990a5176c7cbed8415a69c27d5c9c0188a7471b3523c908f13c4a43c61cc44b5ad5d6fd01bd4137030c2f549896e3470893e0e0fc60928d51ffef7dd7d953dccc4a806acfd35237f2f3e0ef22a2fffe8dcba141a9b669b209d681f747a207d863ac1398fcd54ba295aea274698089f581a74ea26d1888f92ba63f923ca5ada819d7e78ede37d844ce86027e6705bf39c609b054cf5034aef5042eb8789b5f444d4c191fa25db6100d98b972b0bb5470c0d2ad9ff014ea852ad18f029bfbd08678cb4f4f6297b14086d9959be995a66ee3189d65002835c72db0c97875e8410d656c4cf99305440facabae5d203a1aeecfb6ac3e16f8e5a7513e44a296c701e125f211254b62238e44b22522a232184e212ce5c40c5dc709b2f1ae586af54eb51ce78d5185d058c24fc3cbbc6cdbb93c00b3c2838ab849371494b179e4daffd3a2979a505332d590a3824475c675a397a1234feaa342203b323f99268ac18567c313620124d37e101d84bb2a3beca333c3542b52bc0f44593d53960cdf4f6ac547e1edeb200ebdebef867eeb368819deb480bfbb9a1f35e4c6d248fe14c7054e20f3f3528ab1b65477eca56e170bb76e19f2a6a95a35192c382917b04bad8c366a342daccf2b3f6c65b8521691214d4452e256e521a83c7e405bcb35cf6338082741660e7685753845990c8e4aa6b63d5ca13c924bf587e71762b7c5fd5284d1711e39cfbfd48498b9e2c166726ccf2d24e3d23f8f025b96af00e787cddc2abdfff3f2d17dfefdb17a6d34b17da8d63bc53d3c7d07e8cf57e024bcfd040485d4897d1019235a4a5823cb63c43321a10c8128f11d85f331231f657007eeabe34d38564abc57521a7195abf2067326d31e1f0a2e9734edec7f5c67c87146f037fe199a413d100d3657555cb82e93c286736938c2ea4bb29c0fdbcf0446c48a54d61944eb8f9eec4738d8b7b16b9104b58309d235ad18e463b03b09e3fd102ed41b1a2d8b937e95e7bedadaad8140d5a30dedb8d69ac548246b12a55a9ebc4ec9571c3a61351d09fd0af442ca323b7ead0e11d796356eab346a4c64417529a9eb037965b0def00205857fc0d5787151c345a41eae29e4aa69af7a38f56d6242f347e8643344c73052d260349cd11d744b1dd69d690309a3b62b6243e5baa9beb64ba81226cf725bf87c038e81dd372ef3559b25bb371218f1ab96787e0a9b3512d6fe924e4c8fa97185d534881249f6ea046a1e1a570a2e6bdd6334046cfbc1dbe005ac6ba4779da02c331824355d003c38b1dc2ddbf559445aec06d69cf983a6390b0389261d21534f921044cabc68220609693f9ec1cf27896861de4c2d267c88966be35a7086f48144e6241fe9c362a77f358047a2c2ef150260d78cc0abaaeaffdba406a9832403f181908116d61d8de7dbf5fb4452eeb3dd4d30eef940bcddf2053a20e714ffbc46f1d26880d107f506101f1b14192e3dbe87812115fd983d89d1cb7d552406cf67dc5f969ebf87462a3f4954fd03be933e3b7a5c44558c625f4cabdf887eec0bb47ec220516ffc02ecd4b472b50a330fdebb447f2fcbf06463c4e56b1b96a1bb9e57eee0775a5237bad0c1cd4eeb401086ccbc55fe64a4ea086cff8845f7dfd63aa7f57215d1fda11d3219739d46f59050f0153849e2d4b5b5d1e551264fb168265fdb09beaa9027620c110f195e4462a512282366afa55a5c541586f0ec40bd356a78516300348b92b50328386d0650e90d677b1011c17c41c062a044d92a4461ba9f6b4f572f0423b2b5ffc935930fd2f5c8550b7bbc36c2d35b84e78b8bc77b9ea8d1e3bec3c6a027a243055ac53ab62aeef28764ec122281b39da0fbc7f9086c18c1f6c90b75f6506c80c5798f2974b26b0bd5581693709b64666eea0eb2e6087da5dae1639e49f5720a7accd9387005e3ebca4c737568ada3a484ba9fa2d0b423c5d0f301948311eeda0575362bf483c541236aa23a9bee25990da1bdb05523add9da39827b77616ff93c0c23422a1052af30cc1d95c343f19bcf85b2f92ed2cd5c573d386fdb6118f76a17eb47d0945a664ec1718ec9a048a0a88ad429a73d34621a50a41f7866ab1fb55cb9a3f139c774133ef03a27fe597ab5e89939790d42c47b5c4a83487f9c58098934064b485798fef5803a07ace8d3111c75351017b084cd2d71c59ff2622d541f04e43949dad5f860476a22938222da09dc1a10ea4ac8c5ea0c6b57b2c956609000da59efe8d97d91b3fb51aa670613f97d80bb054381e1f2e5fe7f6696b8b95dadebf026e776e697bf55937416692f7a79202a527e64bcd241799577b8b7cda2f84e3a51d549c369308b664e8f33fe1c449df8441a53f0aab0dc79e543129ccc34fbfbcf8fe23f56abd1b81340f8682817d7c0ec40b40f2ccf0a6a77c6b695f28581a46351fd1857a19c24c0dc248e1bd379afbf74d1c0a1093c6f8b7d978bf8ab6af6638322d6bf3aac8c67fef1179532f45bf6bbdd5610e00d7c4161f6c1ab88ea298e459ca7400200552dc0b297baf16a66265206338f2ce23628abf221658f1a47484b27247287de19a589530994dc4a5ea1ab3dd63cfbda2f35bbca9fd05ac51788556ada97665e2bba531e3f8ae47294f95b38209ca5d7ae179a204ba6f95076836a5f0dae29a8c1cafb8e344515297a9908db25ba5e6f8d45c71bb3f4a53f4b094505d9a8f473fb491569b395abf0ba4313dc02ceef36ebd2df44bd8d45b950635fefbc174e2167ee4ba20cab7f2af469755ad392e4e5c73a2dbbc5315087eda4d81b00729227a81e2c4b7125a55635d83922f029fc24ae139ad1a9c437c7fd6500984c62eba52a85248b3949a8f09e944d6d6c593aa21dfc612b0d3ae75d14ae95fc9973a6a3517ddd317c74a4a7bcf6ea9cc9dfbfed617e253ada8302c1fec08ca0d7b51de6928ed9548d059f26577baa5577d8820044c4c53ebfc338cd741625be7cc67713c888a071a32919c3d26a5cd0b7251aaecdb8125c9773912fcaec824a3db0d6bd7496eabb3cb0dc19783708278c8f63b9ab23f84f9d49395e73456f013b6d1480f31f68a115900ec62995d21affd6044c26c4af7609b46005e0932c817dc6ba30d142e8e33e3b0df0ce93e531d29205bd97fea704ffba876f51ebd05bf282f88859ed934d363e517ada5c1994ed51ec27af60d5e9ee6973efb81b11fc8c20a552732d5788fdee62200c17b90142fd4f658a6da7b1477e4594b02e867cb4082af2c55ef4c9431512a8496562a519687e112b182473340206591b1ee3f2f47b6be4be3d92b346ae0ca28173924d41d0e18d621026554d28708589eaae7114b2851e6833b5ecd3f2c794b43ff37bcf6cd3e3653a7f621d3c03335217f6f410c9257fdc9e7aba1788ddf7461cf2b5d95a931cd610991c20bbdb1351b36e3c9a045d8d6f248701d4698388001e83453e274743b6aed9f8716055165e8ef0aca25624300679e2df00ee3704ff3bdb4d2e139e68487b73248a378b847428e2e2dffc3ac788938cdb4a14d3f1f85ab7061640f285ce20f95731eb7dac842f51e33dd1c5e770b4ca898f9a6a2e32cbe724cb7b6791354272051633a7b2836bf76518912ea753d61fb46cb6a93a0e25795a0fa8fdf22ce31aba0a939d005d11706317bb80263f57639598e9683c214431e41ce0901a08491f4c777e760a07921bdeb03d761c12869b6faee6190f19d7481ada4f54a30ac96ec317bb4fdc335a2c9cef76003551326bebe6c1d3c03a3cb4c0c3d0a686edf1c9554d1a5accb7d2bdca7af731359baf751621bfe2229efc08d6152c04a242246346d51d3707ae25dd001ba54b1fcc67108d219b342780ab5fb7c1bcf4f1f818d67a52921df1e1717608fdf4d112ff3336afd5664103bb8c506f6243b5d5fb80d31a2473634747675be2733ac1e59536c21ee730a19742564a41c9422decbc103ac44def904ac15f5d54fb75ac38e41e25b0401434765678adda071e5ec6a5fadb1f6ef425fb15de817becf82147dfc02040e86c1e775c66a66dc503e33f870541520f1cc910574340ce04c24303475fd21d3ae9ae8211c0935edbff930079ca47e2dde48ad93da043fc22f54229f1ff92b1d83a539941a5ff45f56d973b4d85a59feded1aeedf2e2fa93c3fb554c480b5000349bcec405a100fab6c74a345c204b24e92357c0d4d7d2d889a4a7cd6080137399ca1fb3791a1ac6cff98a04a3bc93db934de863f779f7070f73cc18062d2ee032099641ed4375f539101a733984f576bb08992b719c8fa73cfc1150a8282b783b7fb6355daac8a19ba7e78947f3f438f3c57001642f2ec97fd8224669eff3bb284e48f769cac7b7899ddf4b45732bfe7db9", 0xfe9}, {&(0x7f0000000200)="8d917622c661892a", 0x8}], 0x2) 09:44:44 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xb, &(0x7f0000000340), &(0x7f0000000380)=0x20) 09:44:44 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c, &(0x7f0000000040)=[{&(0x7f00000000c0)='~', 0x1}], 0x1, &(0x7f0000000280)=[@sndrcv={0x2c}], 0x2c}, 0x0) [ 956.681766][T15630] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 956.689764][T15630] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 956.697984][T15630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 956.705991][T15630] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:44:45 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x82, 0x0, 0x0) 09:44:45 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10) writev(r0, &(0x7f0000001880)=[{&(0x7f0000000540)="9f066fdd8713c990ac7486285f3ac61326a36f9e7ac21c684075227c06e9c25d506efcccbe3b3e83e446a47f494bbc29f12afcb0898b8b6a7e50c512357891993603427f82f1f52d081241dc7b8fda6c5e9812c57ea50adb10170a0f93a83b79d259e9c84432edbe6549a5d921347bdd6b04f2b3e360769b5cf79a3829bd73dff350e9ea2c5a8d1f14f7049ec6ad3aed001eb609a39bf71374e9f8bf92859944c9f9f661209ae83b8e60e6c0682e9f9e90cea99f336fa419a1f6066fcaf4fafaf21763571b2461ac646a0b3027a9079652c482d2daafd4ee3ddbe3929190e523b1d8c77630bf8fb9a40b32b657647ab1b53c56f567353ca757f5b1076b9dd755be3fe08d08fb7412879045d057b086f97180b41e34b38d7c4c002d96d4ab263c9d40e63d29f7e0aaacae50a753275b0bc3a7589f6491f42b69afdce9005bf92cf2695690b0714d609abf843da14ae36a1d57e947ec5b6f369e341db82f6c95d7d5ebca3b3bd1ada8cd61dd7d8709bbd7ed29ccfdf5cd0a077126655f4715f85d8270062a62f62859ec3e5df3975eec8d1747f964999dc0c827e2e24840e94a6b13c98712e58ae70b5c404ebac9cf9131f3dbf81482973f3e80f46f6f4e76eeb5fb7499e7e3cba13b01433dfa3a6b90f9662993547ad4dd39235112fda488a58fa89a108b0c5553f021969ce01245ef4bc0e1f02c8541b253292060f29c9029975658bb023a8080681ef2329a801904d2cd69d137f4fc9e3e20863ad8af5a1bca493b44e761c1b517cf168c79f2e6c7108da00b060a00b81828957899d5674dfb4330b34fa72fb923a3c8bd48dc668de32d52bcf847f3cd95e159d9cbdac80782708c34715ab5eb1baa245c7cf2f67fbc7a448a44fd5739ed1eefdee3674a660b46eaf68b383451ef4e15a5aeaa043fea877e2190b6ed61a6aab250936c29f722915ac77c568ecbc8db68bf5ed81a55a803268e06b8ef66f7236750e2630448648adca43c466f56a48725ce90a3ca5359baed277d485966fe339b7b66b8ae4a844a5013bfaf07f4f23027f0d8abde75a5ad5ea4b4260469c8da1a552e65ac8ab944b74211c76e7d40b40fe0c8203c2eba6500f8ef72de9a225e2562fd8f7a14f6e931c0ec5b55a903a82cb66282b7f06d8fcc0e1f9735b0f2f3b2a81e09d70979e954173cc699ba5d245a4bcffd4f1902379a251b85e4d6101854d028e6b4bb4c220ddfc4f3bc0555262729317b60c1790324ab6824e732381bd8bb312818321cfc6081b33bde01e69c6e97320bc3552ab39f8a5a1d2d5fba9f2afea60aa4313153de0ed102044efb662ef0f1de4f9314797ba1b4d7c6c569fdf821eeca6df12b94cd61cad86698335900e4d8eb1edc368e56d9990a5176c7cbed8415a69c27d5c9c0188a7471b3523c908f13c4a43c61cc44b5ad5d6fd01bd4137030c2f549896e3470893e0e0fc60928d51ffef7dd7d953dccc4a806acfd35237f2f3e0ef22a2fffe8dcba141a9b669b209d681f747a207d863ac1398fcd54ba295aea274698089f581a74ea26d1888f92ba63f923ca5ada819d7e78ede37d844ce86027e6705bf39c609b054cf5034aef5042eb8789b5f444d4c191fa25db6100d98b972b0bb5470c0d2ad9ff014ea852ad18f029bfbd08678cb4f4f6297b14086d9959be995a66ee3189d65002835c72db0c97875e8410d656c4cf99305440facabae5d203a1aeecfb6ac3e16f8e5a7513e44a296c701e125f211254b62238e44b22522a232184e212ce5c40c5dc709b2f1ae586af54eb51ce78d5185d058c24fc3cbbc6cdbb93c00b3c2838ab849371494b179e4daffd3a2979a505332d590a3824475c675a397a1234feaa342203b323f99268ac18567c313620124d37e101d84bb2a3beca333c3542b52bc0f44593d53960cdf4f6ac547e1edeb200ebdebef867eeb368819deb480bfbb9a1f35e4c6d248fe14c7054e20f3f3528ab1b65477eca56e170bb76e19f2a6a95a35192c382917b04bad8c366a342daccf2b3f6c65b8521691214d4452e256e521a83c7e405bcb35cf6338082741660e7685753845990c8e4aa6b63d5ca13c924bf587e71762b7c5fd5284d1711e39cfbfd48498b9e2c166726ccf2d24e3d23f8f025b96af00e787cddc2abdfff3f", 0x5f5}], 0x1) 09:44:45 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f0000003880)=[{&(0x7f0000001240)='F', 0x1}], 0x1}, 0x0) [ 957.075798][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 958.355282][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 958.362532][T11364] Bluetooth: hci6: sending frame failed (-49) [ 959.085488][T10442] Bluetooth: hci8: command 0x1003 tx timeout [ 959.092584][T11364] Bluetooth: hci8: sending frame failed (-49) [ 959.155741][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 959.162681][T11364] Bluetooth: hci7: sending frame failed (-49) [ 960.435361][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 960.442633][T11364] Bluetooth: hci6: sending frame failed (-49) [ 961.155274][ T1052] Bluetooth: hci8: command 0x1001 tx timeout [ 961.161925][T11364] Bluetooth: hci8: sending frame failed (-49) [ 961.235509][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 961.241755][T11364] Bluetooth: hci7: sending frame failed (-49) [ 962.515667][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 963.235223][ T1052] Bluetooth: hci8: command 0x1009 tx timeout [ 963.315455][T10442] Bluetooth: hci7: command 0x1009 tx timeout 09:44:55 executing program 1 (fault-call:4 fault-nth:61): clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:44:55 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000300)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000040)="86", 0x1}], 0x1}, 0x0) 09:44:55 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0x40, &(0x7f0000001140)='dctcp\x00', 0x6) 09:44:55 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000280)={0x0, @in, 0x21dc0400, 0x0, 0x110, 0x0, 0xa82c}, 0x98) 09:44:55 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5427, &(0x7f0000000000)=0x32) 09:44:55 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541d, &(0x7f0000000000)=0x32) 09:44:55 executing program 0: select(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000016c0)=""/126, 0x7e}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/237, 0xed}, {0x0}], 0x2}, 0x40002) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xbf9d, 0x0, 0x0, 0x800e00599) shutdown(r1, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)) select(0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r2, 0x0) 09:44:55 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind(r0, &(0x7f0000000100)=@in6={0x1c, 0x1c, 0x2}, 0x1c) [ 967.331200][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:44:55 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x5, &(0x7f00000001c0), 0x1) [ 967.455132][T15701] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:44:55 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000140), 0xfefa) [ 967.512931][T15701] FAULT_INJECTION: forcing a failure. [ 967.512931][T15701] name failslab, interval 1, probability 0, space 0, times 0 [ 967.565583][T15701] CPU: 0 PID: 15701 Comm: syz-executor.1 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 967.575266][T15701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 967.585425][T15701] Call Trace: [ 967.588715][T15701] dump_stack_lvl+0xcd/0x134 [ 967.593407][T15701] should_fail.cold+0x5/0xa [ 967.597934][T15701] ? __kernfs_new_node+0xd4/0x8b0 [ 967.603059][T15701] should_failslab+0x5/0x10 [ 967.607580][T15701] kmem_cache_alloc+0x5e/0x390 [ 967.612366][T15701] __kernfs_new_node+0xd4/0x8b0 [ 967.617235][T15701] ? kernfs_path_from_node+0x60/0x60 [ 967.622550][T15701] ? lock_release+0x720/0x720 [ 967.627244][T15701] kernfs_new_node+0x93/0x120 [ 967.631948][T15701] __kernfs_create_file+0x51/0x350 [ 967.637077][T15701] sysfs_add_file_mode_ns+0x226/0x540 [ 967.642467][T15701] sysfs_merge_group+0x198/0x320 [ 967.647417][T15701] ? sysfs_update_group+0x30/0x30 [ 967.652452][T15701] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 967.658718][T15701] dpm_sysfs_add+0x241/0x290 [ 967.663318][T15701] device_add+0xad8/0x21b0 [ 967.667752][T15701] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 967.674008][T15701] ? __raw_spin_lock_init+0x36/0x110 [ 967.679308][T15701] rfkill_register+0x1a5/0xb00 [ 967.684076][T15701] ? hci_leds_init+0x101/0x1c0 [ 967.688848][T15701] hci_register_dev+0x38a/0xbd0 [ 967.695390][T15701] hci_uart_tty_ioctl+0x8c5/0xc50 [ 967.700428][T15701] tty_ioctl+0xc69/0x1670 [ 967.704771][T15701] ? hci_uart_init_work+0x170/0x170 [ 967.709981][T15701] ? tty_lookup_driver+0x550/0x550 [ 967.715104][T15701] ? lock_downgrade+0x6e0/0x6e0 [ 967.719974][T15701] ? __fget_files+0x23d/0x3e0 [ 967.724658][T15701] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 967.730905][T15701] ? tty_lookup_driver+0x550/0x550 [ 967.736022][T15701] __x64_sys_ioctl+0x193/0x200 [ 967.740795][T15701] do_syscall_64+0x35/0xb0 [ 967.745217][T15701] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 967.751125][T15701] RIP: 0033:0x4665f9 [ 967.755031][T15701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 967.774900][T15701] RSP: 002b:00007f21c09a2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 967.783333][T15701] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 967.791598][T15701] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 967.799780][T15701] RBP: 00007f21c09a21d0 R08: 0000000000000000 R09: 0000000000000000 [ 967.807762][T15701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 967.815737][T15701] R13: 00007fff96b9a86f R14: 00007f21c09a2300 R15: 0000000000022000 09:44:56 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) fcntl$getown(r0, 0x5) 09:44:56 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000200), &(0x7f00000002c0)=0x98) [ 968.232900][T11364] Bluetooth: hci8: sending frame failed (-49) [ 969.394894][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 969.401218][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 969.402259][T11364] Bluetooth: hci7: sending frame failed (-49) [ 969.414591][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 970.284975][ T1052] Bluetooth: hci8: command 0x1003 tx timeout [ 970.292668][T11364] Bluetooth: hci8: sending frame failed (-49) [ 971.484808][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 971.491278][T11364] Bluetooth: hci7: sending frame failed (-49) [ 971.499310][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 971.505810][T11364] Bluetooth: hci6: sending frame failed (-49) [ 972.354898][ T1052] Bluetooth: hci8: command 0x1001 tx timeout [ 972.361482][T11364] Bluetooth: hci8: sending frame failed (-49) [ 973.554670][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 973.560812][ T20] Bluetooth: hci7: command 0x1009 tx timeout [ 974.435093][ T1052] Bluetooth: hci8: command 0x1009 tx timeout 09:45:06 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:45:06 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x50, 0x0, 0x0) 09:45:06 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) 09:45:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x16, &(0x7f0000000000)={0x0, 0x8001}, 0x8) 09:45:06 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541e, &(0x7f0000000000)=0x32) 09:45:06 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5428, &(0x7f0000000000)=0x32) 09:45:06 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000100), 0x90) 09:45:06 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000001200)={0x1c, 0x1c, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0x1c, 0x1c, 0x2}, 0x1c) [ 978.801499][T11096] Bluetooth: hci6: Frame reassembly failed (-84) [ 978.830875][T15765] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:45:06 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0xa, &(0x7f0000000080)={0x0, @in, 0x0, 0x0, 0x20a}, 0x98) 09:45:07 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f00000008c0)={&(0x7f0000000000)=@in6={0x1c, 0x1c, 0x3}, 0xb, &(0x7f0000000700)=[{&(0x7f0000000140)="d5", 0x1}], 0x1, &(0x7f0000000800)=[@authinfo={0x10}], 0x10}, 0x0) [ 978.866116][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) 09:45:07 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000200)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000240)={0x0, 0x5600}, 0x10) sendmsg$inet_sctp(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0) 09:45:07 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000006c0)={&(0x7f0000000200)=@in6={0x1c, 0x1c, 0x2}, 0x1c, &(0x7f00000005c0)=[{&(0x7f0000000240)="d7", 0x1}], 0x1, &(0x7f0000000640)=[@authinfo={0x10}], 0x10}, 0x0) [ 980.844728][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 980.850994][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 980.852576][T11364] Bluetooth: hci7: sending frame failed (-49) [ 980.863828][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 980.914452][T13921] Bluetooth: hci8: command 0x1003 tx timeout [ 980.920717][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 982.914254][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 982.921025][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 982.924311][T14927] Bluetooth: hci7: command 0x1001 tx timeout [ 982.938166][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 982.994413][ T20] Bluetooth: hci8: command 0x1001 tx timeout [ 983.000730][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 984.994354][T13921] Bluetooth: hci7: command 0x1009 tx timeout [ 985.001089][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 985.074192][T13921] Bluetooth: hci8: command 0x1009 tx timeout 09:45:17 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2, 0x4) 09:45:17 executing program 0: r0 = socket(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000240)={0x10, 0x2}, 0x10) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000480)=@in6={0x1c, 0x1c, 0x2}, 0x1c) 09:45:17 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup(r0) connect$inet(r1, &(0x7f00000005c0)={0x10, 0x2}, 0x10) 09:45:17 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) sendmsg$inet_sctp(r0, &(0x7f00000004c0)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f0000000440)=[@init={0x14}, @sndrcv={0x2c}], 0x40}, 0x20188) 09:45:17 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541e, &(0x7f0000000000)=0x32) 09:45:17 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5437, &(0x7f0000000000)=0x32) 09:45:17 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0xffffffffffffffd3, 0x2}, 0x10) sendto$inet(r0, &(0x7f0000000280)='1', 0x1, 0x0, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:45:17 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x10, 0x2}, 0x10) 09:45:17 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x20100) sendmsg$inet_sctp(r0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@dstaddrv6={0x1c, 0x84, 0xa, @local={0xfe, 0x80, '\x00', 0x0}}], 0x1c}, 0x0) 09:45:17 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x10, 0x4) 09:45:17 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r0, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000180)=ANY=[@ANYRES32=0x0], &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000140), &(0x7f0000000100)=0xc) 09:45:18 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000b00), 0xc) 09:45:18 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c00, 0x4) 09:45:18 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x1c, 0x1c, 0x3}, 0x1c) 09:45:18 executing program 3: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) sendto(r0, &(0x7f0000000140)='!', 0x1, 0x0, &(0x7f00000001c0)=@in6={0x1c, 0x1c}, 0x1c) 09:45:18 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f000001a700)=""/102400, 0x19000, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r3, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) readv(r1, &(0x7f0000000340)=[{&(0x7f0000000680)=""/37, 0x25}], 0x1) recvfrom$inet(r2, 0x0, 0x1e51de7a2ef3af5, 0x0, 0x0, 0x800e0072e) shutdown(r1, 0x0) ppoll(&(0x7f00000000c0)=[{}], 0x1, &(0x7f0000000100)={0x6}, &(0x7f0000000140), 0x10) shutdown(r2, 0x0) [ 991.713915][T14927] Bluetooth: hci7: command 0x1003 tx timeout [ 991.720837][T11339] Bluetooth: hci7: sending frame failed (-49) [ 991.727714][T14927] Bluetooth: hci6: command 0x1003 tx timeout [ 991.734180][T11339] Bluetooth: hci6: sending frame failed (-49) [ 992.674219][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.680627][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.793745][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 993.800811][T11339] Bluetooth: hci6: sending frame failed (-49) [ 993.807263][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 993.813531][T11339] Bluetooth: hci7: sending frame failed (-49) [ 995.873750][ T8552] Bluetooth: hci7: command 0x1009 tx timeout [ 995.879880][ T8552] Bluetooth: hci6: command 0x1009 tx timeout 09:45:27 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5421, &(0x7f0000000000)=0x32) 09:45:27 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5441, &(0x7f0000000000)=0x32) 09:45:27 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c01, 0x4) 09:45:27 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) recvmsg(r0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) 09:45:27 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f000001a700)=""/102400, 0x19000, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r3, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) readv(r1, &(0x7f0000001140)=[{&(0x7f00000000c0)=""/4096, 0x1000}, {&(0x7f0000000040)=""/15, 0xf}, {&(0x7f00000010c0)=""/94, 0x5e}], 0x3) recvfrom$inet(r2, 0x0, 0x1e51de7a2ef3af5, 0x0, 0x0, 0x800e0072e) shutdown(r1, 0x0) r4 = socket(0x2, 0x1, 0x0) connect$inet(r4, &(0x7f0000000080)={0x10, 0x2}, 0x10) shutdown(r2, 0x0) 09:45:27 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f0000001700)=""/102385, 0x18ff1, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r1, &(0x7f0000001500)=[{&(0x7f0000001680)=""/120, 0x78}], 0x1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r2, &(0x7f0000000380)=[{0x0}, {0x0}, {&(0x7f0000000400)=""/198, 0xc6}, {0x0}, {0x0}], 0x5) r3 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0x73a0b1b, 0x0, 0x0, 0x800e008f8) shutdown(r2, 0x0) shutdown(r3, 0x0) [ 999.888462][ T1124] Bluetooth: hci6: Frame reassembly failed (-84) 09:45:28 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000340)={0x10, 0x2}, 0x10) 09:45:28 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c80, 0x4) [ 1000.073201][ T1136] Bluetooth: hci7: Frame reassembly failed (-84) 09:45:28 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000480)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0), 0x98) 09:45:28 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000200)={0x1c, 0x1c}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0x1c, 0x1c}, 0x1c) 09:45:28 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c81, 0x4) 09:45:28 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000380)=@in={0x10, 0x2}, 0x10) [ 1001.952572][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 1001.959729][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1002.112894][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1002.119077][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1004.032294][ T8552] Bluetooth: hci6: command 0x1001 tx timeout [ 1004.038859][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1004.192694][ T8552] Bluetooth: hci7: command 0x1001 tx timeout [ 1004.199838][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1006.122403][T14927] Bluetooth: hci6: command 0x1009 tx timeout [ 1006.282391][T14927] Bluetooth: hci7: command 0x1009 tx timeout 09:45:38 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x32) 09:45:38 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5448, &(0x7f0000000000)=0x32) 09:45:38 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x4) 09:45:38 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f0000000180)={0x10, 0x2}, 0x10) 09:45:38 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000300), &(0x7f00000004c0)=0x98) 09:45:38 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000800)={&(0x7f0000000040)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000080)="88", 0x1}], 0x1, &(0x7f0000000fc0)=ANY=[], 0x78}, 0x0) 09:45:38 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x1c, 0x1c, 0x1}, 0x1c) 09:45:38 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000100)={0x1c, 0x1c}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000240)=""/125, 0x7d}, {0x0}], 0x2}, 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0xffffff68, 0x0, 0x0, 0x800e005dd) shutdown(r2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000140)=""/183, 0xb7}], 0x1}, 0x0) shutdown(r3, 0x0) 09:45:38 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f0000003880)=[{&(0x7f0000001240)='F', 0x1}], 0x1}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000001200)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x1}, 0x1c, &(0x7f0000001180)=[{&(0x7f0000000080)="025013fc8e04e9cf1a9ef532f64f84cb14f54383ccc4e2763665724dfd1c6019c64db69400901aecd0c56392585a7a183c62e23586ce7d790f2f81d814ab24c6f2e99528372772900889ddf923b944cb3a286a9b857bdb48a421a72bb7105e8598905299b05015ec7d79b66d9292993d29d254941e21f0f7d8359977252cb60ea01fc8c8270ca4e0bfb4e18f50c35c50cda217ff7668ba3bc4c5973e9f3d36eb53fc23c0d0c997d3b32db5b91dfa961b465a00e3d9af372cb408f85a1fcb7e19848c83a408e8ebf208d64e6e0c5306cc4ff3dbee443b05155ac9a3e54716abf75fc64756a83f41caa8b3355dbc52e0b9285ac38577b5bc98f3afa93eca59e8f5af530c7000f0713b470da56c60a4726ec90a200f4447fd5886f8bd5600886ec60f82870580610ead320adfbb2b9552f96c6d920279d0b2946381e9cb2cd5ffceaf584632c661517038ff03dd0b73329f6a150672b9a15c55eeadd5fcb91f8f518b13e1efd0dbe193f910da7479bfc77ec61c97f008ddfe459cbebb3424772cee71b56284725f6c1d2c47b0d1dad51edb8a9a6520a66b9eb416c9d00435e765d9457e7eeba1bd5605c84242a0a40d2071bf11d15980d47547ad99084fb70323ebcfcc6963e9cf9a6f66b00f181f4998e0b418916029aecd03f931a6eda6d081bd56e6890834d11327aac882ad388dd6a644dad607a5e4fd9f2679998dd45b029335c74fd99d94dbe7f24af5ed97e1b721eb837d665845c916fcb25ed1ba6188309bb6f178964e90a22921a52621981a457bf12968b8437b181fd733ded1e0b1edcf8da03dcc9676d3f7a7192beb0a8f819d60e468a691bde983da46fac79f8b35ef7e119576a27176f4e3dfcb4b3deba446ce96aeb4b35118f86b5dd790d9d98dcc7cb0988122c9cf0b0051138e9e8f695054eae952efd87c4cad1fc57dfe9b11c41fc39c4719fba63ef3c2f4be7ab3a002af1903677d06fb26706df9b00292b90212ab82aa96c1f2c063079be150404dbd23618785dac672a500273544d55839007ce0b86cce8f8cb7dac0f6b102214f5f6ee5ff71ef0cd8ed420722eb6f7829a3689aa7d03cb7b0cddc32b6886b7649ed35aa2889d4c190efeaa414b916fa3cae6e27864e4438d2ed4a206a25c02dd82476a536b49b64ea6bcc07ec3ccc8f7a0cc248d1a7f90d24cc5435ef31b29ad948921318f2892f6a83a0e5e384d3003fd5a9d0e55917cc05f62847a69e390e543f0f8e56dd73fbf86fb23ae054ba03fa27ced3160fc2608323d827886ce3d345fb5e7f2a6834b72c51f5cb7de88e6d3fc19686b14aa460107b4f8a2b39b09d0626cb927d3ea46fe95313f07c144ecb3eb3e49feade4810000c01e4e7b9788058d59903b35fa9dc5db17b982b120e3fb20220a8d4e7f1f7f3b956d2010b63b1e2d4659d87230b82a55688dff6dd16dc66cdde5a87bdc8f4d51b2fe2ab2f0be0383b75c21b7b4583644ad52ceab9ac564616569994f723442840ff03c35e51f6af543fcf50351c4731039338c73aa77e84bead7fd907c8c20eb3ed7a3f791373d454e3c9edb5a499349d65e20a4b3345d0a0976cb0adce7022b4788e7dc43cf5ebc25310292b232dc9b855fa0208276aa90b318824a46d16241915d85b786fff7eec50368b5a8bdb7f5b56b6f9691dd0a3d29c9b4bc1df08aed46a20b78878100a9fa6ff2d42088ee3ebc24a52cac5e58c8437600820b01b63cd32df3bb9fff3120d4a92539d3061086c6ad875c192064dd5863185d62979e75e028f27caa2778f06ed09fbc4bf6e44a0d91c4fffa77476029702e5a11eb1c199197c9e7191b6df16e7e1c105c4c31b45882993aec2c5e24be6f76db13d3844c851700e3afaf9146a77de1e6fbe95ea2867354899b68af72b35f73c1fc4a9fe0cc489e9ca5bf6def3a3adf1c914a1af51ba1065aef23d163def8a9a2a6d556610d01c6a75c17d32054abff5856e5e600c598c4793bf78a45ae9d95f6d63f51b14d9bf1fc236ff8e20b1683cbf085881f02102152808e90c413521dd8567afa7d49146e7ab04f71836e6b48ed4f0498b4fba4da58a88b7e5b4708b59440f0e850b3369e88bd919259c128d3e7c1ba98b15071334f6bdfa1ae1e161a216feb484e193f2455894d801ab54b19ab98e56cadd298078b538e138268d9e54a024d0e9942b0455ff9cad9b4194154089100804d4899590ec3dd069c4b5d1c00a15c4d01c2a70e20c2f1a9a7c4e9956168e9be9c0607d831c79acfc35124bc50f66b14f40fa6840ab4a985e5cc8bc1b47a26aff86ebbb6700a7c2c4bc4d2b6bb9bde9bcdf33653f708f2a788bff0b06dfadd2a03b3cbad517cc0893899edeb719ca979e5f101ceb988a6ecde3293a0f7bb594f9ae4da0f9c641babd3ba08b6f0482170c6f6a617c289bdd3eef0b22d7821e9b4d0db69c911bf0d497afa296615c4512fd04de3712e180747938c599b67c72d8c6da06357110f5832557243732ab923fc3a1ee638ca3f63be66a176cbb2ef17e0fda978d5c632838ab9d46a0727ac13d2a34fde008f1c64381df25bae15d2e07bbabde7dcf1ae52832d3a29d35f1a574d537b3c54e90e04fdeb457096ff16b1e303af5a03175127cef21aed4707f9075f9eb4f8848269309b2ea3f0d0f857dab52295d4a67e720c09bf65eae5d3af8630319038a2cf9b686d8ab9e0f302f7cd82f4509c714013571755e826dbd4318f29af2ac4bf5cf10e1730b68bc4d76afb4c0069558b6a123819902db6559d324b3a0be37366b55bc1fae61e8915483a63268c680cf106e65b21a2e7aa64c45d884ac1d292111539922dae26e981cd0baa51f579125cad15a24ce6312240719728deda09925f8a70f83a4d7bf61f63b041430e4a3048c948d027d1b8cf5f222dd9952a1207f38615a416e9152d47562c34d8de482a26b91a8abf8f26a7ffff06bb313ee15c609a9340ac54561e019509a318add4ae7bb0b8afa30bf15f91f6da5ef00c42c3af8c54e142744d2488dfed55a52226bc83d8008cc2f3f8993ae3355673f7e2eb24a0495bc022f0b9f376d42fd378cae93776ac9204a8e7c5f1946f44df559b5ecd3431cd0edc4f8d9844bde01b2fb6f2f676e7c0d1685562dccb428fef5bb6ed603003a81de62bef6adfb3e243a8c799f36121880dcfc8c534a116c62119c2cbf409f98de3e1a398086fa1778c0e9d8ff38de5b2cac78c026b2e667590530747cbe55402807f89d21a0bcae6b3b3a4093ec3962cdbf44622e66795210849b451f2d2871ccf2893e647810be2aa7093db19b2835f2f01128b331ba75c1526b1c9484eb0522e4bd8c21fb71c8328e192486d6ff2c5a61e97c938cac905dd27940d68bb1477165482cd02711ecb5ca9752899e21fdf9b26ee444c34f3c008e500374b903c489ab55fa6af0dc3b10131dfcfecd2f2dc78fa5cc4091dde21834eb52fd2457b9a7d4a297ec5085652587eaf9e661e6bf0cf29b98685814c1d7ec0183b855fb782ef7559366b34a607a285205d6be24c1d5783c101c30a55f413d3d16a698ed99f12c7a0bbd83c7ea9ba71b6440c176110e3cc087f6c39eecb16b6c34cdce48bfcf3714350e9c619a285f9a882a1ee1d6da2ae35ef7f5c4704f297371ace9a959102ea8d5b7b10cabbbd6046b558e93da8cfa6c2f8ba950956a48d02a4f05344b0fd45faa4484eb609518e491e666df10d485f7e1933b6dffb6d3273f1c2de683d031214b73ce90c0c141757dcd6b18b4c58df23e1ef305ab3f56ea178aeaf9626c8a044359a7869dc9e411f36e0561afbc7c16d4f95a5c904eff28e405a7023af20df085e6912c0e6cf57fd30d09af51ea67e99bb659f57465eab425f2acaffbe650c4e426672e6e14fa58cac1395dc8a76e80e9429908b29ff9560550da53e0c40483dc488a72a297ceecd18d10620de47fa9d925037714dff55c073883de47fed3349a0b41a29f9eacda9c9c3c4b55d6558e4201c3c45f90e3cd708c2b5863b43ce9d90bf333e9aadba313a8be022a350cbbfc20c91e6ebd5803c4abf5267118a633ecb586c0c9555321cf622e6061f78895855c2aeb4565c58c604f3ca60718cd23198150e9d93bf014bb2b5690b34315944fb1ec21a0445c8795aaf5dde4a64ecc56b62fb1305248949cb3b320eb537db2b874141c48ef3500a6775a0b8493790838cf6b238f1e6823afbb05d45c9cdc898412922189e1e536565fbf5020b73393b9c3c846aa3efd3c3dc314aaa9ad543509a776a42ffd64fecc83c5fde774fd68eada1ed419c5bcf554d27f071b6f69d1c36e266c8bd78220e9f5e4ca09e28616952aaa689c9bcaef43691e42ea399a6c9df21f027a8ca03093f297b4794d2ce9f4f54c243f88e2e8a42eb0ec2ddbf14d050ab1527527e7f249ab9557f356af17787fe8b3ba16d8bc4485220635add92e29b053727235c287ee9eabee2f990bbea322bdc513a4004db67f30128032fb2b1a0e46c03803af61c0a5d5afa0e2ebeb4b01bd97dc7748c7dd233ecf69df127d570007c51b792273e3a1e8fe30bfb227f63c6074b261d3c6e70c566be0098a5b9c733d6ad96246a740dca189a58ebd27fd52a252e2cb566303c2787316aea972b1adc87385012915c628bc761634b1988fb02e136e140e576dd2e574ba638bd1624436af2318eea1fbfcd5b9fa2860efb7559a35d98057562ef2a436b570cb21cdef1f1ece864fefe1ef191a293bfd7f9205218d1674e46af1cc505f5be8cd152b8efdfec338dee8387f8290b1325ece968f7c54e94313b97f5a0da33b72ff893d7cf7fc93b073dff5c763690408e273396b52f2111e105e232be901c484274dc067e71d55f77271d9e1d793c7bd1bd5360d42306b14a6c2097ea7ffe4ad9ee70b15202c54357b0d73d24aafe81012ff33dec0d11a6e9af2d5120249f6b95438832127a5d977ed341523b35e83ad2ca3ddec5d16a6ca7602d3966d55ccba220cd9e97343973f53eb0ef89f5d19647a0028e15ef9c5cd95c6c87948a7ca94e66a0ca3cd7602a315b4cec8de6908336cc3a1cd68c6ce8b3c9d5c01d03156d6b2e40249772316bfb7aeb5ed43c5eee80485e59635ca5dcbc28db3f599c2c77e71062709a9508b7b73b1eeb6ca37d35951b7ef4a6316c4802e33bbb8869d001b03223cbcfc082b6c64fdaf64241785c18995b3e7e593985e9fb648140a4ea29f748066586ecc7fb24fa350badf634ef16d1c430c8b26a538df16a08ace056fb90b21dfe75fb7585306f06d9fd69a5694c51667f3c8da432df1bf9295d87f5cc13e3baf86503306ddf58990810032e30177f85b40e73b49dac4a4b3463633907fd847b224ad961a552b36a7a9450d38b7a56e0e978050bbe006300f4cc8093c2ce2d20030a67972e8407968b07879677cbbdda66c187fd7d66afcc12533be73938f0836df38412815337c7afd8a75bf13feaf36a49b59ef6c22bb702e615973985ab632ae09bacb87e089b5706caff6791600b7551c186499d2e084d32b849b5e2ab3fc26f9862fb2212a30907281c6600bbb77d6f2d58883c293ef549bd98851e35784d306b31ae84e81a6612e3489a01e078587e68441631d406fa11a3b4b1b0699aa400b4f5f83211895221b8037cd87a1b05c3c48fb6b0c864a7b42110d551d02935ef05c8bb60de787f6fedd883f3477a702796252163c19b47983c5b70b4f375f425d3c32bc4b9e868ad9fef1ac540f54f55418aac01735b54ea82abad69fb1832ec4d58536ed790259fbb0194e2c15", 0xff1}], 0x1, &(0x7f00000011c0)=[@sndinfo={0x1c}], 0x1c}, 0x0) 09:45:39 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x4) 09:45:39 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000240), 0xc) 09:45:39 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000240)={&(0x7f00000002c0)=@in6={0x1c, 0x1c, 0x2}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000440)='#', 0x1}], 0x1}, 0x0) [ 1012.111565][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 1012.118447][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1012.831462][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 1012.838862][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1014.193650][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1014.200317][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1014.921306][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 1014.928260][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1016.271198][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 1016.991026][ T1265] Bluetooth: hci7: command 0x1009 tx timeout 09:45:48 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5424, &(0x7f0000000000)=0x32) 09:45:49 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5450, &(0x7f0000000000)=0x32) 09:45:49 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x4) 09:45:49 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000000)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x1}, 0xf, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRESOCT, @ANYBLOB="53fa224af0accdb50080fed14b90ea2240dd191fda234ee85f35193e6c8bbca4a028d3806c3e0847c1c3f76a15eed1133e52e2d080fa21e04b4034077f31d44f0d6d7da447c98549be9f93e3e41ef46124ef7cf532168968cfee05dc689093a96c04278f87b45375fedc1450d6e59a212d1691d357621ac41e231e8704d0d782f1b2435dddd73d4aba73d9b54943b9a1e529189bf6cd3a8215ebfe3f349172d3f42b7978c06d8a41371a5b521945fba31dd46048dd379f4976b5e7784eeaaed041c75f7a7232d8061573614d92c5e030206c7f78496a3be94cc1106bb45a94e3b2322bfb7866eab50d6bc0b23c", @ANYRESOCT, @ANYRES16, @ANYRES32, @ANYRES64, @ANYRESHEX], 0x14}, 0x0) 09:45:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/164, 0xa4}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000240)=""/125, 0x7d}, {0x0}], 0x2}, 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0xffffff68, 0x0, 0x0, 0x800e005dd) shutdown(r2, 0x0) shutdown(r3, 0x0) 09:45:49 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000500)={&(0x7f0000000140)=@in={0x10, 0x2}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="1c", 0x1}], 0x1, &(0x7f00000004c0)=[@sndrcv={0x2c}], 0x2c}, 0x0) 09:45:49 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f0000003880)=[{&(0x7f0000001240)='F', 0x1}], 0x1}, 0x0) [ 1020.989165][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) 09:45:49 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000280), &(0x7f0000000340)=0x98) 09:45:49 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000380)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x14}, 0x20100) 09:45:49 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x4) 09:45:49 executing program 3: select(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000016c0)=""/126, 0x7e}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/237, 0xed}, {0x0}], 0x2}, 0x40002) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xbf9d, 0x0, 0x0, 0x800e00599) shutdown(r1, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)) select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000180), 0x0) shutdown(r2, 0x0) 09:45:49 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x4) [ 1022.430687][T14927] Bluetooth: hci6: command 0x1003 tx timeout [ 1022.438183][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1022.990537][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 1022.997121][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1024.510404][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 1024.517018][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1025.070269][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 1025.077204][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1026.590284][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 1027.150076][T10442] Bluetooth: hci7: command 0x1009 tx timeout 09:45:58 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5425, &(0x7f0000000000)=0x32) 09:45:59 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5451, &(0x7f0000000000)=0x32) 09:45:59 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) sendto$inet6(r1, &(0x7f0000000640)="99", 0x1, 0x0, &(0x7f00000000c0)={0x1c, 0x1c, 0x3}, 0x1c) sendto(r1, &(0x7f0000000180)="9f", 0x1, 0x0, 0x0, 0x0) 09:45:59 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x4) 09:45:59 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f000001a700)=""/102400, 0x19000, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r3, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) readv(r1, &(0x7f0000000340)=[{&(0x7f0000000680)=""/37, 0x25}], 0x1) recvfrom$inet(r2, 0x0, 0x1e51de7a2ef3af5, 0x0, 0x0, 0x800e0072e) shutdown(r1, 0x0) ppoll(&(0x7f00000000c0)=[{}], 0x1, &(0x7f0000000100)={0x6}, 0x0, 0x0) shutdown(r2, 0x0) 09:45:59 executing program 3: select(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000016c0)=""/126, 0x7e}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=""/4096}], 0x2f, 0x0, 0xffffffffffffffed}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xbf9d, 0x0, 0x0, 0x800e00599) shutdown(r1, 0x0) select(0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r2, 0x0) [ 1031.198237][T11096] Bluetooth: hci7: Frame reassembly failed (-84) 09:45:59 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x4) 09:45:59 executing program 0: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0x40, &(0x7f0000000140)='cubic\x00', 0x4) 09:45:59 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x19, &(0x7f0000000000), 0x8) 09:45:59 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x4) 09:45:59 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) setsockopt$sock_linger(r0, 0xffff, 0x80, &(0x7f0000000300), 0x8) 09:45:59 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x4) [ 1032.589597][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 1032.596772][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1033.229497][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1033.236337][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1034.679392][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1034.685979][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1035.309408][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 1035.316421][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1036.749149][T10442] Bluetooth: hci6: command 0x1009 tx timeout [ 1037.389109][T13921] Bluetooth: hci7: command 0x1009 tx timeout 09:46:08 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5427, &(0x7f0000000000)=0x32) 09:46:09 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5452, &(0x7f0000000000)=0x32) 09:46:09 executing program 0: r0 = socket(0x1c, 0x10000001, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x8002, &(0x7f0000000140), 0xd6) 09:46:09 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x4) 09:46:09 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f00000001c0)={0x10, 0x2}, 0x10) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r0, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00', @ANYRES32=0x0], &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000140), &(0x7f0000000100)=0xc) 09:46:09 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind(r0, &(0x7f0000000140)=@un=@file={0xa}, 0xa) 09:46:09 executing program 0: select(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000016c0)=""/126, 0x7e}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/237, 0xed}, {0x0}], 0x2}, 0x40002) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0xbf9d, 0x0, 0x0, 0x800e00599) shutdown(0xffffffffffffffff, 0x0) select(0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r2, 0x0) 09:46:09 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x20100) close(r0) [ 1041.502052][T10154] Bluetooth: hci7: Frame reassembly failed (-84) 09:46:09 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x4) 09:46:09 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=[{0x10}], 0x10}, 0x109) 09:46:09 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000240)="d7", 0x1}], 0x1, &(0x7f0000000640)=[@authinfo={0x10}], 0x10}, 0x0) 09:46:09 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xf1a}, 0x14) [ 1042.908590][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 1042.916068][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1043.548647][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 1043.555754][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1044.988434][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1044.994915][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1045.628318][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1045.634858][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1047.078326][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 1047.708222][T10442] Bluetooth: hci7: command 0x1009 tx timeout 09:46:19 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5428, &(0x7f0000000000)=0x32) [ 1051.078456][T11096] Bluetooth: hci6: Frame reassembly failed (-84) 09:46:19 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x545d, &(0x7f0000000000)=0x32) 09:46:19 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x4) 09:46:19 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x104, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 09:46:19 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000500)={&(0x7f0000000140)=@in={0x10, 0x2}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="1c", 0x1}], 0x1}, 0x0) 09:46:19 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f0000000280), 0x8) 09:46:19 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x4) 09:46:19 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) bind(r0, &(0x7f0000000100)=@in6={0x1c, 0x1c}, 0x1c) [ 1051.723867][ T1136] Bluetooth: hci7: Frame reassembly failed (-84) 09:46:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000340)=""/66, 0x42}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) recvfrom$unix(r1, &(0x7f0000001700)=""/102400, 0x19000, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/83, 0x53}], 0x1f) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0x16918a88e5dfbfd, 0x0, 0x0, 0x800e0079e) shutdown(r2, 0x0) recvmsg(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/92, 0x5c}, {0x0}], 0x2}, 0x0) shutdown(r3, 0x0) 09:46:19 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) recvmsg(r0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x1) 09:46:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/164, 0xa4}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/125, 0x7d}, {0x0}, {0x0}], 0x3}, 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0xffffff68, 0x0, 0x0, 0x800e005dd) shutdown(r2, 0x0) shutdown(0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) shutdown(r3, 0x0) 09:46:20 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x4) [ 1053.147677][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 1053.155004][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1053.797718][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 1053.804405][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1054.108538][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.114949][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.227509][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 1055.235127][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1055.877525][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 1055.884727][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1057.307540][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 1057.947399][ T1052] Bluetooth: hci7: command 0x1009 tx timeout 09:46:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5429, &(0x7f0000000000)=0x32) [ 1061.310968][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) 09:46:29 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x4) 09:46:29 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000100)=0x88) 09:46:29 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000000), &(0x7f0000000140)=0x8) 09:46:29 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5460, &(0x7f0000000000)=0x32) 09:46:29 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) getsockopt$inet6_int(r1, 0x29, 0xa, 0x0, 0x0) 09:46:30 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000001600)="e2", 0x1, 0x0, &(0x7f0000001680)={0x10, 0x2}, 0x10) 09:46:30 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x4) 09:46:30 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000000), 0xc) 09:46:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) dup2(r0, r1) 09:46:30 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x12, &(0x7f00000001c0), 0x1) bind$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0xffffffffffffffd3, 0x2}, 0x10) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000080), 0x88) 09:46:30 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x4) [ 1063.386784][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1063.394038][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1064.036769][ T20] Bluetooth: hci7: command 0x1003 tx timeout [ 1064.044299][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1065.466566][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1065.473110][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1066.116588][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1066.123008][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1067.546483][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 1068.186403][ T20] Bluetooth: hci7: command 0x1009 tx timeout 09:46:39 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5437, &(0x7f0000000000)=0x32) 09:46:39 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x16, &(0x7f00000000c0), 0x8) 09:46:39 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000080)={0x1c, 0x1c, 0x3}, 0x1c) dup2(r1, r0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0)={0x0, @in, 0x0, 0x0, 0x182}, 0x98) 09:46:39 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r1, r0) getsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x1a, &(0x7f00000001c0), &(0x7f0000000200)=0x8) [ 1071.615369][ T1124] Bluetooth: hci6: Frame reassembly failed (-84) 09:46:40 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5501, &(0x7f0000000000)=0x32) 09:46:40 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x4) 09:46:40 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x900, &(0x7f0000000040), &(0x7f0000000080)=0x8) 09:46:40 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x10, 0x2}, 0x10) 09:46:40 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000001240)='A', 0x1}], 0x1, &(0x7f0000000240)=[@prinfo={0x14}], 0x14}, 0x0) 09:46:40 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f0000003880)=[{&(0x7f0000001240)='F', 0x1}], 0x1}, 0x0) shutdown(r0, 0x1) 09:46:40 executing program 3: msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x0, 0xffffffffffffffff}}) r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x24, &(0x7f0000000000)=0x1c00, 0xfe6a) 09:46:40 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x10, &(0x7f0000000040)=0x8, 0x4) [ 1072.286668][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1072.450223][T16521] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1073.625953][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 1073.633441][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 1074.345823][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1074.352712][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 1074.505849][ T1265] Bluetooth: hci8: command 0x1003 tx timeout [ 1074.512229][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 1075.705820][ T8552] Bluetooth: hci6: command 0x1001 tx timeout [ 1075.712387][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 1076.425676][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 1076.432623][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 1076.585650][ T1265] Bluetooth: hci8: command 0x1001 tx timeout [ 1076.592504][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 1077.785773][T14927] Bluetooth: hci6: command 0x1009 tx timeout [ 1078.505522][T14927] Bluetooth: hci7: command 0x1009 tx timeout [ 1078.665569][T14927] Bluetooth: hci8: command 0x1009 tx timeout 09:46:51 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5441, &(0x7f0000000000)=0x32) 09:46:51 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x4) 09:46:51 executing program 4: r0 = socket$inet6_udp(0x1c, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f0000000200)="ed47d71aadba686263ef4f95a920961d00b216479e2cf1562a65b92ab69b12b57540b9367ba39d85a412fd22bc64822b865876579b465286517d88e9fb30b71224db8efddf4e519c3bfa402d3648b8e336d4589f29f8978d4c9dcc1cd9", 0x5d, 0x0, 0x0, 0x0) 09:46:51 executing program 0: select(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000016c0)=""/126, 0x7e}], 0x1}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=""/4096}], 0x2f, 0x0, 0xffffffffffffffed}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xbf9d, 0x0, 0x0, 0x800e00599) shutdown(r0, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)) select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000180), 0x0) shutdown(r1, 0x0) 09:46:51 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5509, &(0x7f0000000000)=0x32) 09:46:51 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x1f, &(0x7f0000001540)=0x4, 0x4) recvmsg(r0, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001440)=""/190, 0xbe}, 0x1) [ 1083.094323][ T8] Bluetooth: hci6: Frame reassembly failed (-84) 09:46:51 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x1}, 0x1c) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000000280)={0x0, 0x0, 0x1, "19"}, 0x9) 09:46:51 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x400}, 0x14) 09:46:51 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x4) 09:46:51 executing program 4: r0 = socket(0x2, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x10, 0x2}, 0x10) 09:46:51 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x4) 09:46:51 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x14, &(0x7f0000000080)=ANY=[@ANYBLOB='\t\x00\x007'], 0x16) [ 1085.145128][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 1085.152099][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1085.305313][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 1085.312383][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1087.234850][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1087.241578][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1087.385051][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1087.391878][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1089.304783][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 1089.464817][T13921] Bluetooth: hci7: command 0x1009 tx timeout 09:47:01 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5448, &(0x7f0000000000)=0x32) 09:47:01 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000140), &(0x7f0000000100)=0xc) 09:47:01 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x103, &(0x7f0000002240)={0x0, 0x2, "aa14"}, &(0x7f0000000200)=0xa) 09:47:01 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x4) 09:47:01 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x6364, &(0x7f0000000000)=0x32) 09:47:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000280), 0x88) 09:47:01 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x4) 09:47:01 executing program 4: r0 = socket$inet6_tcp(0x1c, 0x1, 0x0) fcntl$setown(r0, 0x6, 0xffffffffffffffff) 09:47:01 executing program 3: mlock(&(0x7f00007fd000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000a84000/0x2000)=nil, 0xdf57bfff, 0x5) mprotect(&(0x7f0000cbd000/0x1000)=nil, 0x1000, 0x4) 09:47:02 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003940)=[{0x10}, {0x10}], 0x20}, 0x0) 09:47:02 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x4) 09:47:02 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f000001a700)=""/102400, 0x19000, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r3, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) readv(r1, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000180)=""/126, 0x7e}, {0x0}, {0x0}, {&(0x7f00000003c0)=""/74, 0x4a}, {0x0}, {0x0}, {0x0}], 0x8) recvfrom$inet(r2, 0x0, 0x1e51de7a2ef3af5, 0x0, 0x0, 0x800e0072e) shutdown(r1, 0x0) shutdown(r2, 0x0) [ 1095.384172][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 1095.391502][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1096.104186][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 1096.111112][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1097.473913][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1097.480785][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1098.183901][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1098.190852][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1099.543813][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 1100.263850][ T20] Bluetooth: hci7: command 0x1009 tx timeout 09:47:11 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5450, &(0x7f0000000000)=0x32) 09:47:11 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000240)={0x1c, 0x1c}, 0x1c) 09:47:11 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000001240), 0x8) 09:47:11 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x4) [ 1103.605130][ T8] Bluetooth: hci6: Frame reassembly failed (-84) 09:47:12 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8901, &(0x7f0000000000)=0x32) 09:47:12 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000002800)={0x10, 0x2}, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0x24, &(0x7f0000000480), &(0x7f0000000000)=0x98) 09:47:12 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@init={0x14}], 0x14}, 0x108) 09:47:12 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x4) 09:47:12 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, &(0x7f0000000000)={0x0, 0x4}, 0x8) 09:47:12 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x28, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f0000000280)=0x8) r2 = dup(r0) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x900, &(0x7f0000000000)={r1}, 0x8) 09:47:12 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f0000000000), 0x8) 09:47:13 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000180)=@in6={0x1c, 0x1c, 0x3}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000040)='\b', 0x1}], 0x1}, 0x0) [ 1105.633233][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 1105.640193][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1107.703071][ T7] Bluetooth: hci6: command 0x1001 tx timeout [ 1107.710067][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1109.782946][ T8552] Bluetooth: hci6: command 0x1009 tx timeout 09:47:21 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5451, &(0x7f0000000000)=0x32) 09:47:21 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8913, &(0x7f0000000000)=0x32) 09:47:21 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x4) 09:47:21 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) socket$inet_sctp(0x2, 0x0, 0x84) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendto(r0, &(0x7f0000000040)='?', 0x1, 0x20180, &(0x7f0000000140)=@in6={0x1c, 0x1c, 0x3}, 0x1c) 09:47:21 executing program 0: sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x3}, 0x1c) r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x24, &(0x7f0000000000)=0x1c00, 0xfe6a) 09:47:21 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) r2 = dup2(r1, r0) r3 = socket$inet6_sctp(0x1c, 0x1, 0x84) r4 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r4, &(0x7f0000000000)={0x1c, 0x1c, 0x1}, 0x1c) r5 = dup2(r4, r3) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x105, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x32, &(0x7f0000000080)={r6}, 0x8) [ 1113.830809][T11096] Bluetooth: hci6: Frame reassembly failed (-84) [ 1113.900326][T16800] Bluetooth: hci7: Frame reassembly failed (-84) 09:47:22 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x4) 09:47:22 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x1c, 0x1c, 0x3}, 0x1c) sendto(r1, 0x0, 0x0, 0x20100, 0x0, 0x0) 09:47:22 executing program 3: r0 = socket(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x10, 0x2}, 0x10) 09:47:22 executing program 4: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0x40, &(0x7f0000000200)='cdg\x00', 0x4) 09:47:22 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x4) 09:47:22 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=@in={0x10, 0x2}, 0x10) [ 1115.543357][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.549759][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 1115.862631][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 1115.868848][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1115.942664][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 1115.953136][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1117.942397][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1117.949459][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1118.022660][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1118.029119][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1120.032200][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 1120.112344][ T20] Bluetooth: hci7: command 0x1009 tx timeout 09:47:32 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5452, &(0x7f0000000000)=0x32) 09:47:32 executing program 3: sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c) r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x24, &(0x7f0000000000)=0x1c00, 0xfe6a) 09:47:32 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000240)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@prinfo={0x14}], 0x14}, 0x0) 09:47:32 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000080), &(0x7f00000000c0)=0xc) 09:47:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x4) 09:47:32 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8914, &(0x7f0000000000)=0x32) [ 1124.634331][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:47:32 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x20, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 09:47:32 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000200)={0x0, @in, 0x0, 0x0, 0x88}, 0x98) 09:47:32 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x545d, &(0x7f0000000000)=0x32) 09:47:32 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x29, &(0x7f0000000000), &(0x7f0000000040)=0x8) 09:47:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x4) 09:47:33 executing program 4: socket$inet_sctp(0x2, 0x1, 0x84) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000200)={&(0x7f0000000000)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20104, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000240)={0x0, 0x5600}, 0x10) sendmsg$inet_sctp(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0) 09:47:33 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x8002, &(0x7f0000000000), 0x98) 09:47:33 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000001c0)={0x0, @in, 0x0, 0x0, 0x3}, 0x98) [ 1124.935000][T11051] Bluetooth: hci7: sending frame failed (-49) 09:47:33 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) recvmsg(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x20002) 09:47:33 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x4) 09:47:33 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10) [ 1126.661695][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1126.669051][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1126.983000][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1126.989948][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1128.741575][T10442] Bluetooth: hci6: command 0x1001 tx timeout [ 1128.748854][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1129.071457][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1129.078048][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1130.821312][T10442] Bluetooth: hci6: command 0x1009 tx timeout [ 1131.141230][T10442] Bluetooth: hci7: command 0x1009 tx timeout 09:47:42 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8933, &(0x7f0000000000)=0x32) 09:47:42 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x5, &(0x7f0000000380), &(0x7f00000003c0)=0x4) 09:47:42 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x15, &(0x7f00000001c0), &(0x7f0000000200)=0x8) [ 1134.922774][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:47:43 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5460, &(0x7f0000000000)=0x32) 09:47:43 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000200)={0x1c, 0x1c}, 0x2c) 09:47:43 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x4) 09:47:43 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r0, &(0x7f0000000180)={0x1c, 0x1c, 0x2}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0x1c, 0x1c, 0x1}, 0x1c) 09:47:43 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c}, 0x1c) 09:47:43 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x6364, 0x4) [ 1135.580220][T16482] Bluetooth: hci7: Frame reassembly failed (-84) 09:47:43 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x0, 0x2}, 0x10) 09:47:43 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000240), 0xc) 09:47:43 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000003b40)={&(0x7f0000001200)=@in6={0x1c, 0x1c}, 0x1c, 0x0}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000300)={&(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000040)="a5", 0x1}], 0x1, &(0x7f0000000280)=[@dstaddrv6={0x1c, 0x84, 0xa, @remote={0xfe, 0x80, '\x00', 0x0}}, @sndrcv={0x2c}], 0x48}, 0x0) [ 1136.980782][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 1136.988133][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1137.630753][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 1137.638327][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1139.070774][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 1139.077144][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1139.710621][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1139.717186][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1141.140553][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 1141.780457][ T20] Bluetooth: hci7: command 0x1009 tx timeout 09:47:53 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8940, &(0x7f0000000000)=0x32) 09:47:53 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8912, 0x4) 09:47:53 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000480)={&(0x7f00000000c0)=@in6={0x1c, 0x1c, 0x2}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=[@prinfo={0x14}], 0x14}, 0x0) [ 1145.220792][ T8] Bluetooth: hci6: Frame reassembly failed (-84) 09:47:53 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x6364, &(0x7f0000000000)=0x32) 09:47:53 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) r2 = dup2(r0, r1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, 0x0, 0x0) 09:47:53 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000100)=""/164, 0xa4}], 0x1}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/125, 0x7d}, {0x0}, {0x0}, {0x0}], 0x4}, 0x2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r3, 0x0, 0xffffff68, 0x0, 0x0, 0x800e005dd) shutdown(r2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0xccf3, 0x0, 0x0, 0x800e00545) shutdown(r3, 0x0) 09:47:53 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x25, &(0x7f00000016c0)=ANY=[@ANYBLOB="0108"], &(0x7f00000000c0)=0x8) 09:47:53 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8913, 0x4) 09:47:53 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x720e}, 0x10) 09:47:53 executing program 4: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) bind(r0, &(0x7f0000000100)=@in={0x10, 0x2}, 0x10) 09:47:54 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8914, 0x4) [ 1145.846825][T16482] Bluetooth: hci7: Frame reassembly failed (-84) 09:47:54 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_int(r0, 0xffff, 0x1017, &(0x7f0000000040)=0x3ff, 0x4) [ 1147.300042][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1147.306851][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1147.860040][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 1147.867417][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1149.379888][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 1149.386853][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1149.939808][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1149.946469][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1151.459821][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 1152.019746][ T1052] Bluetooth: hci7: command 0x1009 tx timeout 09:48:03 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8982, &(0x7f0000000000)=0x32) 09:48:03 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvfrom$unix(r0, &(0x7f000001a700)=""/102400, 0x19000, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet6_sctp(0x1c, 0x1, 0x84) connect$inet6(r3, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c) recvfrom$inet(r2, 0x0, 0x1e51de7a2ef3af5, 0x0, 0x0, 0x800e0072e) shutdown(r1, 0x0) socket(0x2, 0x1, 0x0) shutdown(r2, 0x0) 09:48:03 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000001240)={0x0, 0x0, 0x1, 'f'}, 0x9) [ 1155.398771][T16828] Bluetooth: hci6: Frame reassembly failed (-84) 09:48:04 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8912, &(0x7f0000000000)=0x32) 09:48:04 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8933, 0x4) 09:48:04 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000140)=0x14) 09:48:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r0, &(0x7f0000000440)=[{&(0x7f0000000280)=""/112, 0x70}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) r2 = socket$inet_udplite(0x2, 0x2, 0x88) poll(0x0, 0x0, 0x0) recvfrom$inet(r2, 0x0, 0xccf3, 0x40042, 0x0, 0x800e005b2) shutdown(r2, 0x0) 09:48:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000900)={&(0x7f00000007c0), 0xc, &(0x7f00000008c0)={0x0}}, 0x4048811) 09:48:04 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8936, 0x4) [ 1156.061443][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) 09:48:04 executing program 0: syz_open_dev$vcsa(&(0x7f0000000800), 0x6, 0x113040) 09:48:04 executing program 0: openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000003700), 0xa0000, 0x0) 09:48:04 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x89f0, 0x4) [ 1157.459347][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1157.466484][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1158.109327][ T20] Bluetooth: hci7: command 0x1003 tx timeout [ 1158.115933][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1159.539209][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1159.545892][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1160.179322][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 1160.187895][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1161.620189][T10442] Bluetooth: hci6: command 0x1009 tx timeout [ 1162.259060][T10442] Bluetooth: hci7: command 0x1009 tx timeout 09:48:13 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x89e6, &(0x7f0000000000)=0x32) 09:48:13 executing program 4: openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) syz_open_dev$vcsa(&(0x7f0000000800), 0x0, 0x113040) syz_genetlink_get_family_id$nl80211(&(0x7f00000009c0), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a40), 0xffffffffffffffff) 09:48:13 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0x1c, 0x1, 0x84) dup2(r0, r1) 09:48:14 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8913, &(0x7f0000000000)=0x32) 09:48:14 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae01, 0x4) 09:48:14 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = socket$inet6_sctp(0x1c, 0x5, 0x84) connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x1}, 0x1c) r2 = dup2(r1, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x32, &(0x7f0000000100)={r3, 0x5000}, 0x8) 09:48:14 executing program 0: openat$btrfs_control(0xffffffffffffff9c, 0x0, 0xa0000, 0x0) 09:48:14 executing program 4: pipe2(&(0x7f0000000000), 0x0) pipe2(&(0x7f0000000180), 0x0) 09:48:14 executing program 0: syz_open_dev$sndctrl(&(0x7f0000001040), 0x0, 0xc0000) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, 0x0) [ 1166.289499][T16828] Bluetooth: hci7: Frame reassembly failed (-84) 09:48:14 executing program 4: syz_mount_image$afs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x2, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}}) 09:48:14 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae41, 0x4) 09:48:14 executing program 3: write$input_event(0xffffffffffffffff, 0x0, 0x0) [ 1166.455564][T17223] 9pnet: Insufficient options for proto=fd [ 1166.482601][T17226] 9pnet: Insufficient options for proto=fd [ 1167.778673][T13921] Bluetooth: hci6: command 0x1003 tx timeout [ 1167.785877][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1168.338552][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 1168.345787][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1169.858333][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1169.864703][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1170.418426][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 1170.425168][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1171.938231][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 1172.498328][T10442] Bluetooth: hci7: command 0x1009 tx timeout 09:48:24 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x89ed, &(0x7f0000000000)=0x32) 09:48:24 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae60, 0x4) 09:48:24 executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f0000001d40), 0xffffffffffffffff) 09:48:24 executing program 3: syz_open_dev$dri(&(0x7f0000000400), 0x0, 0x8501) 09:48:24 executing program 4: timer_create(0x0, &(0x7f0000002040)={0x0, 0x0, 0x2}, 0x0) 09:48:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8914, &(0x7f0000000000)=0x32) [ 1176.627246][ T1124] Bluetooth: hci6: Frame reassembly failed (-84) 09:48:24 executing program 3: landlock_create_ruleset(&(0x7f0000000000)={0x80}, 0x27, 0x0) 09:48:24 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000080)={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "35d2abb7"}, 0x0, 0x0, @userptr}) 09:48:24 executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000000)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x0, 0x0, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}) [ 1176.731728][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) 09:48:24 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae80, 0x4) 09:48:25 executing program 3: socketpair(0x29, 0x0, 0x0, &(0x7f00000003c0)) 09:48:25 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x0, 0xc1}, 0x40) [ 1176.988218][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1176.994626][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.657691][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1178.665480][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1178.737706][ T20] Bluetooth: hci7: command 0x1003 tx timeout [ 1178.744403][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1180.737641][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1180.744319][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1180.817567][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1180.824198][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1182.817342][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 1182.907431][ T20] Bluetooth: hci7: command 0x1009 tx timeout 09:48:35 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xae01, &(0x7f0000000000)=0x32) 09:48:35 executing program 0: openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000dc0), 0x0, 0x0) 09:48:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xf504, 0x4) 09:48:35 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @rand_addr=0xff}]}, &(0x7f0000000240)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000000c0)={r2}, 0x8) 09:48:35 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0x5) setuid(r2) fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_access\x00') 09:48:35 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8933, &(0x7f0000000000)=0x32) 09:48:35 executing program 3: r0 = socket(0x1e, 0x1, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000000), r0) 09:48:35 executing program 0: syz_mount_image$tmpfs(&(0x7f00000002c0), &(0x7f0000000400)='./bus\x00', 0x0, 0x4d, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000040)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000080)=ANY=[], 0x208e24b) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) 09:48:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448c9, 0x4) [ 1187.559203][ T8] Bluetooth: hci6: Frame reassembly failed (-84) 09:48:35 executing program 3: syz_open_dev$usbmon(&(0x7f00000001c0), 0x0, 0x2) 09:48:36 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448dd, 0x4) 09:48:36 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000400), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r0, 0xc02064cc, &(0x7f0000000080)) [ 1189.616958][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 1189.624902][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1189.632488][T13921] Bluetooth: hci6: command 0x1003 tx timeout [ 1189.639227][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1191.696845][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1191.703518][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1191.711478][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1191.718174][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1193.786645][T13921] Bluetooth: hci7: command 0x1009 tx timeout [ 1193.792752][T13921] Bluetooth: hci6: command 0x1009 tx timeout 09:48:46 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xae41, &(0x7f0000000000)=0x32) 09:48:46 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0xa, 0x0, &(0x7f0000000600)) 09:48:46 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x4) 09:48:46 executing program 0: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x0, @sdr}) 09:48:46 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x8, 'ip6erspan0\x00', {'xfrm0\x00'}}) socketpair(0x9, 0x0, 0x0, &(0x7f00000015c0)) 09:48:46 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x89fb, &(0x7f0000000000)=0x32) 09:48:46 executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) 09:48:46 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x4) [ 1198.330201][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1198.357465][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) 09:48:46 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "c9e383050d0788236ffaef6df2cbae64081930b5743388ea7fd3202b78429eddf951e2f53c077c93e1de7b17323d14bbd554ec194ec9788a46f24578c2d8b76a"}, 0x48, 0xffffffffffffffff) keyctl$search(0x1d, r0, 0x0, 0x0, 0xfffffffffffffffe) 09:48:46 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000740), 0x0, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f00000000c0)={0x0, 0x0, 0x11, &(0x7f0000000000)="8ac4ea813c1f1c798db4dbb0a4c513a48c"}) 09:48:46 executing program 3: r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000008c40)=[{&(0x7f0000002380)=@in={0x2, 0x4e23, @local}, 0x10, &(0x7f0000002780)=[{&(0x7f00000023c0)='i', 0x1}, {0x0}], 0x2, &(0x7f0000002940)=[@prinfo={0x18}, @init={0x18, 0x84, 0x0, {0x5444, 0x0, 0x0, 0x7}}], 0x30}, {0x0, 0x0, 0x0}, {0x0, 0x0, &(0x7f0000004800)=[{0x0}], 0x1, 0x0, 0x0, 0x4040002}, {0x0, 0x0, &(0x7f0000004ac0)=[{0x0}], 0x1, &(0x7f0000004b00)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x8}}], 0x18}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}], 0x5, 0x14) 09:48:46 executing program 0: r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x9, 0x0, &(0x7f0000000600)) [ 1200.416253][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1200.423301][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1200.430027][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 1200.436259][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1202.496040][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1202.503070][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1202.516809][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1202.523150][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1204.575867][T13921] Bluetooth: hci7: command 0x1009 tx timeout [ 1204.582020][T13921] Bluetooth: hci6: command 0x1009 tx timeout 09:48:57 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xae60, &(0x7f0000000000)=0x32) 09:48:57 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400454ca, 0x4) 09:48:57 executing program 4: r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000004cc0), 0x0) flock(r0, 0x8) 09:48:57 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x601, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x38) 09:48:57 executing program 0: r0 = socket(0x2a, 0x2, 0x0) sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x1) 09:48:57 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xae01, &(0x7f0000000000)=0x32) 09:48:57 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000000)={'bond_slave_1\x00', @ifru_map}) [ 1209.241282][ T1136] Bluetooth: hci7: Frame reassembly failed (-84) 09:48:57 executing program 4: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) 09:48:57 executing program 3: r0 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x8902, &(0x7f0000000000)) 09:48:57 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x4) 09:48:57 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020) 09:48:57 executing program 0: keyctl$search(0xa, 0x0, &(0x7f0000000180)='syzkaller\x00', &(0x7f00000001c0)={'syz', 0x1}, 0x0) [ 1211.135398][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 1211.142757][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1211.295475][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1211.301696][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1213.225294][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1213.232151][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1213.375239][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1213.382425][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1215.295077][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 1215.455134][ T20] Bluetooth: hci7: command 0x1009 tx timeout 09:49:08 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xae80, &(0x7f0000000000)=0x32) 09:49:08 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x18, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 09:49:08 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x4) 09:49:08 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x1f03a000) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0x77, &(0x7f0000000580), 0x8f00) 09:49:08 executing program 0: r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, r1) r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r2) keyctl$search(0xa, r3, &(0x7f0000000300)='dns_resolver\x00', &(0x7f0000000340)={'syz', 0x1}, 0x0) 09:49:08 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xae41, &(0x7f0000000000)=0x32) 09:49:08 executing program 0: syz_mount_image$qnx6(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000000240)={[], [{@uid_eq}]}) 09:49:08 executing program 3: r0 = socket$rds(0x15, 0x5, 0x0) setsockopt(r0, 0x0, 0x0, 0x0, 0x0) [ 1220.035700][T11339] Bluetooth: hci6: sending frame failed (-49) 09:49:08 executing program 4: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x10) 09:49:08 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40082404, 0x4) [ 1220.184534][T17527] qnx6: invalid mount options. 09:49:08 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000200)=0x100000, 0x4) [ 1220.265949][T17527] qnx6: invalid mount options. 09:49:08 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_mount_image$xfs(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000000240), 0x3, &(0x7f0000000280)) [ 1220.549383][T17550] XFS (loop0): Invalid superblock magic number [ 1222.094603][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1222.101575][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1222.174611][ T20] Bluetooth: hci7: command 0x1003 tx timeout [ 1222.182388][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1224.174456][T10442] Bluetooth: hci6: command 0x1001 tx timeout [ 1224.181101][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1224.264580][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 1224.270690][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1226.254426][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 1226.334387][ T1052] Bluetooth: hci7: command 0x1009 tx timeout 09:49:18 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x400448c9, &(0x7f0000000000)=0x32) 09:49:18 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x44, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x40) 09:49:18 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40082406, 0x4) 09:49:18 executing program 3: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000000000/0x13000)=nil, 0x4000) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x222000, 0x1000}, 0x18) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00007, 0x0, 0x0, 0x0, 0x10000000002) syz_open_dev$ttys(0xc, 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, r0, 0x0) 09:49:18 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="be8c5ddcc9678079f2f625bf793419d4bcde8f4e81f1910f41f56dd6ae8e4e944c890c253671a3567078bc5c3415bdfd", 0x30) r1 = accept(r0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001080)=""/48, 0x30}, {&(0x7f00000010c0)=""/206, 0xce}, {&(0x7f00000011c0)=""/107, 0x6b}], 0x3}}], 0x1, 0x0, 0x0) sendmsg$unix(r1, &(0x7f0000003ec0)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000340)="04b6e329e01d4acf3c27cffcf9789495a0c921ee93583c6ffe1b4c1af7b65d85e7cf947b2a2d5ea7346d597f1de81abdae2dc35f926c3672663d012b2cb90d0cc871d6a70fa272eb07f49878b7c8effd70de72618cea4aa97095ffad09bf15a1ff6a2d9dd4699c35f866ef42dc522f64a7", 0x71}, {&(0x7f0000000640)="81fb3c881db00fa6fbd0f5378758b3c396a915c39158b51b8ec29e0fb1c9c5e616da44b2c1a8299b8dd8bab6621fe6e9ef1bc5b3f0c85a4e887ea4695bedf108fff033f65034032a876a6e46ff19b5e1caa3c596d7e66f7ccb", 0x59}, {&(0x7f00000006c0)="1bebbf265f3f70ec34b6ec91ffd08630f20fb74cbfa154246cb2c2c32f2fff666f33664c062ddbbcdc030e6dd840eb400dbd78954735e85db96fd94297d6e617d5a3dd837bc04e34a37b49981790cfe276186cde8aa480a7af74f566a7ae21840e45e31051415e7f6e4799e277b74c2f2bb95f9bf6ed013b22b1583a942f3eaf8aa3ba475923de894855463455c98da53ea49b4ae65e4ae21f620cf76e7f13", 0x9f}], 0x3}, 0x480c4) 09:49:18 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x400448c9, &(0x7f0000000000)=0x32) [ 1230.880133][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:49:19 executing program 4: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0285628, &(0x7f0000000000)={0x0, @raw_data="508c1ad0cf6f0727870b0b6f53f028b25ac5a209451cc640b98b93122469000000000000b577c2c5692301dc41aa961dd2129740855d8ab7c858b8faa807f31daede64f5734409a4a5ccc38fdbd21541f6fec73fd9f625da05ff8e30712a04ef92d335c3f2a512775a20bd9f5baaef8f6687f5080ffd4165b8f4ceb148dc2c00ff77c78f045c7deaca361654cee3032648da40a61ddd1db24fab8a792e7cabc5af5bf5b4b0d5369667c15248df9c3df776ff61b8c3cdc87ecaf1a6694e8641ecf994b400"}) [ 1230.964001][ T8] Bluetooth: hci7: Frame reassembly failed (-84) 09:49:19 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x4) 09:49:19 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./bus\x00', 0x0, 0x1000806, 0x0) [ 1231.232128][T17639] loop4: detected capacity change from 0 to 69632 [ 1231.270773][T17639] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:49:19 executing program 3: openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x20d00, 0x0) 09:49:19 executing program 0: r0 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "c9e383050d0788236ffaef6df2cbae64081930b5743388ea7fd3202b78429eddf951e2f53c077c93e1de7b17323d14bbd554ec194ec9788a46f24578c2d8b76a"}, 0x48, 0xffffffffffffffff) keyctl$search(0x4, r0, &(0x7f0000000000)='dns_resolver\x00', 0x0, 0xfffffffffffffffe) [ 1231.299356][T17639] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) 09:49:19 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./bus\x00', 0x0, 0x1000806, 0x0) [ 1231.656660][T17666] loop4: detected capacity change from 0 to 69632 [ 1231.696835][T17666] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1231.727964][T17666] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1232.904340][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 1232.911648][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1232.984116][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1232.991152][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1234.973965][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1234.980899][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1235.054112][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1235.060227][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1237.053806][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 1237.133712][ T1052] Bluetooth: hci7: command 0x1009 tx timeout [ 1238.414385][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.420687][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 09:49:29 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x400448dd, &(0x7f0000000000)=0x32) 09:49:29 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40186366, 0x4) 09:49:29 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000003c0)={'tunl0\x00', &(0x7f0000000280)={'gretap0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}}}}) 09:49:29 executing program 0: perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptp0(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0x43403d05, 0x0) 09:49:29 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./bus\x00', 0x0, 0x1000806, 0x0) 09:49:29 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x400448dd, &(0x7f0000000000)=0x32) [ 1241.196287][T17690] loop4: detected capacity change from 0 to 69632 09:49:29 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @rand_addr=0xff}]}, &(0x7f0000000240)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x76, &(0x7f00000000c0)={r2}, 0x8) [ 1241.279872][T17690] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:49:29 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./bus\x00', 0x0, 0x1000806, 0x0) 09:49:29 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x401c5820, 0x4) 09:49:29 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0x10, &(0x7f0000000580), 0x8f00) [ 1241.396904][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) 09:49:29 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x4) [ 1241.543758][T17726] loop4: detected capacity change from 0 to 69632 09:49:29 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001180)={0x18, 0x1, &(0x7f0000000080)=@raw=[@func], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x1000, &(0x7f0000000100)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 1241.593322][T17726] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1243.373588][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 1243.380428][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1243.463193][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1243.470092][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1245.453529][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1245.460508][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1245.533092][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 1245.539163][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1247.533378][ T8552] Bluetooth: hci6: command 0x1009 tx timeout [ 1247.615838][ T8552] Bluetooth: hci7: command 0x1009 tx timeout 09:49:40 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40045431, &(0x7f0000000000)=0x32) 09:49:40 executing program 0: openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080), 0x62601, 0x0) 09:49:40 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:49:40 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x50009418, 0x4) 09:49:40 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000140), 0x4) 09:49:40 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x400454ca, &(0x7f0000000000)=0x32) [ 1252.028170][T17771] loop4: detected capacity change from 0 to 69632 09:49:40 executing program 0: r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, &(0x7f00000000c0)) 09:49:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$netlink(r0, 0x10e, 0x3, 0x0, &(0x7f0000000100)) [ 1252.146310][T17771] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:49:40 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x4) 09:49:40 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:49:40 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x4) 09:49:40 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000740), 0x0, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, 0x0) [ 1252.469469][T17810] loop4: detected capacity change from 0 to 69632 [ 1252.524176][T17810] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1252.558324][T17810] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1254.172612][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 1254.172660][ T8552] Bluetooth: hci7: command 0x1003 tx timeout [ 1254.173438][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1254.179695][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 1256.252462][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 1256.252541][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1256.259264][ T6581] Bluetooth: hci6: sending frame failed (-49) [ 1256.265543][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1258.332472][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 1258.332495][ T8552] Bluetooth: hci7: command 0x1009 tx timeout 09:49:50 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x400454ca, &(0x7f0000000000)=0x32) 09:49:50 executing program 0: perf_event_open$cgroup(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:49:50 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x4) 09:49:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@key_params=[@NL80211_ATTR_KEY_IDX={0x5}]]}, 0x28}}, 0x0) 09:49:50 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) 09:49:51 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40049409, &(0x7f0000000000)=0x32) [ 1262.925137][T17850] loop4: detected capacity change from 0 to 69632 09:49:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$netlink(r0, 0x10e, 0x0, 0x0, &(0x7f0000000340)) 09:49:51 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, 0x0) 09:49:51 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4004550a, &(0x7f0000000000)=0x32) [ 1263.054132][T17850] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:49:51 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x4) 09:49:51 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x8902, &(0x7f0000002540)={'ip6gre0\x00', 0x0}) 09:49:51 executing program 3: syz_open_procfs$namespace(0x0, &(0x7f0000002200)='ns/time\x00') 09:49:51 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) 09:49:51 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x4) 09:49:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r1, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_COOKIE={0xc}]}, 0x20}}, 0x0) 09:49:51 executing program 0: r0 = socket(0x2, 0x80805, 0x0) listen(r0, 0x3ff) sendmmsg$inet_sctp(r0, &(0x7f0000008c40)=[{&(0x7f0000002380)=@in={0x2, 0x0, @remote}, 0x10, &(0x7f0000002780)=[{&(0x7f00000023c0)='i', 0x1}], 0x1, &(0x7f0000002940)=[@prinfo={0x18}], 0x18}], 0x1, 0x0) [ 1263.515743][T17898] loop4: detected capacity change from 0 to 69632 09:49:51 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x19, 0x0, &(0x7f0000000600)) [ 1263.572662][T17898] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1265.132082][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 1265.139606][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1265.221761][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1265.229351][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1267.211728][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1267.218728][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1267.301775][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 1267.307969][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1269.291663][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 1269.372826][ T1265] Bluetooth: hci7: command 0x1009 tx timeout 09:50:01 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40082404, &(0x7f0000000000)=0x32) 09:50:01 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x4) 09:50:01 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003140), 0x0) 09:50:01 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000003600), 0x0, 0x0) splice(r0, &(0x7f0000000180), r1, 0x0, 0x5, 0x0) 09:50:01 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40049409, &(0x7f0000000000)=0x32) 09:50:01 executing program 3: rt_tgsigqueueinfo(0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x1}) [ 1273.763457][T17953] loop4: detected capacity change from 0 to 69632 09:50:01 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x4) 09:50:02 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1273.819088][T17953] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1273.835043][T17953] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1273.907546][ T1124] Bluetooth: hci6: Frame reassembly failed (-84) 09:50:02 executing program 3: r0 = socket(0x2, 0x80805, 0x0) listen(r0, 0x3ff) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) 09:50:02 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001440), 0x0, &(0x7f0000001600)={[{@block}]}) [ 1274.053605][ T8] Bluetooth: hci7: Frame reassembly failed (-84) 09:50:02 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x4) [ 1274.117119][T17985] loop4: detected capacity change from 0 to 69632 [ 1274.142740][T17985] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:50:02 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x19) [ 1274.157292][T17985] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1275.946153][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1275.952971][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1276.091217][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 1276.098111][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1278.011215][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1278.017874][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1278.181192][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1278.188058][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1280.090974][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 1280.251117][T13921] Bluetooth: hci7: command 0x1009 tx timeout 09:50:12 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40086602, &(0x7f0000000000)=0x32) 09:50:12 executing program 3: r0 = socket(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000), 0x4) 09:50:12 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086301, 0x4) 09:50:12 executing program 0: bpf$MAP_CREATE(0x23, &(0x7f0000002880), 0x40) 09:50:12 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x19) 09:50:12 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40082406, &(0x7f0000000000)=0x32) 09:50:12 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x19) 09:50:13 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x3, 0x0, &(0x7f0000000600)) [ 1284.787998][T16482] Bluetooth: hci6: Frame reassembly failed (-84) [ 1284.826641][T11051] Bluetooth: hci7: sending frame failed (-49) 09:50:13 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086601, 0x4) 09:50:13 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000004200)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001640)=""/178, 0xb2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) write$nbd(r1, &(0x7f00000001c0), 0x10) 09:50:13 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x801c581f, 0x4) 09:50:13 executing program 3: add_key(&(0x7f0000000000)='pkcs7_test\x00', 0x0, &(0x7f0000000180)="30b0", 0x2, 0xfffffffffffffffc) [ 1286.820547][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 1286.827290][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1286.890475][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1286.898103][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1288.890301][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1288.897198][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1288.970336][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1288.976452][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1290.970212][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 1291.050267][ T20] Bluetooth: hci7: command 0x1009 tx timeout 09:50:23 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40086607, &(0x7f0000000000)=0x32) 09:50:23 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:50:23 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x1) 09:50:23 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000740), 0x0, 0x0) ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000000)) 09:50:23 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8108551b, 0x4) 09:50:23 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40085503, &(0x7f0000000000)=0x32) [ 1295.556055][T18096] loop4: detected capacity change from 0 to 69632 09:50:23 executing program 3: openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000000)=""/237) [ 1295.654850][T18096] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1295.736108][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) [ 1295.742878][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) 09:50:24 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x4) 09:50:24 executing program 0: perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:50:24 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:50:24 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000200), 0x4) 09:50:24 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x80108907, 0x0) [ 1296.080246][T18134] loop4: detected capacity change from 0 to 69632 [ 1296.115559][T18134] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1296.160702][T18134] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1297.769877][ T20] Bluetooth: hci7: command 0x1003 tx timeout [ 1297.777337][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1297.783852][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1297.790338][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1299.849971][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1299.857287][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1299.864039][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1299.870625][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 1299.877980][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1299.884463][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1301.937998][T10442] Bluetooth: hci7: command 0x1009 tx timeout [ 1301.944744][T10442] Bluetooth: hci6: command 0x1009 tx timeout 09:50:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4008f510, &(0x7f0000000000)=0x32) 09:50:34 executing program 3: openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x43, 0x0) 09:50:34 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x4) 09:50:34 executing program 0: r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x29, 0x0, &(0x7f0000000600)) 09:50:34 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:50:34 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40086602, &(0x7f0000000000)=0x32) [ 1306.443925][T18173] loop4: detected capacity change from 0 to 69632 09:50:34 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x4) [ 1306.514934][T18173] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:50:34 executing program 0: r0 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "c9e383050d0788236ffaef6df2cbae64081930b5743388ea7fd3202b78429eddf951e2f53c077c93e1de7b17323d14bbd554ec194ec9788a46f24578c2d8b76a"}, 0x48, 0xffffffffffffffff) keyctl$unlink(0x16, 0x0, r0) 09:50:34 executing program 3: r0 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x4e1d, 0x0, @remote}, 0x1c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) close(r0) [ 1306.629509][ T8] Bluetooth: hci7: Frame reassembly failed (-84) 09:50:34 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:50:34 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x4) 09:50:34 executing program 0: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$sysctl(r0, 0x0, 0x0) [ 1306.908243][T18210] loop4: detected capacity change from 0 to 69632 [ 1306.968775][T18210] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1307.002876][T18210] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1308.649100][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 1308.656446][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1308.663175][ T20] Bluetooth: hci7: command 0x1003 tx timeout [ 1308.669536][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1310.728948][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1310.736307][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1310.742806][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1310.749237][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1312.808852][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 1312.815101][T13921] Bluetooth: hci7: command 0x1009 tx timeout 09:50:45 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40186366, &(0x7f0000000000)=0x32) 09:50:45 executing program 3: msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000000)=""/75) 09:50:45 executing program 0: syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x80) 09:50:45 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0c89425, 0x4) 09:50:45 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:50:45 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4008ae6a, &(0x7f0000000000)=0x32) [ 1317.314663][T18253] loop4: detected capacity change from 0 to 69632 09:50:45 executing program 0: socketpair(0x28, 0x0, 0x4, &(0x7f0000000140)) 09:50:45 executing program 3: r0 = syz_open_dev$vcsn(0x0, 0x3, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, 0xffffffffffffffff}) r2 = syz_open_dev$loop(&(0x7f0000000740), 0x0, 0x0) ioctl$IOC_PR_RESERVE(r2, 0x401070c9, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000240)) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, 0x0) socket$xdp(0x2c, 0x3, 0x0) r3 = fork() pidfd_open(r3, 0x0) [ 1317.395210][T16482] Bluetooth: hci6: Frame reassembly failed (-84) 09:50:45 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1317.436914][T18253] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1317.459428][T11051] Bluetooth: hci7: sending frame failed (-49) 09:50:45 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 09:50:45 executing program 0: r0 = socket(0x22, 0x2, 0x1) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, 0x0) 09:50:45 executing program 3: r0 = socket(0xa, 0x2, 0x73) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, 0x0) [ 1319.448363][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 1319.457408][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1319.528344][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1319.534629][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1321.528200][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1321.535433][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1321.608186][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 1321.614291][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1323.608114][ T8552] Bluetooth: hci6: command 0x1009 tx timeout [ 1323.688074][ T8552] Bluetooth: hci7: command 0x1009 tx timeout 09:50:56 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x401c5820, &(0x7f0000000000)=0x32) 09:50:56 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:50:56 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4030014, 0x3, &(0x7f0000000300)=[{&(0x7f0000000080)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="2e0000001300000023", 0x9, 0x800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}], 0x0, &(0x7f0000013800)) 09:50:56 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc) r3 = socket$netlink(0x10, 0x3, 0x0) splice(r1, 0x0, r3, 0x0, 0x4ffe1, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) 09:50:56 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 09:50:56 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4008ae89, &(0x7f0000000000)=0x32) [ 1328.230705][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 1328.238833][T18327] loop4: detected capacity change from 0 to 69632 [ 1328.253956][T18329] loop3: detected capacity change from 0 to 131456 [ 1328.280370][T18337] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 09:50:56 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) 09:50:56 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4020940d, &(0x7f0000000000)=0x32) [ 1328.324769][T18337] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1328.395346][T18327] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1328.418441][T18329] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 1328.445928][T16482] Bluetooth: hci7: Frame reassembly failed (-84) 09:50:56 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1328.492471][T18329] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. 09:50:56 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4030014, 0x3, &(0x7f0000000300)=[{&(0x7f0000000080)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="2e0000001300000023", 0x9, 0x800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}], 0x0, &(0x7f0000013800)) 09:50:56 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6) [ 1328.670892][T18365] loop4: detected capacity change from 0 to 69632 [ 1328.697149][T18365] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1328.736685][T18365] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1328.793132][T18377] loop3: detected capacity change from 0 to 131456 [ 1328.833675][T18377] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 1328.855813][T18377] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. 09:50:57 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r0, 0x0, 0x19) 09:50:57 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) 09:50:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000150000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0xffffffffffff8000) 09:50:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4030014, 0x3, &(0x7f0000000300)=[{&(0x7f0000000080)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="2e0000001300000023", 0x9, 0x800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}], 0x0, &(0x7f0000013800)) 09:50:57 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8) [ 1329.238913][T18396] loop4: detected capacity change from 0 to 69632 09:50:57 executing program 0: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) getpgrp(0xffffffffffffffff) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x3d}, 0x8) open(&(0x7f0000000400)='./bus\x00', 0x1145042, 0x0) sendfile(r2, r2, 0x0, 0xffffdffa) lseek(r1, 0x0, 0x4) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) [ 1329.302175][T18396] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1329.463781][T18403] loop3: detected capacity change from 0 to 131456 [ 1329.781153][T18403] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 1329.820312][T18403] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1330.247689][ T7582] Bluetooth: hci6: command 0x1003 tx timeout [ 1330.253879][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1330.499635][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 1330.505829][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1332.327496][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 1332.334448][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1332.567507][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1332.574790][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1334.407514][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 1334.647440][ T7] Bluetooth: hci7: command 0x1009 tx timeout 09:51:06 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4008ae90, &(0x7f0000000000)=0x32) 09:51:06 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r0, 0x0, 0x19) [ 1338.392792][T18438] loop4: detected capacity change from 0 to 69632 [ 1338.452901][T18438] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1338.480552][T18438] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) 09:51:07 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4020ae46, &(0x7f0000000000)=0x32) 09:51:07 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 09:51:07 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)="66530700ae897094e7b126b097eaa769be36b2fb7be6a16d05c41bd34e677d99590e0c390439df0000000000000087cfec79b04c3e1fea4b7a3dfc8ea6a7efefe48dd9e05485b4ff15f715e05182ce9c2b1830262f4adaf1e8eab06db4ec53303739b6d1438b4b6a8fd8fbf026387e78777e2f392a956c5c6ba1cb34401e0b937fd387b5417a936a634cc044a48bb1e566b916f9900670f4036a2bbe86593ad66b0d195e51b7a214ec6de52cbb5fc102a2da113ed094a97753bcc1f97c18b16ac4ffb8c8e9df2d3e94cc000435a45066629a2b6271c030bf228a1ea1c7bfb14c521eb5eef5bd76cbc0307c90fc70b19d5fe3e38a9b53b5d6ccf3", 0xfa}], 0x4, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00, 0x0, 0x6}}}, 0x78) ptrace$setopts(0x4206, r1, 0x0, 0x5) tkill(r1, 0x20) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0xfffffffffffffffc}}, 0x0) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) exit_group(0x0) 09:51:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4030014, 0x3, &(0x7f0000000300)=[{&(0x7f0000000080)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="2e0000001300000023", 0x9, 0x800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}], 0x0, &(0x7f0000013800)) 09:51:07 executing program 4: openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r0, 0x0, 0x19) [ 1338.975951][T18464] ptrace attach of "/root/syz-executor.0"[18462] was attempted by "/root/syz-executor.0"[18464] [ 1339.033422][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) [ 1339.043597][T18470] loop4: detected capacity change from 0 to 69632 [ 1339.053645][T18475] loop3: detected capacity change from 0 to 131456 09:51:07 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000b, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="0e9b080700000065"], 0x78) [ 1339.085139][T18471] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1339.165682][ T6581] Bluetooth: hci8: sending frame failed (-49) [ 1339.165758][T18470] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:51:07 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1339.220385][T18475] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 1339.314209][T18475] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. 09:51:07 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800001, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) tee(r1, r0, 0x11cb4611, 0x0) [ 1339.435970][T18497] loop4: detected capacity change from 0 to 69632 [ 1339.462365][T18497] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:51:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_udp_int(r0, 0x11, 0xb, 0x0, &(0x7f0000000040)) [ 1339.482324][T18497] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) 09:51:07 executing program 4: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1339.721468][T18513] loop4: detected capacity change from 0 to 69632 [ 1339.766214][T18513] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1339.781707][T18513] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1340.487244][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 1340.493534][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1341.057021][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 1341.064924][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1341.207207][ T1052] Bluetooth: hci8: command 0xfc11 tx timeout [ 1341.217318][T11051] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1342.577065][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 1342.583843][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1343.127070][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1343.133875][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1344.656954][ T7582] Bluetooth: hci6: command 0x1009 tx timeout [ 1345.206798][ T7582] Bluetooth: hci7: command 0x1009 tx timeout 09:51:16 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40186366, &(0x7f0000000000)=0x32) 09:51:16 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) fchown(r0, 0xffffffffffffffff, 0xee00) [ 1348.725352][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) 09:51:17 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4030582a, &(0x7f0000000000)=0x32) 09:51:17 executing program 3: r0 = socket$inet(0x2, 0x3, 0x7) ioctl$sock_SIOCGIFINDEX(r0, 0x8927, &(0x7f0000000240)={'vlan1\x00'}) 09:51:17 executing program 4: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:17 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) 09:51:17 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800001, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f0000000100), 0x4) 09:51:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) write$khugepaged_scan(0xffffffffffffffff, &(0x7f00000000c0), 0x8800000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000240)="c403292116deb8010000000f01c1480fc71ec4a1d1ec3500000000470f00d2440f785b5a260fc734c3c74424004e000000c744240257760000ff1c24b97e0300000f3266440f3a42e3c0", 0x4a}], 0x1, 0x79, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5453b453f152d47e, 0x810, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fdf000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f00000001c0)="650fc738798ff20f300f09baf80c66b88ca8dd8366efbafc0ced66b8fb4f00000f23d00f21f866351000000d0f23f8f20f2a1ee58c0f35670f01ca3e66660f3881a17b30", 0x44}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x304, 0x0, 0x0, 0x0, 0x700) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1349.257761][T18560] loop4: detected capacity change from 0 to 69632 [ 1349.348092][T18560] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:51:17 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10) 09:51:17 executing program 0: bpf$OBJ_GET_PROG(0x7, &(0x7f0000001d40)={0x0, 0x0, 0x24}, 0x10) 09:51:17 executing program 4: r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:17 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x12) [ 1349.762657][T18593] loop4: detected capacity change from 0 to 69632 [ 1349.813449][T18593] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1349.839482][T18593] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1350.726517][ T8552] Bluetooth: hci6: command 0x1003 tx timeout [ 1350.732876][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1351.366382][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 1351.373615][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1352.816455][ T8552] Bluetooth: hci6: command 0x1001 tx timeout [ 1352.822776][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1353.446240][ T8552] Bluetooth: hci7: command 0x1001 tx timeout [ 1353.453675][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1354.886548][ T7582] Bluetooth: hci6: command 0x1009 tx timeout [ 1355.536358][ T7582] Bluetooth: hci7: command 0x1009 tx timeout 09:51:26 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x401c5820, &(0x7f0000000000)=0x32) 09:51:26 executing program 0: bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f000000d0c0)={0x1, 0x7, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2}, 0x40) [ 1358.899125][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) 09:51:27 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4040ae70, &(0x7f0000000000)=0x32) 09:51:27 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:27 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5a) 09:51:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) write$khugepaged_scan(0xffffffffffffffff, &(0x7f00000000c0), 0x8800000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000240)="c403292116deb8010000000f01c1480fc71ec4a1d1ec3500000000470f00d2440f785b5a260fc734c3c74424004e000000c744240257760000ff1c24b97e0300000f3266440f3a42e3c0", 0x4a}], 0x1, 0x79, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5453b453f152d47e, 0x810, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fdf000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f00000001c0)="650fc738798ff20f300f09baf80c66b88ca8dd8366efbafc0ced66b8fb4f00000f23d00f21f866351000000d0f23f8f20f2a1ee58c0f35670f01ca3e66660f3881a17b30", 0x44}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x304, 0x0, 0x0, 0x0, 0x700) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:51:27 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002a80)={0x11, 0x3, &(0x7f0000002880)=@framed, &(0x7f00000028c0)='syzkaller\x00', 0x2, 0xe3, &(0x7f0000002900)=""/227, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x2405, r1) 09:51:27 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:27 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x2}, @typedef={0x1}, @typedef={0x5}]}, {0x0, [0x61, 0x0, 0x0, 0x5f]}}, &(0x7f0000000100)=""/136, 0x46, 0x88, 0x1}, 0x20) [ 1359.607907][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) 09:51:27 executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002a80)={0x11, 0x3, &(0x7f0000002880)=@framed, &(0x7f00000028c0)='syzkaller\x00', 0x2, 0xe3, &(0x7f0000002900)=""/227, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r0, 0xc0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000240)={r1}, 0x4) 09:51:27 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5b00) 09:51:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000cc0)={&(0x7f0000000240)=@abs, 0x6e, 0x0, 0x0, &(0x7f0000000c00)=[@cred={{0x1c}}], 0x20}, 0x0) [ 1360.965812][ T7582] Bluetooth: hci6: command 0x1003 tx timeout [ 1360.972838][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1361.286676][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.293114][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.685748][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 1361.692656][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1363.046013][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1363.052964][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1363.766917][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1363.773905][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1365.125572][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 1365.845701][ T7] Bluetooth: hci7: command 0x1009 tx timeout 09:51:37 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4020940d, &(0x7f0000000000)=0x32) 09:51:37 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:37 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4090ae82, &(0x7f0000000000)=0x32) 09:51:37 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000100)) 09:51:37 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x40012021) 09:51:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) write$khugepaged_scan(0xffffffffffffffff, &(0x7f00000000c0), 0x8800000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000240)="c403292116deb8010000000f01c1480fc71ec4a1d1ec3500000000470f00d2440f785b5a260fc734c3c74424004e000000c744240257760000ff1c24b97e0300000f3266440f3a42e3c0", 0x4a}], 0x1, 0x79, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5453b453f152d47e, 0x810, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fdf000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f00000001c0)="650fc738798ff20f300f09baf80c66b88ca8dd8366efbafc0ced66b8fb4f00000f23d00f21f866351000000d0f23f8f20f2a1ee58c0f35670f01ca3e66660f3881a17b30", 0x44}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x304, 0x0, 0x0, 0x0, 0x700) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:51:37 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:37 executing program 0: socketpair(0x15, 0x5, 0x8, &(0x7f0000000000)) [ 1369.726965][T18717] loop4: detected capacity change from 0 to 69632 [ 1369.750690][T16482] Bluetooth: hci7: Frame reassembly failed (-84) [ 1369.824095][T18717] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1369.832459][T18726] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:51:38 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:38 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0) 09:51:38 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) write$khugepaged_scan(0xffffffffffffffff, &(0x7f00000000c0), 0x8800000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000240)="c403292116deb8010000000f01c1480fc71ec4a1d1ec3500000000470f00d2440f785b5a260fc734c3c74424004e000000c744240257760000ff1c24b97e0300000f3266440f3a42e3c0", 0x4a}], 0x1, 0x79, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5453b453f152d47e, 0x810, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fdf000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f00000001c0)="650fc738798ff20f300f09baf80c66b88ca8dd8366efbafc0ced66b8fb4f00000f23d00f21f866351000000d0f23f8f20f2a1ee58c0f35670f01ca3e66660f3881a17b30", 0x44}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x304, 0x0, 0x0, 0x0, 0x700) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1370.244348][T18747] loop4: detected capacity change from 0 to 69632 09:51:38 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x7, [@var={0x4, 0x0, 0x0, 0xe, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x2e, 0x30]}}, &(0x7f0000000180)=""/169, 0x2f, 0xa9, 0x1}, 0x20) [ 1370.294823][T18747] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1371.125364][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 1371.132801][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1371.765217][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 1371.772729][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1372.015220][ T7] Bluetooth: hci8: command 0x1003 tx timeout [ 1372.022244][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1373.205181][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 1373.207490][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1373.845097][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1373.851268][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1374.095450][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 1374.101838][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1375.284990][ T7582] Bluetooth: hci6: command 0x1009 tx timeout [ 1375.924979][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 1376.164931][ T7582] Bluetooth: hci8: command 0x1009 tx timeout 09:51:47 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4020ae46, &(0x7f0000000000)=0x32) 09:51:47 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x2, 0x0, 0x0, 0x2}}, &(0x7f00000000c0)=""/191, 0x1a, 0xbf, 0x1}, 0x20) 09:51:48 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045432, &(0x7f0000000000)=0x32) 09:51:48 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:48 executing program 3: bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0}, 0x20) 09:51:48 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000009280)={0x16, 0x0, 0x2, 0x2, 0x0, 0x1}, 0x40) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f0000000300), 0x0}, 0x20) 09:51:48 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = gettid() syz_open_procfs(r0, &(0x7f0000004080)='net/rt_acct\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003ec0)=[{{&(0x7f0000000100), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000000)=""/6, 0x6}, {&(0x7f0000000180)=""/248, 0xf8}], 0x2, 0xfffffffffffffffd}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000280)=""/23, 0x17}, {&(0x7f00000002c0)=""/17, 0x11}, {&(0x7f0000000300)=""/121, 0x79}, {&(0x7f0000000380)=""/20, 0x14}, {&(0x7f00000003c0)=""/48, 0x30}, {&(0x7f0000000400)=""/75, 0x4b}, {&(0x7f0000000480)=""/110, 0x6e}, {&(0x7f0000000500)=""/81, 0x51}], 0x8, &(0x7f0000000600)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0xf0}}, {{&(0x7f0000000700), 0x6e, &(0x7f0000001dc0)=[{&(0x7f0000000780)=""/39, 0x27}, {&(0x7f00000007c0)=""/155, 0x9b}, {&(0x7f0000000880)=""/193, 0xc1}, {&(0x7f0000000980)=""/140, 0x8c}, {&(0x7f0000000a40)=""/208, 0xd0}, {&(0x7f0000000b40)=""/4096, 0x1000}, {&(0x7f0000001b40)=""/159, 0x9f}, {&(0x7f0000001c00)=""/67, 0x43}, {&(0x7f0000001c80)=""/33, 0x21}, {&(0x7f0000001cc0)=""/239, 0xef}], 0xa, &(0x7f0000001e80)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x100}}, {{&(0x7f0000001f80)=@abs, 0x6e, &(0x7f0000002300)=[{&(0x7f0000002000)=""/56, 0x38}, {&(0x7f0000002040)=""/209, 0xd1}, {&(0x7f0000002140)=""/251, 0xfb}, {&(0x7f0000002240)=""/150, 0x96}], 0x4, &(0x7f0000002340)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x98}}, {{&(0x7f0000002400)=@abs, 0x6e, &(0x7f0000002a80)=[{&(0x7f0000002480)=""/112, 0x70}, {&(0x7f0000002500)=""/207, 0xcf}, {&(0x7f0000002600)=""/92, 0x5c}, {&(0x7f0000002680)=""/12, 0xc}, {&(0x7f00000026c0)=""/142, 0x8e}, {&(0x7f0000002780)=""/214, 0xd6}, {&(0x7f0000002880)=""/222, 0xde}, {&(0x7f0000002980)=""/172, 0xac}, {&(0x7f0000002a40)=""/33, 0x21}], 0x9}}, {{&(0x7f0000002b40)=@abs, 0x6e, &(0x7f0000003d80)=[{&(0x7f0000002bc0)=""/241, 0xf1}, {&(0x7f0000002cc0)=""/4096, 0x1000}, {&(0x7f0000003cc0)=""/58, 0x3a}, {&(0x7f0000003d00)=""/46, 0x2e}, {&(0x7f0000003d40)=""/18, 0x12}], 0x5, &(0x7f0000003e00)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xa8}}], 0x6, 0x42, 0x0) ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000004040)) [ 1380.570338][T18806] loop4: detected capacity change from 0 to 69632 [ 1380.619273][T16482] Bluetooth: hci7: Frame reassembly failed (-84) [ 1380.645432][T18806] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:51:48 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000009280)={0x16, 0x0, 0x2, 0x2, 0x0, 0x1}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28}, 0x10) [ 1380.691866][T18819] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1380.707533][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) 09:51:48 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@struct={0x5}]}, {0x0, [0x0, 0x0, 0x0, 0x0]}}, &(0x7f0000000300)=""/223, 0x2a, 0xdf, 0x1}, 0x20) 09:51:49 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:49 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, &(0x7f0000000300)=""/223, 0x26, 0xdf, 0x8}, 0x20) 09:51:49 executing program 3: syz_open_procfs$namespace(0x0, &(0x7f0000001580)='ns/user\x00') syz_open_procfs$namespace(0x0, &(0x7f0000001600)='ns/user\x00') [ 1381.087384][T18837] loop4: detected capacity change from 0 to 69632 [ 1381.131753][T18837] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1381.157484][T18837] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1381.444625][ T7582] Bluetooth: hci6: command 0x1003 tx timeout [ 1381.451060][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1382.654498][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 1382.660850][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1382.725138][ T7582] Bluetooth: hci8: command 0x1003 tx timeout [ 1382.732883][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1383.534474][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 1383.541346][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1384.724487][ T7] Bluetooth: hci7: command 0x1001 tx timeout [ 1384.731487][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1384.814950][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 1384.821064][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1385.614664][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 1386.804291][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 1386.885105][ T7] Bluetooth: hci8: command 0x1009 tx timeout 09:51:57 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4090ae82, &(0x7f0000000000)=0x32) 09:51:57 executing program 0: socketpair(0x1a, 0x0, 0x0, &(0x7f0000000040)) [ 1389.641867][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:51:59 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045440, &(0x7f0000000000)=0x32) 09:51:59 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000026c0), 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000026c0), 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x8000000) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) 09:51:59 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:51:59 executing program 0: clock_getres(0x704c654d32b3f07d, 0x0) 09:51:59 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x41) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$setopts(0x6300, r1, 0x1, 0x18) clone(0x800, &(0x7f0000000100)="89885a787e4054e9f8f63b3baa50a35730db15ab9a6a9f396c3560ac2ea65a8081440d22b07fc3c01932c1c28ea9849d50ad1e793e2b748473a103aeddf6d9719cbf77106abeb9554217ac623b5cc9d96c094a6268f14052a65e80a4f03963d7d5cbd1daba89d94804873c27b9a676f81f8a73fd1b5ddb4e0bc11de8bbb4e137a5ae536fa97da4db4bf149f958fcf7533cb224e69eb31f66e29b494d5bf991d5bb74ce15f35189668c58af0685f302517997c4990a80306c99b6d8e650be5ef1d6e572eb3b94c6ffa7b8133cde18dc8102475d14e5c2c63643859067a81eab58b7c02922b2e3", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000200)="7c8dedc413727d12de185a7c8e4b61bea654492260ab7dee3282b33a892502e3da88ce61eb231963c0a245cb2cc18b928537c2ff285928dfd789fb8de95cf8d307958478436c8b8fc3eabcc303e44f1abbaee64f65eae496d4414142823aa86357fb57f0") tkill(r1, 0x5) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1390.899071][T18879] loop4: detected capacity change from 0 to 69632 09:51:59 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x6c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_PARAMS={0x9}, @NFQA_CFG_PARAMS={0x9}, @NFQA_CFG_MASK={0x8}, @NFQA_CFG_MASK={0x8}, @NFQA_CFG_PARAMS={0xfffffffffffffe88}, @NFQA_CFG_CMD={0x8}, @NFQA_CFG_QUEUE_MAXLEN={0x8}, @NFQA_CFG_FLAGS={0x8}, @NFQA_CFG_PARAMS={0x9}]}, 0x6c}}, 0x0) 09:51:59 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) clone(0x41100400, &(0x7f0000000100)="d27e0585329f737d16b56f5620287f5e364dce4a2e19ba92917ae791710b26430fc35f87f76825bf6ab111d1ac20acc811ce559e553bed441db59b4586fae140c03cd17ad7102d8604eefde89097bec6ad7b687673704dd18d2e79e2567da08b01cb", &(0x7f0000000080), &(0x7f0000000180), &(0x7f00000001c0)="d02e49ecffbc0d4e23f8a98601412c2c69b48b54") ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = syz_open_pts(r0, 0x40000) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0x7, 0x7, 0x5, 0x3, 0x9, "3a8a51653d202421e422d90077d9c47c075621"}) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) utimensat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', &(0x7f0000000280)={{r2, r3/1000+10000}, {0x0, 0xea60}}, 0x100) [ 1390.962300][T18879] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1391.018128][T11358] Bluetooth: hci7: sending frame failed (-49) 09:51:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000000)={{{@in=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{@in6=@dev}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0xe8) 09:51:59 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1391.148936][T18899] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. 09:51:59 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1391.264362][T18906] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1391.323550][ T9149] Bluetooth: hci8: Frame reassembly failed (-84) [ 1391.363787][T18919] loop4: detected capacity change from 0 to 69632 [ 1391.454383][T18919] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1391.684135][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 1391.691777][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1393.043889][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1393.051664][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1393.363940][ T7] Bluetooth: hci8: command 0x1003 tx timeout [ 1393.372613][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1393.763887][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1393.770850][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1395.137937][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 1395.144533][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1395.443813][ T1265] Bluetooth: hci8: command 0x1001 tx timeout [ 1395.449983][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1395.843800][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 1397.203708][ T1265] Bluetooth: hci7: command 0x1009 tx timeout [ 1397.523750][ T1265] Bluetooth: hci8: command 0x1009 tx timeout 09:52:07 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x41015500, &(0x7f0000000000)=0x32) 09:52:07 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'tunl0\x00', &(0x7f0000000000)={'erspan0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @multicast1}}}}) [ 1399.871699][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) 09:52:09 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80047437, &(0x7f0000000000)=0x32) 09:52:09 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000026c0), 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x88031, 0xffffffffffffffff, 0x10000000) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x8000000) 09:52:09 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:52:09 executing program 3: mkdir(&(0x7f00000269c0)='./file0\x00', 0x105) recvmsg$unix(0xffffffffffffffff, &(0x7f00000270c0)={&(0x7f0000026d80), 0x6e, 0x0}, 0x40003000) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000027e40)={0x0, 0x0, &(0x7f0000027c80)=[{&(0x7f00000279c0)=""/86, 0x56}, {0x0}, {&(0x7f0000027b40)=""/40, 0x28}, {0x0}, {0x0}], 0x5, &(0x7f0000027d00)=[@rights={{0x10}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x68}, 0x2020) 09:52:09 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000000)={0x6, 0x100, 0x7fffffff, 0xb935, 0x11, "25dc63ca526e36f53ef17585ab2672cc2e36ad"}) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1401.776558][T18981] loop4: detected capacity change from 0 to 69632 09:52:10 executing program 0: mount$bpf(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000600)) [ 1401.826541][T18989] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1401.841511][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1401.856190][T18981] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:52:10 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x19, 0x0, 0x0, 0xecc, 0x0, 0x1}, 0x40) 09:52:10 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000480)={0x1, 0x7, 0x7, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x40) [ 1401.924521][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 1401.936928][T18483] Bluetooth: hci6: sending frame failed (-49) 09:52:10 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:52:10 executing program 3: perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x80000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x806000) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x1) write$cgroup_int(r1, &(0x7f0000000000), 0x12) [ 1402.226588][T19009] loop4: detected capacity change from 0 to 69632 [ 1402.270043][T19009] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1402.298207][T19009] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1403.853468][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 1403.860898][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1403.923418][ T7582] Bluetooth: hci8: command 0x1003 tx timeout [ 1403.930380][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1404.003318][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1404.009814][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1405.933315][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1405.940089][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1406.003464][ T7582] Bluetooth: hci8: command 0x1001 tx timeout [ 1406.010629][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1406.083209][ T7582] Bluetooth: hci6: command 0x1009 tx timeout [ 1408.003167][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 1408.093257][ T7] Bluetooth: hci8: command 0x1009 tx timeout 09:52:18 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4138ae84, &(0x7f0000000000)=0x32) 09:52:18 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f000000c600)={0xffffffffffffffff}) sendmsg(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000500)='$', 0x1}, {0x0}], 0x3}, 0x0) 09:52:20 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80086301, &(0x7f0000000000)=0x32) 09:52:20 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:52:20 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000000580)={&(0x7f0000000040)={0xa, 0x4e20, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=[@pktinfo={{0x24, 0x29, 0x8, {@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}], 0x28}, 0x0) 09:52:20 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x18, r1, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4, 0x2}]}, 0x18}}, 0x0) 09:52:20 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x800007) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:52:20 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f0000000240)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @local, 0x0, 0x700}}) [ 1412.022585][T19058] loop4: detected capacity change from 0 to 69632 [ 1412.038907][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) 09:52:20 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={0x0}}, 0x0) 09:52:20 executing program 3: r0 = socket(0x25, 0x5, 0x0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) [ 1412.077220][T19058] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1412.096883][T19058] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1412.173101][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 1412.179493][T11358] Bluetooth: hci6: sending frame failed (-49) 09:52:20 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001900)=[{{&(0x7f0000000440)=@abs, 0x6e, &(0x7f0000001800)=[{&(0x7f00000004c0)=""/198, 0xc6}, {&(0x7f00000005c0)=""/41, 0x29}, {&(0x7f0000000600)=""/109, 0x6d}, {&(0x7f0000000680)=""/42, 0x2a}, {&(0x7f00000006c0)=""/255, 0xff}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f00000017c0)=""/26, 0x1a}], 0x7, &(0x7f0000001880)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x60}}], 0x1, 0x40000020, &(0x7f0000001940)={0x77359400}) r2 = signalfd(r0, &(0x7f00000019c0)={[0x80]}, 0x8) sendmsg$nl_generic(r1, &(0x7f0000003e00)={&(0x7f0000001980), 0xc, &(0x7f0000003dc0)={&(0x7f0000001a00)=ANY=[@ANYRESHEX=0x0, @ANYRES32=r2, @ANYBLOB="0885614e", @ANYRES32=0x0, @ANYBLOB="08003c00ffffffff6f0024000fa8d1d3b83aa00c4da3a2f3270510e0ab0dde11ed0682d025c578c328c0aba4474293944a248882bce991f92df0ce4a60ae258c3c5f7d47fff13eb2081e345b5066589577979c5cd9174ead54ff1de8c07de77a7ed91cac56cd963d78b0968d1540db6ace318a08a792a80008002d00000000002d945e62c95bcb584b17c46a4da12b264d2c7ff91046e107bc4fb81510a4de4338ac68133dbb09222a1f8cad16dab9ca6f6cb9166c430458d63a82f14b59af978179e3cc2c704c9f716fb2368472b3f88adb11ca6fc33ec8edb11de47304a50fea1cb4780bd838ba7c73593db99844c274bb1834c2bcc8228fc6e4f3b0b7d12c77c0d175937cb0367e3dea002630bac50e78df76eb103e18bcd7470069f4390c16a69e28db46c8a9b31f17faab4de64cb7eba8f64770568c5c31a368ebc6db80dc401452b67595bf1df2d8087d6b80e96382e06dd3ba68ce138dd69e0420b5ba80bfea53f14fbadb17b8735192981f96b5b43c348eb7e5ba966187dbe3c4e7e90ac59970e19a4d05d2066705890ce189fa3adc4c222756ae4329848360af6347a34ca6f4a6ff0e348ce00f714ae78631f5d234843bb45e835b462b823f337906dea947c013b6fc52d8ceb194606d9e417b156dba6eede3cc824bf729076673883529e49439e25049bb10830084d61dec2c36aa93b6bb4f0ed1108ee7df6c8ec833573909f91ae632597427787a52d20a35f403774895834241254e4f114612c8c56ed451b09657d86a1756849771ad68ab241903326b31ba899e05b2877d1332e73b69d6296955b1cb5c427128dd4278e00d867d46933efdbaf2684436c753caecce92883ea672a26f20da7940f847bbca616af732033cc15de7de39ca55c1e0415afc7fc722020943191d716cdcf1d7b8542647956dd6ad821a0559443c1400be558b43a5b89eed4ba0029bd10d0462658c0c23dc207de8513836dd07886036c882e8755fa682900e64eebe2a1a62e9a1e38847f9281dafb51ad03ae2de36ccd5da7737163a462ee346b544cb338cc0b4b522f4da1bea0d98732693a4631a5699954ae84ec0dd792e5dbda5c19936fe35ec6da54cfd72bc6ddc6573d12aea538419c12fe79535f4b1f35cd2c2c53e9da4d6394415ee5f458987fbc9893d8197845f9c24db6b25ad2de2dcbe4acc3f88ed006f2b93f28ce478b050f228f90aba38b2831afaf7cabd3aa5f38e75f08c6243cb457d987dbf2f7ab721436d7a045d616989463dfaacefe174e18a86b0a179cbea5043f01eae5e3ae6810937485cce18cca6ddbd2b2df39f5a2383c4c52578839ec25efd0d86b27b213e06bc87c885224fdffe7297fc94a1c48ac876271e15eb05b7762d446019f1963fd18212036daf3a5369e2472defb61d205946c4683007b2269a5e6ce88a5768ca16f42e7a300d5aaac9f3e95076eda8e5717b2a951029ce19859dac4338c05adffdd83b9f14a77cad815b484f4a8b1e71c5e0706b6568f1d3301dcb61b840a81c6339354d74c7886b732765371a550d8780a0a729aece2ff353df2b7af6bdbbc9bc2ad89572e0260a69467a24e6599f28cb45fa043fae3c2accaf7d3a0be388f504d588b952d0181df513f0552947d03cb8b51be2af827a6dbcb16eb5358ee62669079ae389b535c17aad46cf79bb7d58a9e67ac03ddb9f4aed71fb28e8e6089f5a4a178f12461526000570aff6d3559a7fff034393e68c461201ae58597c7ffd541d38075f70e7847e982f4ea3320e07acad74eabbc1d682e9d7b8f5b00abc7665965bc4268592f5cc52fc5a342a59039b23f890dfbc1a7e86ea71d1a1af2386edf9db615d931143792b1f3c529daf1809173b2541f82fc4a7aa78f805655b5954a3163c403fe028e96a64f945fef6ede896c5f60229ea7d468f1172d08d7ca12ce3bbfdc34318174114bca5a8537b608a5561d6ca5f4dcc5666b83791c2be12faf5304e8858706c1261e572ecff3f5bb7ca14255d290a5c32e47235dfb0429ac5f537b3670f1f9f4927d61ce2176aa471354623d18a2561546c392b47290c6f80a3f034f9f05fb945e43bb9628ed997144ad779d3de8c92bf7ec4a029adf49908f90461a4fc70d3840dad9e3ace5e098405bfb2d349c12b759d478e888ab4173ef40a42028868b33f1404ac940b2e3f3b2abcd348c547f1f3d9d9afd5556960bf23eb7eb22f9c19f01de606726539ecfd1417f14c624a8770be8c392ee8dd809a1c1aa8d47c4b98a6eed768ae2386b5a0180b4643f2667a865653ee51adc80ce11611f6045dd3b3712fdf88607973ed1c5678cb27915d9eb4ee58f56603327838c6f5767e460ccf279eb603c3b03383f36b6195b6792ca089ddc39db3941ca394ec1789ede6947d83981b8d8bec38c23a6c1fe6819603737e74a1ccd99de026cf4acab903f8948ea7ce912084e652d8b57ba730e3351b2b69c31f479ceb83de6c9d04294aebfb81a6b0d3ede7fae9ad4f24dcb3e41f692c85f3c2e32c20f4c7101fe84967080a3cd8bc6cc04a05e25efeb9b5481ea2d256243b3cec939daa888a52bace1a5dec48f66489cf822bf0e860c3667e643f76ae1a9f763f83f2638d0a351c776234e7c920a00c2f6b3def8a2e0e06d669abff356f5fe388736a99eb4bfbdd32ccd6e832cd83b18718abb1642fdaa7f1b21edb5a9de200803784ff60e6f8b8d65f38d4d6c9d42baa93151b3c9073eb366ead0bb379a096bc681f09882709a7a1d596a2160aedd7089ca982043a5ae319b3d763da0c950aec1a078d64a6f56ae2299aae44873b194a2054fe6b7c3121941851c4eaf45f0623e242f94dcee5c92f8954a12d8d4e350b46dc473aa881c2615254482e6519e5b29e2a94aea387d743c304bfb3545b0fa5fa97c566fc5742b9d48c695fa911e7b3ea57756301efeeae397d5b173a60f49f7b6c34bfd361cc8dada6f0abc6ba05b37d77c5f9e164250b7bd413fabcc83db00ee1fbe793cae7efc0235f5d66672f94ba20542e7f3851095ed25e3e4a740c7893a1aad41507cf25f714c7dc0ba73287dd810c71881b585a204e38cb7884e973e57170fd75fde90439a9c04594560d59927095b658ab1bc0b3ba46b2a2510845dfeed4a9a03350eb943b11286d5edb28b565b5641a4b50e776868ad409ec1d6b658ef4aabb1fc1917386386232df307f4d53cd363171a79fdb2520eb89ab63c9d316c6ecb82f7b80a9b6f42b0b50ece9a0627fdb27c00aaf48e7d2ccc681a6719ed7edce1bc26d59d9c6773d27f628e943dbbd94b0c71045b2691a112e3a326b9a3d2f2bdfa81fd2e354a9c5db5aa7918bfe4ba15cd78b1779a928975b9aa8ecad6624141dbd18092be50198ed7fab6ad103a90b067b134ff8cb603719d328799a9c7e53e734816fab3128837a8661a0153d293427cfd6ea83e35dbd409577b4b2ce696c34ef99bd9996fd526befc46c6549ff7a3291744b392073e0e5a086799681fbc3c55f81856bb2efb61286d97cb078d920a57e651dc27c6edfac1ee5f4d367cae53fc23c020651e128b70a6c54ef65eedba273f520ca485c02375e89c495698f5daa1da7154de6d89a8c2067cbe8dd9eeef660d051174cccff19e25988922266b9350ad9bd87abc1df61d16dc1792c3b93c486a497f3870bfe794140493e41473ac6d15b299776530f71345d15ae948afd11a9d8a926858136131165ed6dd239f3221f39dd6bc2d78db0414c47164114c79bf401dc0dea9856f4fd24a6019669a6634935e8db622b0949008713d10fff8042d6e3baec074863e46f26dc0d49fdfc95f45d8390738f23784548f42b77c74bd05afa1591ad90ba1ba9a0d24e603092451a81356f987ed94814354099ebb07afc1668e057caf1392a1efe6c1d5a4def2875a45d3189597a86dea5c276dfd85200971c5c513e1d59aca17d52c65f6263d98c782eca8a8df15844b71c352a20e808c6dd5bd093997beb956646babd873f22474b658d2874395df40a0eed4786810586f250441180cbcb7f3cd3506ed7f6b28617181d2bea3edea9c18e9c0b7879ab6d70364eb762ddbad4fe312b7580422d8c29825f1ab08d8700fa0550edad60b42dcf81c43e8e9d0f57b3eb1e04103089094edaa28527c04c1de66781bf2b196d738fe851f67359437b6c2150003bdf2862a8c60f95cc24bd8c00b2db58eb59d4200bd62cb80bebbd2032f55a508ce509e96425fa93457e39c71471d5f76c370e58697901cfd098ad708ecfdc183e98af7e861411804e6bc08cbe14aa468e75befe5f28418e47990ffe925891e04b0d419a55b6f34f918949700ee39bc5da95f54ed7b14f3d6a7392debe4e9e30eee5488a4c480dbf49ab01c41116bf93dd2dbe88640ee2fb08205743e9dd76b72cc6434288f9a2263a37d538d42b383e49796aa8a7e1607a2d219c676d56f72b6822965383bd1d2751eefe229fe60fca6477a2fedd40ce2b1ac96fe0888c27b7a7e36b8dea562d861ef06e7d192c185997d5b62ea04162ae83a0018d6625a9c8f9f1ebc89c265ea505e48ea1901bb5dafe4c88010bce4c91cce03522796e84144c0e780efe77990346bb2d0a6849376f1728da0ac5720f93e93a7c5e6d15073e9ed080444145dc2cd81a9834835fdfdc98816e9238721b5ae332dbe769cb5ea74324691b82ef9cd0b2bfdf57f2bed0592b1c673cafe7638409ac32e9425c44cc571faf7683474acd17b387c71e58394eabeafcb06aa413fef974ca00302e700d8205a263e596973b758ffffd065fbd4e0a2d5e609fda37c080e6d9538a9a8a9ba22205e2d6716ced6c86665483a281181471e973ae5351b7a23c8464695aa3960a86beee636b69436578be79ef76d4ae38ac695ede2f67ad51e96faa50699aef504a5bce46be6c4cec614ac31b02302141a55f5bffeadec082c0b88cd3bc90361c2cd8b1836ae9fc1e53e02f27ca5b3275003b478fc2b528a15513e0f5864d47a0a13128e568f73753365763c5eed533580b43102c923b4f861c950555d3601bbbc1e317594808e87ea0bedc9944244900184475f2afa8a7bb70e0114c4d0e5c3e3505cb62aa7aa9034373465a1854b103657819f085171a66c4231697fb7178e65a6982c47b24616ab9018914da75fe824104028b2624ded5848d9256973f085b4cc7b316922ac949c956e737265f65309770dd9426afd660fe6525a221d36ffd5cfb35bcbb139b63a401957a28ee81c3c90e23fc45667164bcbba757652e00747ceff2578155a1e5272243d589a8e469bbf202b0a6389a6e89c9b81a132e9944d8f8e2191d122faf81e35872e287f5adbf2ab6f2519504c68d3369bb4f810215e18e269dbd49d3180fd32d0d0ee0e51d56cfd26948167bd855c3bd886fb7cf2543d4e0368a37413414bd26210bae5f6743c2eee6a5d9d5c8b3c2384a1d597057792642ec8bb3ef63e97a485b83bd26851940ca3e723d64e37fa1e05c6256f28184a9b95ecdb2ef35fff8a77677d809f955eca2f5e0d5079445a06a557281b922ec5d87f127f7d79eb4db7f5026f06b25c388779a7a1634767cb299437bf2b684df0ef425def4c789e8c5847ddc707e5afa0d65dad0ba0c0f2da531c4ea367187662cf4b99381dc0063bac10714b3392ed2dc8ecd8f41d588be7bacdd60244a066f9dc9741c94a421d5dd4d5b9b2b420a2d4ca6366bd5b46c33e54cb21678927b6bad8d215b94fa7c840623df8ffebaaf7f3f6d55056a9abd88ba2496a7fd313079251590d69403dd2318dfc0b890f874849fd4cb144bba02eca191e3b241cb8b40f54558cfa1f728a9e2ea02a650ce7192c1b605a2b3544476c970cea8cb5dc7b641263235a9909a3be367cf3296aefec594d64c9a1c390ccb044e7ad69294cbdc6c45eafec853a8522239ae79bc82d167614f369aceb3477ec628cd5f832ea12b8feb2115231a77e9c30db1982cf51cfdf9ff7a3cf90000ee5457d8c37dd1e0fe3124c611b6b90c39e9b9b28c68b81ade7256608ef51058471c0f85f586f321f7588b9edfa5b2d33dc555e2774d32ef23f3f4a386fa806f2e0a299f066308624a0638596ec96075a0983c5b898ea9d388cdf8b7372c5d880e9072369e7296eeaba74fc2e0cc90ae3e8b66ec227cd5bcc871038ca6dc32e1005b0044fb3ce54514736ba7ef8ab6f7e796eed367845c129d3984a966afffb95f734f76cc6418a3d67eae8ee9b49688ab6e49b082e65ef96bd68602bbf2d2a5cb6084dc504ecaf1255a2936f9d88dcb52eac3d390066b8b6d5707ea13fbf7aa4edbe989329cc1c621ac8a850847e1f5cd5d5f79079919ca1f70088bae7ac6b658cc2c2c2e59845474d458f84eacc56573b2b606c66a677b0c2c8ef30ca60f135adf11b5100a3c0e453749b342d20e6d206d382bce085178e92ec5f34a35f16c7211e4ea7ddd680a775de0ad6524ac6b3ed91c561665fea08d4aab121fa2887d000000df10448008003f00000000000c002200000200000000000091b12f2131f72aecfd225b374318432ae950ec8b7ff22d383e58e5ef6c0e65dee933551f3c3a7e7ce0be62d9ac1881034c8da6fe3db924677f763f91a670e0ac3fde3def5bd5d79cf4c139cdd323228cbafc3ae8558e13a7d65ba6bdaeb0f08f3dcea8653295ca78e74cbf8907280207f014437d819a5206b789730e9c03f2e96538f95ed3cf4b66ecc42b190a50727a09ae198ca12985e910c473075f49f4aec4fc8fd065dba5ba78546d61f98e359152a3b8cb5f2a815bba10472ef0e6af0a3e762adbc68a6628a17e4c3c0b411d271cb8acc73464c4ac0a409826b0abc55d5183517b8e4bccb4cb064e367ebc1f0fb3ef60e7b6286c0a22bcdc14e4441018d2eb6466d948d063662576e82affeb1ff881a798c32859aceae117a11123a18719e80800bdab75f757855bb90c2dab1421afea790ae2cce1deae68e1f206d934823130a8763c50e4a74a984d24a77bc48203ce407f8b7e7730b56912f6f43e584c868f12bd0d865b5f1c21ff665ca2e64c3cb04458619be348347672b389d6723ce8582154c2a95b18dafd87ce3ab302eb832df8825fc551f66cf513450b0f1aa4f9f83170fc0cbc1e563b327ee061be56f212652ac3c036632f56eeaf99ecbd83ebcf320c0934d6fd86bd13db3997fb7f509ae25f00e34b8e15300243d1ac84a228e53bba400bd4bf641faadbc0b5016b96ba9b2ed11eda21ec7486624cc470889c1d25da005d5d7695cdc0ff612279224a4844143e6c7ccfa4ff933f4165e9c085cc52aae2cae12a321e6c05e07f13804d5a44477bf0882497ab8b3a3c3be8a1cba0bd039db856cdcf9fb94f85df4329ba004ed9d33f6df8456f5fdfd6d69df67a2eba3ea1e6b6bb49f994fc46e0cad83eb3c75116f375c76e81ffe99ab1c12387bb2c2416c4749061b679be4030d5aff60dc0a0cb023a0288baa9c6ad77a35dc15bc9ed439992251a8e81ce4245f86f330da008cba3ca6ace46cb704c89c6f1ebbc8a4c7782493e8c315ddec3dc693e1d3dd6e9957c43720179a6781333f5ce4e9c00cf232cfd55df87aa0cf2ea3926ccaece4c7fb413340859ce6fd8508667463c7513833e80d4b02205d805048fcfb21e78dfeb478b4e5c44d8fe758cfe3fadb1fa7b9a670efa1be10ad55c6881a26d4c01b76f8ed521c258ce17cb3dd097d2c9e98f1330bc8e72cd2947594cefd801b256e56fa8db12aae384fe609db12e8d21d997a936a6936f2d9a5fcaf6ce1e9d13f1e3984ed197d3ea0ab89dcdfab2e03e7072c60d4bfb22278e2d94aed2700e01c60ff0f7a323f942a9809775b207e09f83fcf1afa9859ad6df514171faa62c02da546bbbca488f2d84750c9a917fff46caae8f2702e68bcdad271233d603a13015ece85aca7eb4fee4e7b4361951973e919893f1951d6f8847e02c161f79fb471e60947522694af2cdb61c0c8f331ffe1fca593bd2696f3bd7afd097a67979ab6638d3b9a2af2b9ed19ec4c3877a9fe52a8214c145120b6f1f1196700b4fda8f10fb5fe5f6232b1e24db81e10baa87a80642c2434e39416d348fcdcca867526df8bbaeee51a903f830760bcad48bf6268d5642cd1e70df6ae2e620dac0fc77d135170325054a92026cdbc4b4b654ebefbed3ad797803b63ff0ea37b14e480d2486ec634e32e2a7ae62cb697d4f9d10cb0463c846c572c3b2922e5fdb9e6c072e78573b5ea7eef4fab5b527de6775d4e7407c3b217713412329ca56d773d032c797e1a204ee71688bb647d8d3565dbfce542bb05deb2b342dbc25178ae6105e57df5c9acef31ed7194ff558cf74e0d5c43462fa279a3df7ccc00ffb147cc240bf07eb6e23a6a1b03aab23389788913504f8ddba1df72ee1897d957b2d02a5b876cfc0ff5834468bb1e833458c3f59ebda5f34275c3ad5abd52a16c6ba07d85955f486f7d577569210dc0cdf5434eea3c7807bf92ec302cb08d1367a9b9a87a96f06789ece1b7bb4b76958721e196dad714ccf7f1120212c9dd8c944465723a0eda72d62829b3b5c8457bb2807482011f7b4991d20dda5b0d0f5bb175856504f67b1740ba3596f5647b0f2cc110a2b8de0c5218ee1f2161c8f5a80acf6fd0588c5cad8ca0db94bfe4cdbc698508a530fa3395eeeed001199f6b84bf6ab44655f85de45235480e46edead549aca91c6afe254d10b44548ef4b76a91675276a0e2b019a01ec470296a7c41cdaa8d937b090b6e96127109326e5d61bd570e9b29c14af0e138859bab2cc67132cb947f99e4490e63b29476a4cfd292154964063aa10a3bf4a94ac585c7788c462355ed26d678204dc1c93ee7926abfada386cdad9a090054359cddeea19ca795f90215396dd4f11a3ae4e026ebd4c900c97d6df4fdbe6cabb475354b40517859ab50f1decca72f6a71b1bcdca990142588d06e9b8e0ab262886ec9e09de0470185ece34c76dcbdf4412a1338da392dd0cc8d0d81fdc2f8c947942c8419896a1e34634be9f54799775243106f8bef371378e798977895909dac21d0a7bffbc121c94548543063e9a68be9c64396000d0d30393799f5273a8f2fb3324989aa6c9270cec74b87232c55c196d8b14d934798a41d5ec642a0ec109a00e271bd25a43a91ae6c5af81676a13e23b0d0d9e9eb89bcb1a5def1c3a6a931a6b24ebe1ec8eae5bd45dbffd66d361c4487bc528887875b9f182ee6de648f71676bee213d8ef7442c1703b193e7ba712ccabf771e3222c3fba8cdaf3d95f0736e2b6bd8d4070f8c08d758ce5df29408ef4ae1216a683f14b2284b34c02d263fe9074fec859df479bdbf11620f86ac904c7194e96f16c19c20748dbb7d545cc25ca6c8f043919feee6fabbf24a9177db68b65821f152ae658b87ecd69c75fcfaed7f6cf4e2ab5f1ac108aa8f2c2fadbd8ac68077b5b6d9791f9698bbe2d8f549e5581c8a46f3d91f3a65c57abb49c87122ca4fd8e32a19896ed4501051fcf7627ae1d7fe295ae0e82e706d697cffdbfe9a127b6876719ae5d513ccdfd65b9af5be071eaf873e86534e7854c14594b2ed8534a70528af2f3d5b5e288b19768bfb8c6df23993553215ef1a213a547476007a99d94c83fbe506df55d94da2741f400dd8f785e850feb743958c17bea04784e913fa3e6be95173934378630a519cdecd74125aadb18b9402d9ffc4550eeff07ed19ab9ab33407a466a5a1b6263bb486e3a123191040fc4b15ae161ad978e40a383919db9435b1d5bdaf8795ff646ed11b3f6aa9a4bfdfe576a53930606e6adb7c928fd0807342f895c96b4428fb81c866b6460beb63cc55d6c0c7579d6191f5d1d3255b816bf662cbb62877284905c9da6e3d842025f7cd457c997aac94f3b73ea6cc7353cd3c781c6e802f91aabfcce41d17629973ae02e2a4430c87ce783bc019e1fbc956ebf8ae76d7cfbd5c46520cebd5172bb20fe04a6e54cb86f3821d33ebb86802cfa4f73b55dc227650f77e2ec57fff0be8d93733a4ef0c443b343f0deb2e070710db05c228650bd67d1ed3737d1190655cf0fb96e434ed0416ee0668ac69ae1350d2aad31bfdd28e47f575b6df3d747a3786c92491ced021dd5e8132eb23063b4c80b6c7f091ef79d0bfd6b0f5c66a5c8d063f4b4a9566cf4fe3537f2d56112d960b027a29f14c12c46d0b507b6ae9afd81f1ee9abea63aef1f048d1a55d37680525c39eb288acad69976c5250e76e75805a661e8aeac19ea5ff812f6c8d52bf168eb03c02e650ca7c43cbae0de4f73945794cf2b561531a7d736c34eb9862d02115a76c6e62608bdc6ccdcd98ce41295b4a9244f6228c5c346e6306fa6a17c8b448ed255b73749b0d2b203ab3ce4e1601529c0e11fdac10263aa895d54cd708ba462a63f19254b5e39714b0f8d391ef7c55b28b1e4cbe570555722df3cfac936932a6de2fa5dc55c3cfa4e58c35af0144bfc45ce6b14519ee4faf135b976d32daa57c26c97be62225de3c10ab39b81616b0ca0f897c8be3e22f411664dc750f63c63a76d17b4a808d2cbaa4a4c83129d6e62892666f523b11dc4a14fc162e1db78c75c48b6210af6388e3fa04ce6d7864504b61b4dd52159163dfa57c3c8ba427560815a620ea360d771ac08a1632128f0bf555754346cf3547c06e2dde756a8c4e0f065e098a4e9c35ea227ae783d6ac86fc7833b5ffc22dd23ea0e2f45fbd2fce16587d7d4ac5520e48d1447e9a3db0718e59bec620198ec459c6f737221b42796efa8e319f46dff31ec5bd47e65ab6cd28cea6fe2a232e2f573e92f49ce8db65043952ddfa1a9d67525e031aeb5e93497d1532eb3ccfd7e103909de4486eb63bfb2a291927a6016c7e74834aa3560c01e92115c5c0115664ec173eb230d8e11c82f274955308f2c5a2be27f541d1f06f6d2ebbce8f516e8385671e52eb920c81c9349038fd9a30978329427090559480a117836b83edfde4bbcf1d1af9aa092b284c03944732d56824c57bd68918aa669152ab0ce02a1950f638269b33d81d91761f56b1661b2c40a84bd9077e4d799b37aaf0c1b87c4ee5179f7fa25f98fc7025aef0d06369699a349f884169d00795ec91434f1bf0c4e33db56e973da0bc60bd81401f909c6d5a6267bbee6067848f7c245be15c0cba3c280a5e201817705e299721178a068ffbeceffce41df8237db9fa5bdf2a3e79006e4cc81ad39f97707ed898b77649fb081bb76eebfa49c1423a0d27d5295dd0aa0243b16a536d9c2675dab36a8ba3a87b15d4ead091bd2ea397913f32ec585e74f3968dc488bb04a74d8cd4881443111369119cbd642051c0debff5e552ebe9dfaaeeb0bfa36b0b10a77a93699db9cc39f55708c521105ad32ab1b89f883952168e89a1f0e5fcdee4ed72ddf59d6d56d3f59b0057c51ace4633dc8ea8ec77e77655a451f72525c9ff6fc31d01611bf532df1c5ddd2ac3f937e1da8c52f5f4dd393fa0cc03e591260fab92c22d751967dfb3c7cba0b9bcacb1c622d486eec5e42db890362158ecb58385da3de62ff842945e92f1e1f6b49e6cd66d5d20d9a7e8ce9ccfd45c914dc639c63777a6a48c4cc1e1a2cb5258841115da2daeb8c1050e54df12fe80f73cc3204cc84eb71c0940ff6fbf9ba7b50a2ab4f52cd8ed8db9c30fa9b8c987c97d1222ecfa6f394d89bfa0c2f6b169231bf481cc80680157ec2414a406f5d52c1a5c4cfb07c91d8b644858443e396415af7ce431cd40538ae41ea8413409399e123cedc5af470b988b0ef4d4a68ee3c2d65c4c0399315d46fbf0ec3b03edebf9c19c878ac4158c431d0f7a9fa814e25cb9a67b16e32e90ff5f00a101ec27477723ef1173e57ec385cb5cf1febb87451c9007c75256afa2578e6a6e17da630f88c75e22d12cd43a921b068c6981a7a46ed287ed3e769be6527edd5a23de35518af334c41bc73db08a43321d5e25114e2c98d3b2db097683a7697f7a775049f8f304f4dea71a4d3f452e5f70bc8af16ef88bcc3f54a8a99ac3c6457909cdefa3bf2568545c263452f41da5afffa69ce77feceadc2d38d99967b68a2dfd8b018508ba9c635a5537ee4b42f44fdc12f2f02eed6c964a12dcf27b6c0e4aac05988cc1a1d5f2cef527cc07336f348d3c04aae6ccc5d47ef4d22363e6fff29b527b07aed78da9c8d81145a0680f69fdc7c1421c4b927b3770b968683cfcba595067b85d57ca5df5ba5cbc5abb98f6080ab15867d20719c32c84f70cd7d1eb8b90ac6d31fb74e54a304c3d1fbe526ff91832281a470d820f5fc5c0b289816c20cb88ccda38d1e7a04b87fcf247a1ac6671ab5025742b169e982a23a5577c71ce2a2906df52987f459d36ebad1f49233242f0f3b5afb6caf18ba12c05295c1810e2ac5a5bae1f5219928ed983066aa41bfbbfe6685d923eb1a9571dfadcdc327fc3f32e253626b10394ef7e15b4887bc0b8dd5a1929d06691090e08f35997c352da93fa3ce21da95e88d9f8fbcc6b7e0a37ad4d96ec66db2f97d2b575da3308ed46b3ce2808efa2ceee2e1fad1397b2e94cbbae2393694a2a30e96931c48cb370f3acfd6c78889d83009e34ccb09530e892b47d67da3bfc1b360dd7a07953da3a10000"], 0x2388}, 0x1, 0x0, 0x0, 0x4050844}, 0x1) clone(0x9010300, &(0x7f0000000100)="a66f916bbcf15cb3dcf3d55e039a3738785ccf96c257efced3b2dd2836cbb11fb0b92710fb306badf5a0723f82c4e83750d1038b9345f875b7abe573f13f189a0231f3aae9bb91d7dc3df2e12ca2f18ac8b3a085", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000180)="3e48cce5d18cc60cd4d982e84036a462815980d0305fd7553982ca0070cd619309cd8c7d09bdab509b3463ccfebe490b70a0ec03b0ac8dc7c685af795d75e1d84f57ef007f6f58fc8a244772f08675ba5405d4dd649c96c139b2213353e804e0eff37bf242981f16d17b21cf5fc6c6aec768c38078205335fcbff3bdca5b660f7f4ca5c763367f69ee2db4fa52d8a805456eabce416df13265f63c70045e3a05d47db916176e513715") clone(0x100000, &(0x7f0000000340)="340e7313139bd4363bf3ee93043028cd8220348eb5f3d6b0f23a74e6711e8a83382c952dcfdf2b0b55e195a3ec6796861fd1d6c25eb2084825cc05634a3edd11f45331e123b69747ef04b2d8c29e53da82f523ec8603f8c7f4e3126ccb6d07cc10abfcbf50642b6770576960c81d9e02b4eb4073e01b332138466fd3865d372840485aefc0d6bafff02597b2d557f45a6e729fac5f54f9e7a177d510d954279cb03c287e7d5b643371bb5c5a9b8971b2cd38b4dc8a578d15850509e72514d4ad99d11ae05ef59e1613cfa3a5", &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000003e40)="1bd31a39b98debbfbefbb0bf700bb1bb89a24a8ddbaced7b2a868a2929421d6ad51a9cb871fbaa8fb7f23e026bc10371cd8f11c927320ddd08a1cf42db7ab8bf43578e10cf8b85b24713d04ef1a52432171cfa14c208123b0fa6e8017bced6852997d898e190c52a5a444c58415906c372943044c6f23ec13de01e664cc7b0dccb72b3497519fb4c171679e84833ee523f00acd04b0bebc528f4663fdb4fe8ca799d6bdca88f740ea2d7a8cc126a1452051da518cc89f4c70f0731ee156998732d2a90817952d3fdb7f1ae6f7db1448e9500aa6ca5f39eea113bfa2271444d13bb5ab5d5ef2aafc38c7c272e") ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:52:20 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1412.429616][T19080] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1412.473248][T16828] Bluetooth: hci8: Frame reassembly failed (-84) [ 1412.517033][T19090] loop4: detected capacity change from 0 to 69632 [ 1412.583162][T19090] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1412.597761][T19090] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1414.082720][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 1414.089872][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1414.242701][ T7] Bluetooth: hci6: command 0x1001 tx timeout [ 1414.248813][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1414.492820][ T7582] Bluetooth: hci8: command 0x1003 tx timeout [ 1414.499070][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1416.162543][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1416.168876][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1416.322612][ T7582] Bluetooth: hci6: command 0x1009 tx timeout [ 1416.562774][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 1416.569564][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1418.242647][ T7582] Bluetooth: hci7: command 0x1009 tx timeout [ 1418.642511][ T7582] Bluetooth: hci8: command 0x1009 tx timeout 09:52:28 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4400ae8f, &(0x7f0000000000)=0x32) 09:52:28 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000000540)={&(0x7f0000000140)={0xa, 0x4e24, 0x0, @mcast1={0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="200000000000000029000000040000007300000000000000040100000000000014"], 0x38}, 0x0) 09:52:30 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80086601, &(0x7f0000000000)=0x32) 09:52:30 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000000540)={&(0x7f0000000140)={0xa, 0x4e24, 0x0, @mcast1}, 0x2000015c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="200000000000000029000000040000007300000000000000040100000000000014"], 0x38}, 0xc0008c4) 09:52:30 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x9000800, &(0x7f0000000200)="39dbf4135654be9eb5c730f40b2f163fac6d31b7a22bf8a3e33bb12e63741854dfad1c458b006c39f522f34ac260468d663f3cbdac90ed2b05ff309a0dafb3146712f7612b1311bcc643b12225f4cdc777f4dccfaf142f2150b0fadd1163ecc3b1c30694ec19b2d9c0461fe78090d122356c13800609fc13dfb387a8855353910779c2206090f8d443000000000000", &(0x7f0000000000), &(0x7f0000000080), &(0x7f00000001c0)="c0e0b2d40de99a3278b4722e4f900be39e621048b2e58d") exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x3f, 0xbf, 0x7, 0xff, 0x0, 0x5, 0xa0, 0xb, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x4, @perf_config_ext={0x6, 0x5}, 0x0, 0x8000, 0x0, 0x5, 0x2, 0x5, 0x19a0, 0x0, 0x1, 0x0, 0xb2}, 0x0, 0x9, r1, 0x8) r2 = syz_open_pts(r1, 0x800) ioctl$KDADDIO(r2, 0x400455c8, 0x4) 09:52:30 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, 0x0, 0x0, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:52:30 executing program 3: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) setsockopt$X25_QBITINCL(r0, 0x106, 0x1, &(0x7f0000000640), 0x4) 09:52:30 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x9000000, &(0x7f0000000100)="c434f9ee7e015dc46a81dd2da05907b7b7141d259a7e2ba6bbb20c4b0883844d8a9f6216ccb92a7fe0cc91a56d1fc8291a2b32ad0494013d75aa2e2375ee2b512b3fd78cc1b013855eb236dc996b4ba0b0abbd8f915ca6584040695b8be48fcd05c7a0f66cd6d4188d6f11d7852023667a5645baa81b5a0c55158d038aede4ee078edb47d2facb48a25e3cd5a7e4c00fa9091227c8ff4cc4e786f1b52f550b6dc4cdf7bb666d96e955b1536a0bef333f1557e67c077e76d107170e71ca8676bf04ab2e677c6aadc4a553d3936daa54d9cf19eeb1b1376b3d52f0d01149a33fb0ccd37709c4a0dded6d6bcce87c454ec3e86055aebb6ec85b3c968a", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000200)="0e401c5ba065d7f0b33ae463f8a3c494e6d4243f3c1f682049735312471b95c2e9737d3394a46d18fcea61291d448d") exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:52:30 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000380)={&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast1}, 0x1b, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000080)="10", 0x1}], 0x2}, 0x0) [ 1422.227493][T19135] loop4: detected capacity change from 0 to 69632 09:52:30 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x8915, &(0x7f00000001c0)={'syztnl0\x00', 0x0}) [ 1422.343315][T19135] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1422.402245][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 1422.404029][T19154] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1422.409806][T18483] Bluetooth: hci6: sending frame failed (-49) 09:52:30 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000100)={0x4c9, 0x8001, 0x7, 0x9, 0xf, "a5f9d6767321fd73efd8689d0ecc4a50907176"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000140)={0x1000, 0x8, 0x1000, 0x3, 0x1b, "133e120913ee82cfb54848efcfeefe813a2a14"}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)) ftruncate(r2, 0x2008001) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000001000000010000000000000000000000000000000000008633e02a00"]) timer_create(0x0, &(0x7f0000002080)={0x0, 0x1000000000000012}, &(0x7f00000020c0)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x6, &(0x7f0000000000)={0x0, 0x25, 0x2}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0xc0000, 0x0) 09:52:30 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1422.698452][ T9149] Bluetooth: hci9: Frame reassembly failed (-84) [ 1422.707642][ T9149] Bluetooth: hci9: Frame reassembly failed (-84) [ 1422.723175][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1422.729538][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 1422.877572][T19177] loop4: detected capacity change from 0 to 69632 [ 1422.905153][T19177] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1422.959491][T19177] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) [ 1424.322585][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1424.330256][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1424.482165][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1424.488302][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1424.722246][ T1052] Bluetooth: hci9: command 0x1003 tx timeout [ 1424.728438][T11358] Bluetooth: hci9: sending frame failed (-49) [ 1426.402532][ T7] Bluetooth: hci7: command 0x1001 tx timeout [ 1426.409064][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1426.562297][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 1426.802063][ T7] Bluetooth: hci9: command 0x1001 tx timeout [ 1426.808801][T11358] Bluetooth: hci9: sending frame failed (-49) [ 1428.482309][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 1428.882064][ T7] Bluetooth: hci9: command 0x1009 tx timeout 09:52:38 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045430, &(0x7f0000000000)=0x32) 09:52:38 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, 0x0) 09:52:40 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x801c581f, &(0x7f0000000000)=0x32) 09:52:40 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000000540)={&(0x7f0000000140)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="200000000000000001000000040000007300000000000000040100000000000014"], 0x38}, 0x0) 09:52:40 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:52:40 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0xc0045878, 0x0) [ 1432.427543][T19214] loop4: detected capacity change from 0 to 69632 09:52:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}}, 0x0) 09:52:40 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000f80), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000000)='u') [ 1432.482747][T19214] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1432.530052][T16828] Bluetooth: hci7: Frame reassembly failed (-84) 09:52:40 executing program 0: bpf$OBJ_GET_PROG(0x7, &(0x7f0000000640)={&(0x7f0000000340)='./file0\x00'}, 0x10) 09:52:40 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1432.642415][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 1432.649259][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1432.790897][T19241] loop4: detected capacity change from 0 to 69632 [ 1432.844460][T19241] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1432.861213][T19241] EXT4-fs error (device loop4): ext4_map_blocks:593: inode #2: block 9: comm syz-executor.4: lblock 0 mapped to illegal pblock 9 (length 1) 09:52:41 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$alg(r0, 0x0, 0x0, 0x0) 09:52:41 executing program 0: socket(0xa, 0x0, 0x1bd) [ 1434.561666][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1434.568649][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1434.722280][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1434.728498][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1436.641410][ T20] Bluetooth: hci7: command 0x1001 tx timeout [ 1436.647916][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1436.801607][ T20] Bluetooth: hci6: command 0x1009 tx timeout [ 1438.731421][ T1052] Bluetooth: hci7: command 0x1009 tx timeout 09:52:48 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045432, &(0x7f0000000000)=0x32) 09:52:48 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1440.797359][T19269] loop4: detected capacity change from 0 to 69632 [ 1440.863843][T18483] Bluetooth: hci6: sending frame failed (-49) 09:52:50 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) sendto(r0, 0x0, 0x0, 0x13, &(0x7f0000000100)=@in6={0x18, 0x1}, 0xc) 09:52:50 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) fcntl$setstatus(r1, 0x4, 0x4800) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:52:50 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f0000000000)=0x32) 09:52:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) poll(&(0x7f0000000100)=[{r0}, {r1, 0x80}], 0x2, 0x0) 09:52:50 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:52:50 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r0, 0x0, 0x0, 0xc, 0x0, 0x0) 09:52:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0xffff, 0x1002, &(0x7f0000000200), 0x4) [ 1442.702802][T19296] loop4: detected capacity change from 0 to 69632 [ 1442.728441][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) [ 1442.782795][T19301] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:52:51 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1442.843636][ T8] Bluetooth: hci8: Frame reassembly failed (-84) 09:52:51 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0xffff, 0x1001, &(0x7f0000000080)=0x100001, 0x4) [ 1442.895943][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1442.928958][T11358] Bluetooth: hci6: sending frame failed (-49) 09:52:51 executing program 3: lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) lchown(&(0x7f0000000100)='./file2\x00', 0x0, 0x0) chown(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) [ 1443.094654][T19319] loop4: detected capacity change from 0 to 69632 [ 1444.801012][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1444.808282][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1444.880919][ T7582] Bluetooth: hci8: command 0x1003 tx timeout [ 1444.887060][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1444.960999][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 1444.967292][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1446.880951][ T1265] Bluetooth: hci7: command 0x1001 tx timeout [ 1446.887998][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1446.960890][ T1265] Bluetooth: hci8: command 0x1001 tx timeout [ 1446.966983][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1447.040918][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 1448.960841][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 1449.042369][ T7] Bluetooth: hci8: command 0x1009 tx timeout 09:52:59 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045440, &(0x7f0000000000)=0x32) 09:52:59 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x1, 0x84) r1 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xe, &(0x7f0000001300), &(0x7f0000001340)=0x8) 09:52:59 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0x40, &(0x7f0000000080)='cubic\x00', 0x6) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0x40, &(0x7f0000000000)='cdg\x00', 0x4) [ 1451.139477][T16482] Bluetooth: hci6: Frame reassembly failed (-84) 09:53:01 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) clone(0x211ac80, &(0x7f0000000000)="efa26742788a0cbc13164ed277f10e6751dfef2acbd68a74fb61b0ce3cc30efb2232fa8146ce6f6fbafc055ba2838d02e9c0db4427557829c2d11f2fa6d0e4a9", &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140)="ad30af3921e872e0539e85d9b53cd6cc5732282d81e91df69c48caab3e21ca242710dd44b69104908b18ab566cd2f680c1ca738e449a20da5e8d724a94dc2c5eb456b3a579b2b0e8754c401c5f71d88699ac88351405792ca0f1e203a2fcd8a6acd36f0af6ef2397b3f43869aa562bc44876eb5ed9f10122f45f4706db4e44c35028408e2e61490849ff8e1c65771a847b8158460d7c74667d396261aa0cd87cab7c8281c9913be41f52a72dd1c581082e428e7797b6b2b17a86c1d4ad64881c1e4f9bb8203716b60869be21a9b62b748ec24defc945163ea31374937078d9099280e1e043070933bc885976d916196e416d59db13bec53f7268c6b162") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) exit_group(0x5) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) mmap(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x2000006, 0x50, r1, 0x645c0000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1453.200524][ T7] Bluetooth: hci6: command 0x1003 tx timeout [ 1453.206858][T11051] Bluetooth: hci6: sending frame failed (-49) 09:53:01 executing program 3: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) recvfrom$inet6(r0, 0x0, 0x7, 0x3, 0x0, 0x0) 09:53:01 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', 0x0, 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:01 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f0000000000)=0x32) 09:53:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000bc0)={&(0x7f0000000940)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x26, &(0x7f0000000080), 0x8) 09:53:01 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x16) clone(0xa021000, &(0x7f0000000100)="c08769e8dac110ea1fb88708d1a0935c7e4b128a728d262420216f3e853481fca3630b368b9c1e7ff4d783c81c73539893d73fdb1b5629a97879ef48677580daec3b2bc0966cc759a51805ca3935c46a797e47594d12630ff11403b4da876b487c77b6325f2d74fe7bcf46195cb9b7423e98d02afb43f318409c8723a8c80aae67953297dd12e583ea24228fd2935c4c87d2e538ef40a00c03c561889dac0517c4deaeadfbeb69387de9ae983963e8695f75b21c806604c2e11f811f972eb6", &(0x7f0000000000), &(0x7f0000000080), &(0x7f00000001c0)="31fe4cc35fa34324faa6efd31a5e7f48f58c3e88e598b7c03c748d84e6fce540d577634394f0b7dc2b82f958b7efab86") ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:53:01 executing program 0: r0 = socket(0x1c, 0x1, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000840)={&(0x7f0000000300)=@in6={0x1c, 0x1c, 0x2}, 0x1c, 0x0}, 0x0) [ 1453.617224][T19387] loop4: detected capacity change from 0 to 69632 09:53:01 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000500)={&(0x7f0000000140)=@in={0x10, 0x2}, 0x10, &(0x7f0000000480)=[{&(0x7f00000008c0)="8c", 0x1}], 0x1, &(0x7f0000000000)=[@dstaddrv4={0x10, 0x84, 0x9, @local={0xac, 0x14, 0x0}}], 0x10}, 0x0) 09:53:01 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', 0x0, 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1453.927616][T19416] loop4: detected capacity change from 0 to 69632 [ 1455.280359][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 1455.287749][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1455.760497][ T1052] Bluetooth: hci7: command 0x1003 tx timeout [ 1455.767520][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1457.370373][T10442] Bluetooth: hci6: command 0x1009 tx timeout [ 1457.850252][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 1457.857313][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1459.920190][ T1052] Bluetooth: hci7: command 0x1009 tx timeout 09:53:09 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80084504, &(0x7f0000000000)=0x32) 09:53:09 executing program 1: r0 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x1c}, 0x10) preadv(r0, &(0x7f0000001500)=[{&(0x7f0000000140)=""/214, 0xd6}, {&(0x7f0000000240)=""/69, 0x45}, {&(0x7f00000002c0)=""/226, 0xe2}, {&(0x7f00000003c0)}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/221, 0xdd}], 0x6, 0x6dbb, 0x2) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = signalfd4(r0, &(0x7f00000003c0)={[0x8]}, 0x8, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002780)={r3, 0x0, 0xe5, 0x3c, &(0x7f0000001580)="fc4a072cd27d5610e9ee935a6b974ab3e1f4ad39ab690ed3e6d832305e4b087b60345ffec70eef44e450b841c75cfabe50e7ba7d4677503343d0a1852a43527b744f63e8ce38e2012b7de4a73d3e1e454fe98193d56967b0aa3238374557d6e1db7842154612798a6cd70244bfbe7b392562cdfc487ef921dcc6bca4a1a53c894777d174b54baa9719c665fab566aa114bcf2b6a87a06c9a30b1eeac0f94f46bf99dfd6ad7e34b07995d93e0101b524c841e3f00d1c1c2d9e01e6c2ea77d573d129dd3adfa96077cae82d376ffdef5daa39eb951cc51b1a5e414f9fe0d92d91dd59041ab5e", &(0x7f0000001680)=""/60, 0x2, 0x0, 0xaa, 0x1000, &(0x7f00000016c0)="7fa02d282fd4678fcfecd542d95a2c997f3440f9cf8e5787624375180ea717d096ea53867146018b450ebdc0bb4d9dd88637d1b6d8115a04d442766af3c8a1564b785688e06369c8f5c4d70195aeb349fde82e315dd042bf57b137b73e81bfdb4747df8288178c0c2a16de788109f439ebefa52e330e4e0698c9303d1a14c5db818a5bd0f12d3b2477bac338351f0fd1747ca211dc9b2db29166100cf2287c40dcebb05505e0212bf50e", &(0x7f0000001780)="7bc784a7ebf3ba595187d123a5bcc14ec03d31158951c247f31935879ca13007cde9c01f5abdbfbf3f3ab30fe78a6aaf8ef36c2df0a40a7882fee522c8c3f15a7bd5d717ec5c53b44cedb015429844ad0a45ffaf30354d44307fa761c968027b6136f6426cae8a853946f8761ac5e0b05cb0dd0ac7ffc3279dbef4cadab3108f3dfe53fc3befc1bcc38f90471bb1c406dd7080c97037fcf821a59ae21609ed17699649ad2c6caffbd4a5be1fe4d9e56629935692b4291df462446d1c5e8ed62340a3a5d7924e0b55066e9df518aa38e41853a71be09dded99d1c21ed71fc619b661d413cb6e95a97001d8009c87204ff9219cd215c371f5753eb61f662079537367bf8b52c4e98233ec2235672f3c5b3029a0dd4906d878fc2b8377c55def306a6971e0c8ecc6608596da3a25e9fe6efc54822e58227ba073d395b90d5a32e0c55ca7cb3a5c119c0c32d95ffe82dbda7c026e622e717c6db55b888e0c730455442feb1f94d2d9f24287b8741be5c491297b3837b61acae5c46fc1fd99586f4872db4edf0a79bacbdbea53aa24dae290f6e32d9f69af4418e0d7535745c15b0d199b68e565ab2e35a042ee2788f849eaa5f1316eada559c84626375abf527b24092c3138ad2adf9ab4be9a7b092779c7d3b10398f2b19c0525791b4abb3d9658681f1dadfec9675f034a2f16463dbf0293dbd68b9923fcabe01c81244e1ca08b2b3dc16b64f8e94f09a1243132e194517f612c33f94afd7b0b04aec3935ea75cea73b86fd79bfa196ddc85101ac93f908cb8219a9685ebd94447ee55d6596d505ff96bd9f8793035535f0cac1a0e296578995a76863fac7f9e1ef22a41d5ef1396f44cdd216a170186227dc2e9c897f059173143b4a0f75933d5d0224e2ef6416fb57d3dd39206bee96fa0b0664ff36827b99e2de94b2132fbca3c703653e09a5e5454ac553eea98d7bbd8b770ca1c2ba169965be8ba7f613daac8fabe191ffffe15656829865dad5ca5bda8f70d6d70ff070cddb8a95d5976940b48263a206da7c8e0d757fecd584e2e7d9d05d77df42f702bb4a17e98f9696ce84086d51f359bf876a9526423a9f63bfe8f71ec6313246096ecbe06d82f634072fa2a1043d85bb9cea558ea005dd1f4e4005e36ece8d224f56679a57983eb3ffb6c2fd0d2f5f250dbed093c2f6beb1c587aed06996671fcdb81ad6a7eb564196e72cc83619ccd2814bd4b7fc1e05bb04459497e212f3d47c185e3f9e3133d19aa3320c908f259daf80a207b018cf01e10061c3c9df295e1e3d5505f327a927f18ae1aa920c8b4cf84d879fae72d75c51a3b03122e6c9cbcb6731dd1ac9fe46049e53a851f504b9c792b2ec2bcc1e8e62ed4e082aa397b364d2b72f46c121d1ea356f16645d05c3de6075763653943ca4e301308db1740d5585a869c07ae2f9175c36e50d4878f9855815fcfa4494c57847138d0cfb526cd57245eac2c69d02d96ade1ed006c3f559944079d918cee0dcb7c1193e817896f52b156e4ff25c6fd3faf4de49f4507ffc2e43fd0f48cde0a5641a9ded376c1c8ec6510f5d81f787c4096878d91c4944368407a86b97856985aa15460e4d0fde96c1df838eaccf4fa83e7b7f0cb1ba2e5a79921de0340ffc229b4fc506985ba7b758e801c4455d4de63f65f798cfdebf1cbdc4e909495d9af1b32bc340ea9521f460b08266a753c67ff5c00e225c550e989e7dd34e332b2522323adc28578778cd02dcc261be0a7c9186d03d6c419fee86420bd79b34571bddf1996f4ce6d99fa6bcf4288a650f3703a74840393296b9571bd896124ef6a0848e68d7a8c85f115f43e3bdf30d1e41542429a48d0bdca9c2580aaac59791f8dd69dbb4f6e0f633c2341ed64f70820f945e1b632018fd07a46aab0144d3d44449a3576cbe8beb523a47462c8da6de9c64add16b9047f7f48724ed934afde5b76fbb272fa90b6353b20265742b62cc8d98274b19849409acc8eb4f80896ccb1d90ad21e94e9ad30a85c113e9b61fe80eb2e5995df465be686687ecabf783f722d5950fcf8e00eeac7736946cd4608bf4811e7c61dc0dbd176cc817aca06c63580c138da2211530d227f7de1b058104c6c9543fcb6b4df537f870098ddb31bfeb7cf24a991c969fbd2bdc48ffff455c49a6be9b2c7cd833d1ec2d5ba39a61c260dbb3d86b2603fd622189f8f35f1194fa3ed737bacdad8226a411300e8a119c812ea22c544824bf417b7a88516ce6697b2d4d7f3f12fba4d49438ab5529e3ac27f2958fa8159425538c4cd36c7c27cceca0808965b4378571ab50444070226b56e4773add67e3b3cd66cd0eaf5ae700be224ed9f8366d00bce8f37c3e8df942a8455a41899bfd2bfed8de5a9e72e5dc9f17858c6bdd9e1ad039c8bf233183ff8d72cc83879561824d2fb796492cef0abb2c3e0de8ecd74425307fdeff035ac9109e96658aafecec53d84c4ca65970bc0c9687939a54db448a4cb914bf50147d276119194563c7f5ac90e071ced2397fa62ae2eae369fb56bc7bf0c551485ddf4efcd282db1611f928319dafc24aee2741569cc2fbc77c1296019e5c46268b37b62d79b35f1255254f2980d491cd948e2e08ffdf9995e812458487522386c302476cc7bdcc26eb9b4a91896035ba381bb0cf3bd6c9daac4e7c6e65e2e6ba73c7517b0857322d1449e4b58f0e374d8f63c07a0d1cc7e9438d76267178d447ece0dd27fd02d0d92da1c3f106c9cbaf1009d70760bd61a19904cf6883df9e72472926436ff14af6c9f154187ff44dca0f20633a443713ce8c560a711c4be14711a67977546eb7f44f2bf72796f40962cfe76238eab0e91fb898b53e27ccd513258d4cb9b870e13528e6c94c60a3cade38232f0cfb770eab22305b337c8c6851c95c543b3ab178e357a7cef2105c99b1d351616c78345ee8d32966f1494a502eae463455e33fe311f84e3a8ddfba61c82b51000b6c441fad078c1ec0330eb0c38d7f0a205299fc2f35a53e21cc865268e20da90508f339a459bc8878ed2cfa977c98f763a8a6fccdd80f7006665941f74f6d0629b2c325dfb03aedf6e59e9849ea109162a76164eba98509f1aec3e4bab1670e2ba73d14cb7d0235fb9c5cf2af5c37fb6d9709d3f6c7ec911b3cf05cc53e33c9a6ccd4a6817c3a9da55cbf656f366604db75229ef78259bdd87fcca6c847cfc8c7514da424f40b13eaa3d48103a4782dbc79734be64ab6709399c63fbbf0c5a5d145234e7f4ff91f910c83d54eddc695fc8f820c702d6f5f13cac6b8575c85889349239e50287cd84dd1105ff47be4eff8d103e34ad52601b33defa4c0eabaddbbe87d93bf55839bf3a29e0b764552b21a25b2a8e7a2b41dff3101e0e94233aaec0b3502f786f1212ee71ecfaf4830097b88e3094b9e82ee2628af76e9bfbdee9325a36e79df6f100f62ad80cc2f069a80dd11d57a0500646eca776b2cd71818904241f64cfeee099043d149a8bdf8d4d5e873630067c893be5cd2162acb0c06364360e48044445bf6fd22aacf8d90aed2fefe02bacb60f02cb3940df4d2f6e112f73d0ce284f87f2e50531392a824f7c5ca2126d1c6b7fd1ab46f84910d7c7f8e7ada15e4ea191ff473373887e4160814c2901a1871a3119e86594ee56e4101da33a35098c638e07c5fab0dc9fed6fcdd010017ed7c1fa46f41db722fdcdd1cd9a8ba229ce38a65297f1303c94e3773962cc9b2bba51fcffb976c7d4399755fad91335dcb17fee7998b9a53aa45976fe59e8419599f54e3318b81cfa301a99d82afe6ccdd740573377178de252ff312d2d209b466c819fdf0c9c475ab1d301107c4fdbfdd0723c0977c7a3af9ace2396b293e712bf23c10d617963a2cb566fedcc82118bdbcf04080ea566993c3c36fafdd402dbc8fb54ac24f3f1af93d93ba619523deb2f5b856d5ca4bdef705645988735c29b5688ee92df1350ec4fab74f9e03dfeda4d3fbb39976a61fe0c908e916974dd1ddd17b345be4cffd77baaebcd4e8691296530e496e5debc8844b721c76fcd29bd2f28310604805735499c69e4d2ba6240cf98f0a4743c3de17a70999954df4a16c53531dfeefbfcef38ef309b9ba7a4902b4c4b0db7f6cbb5a092f72ef309da38b3a7712b16043f2b030ce2ab8083cd441d678a1b442ea754a87f0a16e869331a20375b8b0271539c9df0daffb5065c80ae9630d9f8ed43abbfed04a36b96de462912522f2995d647c2d57cf44a12b36f71d146bf7f4e645825cbfe286c0d26db73fab16683061402851b25695524bb90d2ca0c4ad6fcf0c4900d81397736b9ee3b25926214c3678b60f1df59bca6aa827a3721e2dff3bddccbdce8c381267df546c66ba0f6b8dd1ebedd03e2c777bce16212c72327d8e9f8a086981bbd3eb23ddf7433afc036bdf9a7a2c8413b409b420cb72b261b45b971c79908c686f5277ebc3f6aabeb7c854eb932697137063d88b85724890362846b3099707cc49d593bba6c6623734cd51299c0a09a59380366ac31bf3715d6d0df0862cab2cb8202a50617ae7e38fb41a5128a3ca4a29a830152c699f38c42adf870153a4dbc503216d29b95ea40c0b18d4315d7edb6a1738fc6178bfad8cec07a9139c3c6ec8ba85d64b0045f678c489462cfa41926d8dafe2bcb2e287e00e866f1c6484299e07b2812729908d71e57b297a11e0d8943248a60773f0a29c8630249849891eda3b969b64b44835c33a679232bbab555a2b249c44ade7a566d52094ae5d7f1b6ca4385dcb6beec2719888dd1dc2ca17deb29d18954d180547e162e4fed3b5f86fddbe1daeb5a0a397c32092d3c92f8f485cf64be676902065d6a81ef47c3d2e614240aa07bace2c60349f0162c66cf0355c6be6c9ef34c022fd519c9bb88106782f5328eed47c3b77d1c2a6b7247ad6d2dd2c24e06bc12ba66eccc15ac239173ecb15836949688ef7931e6e7a0a0c5e560e05d632da95dd10c7662203a34dae780da27373732a1ff17f9c37773e5545aa9dfc5b4eedb587e1ee0f1037ce69c7269e2fb35875630a9c19d8657dcb5fd48e66119ce434c81f62aca079fac4489a467894d9cb296589ff00025d7c688e2a4a1033b3afcfab3c1b09bdc45115426c27c7e364475b151706a6fd714704f2d26726b264fe8f185d927de288b631593e827d955071bc6e643cbf977202f36f80631805628fcde39fdf748fde61600141f727b163b2a185fcae36c196ee33a9b4aa305861d67aec4cbb00bea76ae3813fdc5839632904eb382b0297ccc920cc350f2d4f1f9aa03631970fed3b37448de9284ac8f01a8a2978f3fb5a5fe8f2d6aa7b17579af6b1da9fb63d47280582d65633e9caab9c9511c9ab62f0022d0d49e12faf78658f66e5878dfe6f2364236a0e66d5ee5dd636d0453cfb3f37b40119937056b45c1cf7ad28357ca1d9b921a724d7b0d43b5643d9d52b7a81d2d7799fb2b17e75f5528ad7f17607a916fab9d657e4d0e77fb4f5c52401a550e9be93a8affad7a99f172ae2f6258c151ad6cb2d91d91aa8d98d8e1d8a430da75c9a9609ed70cb239dc3625f0aeb6ce430bc8b1249bbf9b36916d702a7da4607c29a0cb55b6d1bc3f6109946ebd1cfcb6ff36e4e1659e38e23cdc43c5ee444dddc6935fa60f27971ceb0410a33198ee796a07f183c13ce4afed53a44cdf5b8a1c10466d4d5451f95af67abab8e4f9c194edc252138ecbbc15e55c4dd3ad3563fa9ee71730cb29fcf939ad15534c7fdff8cbbae13c11083d8663a0ca25c594fa42747defa3ceb93f9cfc898", 0x0, 0x2}, 0x48) sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f0000002980)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000002940)={&(0x7f0000002840)={0xc8, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4f}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x2a}}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0xfff}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@empty}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x16}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x4}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x44}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x81}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20060000}, 0x20008854) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0xb) 09:53:09 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000bc0)={&(0x7f0000000940)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, &(0x7f0000000080), 0x8) 09:53:09 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', 0x0, 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:09 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000140), 0xc) 09:53:10 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r0, &(0x7f0000000180)={0x10, 0x2}, 0x10) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000000140), 0x8) [ 1461.938696][T19442] loop4: detected capacity change from 0 to 69632 [ 1461.960809][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) 09:53:10 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000100)={0x4, 0x1, 0x0, 0x20, 0x0, 0xf8, 0x8, 0xff}, 0xb) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000680), &(0x7f0000001a40)=0xb) [ 1462.042016][T19449] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1463.999889][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1464.006728][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1464.159929][T18029] Bluetooth: hci8: command 0x1003 tx timeout [ 1464.166827][T11358] Bluetooth: hci8: sending frame failed (-49) 09:53:12 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0189436, &(0x7f0000000000)=0x32) 09:53:12 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:12 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000bc0)={&(0x7f0000000940)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000180), &(0x7f0000000240)=0x98) 09:53:12 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:53:12 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, 0x0, 0x2c}, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000004c0)={&(0x7f0000000100)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=[@sndinfo={0x1c, 0x84, 0x4, {0x0, 0x2800}}], 0x1c}, 0x0) [ 1464.442731][T19481] loop4: detected capacity change from 0 to 68 [ 1464.471950][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1464.519647][T19481] EXT4-fs (loop4): bad geometry: block count 512 exceeds size of device (8 blocks) [ 1466.080002][T18029] Bluetooth: hci6: command 0x1001 tx timeout [ 1466.088335][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1466.240048][T18029] Bluetooth: hci8: command 0x1001 tx timeout [ 1466.246850][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1466.479887][T18029] Bluetooth: hci7: command 0x1003 tx timeout [ 1466.486638][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1468.169902][ T7582] Bluetooth: hci6: command 0x1009 tx timeout [ 1468.319794][ T7582] Bluetooth: hci8: command 0x1009 tx timeout [ 1468.559732][T18029] Bluetooth: hci7: command 0x1001 tx timeout [ 1468.566300][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1470.639695][ T1265] Bluetooth: hci7: command 0x1009 tx timeout 09:53:20 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80085502, &(0x7f0000000000)=0x32) 09:53:20 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@prinfo={0x14}], 0x14}, 0x0) 09:53:20 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, 0x0, 0x2c}, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000), 0x98) 09:53:20 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:20 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x18000, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x1) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/rpc\x00') 09:53:20 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x14, &(0x7f0000000180), 0x4) [ 1472.785034][T19524] loop4: detected capacity change from 0 to 68 09:53:21 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/99, 0x63}, 0x1) [ 1472.829071][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) [ 1472.839221][T19524] EXT4-fs (loop4): bad geometry: block count 512 exceeds size of device (8 blocks) [ 1472.861515][T19536] sctp: [Deprecated]: syz-executor.0 (pid 19536) Use of int in max_burst socket option deprecated. [ 1472.861515][T19536] Use struct sctp_assoc_value instead 09:53:22 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc020660b, &(0x7f0000000000)=0x32) 09:53:22 executing program 1: ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000400)) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$setopts(0x4206, 0xffffffffffffffff, 0x6, 0x0) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x4441, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) syz_open_dev$tty1(0xc, 0x4, 0x3) clone(0x200, &(0x7f00000000c0)="769d58bb75098148b1ce5fb4694947300fd86115e7c1ed92e196d97829907f2677d09c33aff668ea5c15a0f5dc186e68de88d1a3c9d6bab33ba2b923101df56948c6c5f7f1395e78ae4b3d33f30d0890423fab0e421c63eabf058160f28b5d44cbae07845031147594abbaf79222ac6b6111c6cf53b79123f4f15a7cca4c1a5079a58116dba09ef38ef2ab5e876b087e823efb49f850b2079acfb363c25fec4157a3291950fd1f2c2c7e685ebee5cdbb71348b8d55f3d33cf8f2d1c86b", &(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)="d95435c1c4647524678b76a6d6591418f1967c5977dacbd5a5f926798839f1484eda9e3fcd05126ab32cd4cc3bcf4c7f5e6f068871f32cc94fa849632644495b6718e9") ioctl$KDADDIO(r0, 0x400455c8, 0x200001) clone(0xa00, &(0x7f0000000240)="f30bb787d83ff7821ad07fe47cbda9ac7b2b5206af2b93ba46d2e2e9acd41108807947411a1022122931886e7fb8890f2a95ea0aa805c464b4d8665f46712594dfcaa6796fc96ec9edb7a544f48990cb3adb13602cbb55b12aaafd7391db9315c7d95dc870767e13a564cc2c17a5134673534a6181fe7c640cf9ab2525722a057911f03898ce70cdeeab50ba4b613ad56b758ee8738bde157063aebf1e560061cfec8a", &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380)="13b27a5c2e6cac4a1b18717e4879ba5ce4177b8e474c6ee3110aac1372dd24e6c6c8b6d5aedeac77f05da6f7ca3c2d9542db58a3496100c24105de3d35f4e4e56b8bd1") 09:53:22 executing program 0: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) r1 = dup2(r0, r0) sendmsg$inet_sctp(r1, &(0x7f00000026c0)={&(0x7f0000000380)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f0000002640)=[@prinfo={0x14}], 0x14}, 0x0) 09:53:22 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="a9eddaf9ee86ed728ff787fd057cfa99", 0x10) 09:53:22 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1474.694874][T19565] loop4: detected capacity change from 0 to 68 [ 1474.752368][T19565] EXT4-fs (loop4): bad geometry: block count 512 exceeds size of device (8 blocks) [ 1474.815501][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) [ 1474.879290][T10442] Bluetooth: hci6: command 0x1003 tx timeout [ 1474.887509][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1476.879198][T13921] Bluetooth: hci7: command 0x1003 tx timeout [ 1476.885784][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1476.959348][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1476.965796][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1478.959232][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1478.965719][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1479.039156][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 1481.039822][T10442] Bluetooth: hci7: command 0x1009 tx timeout 09:53:31 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80085617, &(0x7f0000000000)=0x32) 09:53:31 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x14) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:53:31 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000026c0), 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000026c0), 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, r1, 0x8000000) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1004, 0x0, 0x12, r0, 0x10000000) 09:53:31 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x0, 0x0, 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:31 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x0, @local}, {0x1, @broadcast}, 0x12, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'veth1_to_bond\x00'}) 09:53:31 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x0, 0x0, 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:31 executing program 3: sync() prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) [ 1483.122464][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) [ 1483.143522][T19610] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1483.217468][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) [ 1484.159857][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.166345][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.198804][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1485.205943][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1485.278731][T18029] Bluetooth: hci8: command 0x1003 tx timeout [ 1485.285726][T11358] Bluetooth: hci8: sending frame failed (-49) 09:53:33 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x2) 09:53:33 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000000)=0x80, 0x4) 09:53:33 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x0, 0x0, 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:33 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newchain={0x11ec, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6, 0x5, {0x5, 0xff}}, @TCA_RATE={0x6, 0x5, {0x7f}}, @TCA_CHAIN={0x8, 0xb, 0x8}, @filter_kind_options=@f_matchall={{0xd}, {0x11a0, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x8}, @TCA_MATCHALL_ACT={0x1194, 0x2, [@m_vlan={0xe4, 0x6, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xd43}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x9b7}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x1}]}, {0x9f, 0x6, "9bc6bb7a724e7cb89e867fefd6627bd5ce3173db2d65d728428f1fe8ed7c883355afe5352e81ef57dae205905672d0cf420dfc61dff8a5a1a069c49ca3cb5ab4b1cd656237dfe510a71177b5976be0bbeb6310af078dd5555bfbf6a2f0836dcbe0144c0af8f59d428c71f20ee19c7cf4c084f15c38b64dc616cb0d60b0e310b487fb60dd8dda4118210fe9ec10e54d47663d2147a1357736d4220c"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_ct={0x34, 0xc, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @loopback}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_gact={0x1078, 0x0, 0x0, 0x0, {{0x9}, {0x4c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x4, 0x10000, 0x6}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x236d}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x128c, 0x10000005}}, @TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x6, 0x3, 0x1, 0x91b}}]}, {0x1004, 0x6, "a750a3a2a4c2791418d6e091bce2ce5f4f2e8915ca249c5a1f7a3989edeb2c59513d379957d2144a3ac630a3ed7c31b9b995abf65ebc97f31c9a2aec04d5af163bd657ef2ea2fca65c7dd9ca2d85120adde8b9f6b77a734d39b8bdc82c3522dac1ec72a44f2afb07e1b04afb34587338aa855e233c8ee6cf1baecd97848da6b44809b39adf3762f127ff4529b35dee99ea42d4a514cbb23cf048caedd47a68797c7561805ebf303b8847894c8710bb6cc06147f64eaae355a451508aa81fd26f9d1e5b2bf1ca30b5c3006f764c95d773937cc5ccfc6330f2155477ba48a278525e1fd052d41794a2faf898b2a035a97c50f352571ec1dafe86d8a5de81a3cdda212bf1e2141db71f509ad35d9a274b1fe59c11289401fb3062deecac9e1d92b26f04b58476a8b1779c379c4973dafb11a799a375bb9e744ac2719a52b008948198a80985bcc79505ed93daebf026f24b059b0c2e8a3f951b1276899e615470a83177700883f14474b756281b56690bf484362455d766e43b26c8c29cb90e412a57efdfe05c5c06eac2faf34818a2e8bc632bfc3427a6139902f0168fdec6fc63b9218fc2031aa1701ce91774b9a133c30521f38fe8fe5e3d2eb3f960f6d423edff700551b8c99cf8ab98d9b302e8cdde418deeb99878f837ba54c9ec5e6188cf4a49da4ab60d56a051d337f908c19d521819c21410c123238dbf01b997ab7b35f514cd210d0f8d040b8161dcc374b8b8df9d3785e448f160b5e5e1d8de9beaf8a2a49c13798d71ae07b361f2802621fed0f4726ae139bd99683d611c5b844a33799ba7b4492b4ff794a5fd9b2f07bcf492666f1c44e67aec4bd93af455738f999ba93eb1f10454adf1f30746802fb3c0d7ba8d3a2c1f4c63eef1e0160683c35d31bbd07b28ebb11f02566baf18eac7fabf03e63d9df4502285ede6f71ec7b92492ba1a2bd6244c7017dcbb4415f1d1d94c7317463c7667da28dab244aadb7cf4af77c642b9e30640ee78af2db9690dce735d9441df9e99b8a7782f5e41a99d15e7f528cdf0fb6a2036007e7d4a4dfa72111fefef16694a47e81bc10b74713a1ac77a9a21d441fcac6b160c89c953183b963c0b1bcbf06532565b0c0afb95e355d73bc9294f14fdb460255c2e6eb50e7e7467709977aa8086037e6eaa94f9797f1ea046468275dcb79200f0025104009a26cbf2c6752429d6d039837e3efce1de2083488439fb06ca861e37d51ba0927435add1d2b2ed34b78bdd9fa66413e223c48c3e03e3de97e89b8a3a53f002956af6d5318b1a9c3573919ca91cb7ad6b60a2c988a30532f93db55fd8d61e1013bebf9fe9a56b6c3f5fe6a17a1c98859a0251bc7c9a3781eb1f3151f508aeb5d0002bd4cd9da99e1f2c08b014683bfa9465bd523ef19de5895bb29ac1480029650041e429507304956c114d905d4346b0b493a1e1f209b7d96630008f7aada734403bba09821f327f2a606477025eec4118ac9b8ec3e567e810ca2f0f0ef3c87324e3c5f461a2484bb8092911bb8ff68459c84fb227a7ce4bd15a3a78766c324b9298e0b55707a699697794ba87adcd39f5aff4ecffd503293558321647f2f6b5c17c58092ccc2a5bbbaf67f7157006993519d2c04b60239b3b6bedcf20cc8511b21736f7203da078ff26fca696d73a350e069d8a7bb76994ca188e38d82374a1fdc612e5cd8a7f1f4517f0532e4aadaaaf67fe50daa9c0193153ede8fa4c4c4671bcdef6a9ba84e4da101167fb8c711202bcfc50f6885abe218374602d5202f55368a490dbe5ed080e489892e010b94df8ba5b0f0075c074ac48cc92a54f151ffc28aae71d6971920240e24439562a9ce4b702fdc36625726da30f91316c6bbab47541dc6d627f1f9089f98e50b890de5a190b93e55c0c6882b988a65b0889689678b73fc890f11534ec1b46ede7a74c130c3302899804520480831e83dbc609d032ba10b8f03a357f91643d11dcd64b8dfc45815840c9dfbce00b9666cb7f840d9c896b38f5e0aa9ebad997641a45042f535e7c799519570b0016fff89bd7d55bdaf864ff9fe14065039c0d77d50453c2810e961ec9904aa5644fc66fcfdd22e05c39d103c8de78a50ef2944c0d2e6f0afefbe1d988516c80654a6457fd21dc09d7ee886a93bece4fbe2c9018dabd63981cf148950ede2bbd6e216fb1f023780d98a3017b6cb5205b4ec2e92a2be91771b8a4451f9f5490c35335ebf2ef262bc8b9859fa66185527b1eb777cd2b00d07807b4327a52ebdad12b4a418e7a1e901f3f435c07e9f2787ad049e6eaa1b83efc3759a9497f695846347b96f3941ce788cd16b522bb172eb369f7867c701cdeb56cc07df61fd94bffafa17330da50fb2e53f0a623a08c82e8e6f2c6255d4fd84c5d4fb1120641b204d93350039665d79d1008b5841f2e82cea0bb9dacc5d5cd8450c6f83903c81798981ae3ff6d8bc5cf1a8a3b6349244cf90d5b65367568123cb21d8431276319e393de1360d11ee18641f51b1e7a0051927d0ce13c923230e3a661693fd42888e7def705b48c7cbb29aa02bed2152d2442aec24fb95f9bd2e00be87eab3b86e6734936bd3576715bd44faf4effa3832fa0d4ba3178640129e7c4097b28001fa7d5f07ee5cad02053391d978f18675afa236abd2a5148c8164a7b4e43d1c85e9fc14662ee35ffc1b466a71e7712ba116b992979b5ec1e31019e8acad91c482e85d1c2fa29f2e82bd154f6492ddf753f69d4f93df12bc0b9ab153ae6d60330090f3b718d4dceaec6e550039d1741041b759e201f2038abe278e4d112924e8872330352be3f7973cea5ff3e607ee9743848a8fcd52cc0d6b918c2149ce37c2d28e12c05a3c230b6f976afc61e557a12d102d4bd2b422da6d64e35e5bd6fb138d10c52a97c057c14678e0adb0b610921148d8c83eb6edbb8df3e3d38412187635fd3889274311f96827b2f19ddec4689b32bf566dd82ca64e67c5ad03089d651100494eb39122f9a410a01d64c740fe7ce6f66028197c08833b8702a652c9ef793186844d96f1b75c0d6aeed7ccaaf86e8b9ed842f8d1a1f17326d0bec3d16674ad4bfcf146ba41349f9ba2429713aa29aaaa4893ac854f2b9a4d80829c380cb4f10941f3bcc6c4950d9ea5896eec0f5a983df845778ef87edc21daaace697ab5d62a91ab713b555926a46fa86344e66b7259cfbd83aaf96518412bfbc569ec2bf38f74970050610d1e86bb3bbc08308af11c71ecbc91f7f8e46d3fe77315cbbc4d6dc070e2fd9937d745e3e9b428edfbaa0ac0d4629ca51e1ecded1d44465d238ad26a667ebdc667eae59c773a56aacaf59e1e4f7aba787a9be2e4d9e0e13a9a397bfd3793d54e9466cbd4fec4f03d7a3a381a0cc75a462ca24b163408c48376fb54e5d0835233c435c6373e93742cb1bd5c72a9493ceb648a1e2976c2705366d5c02244165048c7beb821d59ece19a96eba979018dd0a63d31bdc3a051715a49709a236f04987546f2c17098412bdac5727b524a8d1435609b55399c68b61e946aca41738c78b13c53693b21bfa0a917f78b22cfa331e65631f411d3a27c7deb88e89724ca23db67a67b5bed9ccbdd2c9431353b9bc6c0bce7235289bef08d17eb82556c9a78e565df497016b936773063f6fc2746dabb0c624570d0e9ca0112bef26a4cc09c99f7e12a3e50beb99e1ae0aafbd227c2957f41c3f5aaefd2938edc5e85a62762a1fd58844da31921e5ac7754ea16a7e42a377b517bbe9d87d5e3f54cfea549890cf0d400bdc549ad5dc5fc3939cbe3ee037b8195a594709aa19fa3683c5cb32a503277bbbf83b2b1b96162c2dfa70ccaea08d5bcb3a62f3ef29e2bd7e28c302712b13e070a37af3840c9b0721cba2f8ccc2eb71d269d3638bef32eb754c16502d50b0f89d1034cef9fd782eff9ce8eac8fe4a95e56793826eb7dd6c6a08e74b77bdf10551e820e4417278f12235f78bddc7f40aea41f6d671beec1b36d01a8e5179aa63fba404ab49911f670d9cd5c2165a7828af657ad6493dada7dad0fdc9c6c26525ccca51e4f8127afb9cba5fc56ee1e09a0e795ee8179d6122a1a01d938947eebf47eb52ef882a455fb2a4ec5a7f1e7d156fb7effd4e6bb887e6219ef3a629f95b9edbd4d7d427590039327709a6bf8cfa6d5012a1be50aeba3a125a74a6cb2d448084bff1d4afa81875fe8033ad30e61c559ce975c545020353c1dfbf51056c524a802aa06e19520cba3573092f13763a1479680e6a8f6170d7a51dd6bd028922b065edf025394ba594be8901c4a76eda7f5f909825cfbdaa6305fd21a277b66c6b7435bd2bdd72750c72d5f1af4ac9dd4f570f4688e87c2b28127f8ee04cf41b146e64b482d8e6914fdfa15dd45b2efe0dc22f6684804db38e366450d5db811beacb5f8567c8a65fd4d5141c3f29d1b63306e229c3b0a0f46dd96c8d8be949a648e8360ccad0d084765b5c79af47ba13e7e3da5bc0f6d26ab67c4c7aa0dd030426db4b4770549b284a6a9f3aa46c4e4068ad6874e900067fa4f53c40a914c230ef693bbc836c6b4e776c8e73dcaae75caf3f71e92ab2658072d874aa4382b92ae6872ef7c08cba50b4ce301262c8ca840e3468a7fead7e21e71ede13d82c63820669144deaba53051d95e3fe1e651bd37bf77f980a1f7fdf6b5ff12e04ec231ac2ba7aac2e3bebeb94d3d29bc22fc37196de7824d71e8ae09dcf85471cb33b3a80ca5a935323ef9de6cb0b4c41cbcec684e7d1e0a3b5b45bed663fcebe8553bc0e328119640cbf3d5067212d5f207176838e4dce3d45251058bc109bca303f339e63fb339c3cb1c32a65653a557ff433e84fbea7cbb6fc175480d9ade349bbb5c7ec8f13fcd06de0078c4e62c528f5b26991a194851dfc76094824660d19921b0aca92609753fb933a04caab2299bed0aa3e414349f48f0cee950017bbcb5a3f47f22efa03701218356f32e3b8b09828e2c6747d637914a08243b1e64c5c24695fe30c3cdf47ada7546e2874c36526c0d2291ac29e89749d17781a8ac93bb9ac682bf94437b237e5cdeb93ae5efaf888b7ac203ff1304f4fad749323a13e820e01c17ee64e392b452600d8a46a82fd4fb3e8d8c522b4a4c74304a1c84edaee7f3c62d7f729ff5b491a7667f4761d5fc31baedaa6e911a712434d88c395058cecfab93b799bbfba31933eadcfd6940d8e9a9daa842c0867d9e5a9e44587499b08a24cf43180a2583bf6f5eeae091237b977e75313a43a83ec267bed144e5644e07dc917196d3b6dc14b2d64639fdecfd511fce456113858697c969246947c3ff7b8e04b1c242a78f5684b0eaf5f75df3223125deff0e5eac89481d9e3b0cbc4bef43e1de4c20ea16f1b218e66528aac8d06c867f54cd5c752ac90aed1998596062a1dd59e2f09d7ebf9a5fbf735a09858dbea051406ad42aace4285d7211815ef0fe6a3f0ccbb80f40ded96f5ec6bb290426a696d83bc5b1263f424a0d0de04f3b8c826b37f75c9c26d36f2c03d6abe6a66ac0ae21699cec6a91b947ce0a938228d965af8e2c4fd4bf615e95af3688723bb62ee1288169047f11885ca8311ce8e58e520fdb81ba64ea4f0e6261146001fe0743da7f734fe459226c49d336cde45fbf900b7105377d45347993c34bfccc86ebb87446e824bc68d6bb93e93cf125e391d308092c30b82ced1c0e7c688b02847778806c31031dd8641f8f1f91b2b972eb2365ab06ec5e254e2e49f1cb67e3e40a5c2a302be74aaa73f878b7fe495b7479928ff494878f157674bd16b4856404"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}]}]}}]}, 0x11ec}, 0x1, 0x0, 0x0, 0x1}, 0x10) 09:53:33 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$ASHMEM_GET_NAME(r0, 0xc0189436, &(0x7f0000000080)=""/4096) [ 1485.669370][ T8] Bluetooth: hci7: Frame reassembly failed (-84) [ 1487.288685][T18029] Bluetooth: hci6: command 0x1001 tx timeout [ 1487.295711][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1487.358700][T18029] Bluetooth: hci8: command 0x1001 tx timeout [ 1487.365157][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1487.678671][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 1487.685219][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1489.358664][T18029] Bluetooth: hci6: command 0x1009 tx timeout [ 1489.438604][T18029] Bluetooth: hci8: command 0x1009 tx timeout [ 1489.758545][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1489.765458][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1491.838413][T18029] Bluetooth: hci7: command 0x1009 tx timeout 09:53:41 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80086301, &(0x7f0000000000)=0x32) 09:53:41 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000300)={0x7, 0x0, 0x0, 0x5}, 0x40) 09:53:41 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:41 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f00000006c0)={@rand_addr, @remote}, 0x200006c8) 09:53:41 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x10200, &(0x7f0000000100)="8808d52b7e692406be26fe1e6c15cbdec27e9e4384540dcd84c5d03195b2ace7b77cb4b78ca7e55fa777a59df4eb56ce4bab8aec554badd131330aff42b0b7600efe8ec045c648e6771c8e6a9f99ce24bd426b6ab1766cd56cd9f357e91d5e21fbe9663ef5e6a41de0ceff0efb7d7773edae44e3014dd40ca6e178f8ae32e4cd3afac91b6156c9d30c9239765f2c02a40e0c2b3b436df04ee3e9ec337b3ecac24e3fc7b2d68c6ed74ea44c49e6b8e5a668acf300ae2fe07b7e2cfd9e907668d2e5ab16dc802d5adc8de1c2dc91cadf7f027e278f883ed196f2fb97b6a9948e2422fd67b7f050bf98e8e731f76b3a1bfb371ac417ca785c0928df", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000200)="f4f122b990af4866794d40387b8c36df1cfdda5500ac14c31018fa0134e89bf8f1fcbaf1edc40202da027c42f7da9f90dafa3c736f8d8f3e6ea024c8dceb152574cf6de67e7d9d8bd89a1303fefae4d08966a7622b5376436ea5bf40ad2c2cd7d8c30c3adc6dad4afbe22d4dd64e2e6bb164c3418179a7d471ff8304bd85a556f272a5e7df8fc7b1ba511e2a8361b69c6b") exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1493.908605][T19676] loop4: detected capacity change from 0 to 69632 09:53:42 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000001500), 0x0, 0x802) read$usbmon(r0, 0x0, 0x0) 09:53:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc}}}}, 0x28}}, 0x0) [ 1493.980794][T19681] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1494.004034][T19676] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1494.033862][ T1124] Bluetooth: hci8: Frame reassembly failed (-84) [ 1494.034427][T19676] EXT4-fs (loop4): get root inode failed [ 1494.075099][T19676] EXT4-fs (loop4): mount failed 09:53:43 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x3) 09:53:43 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0xed4d03, 0x0) 09:53:43 executing program 0: symlinkat(&(0x7f0000000600)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00') utimensat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100) 09:53:43 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1495.765672][T19711] loop4: detected capacity change from 0 to 69632 [ 1495.792475][T19711] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1495.807715][T19711] EXT4-fs (loop4): get root inode failed [ 1495.814103][T19711] EXT4-fs (loop4): mount failed 09:53:44 executing program 0: r0 = syz_open_dev$rtc(&(0x7f0000000040), 0x0, 0x0) ioctl$RTC_PLL_SET(r0, 0x7006, 0x0) [ 1495.918227][ T1052] Bluetooth: hci6: command 0x1003 tx timeout [ 1495.928416][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1496.078106][T18029] Bluetooth: hci8: command 0x1003 tx timeout [ 1496.085491][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1498.008222][T18029] Bluetooth: hci6: command 0x1001 tx timeout [ 1498.015337][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1498.158160][T18029] Bluetooth: hci8: command 0x1001 tx timeout [ 1498.164747][T18483] Bluetooth: hci8: sending frame failed (-49) [ 1500.078628][ T7582] Bluetooth: hci6: command 0x1009 tx timeout [ 1500.237967][ T7582] Bluetooth: hci8: command 0x1009 tx timeout 09:53:52 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x4) 09:53:52 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000dc0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open$dir(&(0x7f00000005c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, 0x0) 09:53:52 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:52 executing program 0: getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f00000000c0)) munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) 09:53:52 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80086601, &(0x7f0000000000)=0x32) 09:53:52 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) clone(0x10200, &(0x7f0000000100)="e0a9def78b52958a0cdd1d8309b2a57a7bc0075e960004235fe80b34689051e895b3cda05dbd27ae8f331ff9e228a414ee016e69ec3ba0adaa89440a338129cc407b42afda06dc441043585067eb1208f2466ac5dad7d6234a53fbbced5ddeb8623fe22319e217c604ddd09da3d6cecf5ed046264dcb495f80689da299573409f349160a83c7508a82a5b3bca270471c2b6c0033401ff390b55c8ada0bdc14e73ebc8e372d8332e45ec2fab1a5fe159d315ae49e8760dc918beae4df59913cd2e094787d0294a4deadc2f70a99", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000200)="7b7acfc0b35ee389fb16222d197bce295e067ce8a520f8a9dc74a19dfd913c2a3d99e3ee5c1d6d341816ab6a301b30d476") ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1504.813313][T18483] Bluetooth: hci7: sending frame failed (-49) [ 1504.835504][T19759] loop4: detected capacity change from 0 to 69632 09:53:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f00000005c0)={&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/220, 0xdc}, {&(0x7f0000000180)=""/51, 0x33}, {&(0x7f00000001c0)=""/166, 0xa6}, {&(0x7f0000000280)=""/194, 0xc2}, {&(0x7f0000000380)=""/133, 0x85}, {&(0x7f0000001080)=""/4096, 0xfffffffffffffd8a}, {&(0x7f0000002080)=""/4096, 0x1000}, {&(0x7f0000000440)=""/95, 0x5f}], 0x8, &(0x7f0000000540)=""/118, 0x76}, 0x0) 09:53:53 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0xb, 0x0, 0x0, 0x3}, 0x40) [ 1504.868311][T19765] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1504.921101][T19759] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1504.960065][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1504.969523][T19759] EXT4-fs (loop4): get root inode failed [ 1504.975963][T19759] EXT4-fs (loop4): mount failed 09:53:53 executing program 3: syz_mount_image$erofs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={[], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@context={'context', 0x3d, 'system_u'}}]}) 09:53:53 executing program 0: mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, 0x0) 09:53:53 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {0x0, 0x0, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:53:53 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) connect(r0, 0x0, 0x0) [ 1505.209555][T19788] loop4: detected capacity change from 0 to 69632 [ 1505.243807][T19788] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1505.261320][T19788] EXT4-fs (loop4): get root inode failed [ 1505.267346][T19788] EXT4-fs (loop4): mount failed [ 1506.797646][T18029] Bluetooth: hci6: command 0x1003 tx timeout [ 1506.805064][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1506.887666][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 1506.893980][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1507.037522][ T7582] Bluetooth: hci8: command 0x1003 tx timeout [ 1507.045769][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1508.877538][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 1508.884696][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1508.957585][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1508.964395][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1509.117604][ T7] Bluetooth: hci8: command 0x1001 tx timeout [ 1509.124586][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1510.957485][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 1511.037620][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 1511.197346][ T7] Bluetooth: hci8: command 0x1009 tx timeout 09:54:03 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0xa) 09:54:03 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000008c0)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc, 0x11a}}}}, 0x20}}, 0x0) 09:54:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ifreq(r0, 0x8943, &(0x7f0000000180)={'team_slave_1\x00', @ifru_addrs=@vsock}) 09:54:03 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {0x0, 0x0, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1515.003671][T19818] loop4: detected capacity change from 0 to 69632 [ 1515.022901][T19820] netlink: 'syz-executor.0': attribute type 282 has an invalid length. [ 1515.076611][T19827] netlink: 'syz-executor.0': attribute type 282 has an invalid length. [ 1515.088240][T19818] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1515.109049][T16482] Bluetooth: hci6: Frame reassembly failed (-84) [ 1515.120167][T19818] EXT4-fs (loop4): get root inode failed [ 1515.126375][T19818] EXT4-fs (loop4): mount failed [ 1515.131845][T19824] Bluetooth: hci6: Frame reassembly failed (-84) 09:54:03 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x801c581f, &(0x7f0000000000)=0x32) 09:54:03 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x1008000, &(0x7f0000000080)="adfc7e5f06341734d8dfa0d8fe0c7c2b991b2750eafcef788511", &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)="19985f0dedd20f5554efa3c8b7a64d79c05decc898581dc2ca01dc33e63d7ef5578895fc95d9c748bbe90754484f14c133557d4c03aa388219d6115fa188085d67cca7a0b0810b0dce51430f847b0fdab61533f6f15a185105a17d52cc5c6fa618e5147c9af7abddb48aa2238b288a2ca2119690b21c3ba295eda342359a5e1636d624c268bd98c43251f1c7feb4c4b194422b646ab981125e838f8ec7ffedfe8a08fd8a8fb7fbc7309ac8ca0d8d0eefa5f7e3284efeed") exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xdb2b0616eef772b7, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:54:03 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000026c0), 0x401, 0x0) write$cgroup_netprio_ifpriomap(r0, &(0x7f0000000000)={'bridge0'}, 0xa) 09:54:03 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000040)=0x1e89, 0x4) 09:54:03 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {0x0, 0x0, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:03 executing program 1: clone(0x2d164b80, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) socket$nl_generic(0x10, 0x3, 0x10) [ 1515.709029][T19851] loop4: detected capacity change from 0 to 69632 09:54:03 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, 0x0) [ 1515.777587][T19851] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated 09:54:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x24}}, 0x8) [ 1515.826360][ T8] Bluetooth: hci7: Frame reassembly failed (-84) [ 1515.878093][T19851] EXT4-fs (loop4): get root inode failed [ 1515.905188][T19851] EXT4-fs (loop4): mount failed [ 1517.117108][ T25] Bluetooth: hci6: command 0x1003 tx timeout [ 1517.124799][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1517.847017][T18029] Bluetooth: hci7: command 0x1003 tx timeout [ 1517.853962][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1519.196967][ T7] Bluetooth: hci6: command 0x1001 tx timeout [ 1519.204155][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1519.916931][ T7] Bluetooth: hci7: command 0x1001 tx timeout [ 1519.923701][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1521.277769][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 1521.998381][ T7] Bluetooth: hci7: command 0x1009 tx timeout 09:54:13 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x30) 09:54:13 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x21) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) preadv(r4, &(0x7f00000006c0)=[{&(0x7f0000000200)=""/11, 0xb}, {&(0x7f0000000240)=""/31, 0x1f}, {&(0x7f0000000280)=""/35, 0x23}, {&(0x7f00000002c0)=""/184, 0xb8}, {&(0x7f0000000380)=""/103, 0x67}, {&(0x7f0000000400)=""/67, 0x43}, {&(0x7f0000000480)=""/48, 0x30}, {&(0x7f00000004c0)=""/47, 0x2f}, {&(0x7f0000000500)=""/190, 0xbe}, {&(0x7f00000005c0)=""/221, 0xdd}], 0xa, 0x3ff, 0x3) sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@newlinkprop={0x58, 0x6c, 0x200, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x100, 0x28a5c}, [@IFLA_NET_NS_FD={0x8, 0x1c, r2}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xad98}, @IFLA_ADDRESS={0xa, 0x1, @multicast}, @IFLA_NET_NS_FD={0x8, 0x1c, r3}, @IFLA_IFNAME={0x14, 0x3, 'batadv0\x00'}]}, 0x58}}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:54:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) recvmsg(r0, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000001280), r0) 09:54:13 executing program 3: r0 = socket(0x11, 0xa, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x8941, 0x0) [ 1525.371353][T19900] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:54:14 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80286722, &(0x7f0000000000)=0x32) 09:54:14 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680), 0x0, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:14 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000026c0), 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000026c0), 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x8000000) syz_io_uring_submit(r2, 0x0, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x4100010, r0, 0x8000000) 09:54:14 executing program 0: syz_usb_connect$printer(0x2, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x10}}, [{{0x9, 0x5, 0x82, 0x2, 0x40}}]}}}]}}]}}, 0x0) 09:54:14 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) sendmsg$xdp(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000000000)="310b40b2759a5eb8764901000000000000003ce439c492620f01ea47c1d44a9bd27e97547c9b8109738536359b6e147187c6b9f3d48d94d306ad270e5e88c7baf28b9429ea19a0b45f3bf625972b45e9e13d1fc01154fa7f16b9592213111b0fecd1e525899e0af5e01fe4d335c0e501cbd52f3bfcba6d6ea1b7b97cbd3bca37f29f58e5b109aee70c9f84ce141cdad910c09c32fb4ccc831ca602c5f69a9c0a58dd87f5d6897f78902ea877e66617441fab3892bfe300"/195, 0xca}, {&(0x7f0000000500)="5cd951048fc43e2068cf751d873d9a697f9aabfe90031a3000db71ac619667522ad311cde23189f5afff4a0dd572070291ce795ccda0b2b2aebddc2da6d681", 0xfffffdfb}, {&(0x7f0000000140)="5e6949260c704ccc36aa7db43212dd2c61077e4e7d50d3d3c7f9e08f2be7b62915dc97f5e9d2a616c6d3e0dbd7468a3352780afffc16f1fe8ae47417e13736310cdd853317fa2ecdaa46cf", 0x4b}, {&(0x7f00000001c0)="5a9f6ff0be3a62e3a3340aa36e3e3f56e4175ec54df2b7e8321fdf45376da6a3e6b5de93041429587131304340fe635915ad9d6c796a184255f1bc2c0cc491b43235cab3c57dfd2695ccab5ccad8703208bebd79b57db602781df57d4d499244d6ee3ee1cf0c855e05fff90ab9debd17530f0ff98fadb68c2e3587824e2f55bf081f51133d8b0e8edfa31ce1bdda91c215edcc522a9b06e6e56f12c867e7aa110b275d0b29f246c6129f5f212931e56faebe2dea3ccf5f228bf5269a2fa73dc725e7ff00edeee471e6527628b74a48b3bafa0fff4fb554c4a6d428baf72e02", 0xdf}, {&(0x7f00000002c0)="dfcf31e0e82db9642186db9fcba37424422c8d2ab076fcc4f61e9fc67cdc92fbc36eed871d5abb031746194e0c6b5cf52178634371977e12497c2b35f74d56b6e851c3ab27993e4829ea380cfa", 0x4d}, {&(0x7f0000000340)="6305a1629df15f0cde93d14b6a1d4ba042c656920bcca291e8e1c4370a7a9570548ac51a777d3d4e25ce70dbf3801edaa4e3025388abe29802c8b20e2e9310ac1e7add897af3ffbcb975c7f4a8f40af268f4ab985b9e98cdb955966a0a2fd0c8bc830f8a5791ab86a5e2d857779c1bf275c228b41b7e7613188aaeceffee30b760efca0cca9f066f78b026b8f6238f178da207c30cfa8b0a8fd299bfab57f726c371ac4e844bc3102687f69a7bd1a96afa5a0c24285bc738a2a217c5cfb422df0bbcfdd7b66aa4e6c580efcc0ed0005ccde0ac224167b745ea038eec93b3860f8ff681cab47f623a519496ed", 0xec}, {&(0x7f0000000540)="fa6d8d39994dd8b856db16641a056013c527fd1bb147f2940daf32d8977ca0f2d6b93bbacbc2de3a3659b21549ef40228f07e1eb2430fffa742b4dbda2a75fe15fc4dbb18f54fac51a271f3c659a7c81000db0ec5e57e26fba498a7f5bd86c2a3fdfb6949c6b9065d34113d5dc6f982ffc506bcf9f007a318ee4d049339e111c4fbd503a2f138cdd02ef7fb377493901fcbbdd64efe0f1e361885c90bf75bc25f6130a0dcad9000a89c1d7dbdc80ea34ae439ec90a0308eeb2d53bbc8f2d4609b00b44cd5cdee019", 0xc8}, {&(0x7f0000000640)="b89b86107de4653c9ad1d86309dedfa0dcce753bd402b3de175a9cd1ff6151417c0c0007c3a0807c98de337fcd5d40cd7fa86218916fee4d9218a978f06250a6369b13c66b5018c8493cb193f206624772593b7ec35636be7b2efbc41dc905fc898f80ce649dfd537902f5ad164730942902acf5e2842cf841f703c4d146de48985ee46eb5746a917d437736bffc24a2b4adb925419c788aee3b8326534baec9a85affbc6e7dc78a992d9f34437402d52482fa", 0xb3}, {&(0x7f0000000700)="76436a8b5975422537d8da3c9b93bcb5ab5be808e86823480c1e4f7c33cc498b544d89ea94c2ca3bd92477833437e5d911918121e264afd888af07923d70b54179e3a43982b42fa7a8f8cad41dd04ecdbc06d0d7ecb07ad95523abde5ef7bccb69b1ffaaf75f59a35ab04a46c8d048f82b0fa54ffd3ee8c53005645b17bc049b57eb207ea4b46f9a6b11cedc7642c4b4b15504d803ac07dcf5032d462b09473604972a838e4529df2835acafde88dedcc7bd3292362d12f015c41dc0214065b27b786473f4b3224052b5b41506f133b91a80ab9c489f989cea7e97f0dcad682301a42bca1c308c9a1389bcba0dccea6899933c362d1734027e866025faf19228b982565b0bd96b9d26171e13c21c797d9a62689b8b53ea6d73f47b829b7cf281905dea3d03ae834a674984eaf8b5cd563c40abe1cd047d13c5587f50ef5e77c490a62eedb24838f0ec5e8c772a6d6d05ac4883a5b3b4431377f12b69e539200b1df735e364c9b26959099af41860f478a9cda0e09cdac1e100ea70bf03edc65b0338d97f4f07c8a99c0be2e4454b6b483a21f52487936644d528a0fc2280f3d0f87eb2e2b91d57d290ad9eb356a8eead729f6802e697240980040322eab28b91bbdf18ce63358e643192d01dc7e5e1e52e135798f3c210630ed15e162d97612107ad9854143802e8422119aab648fd80eb4ae1dc5d0e36eee285e2f838d123212715c137fa4be139fe0716e1f35e8f907b33854b0822209c314f19cb09a5a0a675dc5a6b5f5d99c8b60c5260f051f05c120ea16273c2aaa8ed1cf63d103a5145e12a7c2f07204f2bdc6db37f0d5edc3e4f29d3cd22f6bc3ac610e18760a026e34917d4dc1af6da7aec522ec6fca1efcb6606001e4c8712bf88a985cec161eb48c532b735a267159a06786ea5f7e9c7d8ed855abce3fee05159a49d1f55fb8de42cdf5a77d8b63b0e3da0fcbdcc704eafd6c9569e9333f6adf63b8cfdab1374575e71496062403b7ebaca4bccf233abb7a0602e150c4bfabf6996ede7d9cc8138d04f92fb4d625c7c74dcadd559f24b12770c869b001c15f8ec706744b4fe7e011816ce6f2287ed5f248e34c18116aeebde5aa7f7650d3bf7fd1cc7372159110a08e0a679fe2b637351e56520bd3c5fbb262078a20bf7f984474dfc2f0d5974f2003dd8bd92005dbd31a9d6040afaa3ebd81d60aa463b22ceb23d93ad719f8695c1a585dea78d93e352e524a4a3da1ec146b1b2603005634d6f67d4c943ee238029514403cdcfd27a080c937e848eb8288971138539207adbf386c95d046ead587e1c720c041befccb0e51bc88dc200392daf840e2c1bc9b2006909e1f7ec7c6ca70cadba68469c50b6912fa45d9f8b1d25ff52e63b24223b692a894fbab88eaff07adf7e1dd5f497ca4c7b33334514bb59c5731a8fb3a732a515d9d0564cc3449129ef3fb858efa5a68a23beeda2acf0a08018b50646906d6428b11f740ca869cbf7280a2cf4716d89ce398f1c023f3f1e6078993c0f8e7144b0fc92b71e5e6669bf758ddb0ee03ca561f8b3770ad9603de11936ccc9ef3f4313a20fd52e1ccb0099545af6287521d5c81e860c003001c846f18e01c829c5336cb02d494480939da01d11becace1959c2c7c41b344a358ecab4b8c57777bf96ff4aa3b9d6d3995205a01ba5894b5748a605d6bbe0adfd8252ea9402c156b5dc916c7c69b3a64950028c9f040695b5052e300583e7b8e372a72bf9427a0625f93c5ff00549e85150dc35f44d50be28b4d7cf803882907b344a36c27dfd264d3b686cd02ec02a409ab43d4bd0cac2e5d2a1d3a541a4fc990ee7c78272af05e5e13288ced161f90b62eae07af542c54a37b0f4a3521fc349c9fa0c355527b3db0477b5135b9d3b0f8fb15bc6fc998b034ef28655850330d672ef5b76a9f006ccac0da6acb2f50cf1760c503bbdb92913ce78d52325831afb25a791ba67311f723d9dff40e01d0b39e16fc0f0b9643b7bab988c6d69a800a6b415422909b74e156756f1d51e90264a73678847b82335a8696d03559e5cc1acb6b3afe757c857fd94dc54777641756ea30731912196a4a89a003510568774ecfb0263bca46853041dd9f873f3a767e234b7aaf8c914f50f318dbbe47fbe7171c264626e14c82cb2af7d35d3efe6da0f97a6573bde6cc9d6335630f9932ffa57f01ec36a679a7dc34edb83cb92bd10a3a6bba230c90fffbc7611d6e56e5d7f1e0bb4d11c9e187e2e75c1ffaf5ce1cfb4c3a8782a0a4abe7d277faae9586f5995d502cbeb7aa3cb301828c3dca14848c2ff622e13ce9896ad57d0cc934e5ee5ac728fc157824e278d3c7f984930ceece6f24db2beaed99fa940772c1c421f5d2a995a08fc0047d6802ba72a448bc80f696629a21e37eaf4f4765f0968dff7f0642c8c9e5411a76279bc0b7cd884bb27c1460b0da50fccea2dc5b3636177a6433eb49495325a4b5bd7154b2e7f55d61b118c181421867282adc6e59e13a73edcf6ade96f707040d48c0e7b3174ba5357c376627f08f8601f7459b553f0b39ce35c61823b59fc3422a568a0d29aad39794a5a7cbdc870fc5082f27ee107b24ba0834bd2b4e5aacf34f9f8d502dc2e56aecffb40a91e6d5d41320644423831ec5d03fefa6bf6273198f9e59450d9aa82b0f34a134e9cb63d889ed2eccd05809ee256a9c7e4a1c3d37d77dfdf9e9df4486a4897530ab79a47995f3d3122eb69f417b5e0fe8307e561b4a320f68a87ba7e2feddcf52005968b4a2573b2fdb047bc9e8258c19f4b0f3eb7a0021d0cbb5eebe967707dc85c0e3abb30f2922fa25c9eb64c69d7c575d72f3e28cac5f3437f83df24ad75854e9696c60670a1b89828557dcf27cf421ed9d587ea03b8babca4ce89505e35302793a6e93df912d0d0d07bff0e76264ad6d1505eb450ae2cca32290b866492135cf0a1ddbca69eb029222125744dbd396230c4016d5ceaf1d5ae1a2ed53af6cb7df9a0de6686b3b9819a9fc770345eafbee69910f0b03b18321f0cfcf5aa55354962f007cb50168de309a4daa1120d7db5373400d77a56b860c3914289114cf7aeb1c38ff388b6c50dfb736775fc686fa9cf18750e203de07ecc38a8db5e59298d52a4dfdb23cbe0e3f7141304efa7e09ba862bc634d378e9ff8907e9ee487d46de4a5eb0e70ceb05b1a44985cf632d54baa35c7f7b08adb5f704885a89a1b95734e77d97f9ff6e23662ddad797fb67285966d17f2ae9ae5446037bfe3f9c9ed7908cdcafe4a0d209ab49432b5ddfc8a41cff61fa64976eb558bf83d451984cc59a3bb7d2467b30fa4707668c01bfac46ea74b79f207d41d06ff3d33b28d62dfbfd4b372c853fafe99138b11dbbfaa663bbece2cede1b72873d4f1633ed3b466a71e060d6aa5042cccce03685d77e5af327e84966f6c23b13a1c82ee351dd0d5eeb287b7f2555b5d6aac63148d5bc631a27de5bc88c98a92f464a94363b5a587dc07114b7c526376116b2a3ca6d6ca4f50bfea9ec57073a48a66a7075d183d4497d831008f4f1b3c0e3ddae62865c9289841611dcbee0f6ca5a3848c30b001e96f9243950528d275445387fe65a71d237bd5031bf9762a7d9db491ca896ea0bb0811e0928ba4ab4b2d01ffb917a49815fdb8bf6ecc1c56c97f869efca333a558987c8a261138781847f34144a61ddffaa489e1e447e95af78e27509b1635a1485b046e52e994c06c465b7d0d5b82cf80b9955c9d75800db7a2679cdb6f10f0d2fae1a80c25ffb287f8efd300da651d8b37f87cba5e18d2ce5ff5da89cdef8b429fd45c413d0d1d4cd35c42f73cf3563206b3b3f513dd46300c85da394f8326432b425c4c423c830c2d942c1a77c164636e751701fbb76a95951d671fe7fc0b13b241c6b6efdcfd57ad2e41491a6b96f27bcbd8087ae5077cffa07f63f8745d77d95bd155a681b41d67190bf988991faab9880851b6430851427dfb635dbed0ab7520b5de3ec4560e75b1c896b9314f3b646ace43e0c2324a43bd7f9d9e9e7906f9a2a3cedf9bccb1e3c31ffaf3d508f003ce4481d69c14d8889078eadec2b353491b6261843ecc90596bd5c91acda727dfc81c6000847905cd7e1a600625704989875f5be882a1a86b379952b86c9a32a1f0014e559bea0712f02c19195f32772ef375a0211227763fd55e9aa5c7b4f9eaeb4d4f49122b234b1090f5849ed31607b9257c480edcdf439897b5f9f9ea6202f96e492df964f7e01ff76bee2b280c82748381a6ffe336649886c597cdab3e9236d83622128d3874301d7666ea4085a40382cb5ed643722863b40cbfbea6fff5bf175a1e3013a881115c6eae2e20fcb1cad384a419ba1abd6dbaa239270e206a5fbf7a4eb269e0741db926aff775e613966b5d93fbff41871ea4a70267c711485bbf6fbdee077255684f4fabf4be7883466349aaa912592c108ede91fce52f284c375cd7aebc6a44eb355e38ba89b039bf5ba704accfa706cc3732049f3a6d0249f52c773e4c202e0a343d855ec433ae2b171387ceb432fb5435d336f859d6010fd7bd8a7c09b69d8f7075d0471010fe583d37e30a7e717fc81deb77541e8cab64579afc56c57e47e07406c6e9cbe443aa059449e0815ce6b41fd1d00cb65f04fe2fe29a79cd422c3f2253b5220f4a13ef781544405e6095b627596abd1d463858f896a8a5074ff8039d0490e502d242520b5996a13d413cad2bd43013918f72c8cbce3b0faf5038258ca19e453bc0623116ae574c09170eb566d39145eaf1b1ec9fe6429b77ffe106829c1c60dea16c19b065f0710b6f8b6161d8e8ca9e78008b98198db3fb55d72774eb9d62a75b4fde2b75212dbd311b0d81ef9087f6ee1a07033b6937f613648569d6d17ea53410a517d4c744f02fe44d0427128e4fc701f2adeeb09ca73dc2743e1395ea4ca3f264715bfc570c632272598a42776eefd81bb93ebb5d0f4bef9a292410e89ea8130bbf401d9eff31b6e1322d73611b6cd545f95b3033e8944d13ce38310283e5527a9f51f5c2ef0c178bd9c81b6a1cfa35613ec1276f63aa7125abacf73dd424005dd441a484854be88fb996fd7a4704cbb19b3953fa981d6034181900581f1304f64a72cd1f4613e9bfea246e4a84cdf73a6739c0e4857d472b2cccbed2ca8ff434b7febc850ea0639613415ac360d3608474cf96041a8d80e8cf100609c75043d4103d3247ceb9c291caad12ab8311bb0e587a288a0d314ed53330e6066d09848565973769797d31082d6c3d998fee90d015d5c3cfb64698339daf1bd107d20e643c5898c2f5d34e5053d00f7b1974ef29c0480ab8c1514e58d19145cb27a8af34c2beea8b04161727cd2ec34b55a0f10837377e6abe2d3bea1eb88b3794c998ed59812ae465e4e882e605318bd985f42a3829cdff788d9c8800aa0f2b7a1b53739822cca6e1e3728e11230116c97f8958f8d1986a03cc2b5c967f80c95f8bafd145e51ad4577fd27f06e925b7b7231233d9e4eb9b6273530c13a0467e9497bd6f50ac791f441b346f85968adb1903e7edca60a3c3d506a4009aa3275d95a2256cdd0a70d345573aacbd002498983a190fa24b4de29806de4e3269f24d6be543d1bdafc732a21ce6b4a8c576d0f71ff5246ba733ae685b84b3a44acc1b3afc0741360547ce3e41a7fa0b867aba49085ea77dca0b9317ccfbc23cf032b7d668521b9fe175c7e9dc5ed04761183bba42afb36f2cf6e09e689c81fd9eac6980654608ddfe7b6f99a27b40113047dbff95bc46db091dd122285927967bef", 0x1000}], 0x9}, 0x80) [ 1526.521828][T19920] loop4: detected capacity change from 0 to 69632 [ 1526.575488][T19920] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1526.593790][ T1136] Bluetooth: hci7: Frame reassembly failed (-84) [ 1526.615780][T19920] EXT4-fs (loop4): get root inode failed [ 1526.625074][T19920] EXT4-fs (loop4): mount failed 09:54:14 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680), 0x0, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:14 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) [ 1526.806669][ T20] usb 1-1: new full-speed USB device number 19 using dummy_hcd 09:54:15 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xf00}}, 0x0) [ 1526.906887][T19943] loop4: detected capacity change from 0 to 69632 [ 1526.954603][T19947] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1526.975223][T19947] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1526.976701][T19943] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1527.003620][T19943] EXT4-fs (loop4): get root inode failed [ 1527.011017][T19943] EXT4-fs (loop4): mount failed [ 1527.247035][ T20] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1527.356912][T18029] Bluetooth: hci6: command 0x1003 tx timeout [ 1527.365556][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1527.436559][T18029] Bluetooth: hci8: command 0x1003 tx timeout [ 1527.439143][ T20] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1527.445075][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1527.494420][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1527.513327][ T20] usb 1-1: Product: syz [ 1527.524087][ T20] usb 1-1: Manufacturer: syz [ 1527.546616][ T20] usb 1-1: SerialNumber: syz [ 1527.824570][ T20] usb 1-1: USB disconnect, device number 19 [ 1528.616622][ T25] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 1528.638296][T18029] Bluetooth: hci7: command 0x1003 tx timeout [ 1528.644705][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1528.996582][ T25] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1529.206477][ T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1529.216801][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1529.225164][ T25] usb 1-1: Product: syz [ 1529.231144][ T25] usb 1-1: Manufacturer: syz [ 1529.235938][ T25] usb 1-1: SerialNumber: syz [ 1529.446439][ T7582] Bluetooth: hci6: command 0x1001 tx timeout [ 1529.452823][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1529.481945][ T25] usb 1-1: USB disconnect, device number 20 [ 1529.516381][ T7582] Bluetooth: hci8: command 0x1001 tx timeout [ 1529.523548][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1530.716399][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1530.723987][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1531.526458][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 1531.596342][ T7] Bluetooth: hci8: command 0x1009 tx timeout [ 1532.806264][ T7] Bluetooth: hci7: command 0x1009 tx timeout 09:54:24 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680), 0x0, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:24 executing program 3: syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x90, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x40}}, {[], {}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x0, 0x3}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x0, 0x7, 0x1}, 0x40, &(0x7f0000000400)=ANY=[@ANYBLOB="050f"]}) 09:54:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x9) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14"], 0x14}}, 0x0) recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)=""/12, 0xc}, {&(0x7f0000000200)=""/58, 0x3a}], 0x2, &(0x7f0000000380)=""/155, 0x9b}, 0x2002) 09:54:24 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x31) [ 1536.137737][T19996] loop4: detected capacity change from 0 to 69632 [ 1536.185043][T19996] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1536.199548][T19996] EXT4-fs (loop4): get root inode failed [ 1536.209487][T19996] EXT4-fs (loop4): mount failed [ 1536.214659][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) [ 1536.226928][T20002] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 1536.426141][T10442] usb 4-1: new high-speed USB device number 2 using dummy_hcd 09:54:24 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x8138ae83, &(0x7f0000000000)=0x32) 09:54:24 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x8b) clone(0x20000000, &(0x7f0000000280)="ef6f3232db81123a9d0b886452a2528882da2a3b0012d10e367f874b2e273de17e53ea32c112615dff6202d315e570add61f0cb08392abf7fbaa1b634f6c1143949ab103d070a40b06d1d084bf66bb50f24908759fe754b876a837792a89dedee73f6eee20f913af90febb7316", &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380)="74773a104b88b1b206fd220adb7dcdbe288303210471fc14ad0e70c8873e69cdede44ddbf619a59c296628d85e7d209060abffb2655e08cc7721f9bc768d0a5238feb2cc4610f79f14a9d684254407e3fb7ab985d3b66b360969f1d22ea81ef0a1e41e667cff4d77bca9bae1cf6b6580286207168528f8a621abea826d1662019f7c216f27cf1e63f26b53b123bd44b956a95500ae") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) clone(0x10000000, &(0x7f0000000100)="d1e211ba6d5c2ec4b43edda491abd615b4a5e47ef3c77bf0ff97c5084f99ae63a2857cb9eb9988264352a0893e94f0554c0dedcf468ba6bd60cbcb988466bb7c429a6c120218e1039330f275f8e761ceec0b852269c53f4b00551a91860c0f32ac", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000180)="47e29c852bff1ea3b1cadfe1ecd85a2b33a23b48e8917d0de1fc64f9c30c7fd3748529682ecf99e71dfed773cd71af89186bbc1dc0e7089558474316339c439b1c0dcd2d060ab3e1ce524ed2f10bde12425b04ef94ade23c5cc96db56a50281bf06c94116c001a05df621c1c9df38ebde8dc9e04ee30b10a838e7cce1153b1c940cf7235c6b80b3a4e71375e854ef954d25d3959796f7c972bfb40f14dd5c5065635203eb8d1ac87482e723c4fdd79b4") 09:54:24 executing program 0: sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) 09:54:24 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed4100001000120000000400800000000000080005", 0x15, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1536.706065][T10442] usb 4-1: Using ep0 maxpacket: 16 09:54:24 executing program 0: socket(0x28, 0x0, 0x6) [ 1536.780794][T20027] loop4: detected capacity change from 0 to 69632 [ 1536.837049][T20027] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1536.859125][T20026] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1536.870518][T20027] EXT4-fs (loop4): get root inode failed [ 1536.883383][T20027] EXT4-fs (loop4): mount failed [ 1536.886704][T10442] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1536.912359][ T8] Bluetooth: hci8: Frame reassembly failed (-84) [ 1536.926441][T10442] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 09:54:25 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000600)={'gre0\x00', &(0x7f0000000580)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @private}}}}) [ 1536.975960][T10442] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 09:54:25 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed4100001000120000000400800000000000080005", 0x15, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1537.024916][T10442] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 09:54:25 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:54:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000001b40)={0xe84, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @NL80211_ATTR_CSA_IES={0xe58, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x0, 0x0, 0x0]}, @beacon_params=[@NL80211_ATTR_BEACON_HEAD={0x5c1, 0xe, {@with_ht={{{}, {}, @device_b, @device_b, @from_mac}}, 0x0, @default, 0x0, @void, @val, @val={0x3, 0x1}, @val={0x4, 0x6}, @void, @val={0x5, 0xf6, {0x0, 0x0, 0x0, "f3d61e6bbdf8f1cc1576ab84acbc47c9f5ac092802e8c8455646e907327bf4cd5b219f81e41957bd6989aadea341665b34aaf219faa862c49ec477deadfa660b883a36dd0891fad632d885891101beeb1004af9a35d7525a386fc191f07bde3550d144d99c4a7866d6ad1533357a703dddca6f32113bee3b4eeea72f9e70c85958c4aace08d96d9c83908ae4639fe2ec4fd51b486e1f66d6ebb7aa9b078eff500a0a7795cd1080c676b77d82a48077e272c02df1802aa6a30caffe9f14be626bcce965c62503fe050e5455414b3e80bf4314324eb08e1d2859f507a42b6583cb5f550bd47e5778afca270d40ff423547764390"}}, @val={0x25, 0x3}, @val={0x2a, 0x1}, @val={0x3c, 0x4}, @val={0x2d, 0x1a}, @void, @val={0x71, 0x7}, @void, [{0xdd, 0xea, "762128e6cad8201fa8eb1668a3d0a38fafe85e3547d6aaa878cb418077d6775c6d1909431a818a053caa0c35c78aa574d5ca018e90ad5f9b7498d7cc738004318cc049fec83016d5f22df8718076cb921ed0dc8ea0639ad21627f11124dd23c25476c65e4296cb04d290b9eea4715625f5c5984d1290861a962306a2c6d12a9384162d8de46baba9a53a1dceca0129648873df04eefc812022091a4b0f3489a6acca92003de212acbfb8cc9864753bf52845772a1c8b7a2e4ce5c2c2bbbe4d852f67fb9cb4ebc868a67010294dbb101b074bd3dcd5405397860afbbee05e8c53df10e0b91baf33db2f71"}, {0xdd, 0x69, "ef20e6db46c54f256454ad847992ba917d30ef94339bb2380999c3764f81afba56baf1ef24375b1c45495dfd725a4979dfbfdedd9d8f8dd3b89f03003d761089514314e0fda4eda6ba63775511c555a3e6f17c608d749c951facb0a67e106c998301caa8443ecba348"}, {0xdd, 0x90, "b35be9f2ab1c6e9fcecf7ba35fc5059e008cb73728db29d0a9cc08aa80178a48e7c3079e338f7e7feacd3c7877135279eb2fda211e4ad95dab246e8c26a0f320e9cbf6215672aaedd8e62348c070d8475dec9b74299a0e5603bb0269251bb64d2b258c73bb629a7d5ed9d7c25c30d10e5072fa6d5eb4126b3c7da67ebb6ae93e574c9ca0c7f853ed653258818d370add"}, {0xdd, 0xe0, "1fec2f940ce0e2219aff7b158a5c199a08b001efb281b694828abb8d661d33683fd156510129b40b86d355e8341eb9236819f47c1aed5635485897aa66a2591173081f0b46b80c455ba35fd6eae0bcd33699fab154a7110782692ed959756e6b333842b55681d5035823452aed7c9c1caf249c78ecd12a08a4c36850e45e1bffb9953acc57fd0316524d073ed0df80048eae854842d9ece68935855335551c8b9244a7644981795ee9d81387eb51b7a25b2550d79aa7a9ec9ea2fc9321185b4c6dede8917bca668786e2928600386e117897ebef841c62fd99342aee470619c9"}, {0xdd, 0x2f, "586016aceb674977c6f514f239cc97f1382999c961112a6410235c26169ec92c81c6cc69205503ad5a14f8baed03a8"}, {0xdd, 0x90, "9ee02004adab3acd57f57d0f44a52a342aacd320fcb8077229e0ee268c5685b8fdc668f64f3bfc58444806de7935fcc8eeca2c769bef1eb462603a70005bfe1b277127f48f7f8f48079e43c25780d5f81af7376bd717b353ec2f00e96327d7e8f1340e0df1e7bb7a6f2b57736a168b9c232c464eed2165c33fa895de7973176ae78bd7cff150077c46ef0955d2c26546"}, {0xdd, 0xcd, "a1edacdb64fbaabf7183c008f2bd1d0f7d9589b906fbbe51265df0f81bd8724d35469b44477c024df78a5c88604a4609e74ce730878df0a53953c1bb9951250c7db0bf72d50b0eb8fc8d4760422e5225637b9bf1b225ef135717714fe34e085688b21d85faef53476d11741a59adf0b2e0c5dcf4b700932f169db7e9e01aa049451f64f966f2e4683972de23890d016f3051cdc757e5234d4ddb9fc2c135a3452361387a53a4e1e9ced7cd2362fa464bb9aea6cd8d93318026a09467dffe480b2770a409ec61a1a7f4c4463257"}]}}, @NL80211_ATTR_FTM_RESPONDER={0x274, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0xd5, 0x2, "86546ed13fb429019dfdbae162da1bda3392947168e73179f359759fe59888071c501b9dfe84bacf762ce67b2fc73be8381a26a34f84160d57ed49fcd0c60650d266ddf7b3381689c7c17632c2c07736a3186d76c3d5dcc946e116119d9680a3637bbce23156b38663609857ee8ab81007917e54be9b03958637ae410303f5c7f196a1fca4f290e2bc8c3cfe770386426ac84a39a7ef0bf68d3ba7f885453e9d553bc03455a2efe4c0357694734cdc2d26110bc6018d3c064218397e6f0dabff80bce2311aca3f3a35f969b8a717c3db4a"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x75, 0x3, "5cd779bb7fb2fa5893f0cb1a9b4f6708bac548803428b97cf306bf1e4cb9d2aa7161e1dfb1eb9aee7a5d0382cf757a2ed6a7b1747bfb28c56d27c706f4091c5f3260223a700da664af1f4320d0118f034dea6856c11bf9fd9fe1419e2175fabe1042867cdd7e23257c31048f5920148319"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1d, 0x2, "7e3ae662fb8bd78c4f7200f68c2f04320359bf4bf85a355649"}, @NL80211_FTM_RESP_ATTR_LCI={0x8d, 0x2, "a8f606ffff11e6511624e1ea5c1ad99ceede68f072b10824bcace44e00cb0ad28731098200bbeea729a00ae469da70ed94c98dbba0a3334b91de02392aca1cc37ca3d3691dcb4b5e87bd268d2b4f96ea3de2e3b70e38b870797b0d6e8d5b5de45498cae8ca5e7607568ef71764e120678d0e6c4c2ac128902614b141e07efb612b5cc0bb587797d1e0"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x65, 0x3, "6c1dcb106445491923cabe78885e73b220434186bbcafec2579bea87a3ca0d2a554297b2d7410b0847dacac6a9668fda7eb75c91e01be87d61b061dc9d2a4dc5911a04aa72e32d70a2c4557c2be07d51808492549f47eea48ff5498cbe0578b730"}]}, @NL80211_ATTR_BEACON_HEAD={0x1bd, 0xe, {@wo_ht={{}, {}, @broadcast, @broadcast, @random="f52f3b5750a9"}, 0x0, @random, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @val={0x4, 0x6}, @void, @val={0x5, 0xe8, {0x0, 0x0, 0x0, "8585520bdaa5acccacc287ebf67e3316f9727657136ead088ae6cd643e985f1ca99f26e086d379c8cb9120287b33ee09f8ad82c82b5a38071dd1dabbe4016a6447123a7f7cb3c79e6e2c92c1be039f6eba92c402de42877222d9614f1136dda4679bbb7706983c8b658c5194190b913fb280adaff3ccaf5b390614c3e9cd55627054c5f981d38f74967ba7e90413586edd0c862a7dba18eaa573ccd1838f5658f25ad6e96eb01e622564bbf7a4d75c515e35c932c62b2c7ce7ae0ea791c9477edcf382ddde174bcde4c9a82546be01ef0761ddf6841e11ddd4b9e99291dcad63e076a1ca4d"}}, @val={0x25, 0x3}, @val={0x2a, 0x1}, @val={0x3c, 0x4}, @val={0x2d, 0x1a}, @void, @val={0x71, 0x7}, @val={0x76, 0x6}, [{0xdd, 0x5e, "5c493233f033f51ca79c7b88b5c9d409922c9a692dd87c3eb31ab24bbd811b2f9db3378712d43de16b390e204da33a5dc01419057cc95561cd090b21d81c53e4207feb4aecc69ba86e57299eadde934ed9a118c36360154e54de47d874a7"}]}}, @NL80211_ATTR_IE={0x1b, 0x2a, [@rann={0x7e, 0x15, {{}, 0x0, 0x0, @broadcast}}]}, @NL80211_ATTR_BEACON_HEAD={0xd9, 0xe, {@with_ht={{{}, {}, @broadcast, @device_b, @random="cf37a0fdc76f"}}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @void, @val={0x3, 0x1}, @void, @val={0x6, 0x2}, @void, @val={0x25, 0x3}, @val={0x2a, 0x1}, @val={0x3c, 0x4}, @val={0x2d, 0x1a}, @void, @val={0x71, 0x7}, @void, [{0xdd, 0x69, "e707b757c896baefaaba6d0aa7e86b454ea36447bf29879fae0b2f133643822468e765aae39ba1e8634b4d725d99ec2bcc22fd32c29ba9844277d4b4d523325e5a4a8a6673d177d1990403c52a91568e013571f14d8abedff497bdfa8d060c0b3968f0bd8af22bb178"}]}}, @NL80211_ATTR_BEACON_HEAD={0x179, 0xe, {@with_ht={{{}, {}, @broadcast, @device_a, @from_mac=@device_b}}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{}, {}, {}, {}]}, @void, @void, @val={0x6, 0x2}, @val={0x5, 0xda, {0x0, 0x0, 0x0, "0548ed72e60aec3c94a61e67445b68d79621dd1cfa7d42cf10feb33cc17ecf3461b29b35bfd142bff642d37127dee62424e6caba976ba6ce9465b4b36cdd2463559dc5d4bdcae313987a30fd7bc2ecbbcb6d45c71e209dafb976de91f53857307868954214514fc056ec4648f09c4167e4ebe064261551014e59e8f7af58454a8f7643c57ad865fc7982b30c9186a7bbeff1e0950cbc7da07e7bd4e6708d56f15f8cbdf469dce01868bb83a70ab7f25abda2fe321fc08fccf15ba37f2792b448e6839e25d4a7c09f8cd161dd0b2f468e98c8e2ca51d1ce"}}, @void, @val={0x2a, 0x1}, @void, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0x52, "810288a461f2975dab9dc5c34f816496a3b2296a0fca88e1f8a58217c610ef0a021d8a9dedb0af692d7215e6dd30990b4b1c3d87e136bb9cba2434ecfa0f8c6f8f2bd48bfb03c07ea0e009ace4520cf4d34d"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x1d9, 0x7f, [@fast_bss_trans={0x37, 0x52, {0x0, 0x0, "f98e61c3ad5a4218136aedce03028e70", "c9262480b842423abeb81c0648dcca7e9d908dcf11b4410277f446aed0d52cca", "8b860d4f604be1e48a3e35d54b9986abdf5e883795556397f121d9fff4ff7b35"}}, @mesh_config={0x71, 0x7}, @ibss={0x6, 0x2}, @random={0x0, 0x2d, "c626597181b6d21da83e2a36a988970f8c26bc362198738c9a824edce45f04b1999b86bdc9601fb3a1bedb3807"}, @random_vendor={0xdd, 0x3c, "3db157fb3aece43a43e9c186a7334334a51012380e533b1696642df64c3934e882737a7b6769311a6a04d909b79fcec26e0772151d43d1a6785bc548"}, @erp={0x2a, 0x1}, @rann={0x7e, 0x15, {{}, 0x0, 0x0, @broadcast}}, @random_vendor={0xdd, 0xcf, "a691c3497acd5287250cef72f1274e2479fc3a4f785547ef50f64dd51ed0e3fb3a0b1df499b864339ca6fc19ce784b8dd2581f8268613c663e63dc3d67f8e17917203bdd1d532e6e09656f104ca9293ef2f612db77359800d5ff46f5432a485462ed21b9cbebfa00312142a37f864a597d382060f256778e0461505d6d2cc2a78e9368f64a00b26c1b372ca7dd85dbfe1a468a5ba771c3ca3a07a988f35412cf501e9086c928d680916d4f9cf89c90d5172c82637ca60475031fc85bc97716a29fcd0621325812b99b7f2d0e5a8770"}, @tim={0x5, 0x1a, {0x0, 0x0, 0x0, "9424cb09aa944675ee4954539923e3516a317b388d39cb"}}]}]]}]}, 0xe84}}, 0xd581345a170e9fd8) [ 1537.206343][T20054] loop4: detected capacity change from 0 to 69632 [ 1537.246764][T10442] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1537.256717][T20054] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1537.278301][T10442] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1537.294251][T20054] EXT4-fs (loop4): get root inode failed [ 1537.301103][T10442] usb 4-1: Product: syz [ 1537.305445][T20054] EXT4-fs (loop4): mount failed [ 1537.312036][T10442] usb 4-1: Manufacturer: syz [ 1537.319960][T10442] usb 4-1: SerialNumber: syz [ 1537.397605][T10442] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 1537.616034][T10442] usb 4-1: USB disconnect, device number 2 [ 1538.238064][T13921] Bluetooth: hci6: command 0x1003 tx timeout [ 1538.244286][T19170] Bluetooth: hci6: sending frame failed (-49) [ 1538.405974][T13921] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 1538.665846][T13921] usb 4-1: Using ep0 maxpacket: 16 [ 1538.855917][T13921] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1538.867650][T13921] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1538.879583][T13921] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1538.893411][T13921] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1538.904456][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1538.910857][T19170] Bluetooth: hci7: sending frame failed (-49) [ 1538.956046][T18029] Bluetooth: hci8: command 0x1003 tx timeout [ 1538.962574][T19170] Bluetooth: hci8: sending frame failed (-49) 09:54:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000008c0)={0x20, r1, 0x1, 0x0, 0x0, {{0x2}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 09:54:27 executing program 0: mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0xa0072, 0xffffffffffffffff, 0x10000000) pipe(&(0x7f00000006c0)) [ 1539.056522][T13921] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1539.074581][T13921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1539.084453][T13921] usb 4-1: Product: syz [ 1539.095455][T13921] usb 4-1: Manufacturer: syz [ 1539.107195][T13921] usb 4-1: SerialNumber: syz [ 1539.145946][T13921] usb 4-1: can't set config #1, error -71 [ 1539.187373][T13921] usb 4-1: USB disconnect, device number 3 [ 1539.355778][T10442] Bluetooth: hci9: command 0x1003 tx timeout [ 1539.362097][T19170] Bluetooth: hci9: sending frame failed (-49) [ 1540.315817][T13921] Bluetooth: hci6: command 0x1001 tx timeout [ 1540.323583][T19170] Bluetooth: hci6: sending frame failed (-49) [ 1540.965836][T13921] Bluetooth: hci7: command 0x1001 tx timeout [ 1540.972176][T19170] Bluetooth: hci7: sending frame failed (-49) [ 1541.036280][T13921] Bluetooth: hci8: command 0x1001 tx timeout [ 1541.043575][T19170] Bluetooth: hci8: sending frame failed (-49) [ 1541.437843][T13921] Bluetooth: hci9: command 0x1001 tx timeout [ 1541.443969][T19170] Bluetooth: hci9: sending frame failed (-49) [ 1542.395829][T13921] Bluetooth: hci6: command 0x1009 tx timeout [ 1543.035707][T13921] Bluetooth: hci7: command 0x1009 tx timeout [ 1543.115684][T13921] Bluetooth: hci8: command 0x1009 tx timeout [ 1543.515772][T13921] Bluetooth: hci9: command 0x1009 tx timeout [ 1545.596253][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.602663][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 09:54:34 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x33) [ 1546.424065][T20111] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1546.444484][ T8] Bluetooth: hci6: Frame reassembly failed (-84) 09:54:35 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f0000000000)=0x32) 09:54:35 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed4100001000120000000400800000000000080005", 0x15, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:35 executing program 0: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 09:54:35 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0xd, 0x0, 0x0) 09:54:35 executing program 3: openat$audio(0xffffffffffffff9c, 0x0, 0x610800, 0x0) [ 1547.012820][T20127] loop4: detected capacity change from 0 to 69632 09:54:35 executing program 3: r0 = socket(0x2, 0x3, 0x5) sendmsg$unix(r0, &(0x7f0000001400)={0x0, 0x0, 0x0}, 0x0) 09:54:35 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000340), 0x0, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000380)) [ 1547.066293][T19170] Bluetooth: hci7: sending frame failed (-49) [ 1547.096490][T20127] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1547.111303][T20127] EXT4-fs (loop4): get root inode failed [ 1547.124188][T20127] EXT4-fs (loop4): mount failed 09:54:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x749380, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x208500, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000002c0)=0x7) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x5) r2 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x80000, 0x108) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x0, 0x3, 0xf9, 0x22, 0x0, 0x0, 0x1000, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3ff, 0x8001}, 0x20, 0x7, 0xe94, 0x9, 0x40, 0x4, 0x7, 0x0, 0x8000, 0x0, 0x100000000}, 0xffffffffffffffff, 0xf, r2, 0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x4) clone(0x50020400, &(0x7f0000000100)="e1f5d1505f55a0e4064ec5a055e0e531c7ff6edd5296a0b577cee9602a39868487114cdab052c0a226c96a0dbae59ecf2b8654df16ddfaa3661aa41236286f4cbb3a1b23e43b8c85b4fea22dbd2c9fe05b8d2f162d34396d5b22", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000180)="e2632b48d8d57d2503c0540697dfdff08871ff73b11dfc818e7e79f07fd0c7bce077ae0594a1153474a52490e0b21a78cfa74f8335fff3d584dc5077b2063653ac23e42fcb77103af5491e90d2847cf2994e024bf108a84148f7aeb4ac008fe6ea09bc3c489048e52353c1f09abb489a218ce00ac5ed3f236b0352ecb2637970c33adf0e2b59a7f2dea92af2695415524a06ef2bfd16c9f6fb41aed146b718512a59f9da0ab464f6cb1ca89737d366fab512beb2ea6465e53c830316409531dab73b4dcec0686c98f0c6c09541") 09:54:35 executing program 3: socketpair(0xa, 0x3, 0x7f, &(0x7f0000000000)) 09:54:35 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af30100040000", 0x1f, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:35 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x0, 0x0, @remote}, 0x1c) [ 1547.653120][T20159] loop4: detected capacity change from 0 to 69632 [ 1547.744115][T20159] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1548.475652][ T7582] Bluetooth: hci6: command 0x1003 tx timeout [ 1548.487320][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1549.115738][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 1549.122790][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1550.555339][ T7] Bluetooth: hci6: command 0x1001 tx timeout [ 1550.562552][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1551.206032][ T7] Bluetooth: hci7: command 0x1001 tx timeout [ 1551.212713][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1552.635282][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 1553.285514][ T7582] Bluetooth: hci7: command 0x1009 tx timeout 09:54:44 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x48) [ 1556.618280][T20208] Bluetooth: hci6: Frame reassembly failed (-84) [ 1556.634319][ T8] Bluetooth: hci6: Frame reassembly failed (-84) 09:54:45 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f0000000000)=0x32) 09:54:45 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x7d, &(0x7f0000000000)=[@in={0x2, 0x0, @multicast2}], 0x10) 09:54:45 executing program 3: syz_open_dev$video(&(0x7f0000000180), 0x6, 0x4043) 09:54:45 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af30100040000", 0x1f, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:45 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x153c02, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) fsmount(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0xa12, 0x44) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000340), 0x600000) ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r2, 0x7b0, &(0x7f0000000380)={@my=0x1, 0x8}) ioctl$KDADDIO(r1, 0x400455c8, 0x80000000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) clone(0x5000, &(0x7f0000000100)="7db96d3bcd2c39c17d12f72174dbd54061c54c07b4e9903a3c31e808d11e1d8cadcf2bfaac752f9d4b4551bd3081526c54135e03a6cc9542b0e94543d13692b25e8b0028453b8c251b1a208b12f754a922bf4f0bf4ffa243e388dece063c80b86e34d0a6250b3a78264175b2136e5336edbe41ce7b44d41b4c92e2a303544489622f42824d6f3ca12a3d4f41f60d1c69cb1be00e51ab0ff8bfc1335fb424f4a303bbcc6e8f36b10776ee0eff67df90676a80f049f68a07fc90f2223a377683a0465d5959aed8c237e1d3da9f", &(0x7f0000000080), &(0x7f0000000200), &(0x7f0000000240)="f6e8077ead725cd0048b8ce0b8bcdcfb170fe8778e2d63f5e0997b506cb965b14aa38e6a547b0a7b5413d0eb90faf260eae1bc23a529454c699b36793ae4eb7a66a58156556388dce22dd6ae359f259a9f40974ac7e5cea720c83ee8ce8591caf471f0363ab40346a355d118947481e5f2bcf6d5256d13b25749213cefe20568810701090dde9468d8983043a9c2e122c3798389708aeac78674bf678fd40e4d37078f997588be6178d9063ec02d25d86f1d7982ad1130e463c27eabde8b3a3f027e1f5bb7dc4084d0aa70d3163895deb3744c3c624b0096d9452817771f379ce7585b92fb5ef08c51cc8c6a5c7528") [ 1557.244612][T20226] loop4: detected capacity change from 0 to 69632 09:54:45 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000052c0)=@filter={'filter\x00', 0xe, 0x4, 0x2a8, 0xffffffff, 0x0, 0x0, 0x198, 0xffffffff, 0xffffffff, 0x238, 0x238, 0x238, 0xffffffff, 0x4, 0x0, {[{{@ip={@remote, @dev, 0x0, 0x0, 'macvlan1\x00', 'rose0\x00'}, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'veth1_to_hsr\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308) [ 1557.326070][T20226] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:54:45 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCL_PASTESEL(r1, 0x541c, &(0x7f0000000000)) 09:54:45 executing program 3: r0 = socket(0x2, 0x5, 0x0) connect$rose(r0, 0x0, 0x0) 09:54:45 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af30100040000", 0x1f, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:45 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r0, 0x104, 0x7, 0x0, &(0x7f0000000140)) 09:54:45 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$FIONREAD(r0, 0x4b6b, &(0x7f0000000000)) [ 1557.552476][T20249] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1557.642249][T20257] loop4: detected capacity change from 0 to 69632 [ 1557.725766][T20257] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1558.652344][ T1265] Bluetooth: hci6: command 0x1003 tx timeout [ 1558.659543][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1559.354908][ T1265] Bluetooth: hci7: command 0x1003 tx timeout [ 1559.362037][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1559.594842][ T20] Bluetooth: hci8: command 0x1003 tx timeout [ 1559.602738][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1560.714880][ T20] Bluetooth: hci6: command 0x1001 tx timeout [ 1560.721913][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1561.434784][T10442] Bluetooth: hci7: command 0x1001 tx timeout [ 1561.441393][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1561.674682][T10442] Bluetooth: hci8: command 0x1001 tx timeout [ 1561.681322][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1562.804639][T10442] Bluetooth: hci6: command 0x1009 tx timeout [ 1563.524742][T10442] Bluetooth: hci7: command 0x1009 tx timeout [ 1563.754561][T10442] Bluetooth: hci8: command 0x1009 tx timeout 09:54:54 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000140)={0x7, 0x1000, 0x80000001, 0x800, 0xb, "efc0f9b199f95b66f39d390bdd24ff4b8a1344"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000100)={0x20, 0x4, 0x2, 0x719, 0x1, "c0bd009fbc547297c5e102c45929f8305606dc"}) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) r2 = dup(r0) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000180)={0x6, 0x6, 0x6, 0xdeda, 0xa, "b0fa81734a96af6d"}) [ 1566.985332][T20295] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:54:55 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0085504, &(0x7f0000000000)=0x32) 09:54:55 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_ifreq(r0, 0x8934, &(0x7f0000000040)={'veth0_vlan\x00', @ifru_settings={0x0, 0x0, @fr_pvc=0x0}}) 09:54:55 executing program 0: socket(0x3, 0x0, 0x835c) 09:54:55 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af301000400000000000000", 0x24, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:54:55 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af301000400000000000000", 0x24, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1567.439042][T20315] loop4: detected capacity change from 0 to 69632 [ 1567.463345][T20315] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:54:55 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x121002) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045518, &(0x7f0000000140)=0x3) [ 1567.563613][ T1136] Bluetooth: hci7: Frame reassembly failed (-84) [ 1567.675969][T20333] loop4: detected capacity change from 0 to 69632 [ 1567.717028][T20333] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:54:56 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0xc2, 0x7, 0x1, 0x5, 0x1a, "3e610d7ab930f993b74752d09175ffa586efe0"}) dup2(r1, r0) ioctl$KDADDIO(r0, 0x400455c8, 0x6) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg$AUDIT_USER(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0xf8, 0x3ed, 0x800, 0x70bd26, 0x25dfdbfb, "df46070b942c0642a5265bd8fa4693f53be1daa948179bd899bdde97e9f7c8ab874eef7a6ebe0a443f7443fbda6cd9bda640bbff5d59bc2e80d0974fc14dbb7b47e3e1b24a639b0bed201f737a7acf463a86fc337f04e50d65fbddeb7ca257583dd41d40208217507aa9ea9ebb94d3433af411d0456e6b6d192b29d8eaf12f2a11e25e735063817e6cbc8bd72f1c240cf445077bbdbf717037768bf55c89ae7edb5cd60776fc529cc2cdb18116efb0284b52e3085b7eb1d6a7857ca7d11993aedf7f604e1869db715d01a454f0be71387aa7bf63894c85c93f9c3ab6e8b07ea314753d69a6b425", ["", "", "", "", "", "", "", ""]}, 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x4000) 09:54:56 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x0) getsockopt$inet6_mtu(r0, 0x29, 0x17, 0x0, &(0x7f0000000040)) 09:54:56 executing program 3: r0 = syz_open_dev$vcsu(&(0x7f0000000100), 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, 0x0) 09:54:56 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af301000400000000000000", 0x24, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1568.150025][T20352] loop4: detected capacity change from 0 to 69632 09:54:56 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) [ 1568.213976][T20352] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1569.034321][ T20] Bluetooth: hci6: command 0x1003 tx timeout [ 1569.040612][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1569.594375][T10442] Bluetooth: hci7: command 0x1003 tx timeout [ 1569.602170][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1571.124327][ T1265] Bluetooth: hci6: command 0x1001 tx timeout [ 1571.131276][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1571.684270][ T7582] Bluetooth: hci7: command 0x1001 tx timeout [ 1571.691332][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1573.208247][ T1265] Bluetooth: hci6: command 0x1009 tx timeout [ 1573.753955][ T1265] Bluetooth: hci7: command 0x1009 tx timeout 09:55:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:55:05 executing program 3: sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) getresuid(&(0x7f0000001040), &(0x7f0000001080), &(0x7f00000010c0)) 09:55:05 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x8) 09:55:05 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af301000400000000000000000001", 0x27, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x2c}}, 0x1) 09:55:05 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc008ae05, &(0x7f0000000000)=0x32) [ 1577.839263][T20395] loop4: detected capacity change from 0 to 69632 [ 1577.852622][T16828] Bluetooth: hci6: Frame reassembly failed (-84) 09:55:06 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x11, &(0x7f0000000180), 0x8) 09:55:06 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x121002) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x802c550a, 0x0) [ 1577.991634][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) [ 1578.016061][T20395] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1578.028923][T20405] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:55:06 executing program 3: r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$inet6(r0, &(0x7f0000000600)={&(0x7f00000002c0)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@pktinfo={{0x24, 0x29, 0x32, {@local, r1}}}], 0x28}, 0x0) 09:55:06 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) 09:55:06 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af301000400000000000000000001", 0x27, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:06 executing program 0: sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r2, 0x0, 0xff2e) [ 1578.234048][T20422] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1578.363340][T20433] loop4: detected capacity change from 0 to 69632 [ 1578.398553][T20433] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1579.923007][ T25] Bluetooth: hci6: command 0x1003 tx timeout [ 1579.934816][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1579.993735][ T7582] Bluetooth: hci7: command 0x1003 tx timeout [ 1580.003911][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1580.323958][ T1052] Bluetooth: hci8: command 0x1003 tx timeout [ 1580.331368][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1581.994091][ T1052] Bluetooth: hci6: command 0x1001 tx timeout [ 1582.000569][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1582.083611][ T1052] Bluetooth: hci7: command 0x1001 tx timeout [ 1582.089691][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1582.393725][ T1052] Bluetooth: hci8: command 0x1001 tx timeout [ 1582.400725][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1584.083954][ T1052] Bluetooth: hci6: command 0x1009 tx timeout [ 1584.163487][T10442] Bluetooth: hci7: command 0x1009 tx timeout [ 1584.473706][T10442] Bluetooth: hci8: command 0x1009 tx timeout 09:55:16 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af301000400000000000000000001", 0x27, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:16 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) dup3(r0, r1, 0x0) 09:55:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002000), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) newfstatat(0xffffffffffffff9c, &(0x7f0000000b40)='./file0/file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f0000002180)="e02754091f16e34fbc05d745d42059ca16438475025d5eb0382b1c44fbcc5e1a4627ba54625905f874c46909f3ec48fdddec5dae671eda2b7cf7b4efed02d1d4e1a193480d3ba684b3bf0bd4e6a40c5cd737a74195a34247dc84afd924f7cdd30be9328483a9c8190bf09e1859d98dbe82b77aa91c06efcfd2f475217931c06ba5c749fe31859ca91e33d6820471b66993c5e93d7e9a9982dd2c31e75af105f2e761bca6a62ddeeeb192fc5270fed0e797707090b0b77a0294bc0934b358a679c578a54e88df2aa0bef750b2f19f04b8a3e02d39cbdd13600aada1da88ffd93481b8752395164aa0c6c6df898e446003dc13c22e785c472b291e5bfe4a29145f2bcab72025a01c82ad55ff4b9a4be88eb713478f9c285e1591f25d2445650ed9a349fdfa3771184dbf5d3da55a49c9fd413c7ba2d38bc432564e66a0dbfdab3d7a319e48536393e247585357b7bec27737d35763e85cb162e684e1179a049b9b97bea328d031d331a862469df95b11a37977bdf12cf06387a9e64f2dba03cc8db2dc7826390d1b81e7dbca0fbe68fe724aec407c2dfe1c8a0a0d06c3a9e498f3479bcea815258c2b9256d00d82936ce103cf2dea55137dd5fef014adfaafb2d1c08f97e691d0b92d7753497d525103b2aba06c1c481002b00aac491609291879745cd5855b79b75443e11834775dd2f28ccc1634d36969fa22b45dccb8d6800fb2b1e8165391b15aac997e058b850b5a87adb4a8ea0483992daf285970c302c8f40daad2cd90ffa1c7455509f43fcb91dc91a5b5f7273f664788f0bfe1f8d5cc8016ff841a395f9891456b9beddbc45c9b387f536f36463a678b9078027fb1a29f8cdd7679cbac6e67becab638f4cfb1de1b33a5852ee10b5dc5a64169577557ca33cc1f4a32e8d74b12f0431a0200aa7a0f8adf45133997799ccbb8118f3ce013dd354db7d383d04915e2ed67b6406f2beedd634c586d68b0422ff4044f6677cb3553b0941e2d88c59c086e87886d35893b39b3ec809f8c22ed75c2ae12bda979f59f9ea2e4ba21e3e02e4e87bf92ab3e5d9a531ff4fb948175c873267d50ba534873bc62b2571a8c1f07cdca88bd1880224299cece934617b6ce325e32ffd1d32cfc3c8815a442907d6219f8757ca5a8224775b0e0f10a4e6920dd08ce734d4951b43acb42c7062c27117e0341fcb1e0424478e1626589b7ec44b5c5013aef265358a4f48cb9f38f66d72bc3eb0d69b5e71b799fd7e03e60c4e20f1b47cd73fadc166b179d7ca1699b6a018a3355b79346d6a0aa0e643e26b1b2cb41c53f7bdc1858de42d8f580efcdf38277d30774b36b401eaa683569542b2d7cf20251d82dce16ad941f8916caf6df294f15f2e0ef882680a1f8a5d66f15cac27153152011016172c008028767ecfc332aad850796b971cc9dbf6ec42feaa3d8321fb3d9470c06b079ac208eeb51824a06925e54898033c9d0df87550ba1cc027c7d5a7ea71709d36987fb0b996033208462e4aa713f49444d8bc5afeeda936b4210eef0027ea8a3ef673434eb679d973adac0ff1a5f8688a3343ce9bb89f3ca548450ae63c958980993bc122236f2cf3bd05cc29ddafb42a97725e6a3b7bf48efc5b302775fb9e90a9f79a883b5cdd74fe7d8aa04a0910d925703c429595a4bf96000d5cd93caf0d90aa7f584924d9fa60521dab35b6cc81488125c0c8045f6022876a70090e1bae956d79d271ee16570c1b430f361749bdb762be6db71384981c46dbd14bba871b389cff1e85f58e4c571fd8f309ce0a685faa07b2333a50dc3678d99e5cb07299f208fb8d911d80b8e738fdec724705208e714d1d01a4686996d0a298add31c7e8fe684df21410548aeab2e3b9e0caf65309131ef80e23e133420b5ea010ddeb2807ada98f1d281b2bd4bc2d4d9dd1c897eafcb6a9b4dbc4148b9514488d1ce93bfa4fc908c257be52129cd0d1a56326669dd9d4c8f16951023aa22fee991783574eb9b56305d0b7bd6b6a5c25bed569c9fba9c711a492d6a5c33422fcb9da5d4f595d30eb3bd85d8df612e017120bab533f935fe2c84812a1e1f5472d0bff6054cd7ba1c2e3ac08e210922b8e1c0a8092ca9537610a2efdac3e35af0c0acc8b39571894824672c37dd67c0003eb5b528018c8f6a39b2b99aa04ecd9a8887a237f7b7b904817b61ce1cbdc410426e9b291d589e3e3068ecb0de04cbcadddd1047292fddec7b044959c8b4dfab2b05ed2bf8ed4d762bdd781a7a00ac4e41b538bfe55907b0bf5424e8fb84aa11812dc7baa97cbdc9333f55b3bdeae033a534d4a74b879e7072cfee15673df1f957c57edc8c2505a6bd5c5d43bad9143e8da79cdae62a87334fb11eeb3e7e5136f38de640f1dfda88ff77113c8ab5b6ddbcd61c4d1fe30952faf3bcdb166c34e8282417e918c4318bade052ce1dea575aa70ab143e1051b695d49884e3fea39222294ea9d879b31f59822b9bcd96120a8b4705141f0b7218ed2fe27de485e8394f9e185fe23d1c41eedc926c237dab4a93cedc355d270e4c89f03bd29fcbdfa03514518eac91d887118d0eb8455872dcd2e5e0d3096972b102c56cfe8dc210401e2179ad7b9d79d95000fac55a094962b55a22125c8f7fbd36baa29cf3a5303a60c5c1d9869ed1b4aeb00306b61d51306d203b7c9b394fa5ee6c3e84cfcabd7527aaa65632888949024db3984e619d69fdc6443feb3010436e7b2950beee904b24b2d1ccd6c280a18258dd4430bf4586244d23066cbcc68dc5b8139ce784d9a90aac95f9afcdb4da490a735059467b0bdc9f6b7c79e1554cda129d583f7eaf761b0d9611b218e41aa7ff259abf852e912c39ada6f8922f17252a39e80738f338c860b1cf10c9d384bd8005884119a7e5f229fb67b93f6e077dc63a1f63355ec35c9e792f74f087f115d103dcb394130dac3475a55c28339b6bbd96f0c8d78300f9dd66739e9ea1d4bc30c3183dc2711d4aeaadb3059332fb1fc3c3779bd60a4c4d10ada22a2486235861544ca0e07fd9c3dae94154012f19cc64cce4d1925f555657d2cd52251d33ab7c374c641b876a53f9ae18e82f6751fa46e34f249c5b4f1a5b9903cec008720146fcd1f0c9b27566773ecf22673d8c96c5a66dfd7b615e9801c8cd9e37995ac0bb144e7b958713fd58f70ab228b5bc0648eccac339661088348c343fca3cc0219fe6d805d1c1975194da45745b8c1915b8edd982a5999dc90a9ebcc3f53abf0f963d019463a6ce052a2482cd415f0333f84db6ef04682a6734a88df4fc5829e682f31cfd08ab083307b3b83fc5a61dc5ae56e7db56273637fade4d1e0f478d1d97596486dbe10f48fff1867e11b78e049faea89e26fcc0bb624a90f021d520d7b12fe6f446219e1a29450aca39710f149433f4188080b4ee146895d22d8940a7da1d113c446f313b372adb36c4d71ff8177bc40f745ba58ccda62ab56108b751f40b3d596dfe11a93d6ef5934e7e3e2da3e2ef772104123b2850c46ef31cec3c99cb5c8a4fabce7ed37d6307eddc87c6ff3fe319380baebda3ae29923b72b80ab9e03a2c60a363d7cc7478654f0dab3c4befa4c6961ce64a2261b107f5fc0f71f3fd1e98c72bbdeaed110a788a830077223325866d0db17a9b24d450821ba90da649a7fd6a1045c9d3b1216f4a49333b83db329aac7ec616ca1965d123df4e1ceb48156c09e85470e4a1d6e04e276cb7577f609d7913aa70f9ce02505295740f0a27efc1460befeab7ca03d05f2952e612d0921c52097d3c9459bafa512a87e11770e6892c8d2ce963bac4bd06c8f4fe3ecae5e9c045680ea2abc879d7999350bc30b9868092a5903a80acbde85c277a156ba71463b94b2256df991a1971d7a082f083d0f7fac8ec2469a5c59d0de851097e9defe9a5022650a0cf8825208803fd4ba4fea0a35ea76cbb9659f98d6cfeed0905d787b0bdbf71d042396dc20ef1381ce06e790c825e88f28418458193d41760fb99fa26c3beb2bbaf4212e443bc8c70afbb0d810a0972a5d6fc053e21f1fa700ce0637b98795608f0ebab0a6bd2215be1035c44d05bf10f8dc05d3cf5070ac5cbba05a7b25e0ea165cc1b0d3602f55914c4434719d5947c9c44af55c86c5dc116f42a7073239345be0028880fd5d92ece9bc75b3d85f04d987fa16ff03537fe4c3db062c527c8b1d9d40493e68b57a251c1cbcf8d67002829da30669d33fe64cfdf82414d08dacb71cd920934d9aafc60ed3501d4756860aad28c29856bd476080350ace9dd55b93cd24edeb5c26e1bbbe15e1be03a502cd7945f44199f7fc15a195a46302c4e9671f861b1df600a2b6272d59959fb2d666390b7acf0b2d3289402728b47aaae4c61783531be2da074eb4a45c8a4973c16c39c1e99aa42fc6f89e7c6bc3eaeb89b38126ebd48dad2349c6d83c65365edcf6d40f95647b6c2c6227720428ef3bda21782bd6daee905285d93e6c3919f70191aef501c8558361adf82d1f4c2b4f969cc1e5f58636fb604be81046f3a46d4b4b408495bc492b00cc87b198e72079e561ebc5fef8bdc7e4c6b552505d3a9c89f9227fc704b3d0bb83fcad4763f873603787b6fa575a75aee2515eb712b05d2de9bd0f6e4ef46aa3d18b3f7b33e68ce225bfcfd130a9ddcbbff34917c964c971a77429b43dcf38d53047c26c62983e519a6af2ef395d5d03848dbabffd76bacfa535a55892cf4ccb13fc62c21bbb0dac6817d018f4c72a256f88bfd3a776c145412fe851d83c7ab3d63d4ef48eef5380c9ee8bda69da88ea06e2a8b2564ab6a4ff432a0dabc36e3d70c241d4186c4352f09db02084880d3a3359b83a2a016e541bb5d045141c64900c257b9a981445b1f5b2cd393d911c9e5d6ec03dbfe345ad065d25c814a5de0c2e522fc9de9914fc5a06013b42ee6ee911025bfeae963172c177cf954f695a1490771fcd763e14a2d6cad3532734096207c8312ed4bd403d24728d13812d26971e250865e95be4a91dfc45905bac97478d8df0f34392fb666a1fd6bed48429c28f8b09756a45efe70ef7bd681ce3395df15d04bb32e2aab0ff3d715cb2694399f18cb1cf908b1361ec8e6638962d6f02d9f75c70196231185990da787fa20e8aa5a4937e618cd26502761dc3ae0f1e2671ec1efd0823f210fa1fe2dd7461c6ae9bac870bc51b241db4756e37f3bc661464ae1bd773cb32b99c0c187f3ba1ba867a6a727cb4d4f6346baf18fc27ee13a354b08205d41be5a1ebc79c57ed6d58052cd9da94289b6d092e3d48fa55c1c927d3068e94f02d760bd069ab75a6bf1ad110930674ddda7062eafd5e9a73dfcbeffdced348e77d4fa641cbcc9ba8ba95b75a24d78d4a2453dcff0a68034a7c8d727f2e7c0c0a56a73ff9928201d986ad63df4f26d813cd785d42300ecf6c9c78f087e1eb56a006cfd9098ebec22bedaecd5a9e9468b3a642d248a637c8b7381825fb5033c48feda90d2efbecb53d00c1408e09729066964456c819621b124d6dbe8dfecc6cd33afe79d93c2a4b82e6e45e7e3458819536759c7becff1c2ad1755b2c565c84728fead95369ce00f740878a10c77027828177aac17c150d4655c72a1f3a3e29e3761a475453f0e128a2a1e9e0a3b500f5379caf9067a2062266576ef7c59c20dedf405c5c583ae4cdb40f49ea14eaa6f143707699809a2ffda3e95e2ac8dd30864c3e9c28bb3262b6d87fc80579597b6d3d3f35690f050a2cb548f3162a6297709fc16a3a14d28ca91888bbc4aef84a951f430145faddd4f0386fce762b3dd57e553049d511c55e38c6b1096797bf6194c4b9a6a3dcd1e606255fa6859bcd792603e36744c5c9c8e5edcf265af3b61d207496b6f9748c4851c4485ece8efcc62361fcbe76aec836af3c0fed49877436a2c311fd6196a4373ecc44d5ab72ff9b743ff764d9fd49b1857e7b76d7de15ed0f95f1c757c992642e664351816d478999c399c13babe484af44e07cdea2b8afa6c5eb2cbd6227aee036c913d60fa0bd34f74886cf73451677f914f30b7ed1514c02ed04d1ba802ea133c863f7f5fc6e6233fd1c72b1ffc5d1b83a63b8ad3582058c70aa3b31a75a40ca8bc478878f3d8752df1b0d0566f26784ca75cce0be9b32dd98ff97731f284e72405bb25333f8780b2b136ae16084840b0970617ca01baffeb81b3723ac393df4a6aed84ae096ded47afb7260787a909becb9db6d29079d89e0d271bcd9043563604e54d6ffc073d7a480598b7665df0f38279df56710839bbf4efe756e24d3182c87cf24ee143d72ac1b7c2058c024dd899f744feba331b702401b11b5f0e99d9466c70ba295cab89320c3447ecf64ffa6d16af3fdbe2fee1a61da9db706d20d036e6b9b1f8bdaa53fb458d7bdba85d48547482e9135f3ba83c463be9f6ff7fd44314957f343e136dc406e9fcb876f38bdd93b682d8eefe9dece8887bf361ba8d2599df6c729081fc3d50e3c12c00cf2b46c683d98746524026f82af0b9968cef3c24b59118d6a7339e547c267dcdc4dcc2a70acfa353be881c4a3f5116e287d5934493ead3667ee8ad0d669966311bdccac1821c65dc40e19d40a876aa53fe98ef2d44e0499975ee41af74439722cce1f24fd4d1194efb6d8fa7b375066ae3eddae42dbcae565b3e59450b3d3a6eb8421942f7e8672e8e7294ff85e065ef584841f3b31b901b7252e5705e4daabeeb8b3ff6a8d18c31a517f9c954f9cd093ad5e756067ba11101c9c810092d46642d1fa4cf5efd1b25eeca2a14afd1eec86caaa30ca37ba0575fb2f6db1ad6014de63641c0f6f4502e9d30e3409f0f3e9fdb28a3f4672e1b74289ab0a6a6d1c5e8b0c15a10c46967deee34c714725eb0306c6069a7c18facd7bbdaac1e2c7c583827db1ff311cba5d9057780bafc7f11910a4b1b4206d0b6c693904f476a3baf31662d111d18ec0b2b2e898b6128dc3e72d9d824533976f5da0a32916d97179d22a0a5f5be392d94777304e7b9e167c87e46d19d178214589a00ada33dbebbbe471a7bf3f1af2f77ad41ddf1cc80cfd11ab9232f9ef0015655753e29ba060c8a6fad23e5f8c5449468b97f7a013dee9100f4f0718c66a4d9c9abed1c9180ba56bdfcbd4ec6ac7784dbcdf6b9b067ec7b77e7f69b961d3f40f34fb082ec193cd43ca006a1e70a5eafbbc883b3a7f77ae59a272ca3b17b2050fbb8cf3c17878b058e99493f533442101956ceb85a82163ee6b8e7a814c1bd261132ea79558f4e070d79c1d4eb90d4eee780f821e707237bd80c6af0b5734609b946ca7d6ab7b5f6041ce8ded1c4dfbfb4637f78d8c35e9d69be8bc6f0898b7d8d276bd96f2355dc0d9e1f9fa72dc1bc471a312abb5e50ad2911dcc9aa4f51043baa125864df5f358d5a0878a7e7266717221cf7e28fd49e461daec086dc8296f595efeb5865e600ecf784e5b2ba56de9736137fd131b15f88089c5129d80fdd0a56fb2fef45d5105de2e73f465e7ff2d4373a95cf07872539aad6a27c835acddf19263cc4eea25b33ba0039937f856ecf65e4af07cd7f2b2c84e2fa54029a79210eadf411f4a139d12667234b830851f612b198901055944063819f45ced65312e31edfc187c87a6c055db60611dce214db5cfe29267e1674b81ccd7867302b4e9976d43cbe0971610e4e2be6a9c474a6e92a0a1d79f554d22dc0dd4500e054e74f14261fa989464d2b199b8b59f16a6cc1ef804ccdd485496d07c66036da987821c74f5738b788d40531cfda75f52b0ab32bcd55e4f0f03fd8764b7f779decfba77164611e3e0504732ecbd873e7adc47e21511335a359d9c41bd81f28af30e8c9c78116e8ced4002efd5a8a576c86510e3eb510560d53572e7ffec25ab61af282da78548bc6ce40b59ec751acfa080fbd0bf2bd93bfbd1457e99f2a94d5dae40e8e9fb61357eed85069dabf98960333a188ae320085a22dc298f489ef5cd2fce42f43194b661391fdb2484cbc52b120099ccf47ae02406162a1f4d44652d032c55d491866fabab77a5903d8d617ecf3d14d1dcbb6a3a4998eb100a607fabf2c76254192a97f84ee1b6c13118811f9aab6076ea835e86fff34d32e5d4880029c563b440f9ad4e1fe0b42f3573425c1197042ae577ab38f953ef6e743207fae71d43195840bdbf40d28b6480f5f3751507a204a27c0bba8c4903a1f5563f075d5305890746812b0f8f963c205e0e5f74b19f383e06796f8e6dcf7a8aadc5ba8316367a3946f8b9aae5fa727e5e9c1ce3c0f79bd0828290cebee7525a4d342f09effa86457a394abb4983c9c5980726c10f78d60d06773dff675a193b3ce76a05a2fd177f40711e3841501de5209e23109377aff4ba171a0be679f2ecba78a32cb474561bdea0936fa629c34735ab52135167464169791273e9974ad06735039fba1c55f126df075ca00b2fd84af58f0d2de0fb652e73ec0e770bbb1e2e7dc24ddc996c9f571b054755debda403a2b95def955646b8eb1489a1ad8ba5b8760735b8f447f6d61eb159ee46add91079525979cde4e0f7a60ad21cd05fc48f0b31ea164a03ff3b00609d3de2cc57946cd5d36c5b0a45e48ed5c1dffc0c3f8df795d1813694bbb97f06afe17acd21d9f07655b5c31bd888560cb7224ab279f83d5bc76ae74dbdc472e2d801ab94d988c81066fbf50bc9afafd6d6fcf705bc409b15b35d779a4499f3c730ef4d02beb2055c7af99e4e2ce015b68120414c4380923d5b3e4b0ce8a116fb1565c2ff1dbc5af9af0d73902f57da71d8de401c6c948349930c4b52b786d866a78a87434469c7684db8450f860980f1e3762f43cede18155d402212902b9facfbe9ab8076e3499fc2d7a98dd77f8b112b71651c021920a5e5a3c436dca664868c3f31eb09173745444a9ad1036110584a44fe411e48bc7c19cbdde71f88efe4fc98ee117855aea5dd4a8d24975db20063da70d890ef9496ab37109c03f322aec675ff317f81da193ce5bc1c1c56e2785a9f4fff0f39c4d793a8df2b5c863796df4296cbb86d6d4263796f89b9c97eff3beba390eb189015637c750c425acabf566d392763caa00fd74295a590cdf972250059c7a0846c8862b173d79525a9c0ac8b92bfaaefad760e52da2b8f7b31e5b9fcb81d3c41db54d99983c91a689285bb5ca805b463cb44591be248692ec4d7de0193c2803bc3dd1b4acfb44ff717b943339414645cf128a8d4e016cca735ab8365dc983aef967654473db56c7802eac74534bc41ad6b43f74cea159055c8d870238a12423e2ac6ff50a08bf7d2686d085564d68c03c7c9aa0ab743059364fe6bf8440c3fe617ec7266a71c8ba2630956329814dc3398e286308d6754ef07bc406401a4f9f5891fd2212da2f22b184c56a14d190f788c2e51518dc012f28119b3bf926b5ab39f4758ad8d6ec4ca3a0c2d1ea80b3557fe6371be76bae0d1308c8f527968b55b6081910de7416f1fc4a963afdd8ba1a0fac24e35dd4c5feb2250f2f73e1cb7d84b64e0e59097eff26e19e765819195f4524240dea55d68ca4f6982b26264565f897ea1c0a626d25ce5f5b71b14527485884ed6a988eca465bd98d9847fe795069a5c66f3d1d8b7e3a24b015654fa4485d93573c7e76d0d36f9ebc907619150c4f6fe5032af919c78bc70530776de7c19a6787f3460268578d44bd337a923a494192519cc1d476ea54050d80778baff7985eab41bf48e9c06c38e7acb4eaa2e0cd97e864a676a1db97593fb725f1acc213acd5a6cf231140273628154e25b61bbf4a5fa2f38ad4902e78db2a1c11ab0f9596c91e5d214cc86ca9de69df738eac9ee99aa925a8abe137ff6f28e83e8ea8f749d675d29f3a841882f38b39edcb576888e6b1d6129d2978201a389b2e67a152aaeee507f5a515ee199f59b067caa3619c5beb5daf7a8237995d6bbd9c63ef66f50c1477646f4dbdf1b0610d2c4d6e10dfb004a712e024e265a147c441ac7327c98af411f5143f9d96c37b963913c1feab2cf0780f1d59fccb538610d16052c19400a328b08c051508a71f6c9f70a4fe6b1b34ef8a02dad32178f674c1d80a5ccc1fa09d2e9fea440d3c6b49fb3aa85efda21f1d151069ee18ad3bf8790578950d0cb605007cfd681f5b775849158f6e82a2e0af8fa037c6f7bb7f62b7e5f39759ea0a1724e30ae014375f6adf0f0c8e5cbd349025dc72f8020d08eb2c36c83ac64da37f9bf69b5dfc06b04338dde739f46ce95001c1eb09deec075dc9e5541a4d9eff8dd742c53b145b145f51d9a095c834c6bbf34148b6b1eb89d963bc498998b843570cbc8d8b008f840248f21af77f05ea898d566b97532bad39c8465d1b35c30dd86d10934af19414288fbe302a76d7e3fd8ff53a203b0c1c94b09959e522b817454f9bc15095f67aac553759eaacb10b0696d55b65717a586594e8c928ebd6b4c3b9d15db360babff4ed1141af223b5cbd29add90ef522a2baed43983cb63a2095eee97f07aaa823550e8554e87a1036b01fc807c46e4fd3e5400aaff6f675e9e318e62d7c832a36129d002785e8f6acdf8d0f3710ed95afeb19d7a86a3a9e7c7c79e548aae0afc2f28d0c0460222bf41921768ef49cb32ba1effaf1940f9b3b0c6141e92232f33b2d13e5a49f79f0928a6168713e163e77250a616f375fe691e808bbaef2951acafd680f5a322342deeb02eef48dfa2878c391f1e963cdf5d88ac3126fed8bde649a051faee601e79920759689b3642a30438f3111da185bded8a3a5e354c094bd845f53faf5410e15c6c0d1d35bae00b41610459d4ef6c0297075e3934c16d38884b302f9a9d9f07dc6a4deb3c354a77f01a060390a39164c52d1694a70d270b8dccdaf414369a6b32fb247e64a5b31b9f5b56047e9e91d39e73c25dd106c8ebc7255e4091b122a6573e6f2b94ff47a9ef7eba75cf4a58894db7f7853454d58dfaa25c236a60d59bc928ce3d361571ba83bf706a1116dd930f4951fdfad50140c74b67f697337f04acbac9908e0deb256f213067cfe898407b66d6c48867576a9573517efccf49377b7c47ab4b0009e06f734314a2180c6c279e29e4bf093aa6cb0a1782bddd0b745d94caf1c4dda933b2e7f5a39fb84017471633bd29d0e7889821d30c7d90fdf17d21aec5c953f496e2140a8dc93ad846622824e5cd3ea3303fd082a3c1c54e149b7c6e07be677c30d50ca101d2e6ce6c9ebd73728a55769d00ec0d08aafe21d14dc470c89857cef056875269564fb80eb02cb74987b41d6de0f2c0e4af39af523cfbd988b4f8ac4f3505a1f0df5f1c7ee1e4544a51a09b46e8c082c567f300246bd8859864967ef12cdeebdfeece02deeaa7c0ceb7e097b70b6c14cee1b22a48950bc9de44dfd23f94d7f66755fe920d462b2da158b0b14c4f3f33a8c65f4356495c5a57d361b2562c32fdd822a6b710ff09c0d249560c290930438916c4c74e0e3ef7092e8a4be4c5caa920c3b780cc3a71b35d14e4115c04e1324f9b2ec178bd6dad479e8db869e94e38c6826bfa1c71f8ec8dff1b00a47d6309bdb00d58b6f681076db57fc62f794eff18e0a122c6c0dca35ce07c5dc5e126f79f71f1505073f", 0x2000, &(0x7f0000001900)={&(0x7f0000000200)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 09:55:16 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f0000001200)={0x5, 0x80, 0x1f, 0x2, 0x7, 0x6, 0x0, 0xd3, 0x40082, 0xc, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x19, 0x2, @perf_config_ext={0x9, 0x7}, 0x4e3a6, 0x5, 0x101, 0x6, 0xa5b, 0x5, 0x101, 0x0, 0x8b, 0x0, 0xff}, r0, 0x4, 0xffffffffffffffff, 0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) clone(0x2000000, &(0x7f0000000100)="a1a2192c8835782b931639c648a4a14be5af308f10902fed7093d89c4d95bf2953615731674a1b285cc495e696ddbb78ed2be84e8f67d0c032f36d130b11283e018852e59433030c05a11e6d1e5f42085dd5030c7d5b0c9b5bdbd68e4b823d447c1eb0e295dbb86cbe77911a0cab22c06917af9b3f322f22cd9c18aedaf1bf6e8463fb62488a8ba8e319621a990fc47badbae728067ced47312153524b8845d1594f3154b1521db191be50f3181e6eb64228e4ba9f3ef57ce22a02026dab4a49ec11e7b5177d0dd7dc6985a8a7984cfd6c6a93696f5b3817dd134172c470", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000200)="38e22a11aec962c9f1e117170479a8343652d3401c81c15088e3b4ffe20a076fc833cd847a25b3c632f090fdc3147a1777117e9e435ca9267f3548f28fabc7ea6343d7c9352f655c69380e35e1cadbb6d9c9ac3ad56c17a2e13782f6f5b624cd4577ecb88a5015f2dcc9ee9bc6eb333f76c77e6525860ef8f751cd6b8246e993dd0632806aec661cd66252bef444e77f43188750c9ba2e30a7c459dcfb7dd8cea35f7d82456d1e3a47548a1c4f3e44f1833d27db774ca8e11a32eff746e25161c2b31ef574bbbc5a4312fa0e7ef197328ff04bc8b0c7b7410be29de37be8239d67ccbf90f6e08488adef0a9c57f06d0ea9ad9c75e6e36eb5bc90a3f7fd32d24a12e0ee4d4f2036476b69a48f168b6cc4efdf43f198744a8105baa8e92df5b711a8bcf4a2974a7e85e91a6c3f43a29a0153094780b4fe7b645eef48901615eb674982df7b1e3069cb12fda9ffc6bb3656916d7c463050da3d8845d76a10c21cf5391a9847c1966d5985bbe9febda67283007e9c8364984a2bceaadccc3c690460c7ab40aaf93bc0d5409cf31951327778a36e361ff1fec403696b217c11559c18e78e33b0ac8d4f14c68580d1ca2766275e0a2f3eb539db3245587cc91ed8912a85b64034e1196a15ff7a74f8551ce65ddf1dbfb95150924aa5c54f3f8b9ca279c76aa8b8872858d14eb6045e4d9397bedd99fce15d92f833639eae7821bbecd057343845590046884fcc541fa5b81afb508fcd367f70738893f4ae76e966bdc17542fdf58256c53e9923295e2b56d971b0e6b27085c14d80f29564b62c54895018d0171f5d1e83240bf63c46fd81a954d6a4bbf7583172db9082d9da41daf36f38bc7f2b0f921acc1f9f5cdce3b9f752470d5bb5c882e6f53d39bbcc09c5153ab6cd0316a8175e7c1c5fa89fe1b7817c71454a8306a2623f0a898e82c4191ddabb7b376b4f575a2e3c77a00346ec0c75e294c8091dc330314c497b7588eff4ab9f4ac3ba8ecb2bb8fc33f443b4521707f1041b65baef126267cce6f73f3eb0c464129e2aa6b76c68adf8844383721ce6924fbb7273b558ff96a89300db26613a1d5b1c424f7ccd4088edbbfeb765ad6f0d7f10b09101e161bb3fc39b02f61adcae6f8442f23bcab69a8e032d6880984cb1c10aaebc3998d0203706a4474ef4413e7077a851094afa6ffc32bca6996333feb546fe03cbd340b4afee3a78cfcbbc34c5f20a178e79de453412f066ad9fe34e7cae17a05a141f87c7898ad29bca9f0f3caff2ff4608d00fa979fe6ea4c66844fe4eb715237bbd6c64f0bfb5cc1ecafe51c168b4706d743db488543efa70af4838c268bc2a94e37313e2b1c663e246907adb8a9f8a1db5ed3647381bfa72f42a3bce2752d8f6fa62d80030acb9b2dfb331ae14a17bc453fe5ae5372ab6b653329a3290286abbd6d4cf7495991f8a0374c60067ffc3ca1e8416795d27424dbf454c99d17b2bae129904b6d9d7499032254db3f1cafc17e0dc2f3819b8e854fafa6e28d5928486707ceacd8ec90afa60b75a7991d6150ae78725955438de0cd1db3a51d53b493dad991e755378936abb6836fba0fe4954230d08cf93f392ca1c4b02fb717b8b170cd2f4aafb56236e15254c72306e6599ad43b026b4e0ac0d7b86c1ac35b44dc7fa65745fa553f8f4df385b1dabd5984786b4a8aaed405e21f56fba49199a274bfef7178fc92f326aa86bc764d2fad7f7b482cff0c56abdb62953eb2fa30d867f5aefa80251fd303529c22d51763eb155125a0b78e2e82e352425fdb5b5b703bacfdc8cddaa51479172cf690681e78298f74d75d3ba82a5956c973dcf1d2b2ff41668008b024c1cedec0a0806289da7e3aa468d486b2cee51823641b36ee1dc5e7eadc227775768acb80c9998ce8dffed3468002e5100e6f18db073cced472f14a08f1a25717a99192a2df77ca151088ac59b551c2db92502773a78e78da2e0ab0f62d1a4d18a0d6f798bcf44eeac4642b19bd521127cef7020d630fb2f6a0736bae44a556d03d4ed4cebfd6afd3fff4837f79831063fb72cf2957f5a2176a9d9fc36a2e323bd0c1b56ba61c560a8130690330907f577cf15b82519df042d0ff77e7c0b5ac261355dc56503de2fea15578f0468a671f5c498792710e5669aba6fc1774aca2eae07f93476e6666a252578f88365e11ca5c1f6d9aa91d1c2ac7c650c0b3026991d65eb25e772c76fa748e5e14cb038a7fcbf101827d82f590193a1468347bef524dfcd04b3e55655e9a62f5dd993fa512e0dbbdf523e29c13949d5c103dc96c7718be96553b0daccb0114e99b709784db3c7595e76c7c9f8ccff1b24ca522ff376495728c5ed69b189b9c1873f9aea5cbade0869e8b4a5d67333b6be9c6964ea1d7650287b50c1d24474eebddf7a9e8d4c10a6c8863cd2a5477cace2556deba99aa9729429901f596acbcce6050536d6b688286658b6d240ecbf20d984de055e19e6e43b05984a4e6ac6bc3a2fa2c03a6e6eb0e3871238937cb10fbd04640df969eaa3d1d545bcbaffe241246a22380b8dd0fc68eebfff009270236f0f122f114f0f6a62a10e63cc9aa331e8dcfbf69157d48f3e111716d5f527a2d4894f0136d831e8d345794f6e0b56a6fb51fc29a7235a03f202699a0d58a4750ceab73e4b99bf808a4858c01143d2412337d797196d06f881a323cd05fca428b69a430bc569a1b464677def669fafaa62b212bd5be2c8cb8e69785b4a8ee8386f49661241c467961402808333d660671ebfcabb65d00e04009b473d090159157ed705ec1827663ad3c003de23aed2424737729aa4ce9c20ac0c111dc13915da2fb8a9d7c0e42501b3369ca57f862e71bcaea5f1814e8906bb6b00c7b455a080a1848510c30e5bbb9be1f1107792c5e80755356b4cb095dc39502f663364d9de77c64d46f517a826b7c9b320a713980156791708a6e064c8907c801390db9122adf436be57c6b499f442ef4600ea4db7a63d2fc0f7fa70ab10e42ae0e9297a171e461c2ad8ae1c8e7ad968d4bf32d19cf971cbd4e30d90992a1c1a1b6c8ea9de4c535d70b57e592cdff46a92754ee2857566d2ea078479b9db3d97d6f0fa41f52eaa7008e13ab0cd7f73bfcd44f1bd45110244b8404f8047e9532c41bc7cab226bfa55922cf0ba7457b07514ed1b4ff3cd875052a0e081c5b19a89fcaa23c9f60d99666611ee26c4e69976c2a77afb9d1acaa205929fec8fe967dc7318b23cec0d2513900ef89eb1810c2dd20b29445e601c23125dd3b42441d8b39757f43ea73e7440df05f6222a06c97088d1fe31c0e37cfd24fc7d3f0e7e6e9cf40c66347185347e75218cc59fce28c7ce7e5798cc514fb4702cc6779821077a83c3b1fa0abb0b4a292ae19e428056a0e5e0cb6a9e82407e27b8a9ab847d3ad868662f5641ac0ca0dd23f377f23a397fe7b610bf92bb4849efc8890d973df70a3f889cf1b60ec56708c2396d4dff558d06e146a13d472ad3182b3b3ea3cfe90dcd26e966ca2fc9408f5100cf0a8f42143e858fbdcf5942916f0033e93b177a7e7b119243068d109215bb4194e62c2e89f09b5ace2ca82057c249d9bab42e5ef5c1518fb26ae680dde4c9fa3601916aea0f49791a5babd8e078611dfc9e4dc94a36d4643fc23665083c3ac30e88e445b7d7452a3686dfb00fe5ada117cf3717e731c2e7d960788c54bd08227ff2441b131c7a3ad7f0202b26ffc3aa93810bceef7b241fd73a51d660787f888113791317f215899a015ff07697dabfbdd793b0bdd349baa9e165d087743e60cf634e315b807cfe30adbac31447bd88bc076fbb4d10c247326c86f106a1b57d2302da2c3e0a2ad55398f33e855e0333e57d312a36762f5c5ebf836355acc648cab87c37bdccfff786603bfb9d249de19afa26aa5e80cc2f6e0a22b7b346ed595fc930820cf3caf317b96c5ffb9a9a35fb7024c3057aebdc50fcd6192838fdf9a63928ed2c3ab20fd5c46d2b391d3449411f54beaca78cf59c8555016b0d691b91534fc3de385223570c4a86b7a81cbc88bf226e4161fb0f204420461620d3d365fd68adda8facbd84f32b1b92e65cf5b1685a218e2cceb727e51633bc34f7615c148d38a1fba4697d375674e9bd4c34acc3eb2daa6fe65430d876a0d07b8dfceac4a103398ed27b7a8d5e62f484f17d6e4ed1eb2567e7b16fb6e2393935d483288a303689cc675b1383bc3b6133672d15440954b002bc24df0ea33e67af40a17566d4d10f164299fbe100028a0d5572cd47f355a023fc5638326cdbd8c11815d4d434a69114918cc229526ca67bd0fbf19cc03ac2958fbbaa267ed468bdd40882fac6b1c9e7c18c1a9727aa3253743b9d762236bb522319d9048eaebb8a1e0454d06268fc32364ac4f6c8e7706b415257a9cecd3fefca962ae51ddd9c73eab1a2b5edac5eddbcc93bc96477085ffa8d88935c5d6f2b1f5f276b7408ff5ce093f643d34430d7a5e812d3bdf7ac1d52f400a9ded76f7560e42bb39d5fb124805abc9109a204f0991ddb0f8885857d1ca4cb21db8835fb76abdcf319b220fda67070b369e507a0a2bfa28fe20838fce0670433581fb2aeeb3f95655a1cb4e1bbe9408e572146c58b56263fff19d5416ffd78091691a559d0eb7b60b18776c86d25d51b794ed51d222d03f3f680239649d51d448f81b7545bc3f8481a590d5cf8f3fdcbc9fe45ec6ae3539e6404336bf1ba86b424fc27f843204b9dfa7c56f89b3ef419aee002bb4aa97a14002cd3586cb8fe7b7bc0e9c962a555e6ad7b2e5ec4a01b882bdbc009e3e14f9644187737a8e522c678f32749ba0cc612e38cb00559a1c7b1818897213af4249496ad2633a621b24a017fecbdcc426e68d528041539e4474f6cbc0fc198b8f0753a5407cee00919dfff4a0400ffba61fb569fa5595182a134ceb518e1b9fa9f070eac997df357d9cad5f712d657caa4b8c39f3c305e3c7c926cf91b57176977ebda44d9001568ac2bbb02902d1abc2f9cdfcf94633e59c1190c501f78d44b79dac3a60b6845dc73a7079eb5bccf91e4e52c2fb6f719725f4d7a194d1eaf6f47b5847c8c74890e370720790002104af2f6dcccb4730c67205a85341369923e014ca0858aac6b6886e76f4e03ff1183dce6f0d8edeb6d408d32220cd47a5524cea75254f7fe59b53ddbc2ed7050c48d08ce6aadd54c3f2bdfe87742dae8d6d4a4edbc15e02440f617eae73ddbbb3b13f9b24251384538faf214b3feb123089138364f45944668918d161cabacda57c29d0d52d7c7f27f82be078c5e28c1c93b84c6735effa0e6d916fd923ee03740e06613100e087910e99bac0f05cfb8bf6a9e62af6fbd8f245ee65a69db6f7b3b431d144a8b685a5bd2f9b6cec0f22a4af5ccb721644db1070a7b9da2414b9524b03e928de4a3b2d9b690dc8d0e3f587b7121c7ed652b965e1da5b86d2dc7395e44d5a2d1385e485eca9c8f28673f8b583689f210b20d2471857037eb2b8de3550e9fb2d4174df7d141840035456c262c1476d267136e37c08a841cb4d961303e4d6de90160b0f0f1568107da08dadb34172b6cd39e18c706c5df04e59f3a1d0822729f6a130e7c633410c5caeaf82665b528f9df15aaa4fd36766dd49cc713c85d77e6b17ea358e78319b8f1ddb58fbca759e226ca0e70d7a24937fab3a8e2ce904e685223635941ad8b98862a5f1b2c6575fdc13642ae9bc3349c2cfbc39bfa2dd2738bb485f6736cae5317799c07332cb957695259486375b1f901d3c0f2e4acf12257c6bd9e34a93f4a52") r2 = openat(0xffffffffffffffff, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0xe0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x13) ioctl$KDADDIO(r1, 0x400455c8, 0x4) 09:55:16 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc00c642d, &(0x7f0000000000)=0x32) 09:55:16 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x3) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) [ 1588.741954][T20473] loop4: detected capacity change from 0 to 69632 09:55:17 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) clone(0x80014000, &(0x7f0000000100)="8ba735d5fcee1b515c8f7a1afa271ea84de3262dabe56e874af0b5868b57d56b68def3ddc21b2b4594bdc6eeb3a0da91c517c4c6778d5ff1ab29bd991b304fade197f35f7ca1a7e89f1711026d3f81903e8a54ac830613abcc373be845c41db1334ae0292da0fd01de59b0ac5da5bc447ac8f751218de6a7b5bcd84800ff78f8bb0f3b3552a33aa23cc7bb4be92cc8a6e2fb18d4f6d056e17a8ca867d9c8fdbfd1c3948dbbe850fc7e435e6489efe3f917ea36", &(0x7f0000000000), &(0x7f0000000080), &(0x7f00000001c0)="ed08e8e4135ee19dd88971fe3b83911414fa12b0e8b0b473e3ac857d4b595e8662940048227b258b46dc9d55e819622072e73907b46e8105f2202ff139bafb28267947306f858b6024bee27a57a80ac2d47e303ff44b9a4b4ece641c486fbfade6861a20463e4a25fd32f2084ea603d1b61209d9e16e3d1d5307a1b1dfeb938e6467bce071b61a1341b9703912e178a6c2ba0b2a13d92e7da1f03d6686fd0dd6a18fd81294360c5a424727ca045f") ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:55:17 executing program 3: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x800000000009031, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) move_pages(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000bff000/0x400000)=nil], &(0x7f0000000000), 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 09:55:17 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af30100040000000000000000000100", 0x28, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1588.842380][T16482] Bluetooth: hci7: Frame reassembly failed (-84) [ 1588.862964][T20473] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1588.874926][T20489] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1589.042829][T20503] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1589.185082][T20513] loop4: detected capacity change from 0 to 69632 [ 1589.248927][T20513] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:55:17 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af30100040000000000000000000100", 0x28, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1589.550177][T20524] loop4: detected capacity change from 0 to 69632 09:55:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x77, 0x1) socket$can_raw(0x1d, 0x3, 0x1) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000380)) [ 1589.617391][T20524] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:55:17 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af30100040000000000000000000100", 0x28, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1589.949147][T20542] loop4: detected capacity change from 0 to 69632 [ 1590.017900][T20542] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. 09:55:18 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1590.504701][T20555] loop4: detected capacity change from 0 to 69632 [ 1590.582187][T20555] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1590.610906][T20555] EXT4-fs (loop4): get root inode failed [ 1590.618890][T20555] EXT4-fs (loop4): mount failed 09:55:18 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1590.716217][T20540] hub 9-0:1.0: USB hub found [ 1590.729950][T20540] hub 9-0:1.0: 8 ports detected [ 1590.849181][T20566] loop4: detected capacity change from 0 to 69632 [ 1590.873440][T20468] Bluetooth: hci7: command 0x1003 tx timeout [ 1590.881243][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1590.890330][T20468] Bluetooth: hci6: command 0x1003 tx timeout 09:55:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002000), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) removexattr(&(0x7f0000000740)='./file0\x00', &(0x7f0000000300)=ANY=[@ANYRESHEX]) umount2(&(0x7f0000000080)='./file0\x00', 0x3) [ 1590.898760][T20566] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1590.913857][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1590.926864][T20566] EXT4-fs (loop4): get root inode failed [ 1590.937943][T20566] EXT4-fs (loop4): mount failed 09:55:19 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1591.113226][T20468] Bluetooth: hci8: command 0x1003 tx timeout [ 1591.135642][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1591.176015][T20579] loop4: detected capacity change from 0 to 69632 [ 1591.242006][T20579] EXT4-fs error (device loop4): ext4_fill_super:4810: inode #2: comm syz-executor.4: iget: root inode unallocated [ 1591.284485][T20579] EXT4-fs (loop4): get root inode failed [ 1591.323611][T20579] EXT4-fs (loop4): mount failed [ 1592.953256][T20480] Bluetooth: hci6: command 0x1001 tx timeout [ 1592.960691][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1592.967175][T20480] Bluetooth: hci7: command 0x1001 tx timeout [ 1592.974091][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1593.203065][T20480] Bluetooth: hci8: command 0x1001 tx timeout [ 1593.209719][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1595.042981][T20484] Bluetooth: hci7: command 0x1009 tx timeout [ 1595.052612][T20484] Bluetooth: hci6: command 0x1009 tx timeout [ 1595.272924][T20484] Bluetooth: hci8: command 0x1009 tx timeout 09:55:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002000), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) removexattr(&(0x7f0000000740)='./file0\x00', &(0x7f0000000300)=ANY=[@ANYRESHEX]) umount2(&(0x7f0000000080)='./file0\x00', 0x3) 09:55:27 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$KDMKTONE(r1, 0x4b30, 0xfffffffffffffc25) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:55:27 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000140)=[{&(0x7f0000000100)=""/58, 0x3a}], 0x1, 0xd9f, 0x10000) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) 09:55:27 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:27 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc01064b3, &(0x7f0000000000)=0x32) 09:55:27 executing program 3: r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_POST(r0, 0x5001, 0x0) [ 1599.663653][T20612] loop4: detected capacity change from 0 to 69632 [ 1599.717218][ T1124] Bluetooth: hci6: Frame reassembly failed (-84) [ 1599.728451][T20612] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1599.781656][T20612] EXT4-fs (loop4): group descriptors corrupted! 09:55:28 executing program 0: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='$/\x00', 0x0) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f00000000c0)={r1, 0x0, 0x0, 0x1000000}) 09:55:28 executing program 3: syz_io_uring_setup(0x2ea1, &(0x7f0000000100)={0x0, 0x0, 0x2}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, 0x0) 09:55:28 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10401, 0x6c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:55:28 executing program 1: clone(0x20002004bfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x20, 0x0, 0x400, 0xa, "157cb0d640c79063ed97760f5a3d0120f30779"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:55:28 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1600.005428][ T8] Bluetooth: hci7: Frame reassembly failed (-84) [ 1600.012196][T20640] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:55:28 executing program 3: perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x8000000803, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @mcast2}}) 09:55:28 executing program 0: syz_open_dev$audion(&(0x7f0000000080), 0x1, 0xc002) [ 1600.098365][T20649] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1600.160285][T20652] loop4: detected capacity change from 0 to 69632 [ 1600.217858][T20652] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1600.251499][T20652] EXT4-fs (loop4): group descriptors corrupted! 09:55:28 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, 0x0) 09:55:28 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r0, 0x890d, 0x0) [ 1600.487101][T20671] loop4: detected capacity change from 0 to 69632 [ 1600.508958][T20671] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1600.524871][T20671] EXT4-fs (loop4): group descriptors corrupted! [ 1601.752648][ T7582] Bluetooth: hci6: command 0x1003 tx timeout [ 1601.771622][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1602.082573][T20484] Bluetooth: hci7: command 0x1003 tx timeout [ 1602.090459][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1602.232589][T20484] Bluetooth: hci8: command 0x1003 tx timeout [ 1602.240259][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1603.832598][T20468] Bluetooth: hci6: command 0x1001 tx timeout [ 1603.839560][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1604.152457][T20468] Bluetooth: hci7: command 0x1001 tx timeout [ 1604.160440][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1604.312541][T20468] Bluetooth: hci8: command 0x1001 tx timeout [ 1604.320090][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1605.912496][T20468] Bluetooth: hci6: command 0x1009 tx timeout [ 1606.232301][T20468] Bluetooth: hci7: command 0x1009 tx timeout [ 1606.402463][T20468] Bluetooth: hci8: command 0x1009 tx timeout [ 1607.033754][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.040079][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 09:55:38 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0185879, &(0x7f0000000000)=0x32) 09:55:38 executing program 0: socketpair(0x0, 0x0, 0x0, &(0x7f0000000ec0)) 09:55:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000000600)=[{{&(0x7f0000000100)={0x2, 0x4e23, @private}, 0x10, 0x0, 0x0, &(0x7f0000000840)=[@ip_retopts={{0x20, 0x0, 0x7, {[@noop, @timestamp={0x44, 0x4, 0x1c}, @cipso={0x86, 0x8, 0x0, [{0x0, 0x2}]}]}}}], 0x20}}], 0x1, 0x0) 09:55:38 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:38 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x10) 09:55:38 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 1610.486234][T20715] loop4: detected capacity change from 0 to 69632 [ 1610.516665][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1610.518363][T20712] Bluetooth: hci6: Frame reassembly failed (-84) [ 1610.567383][T20715] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 09:55:38 executing program 3: unshare(0x40000000) ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, 0x0) [ 1610.631186][T20715] EXT4-fs (loop4): group descriptors corrupted! 09:55:38 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x2000004e20, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='hybla\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x1000000024004044, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) sendto$inet(r0, &(0x7f0000000240), 0xfffffd46, 0x81f4, 0x0, 0x1f4) 09:55:38 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:38 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x42001, 0x45) preadv(r1, &(0x7f0000000540)=[{&(0x7f0000000080)=""/32, 0x20}, {&(0x7f0000000100)=""/168, 0xa8}, {&(0x7f00000001c0)=""/248, 0xf8}, {&(0x7f00000002c0)=""/200, 0xc8}, {&(0x7f00000003c0)=""/104, 0x68}, {&(0x7f0000000440)=""/254, 0xfe}], 0x6, 0x10000, 0xfffffffc) 09:55:39 executing program 0: accept(0xffffffffffffffff, 0x0, &(0x7f0000000080)) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000100)) [ 1611.006580][T20765] loop4: detected capacity change from 0 to 69632 [ 1611.006712][T20764] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1611.085337][T20765] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1611.105282][T20765] EXT4-fs (loop4): group descriptors corrupted! 09:55:39 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1611.323044][T20805] loop4: detected capacity change from 0 to 69632 [ 1611.344044][T20805] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1611.356453][T20805] EXT4-fs (loop4): group descriptors corrupted! [ 1612.563379][T20468] Bluetooth: hci6: command 0x1003 tx timeout [ 1612.570073][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1612.631936][T20468] Bluetooth: hci7: command 0x1003 tx timeout [ 1612.638289][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1613.122171][T20484] Bluetooth: hci8: command 0x1003 tx timeout [ 1613.129728][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1614.636399][T20468] Bluetooth: hci6: command 0x1001 tx timeout [ 1614.643254][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1614.712044][T20468] Bluetooth: hci7: command 0x1001 tx timeout [ 1614.718979][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1615.191918][T20468] Bluetooth: hci8: command 0x1001 tx timeout [ 1615.199345][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1616.711896][T20468] Bluetooth: hci6: command 0x1009 tx timeout [ 1616.791847][T20468] Bluetooth: hci7: command 0x1009 tx timeout [ 1617.271837][T20484] Bluetooth: hci8: command 0x1009 tx timeout 09:55:49 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0189436, &(0x7f0000000000)=0x32) 09:55:49 executing program 0: syz_io_uring_setup(0x774d, &(0x7f0000000280), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000300), &(0x7f0000000340)) 09:55:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, 0x0, 0xfffffffffffffffc) 09:55:49 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400), 0x0, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:49 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000001300)=@loop={'/dev/loop', 0x0}, &(0x7f0000001340)='./file0\x00', &(0x7f0000001380)='affs\x00', 0x4d080, &(0x7f00000013c0)='&\\\x00') clone(0x10000880, &(0x7f0000000000)="3fcc281370bad87205ed6750f6cd6218677b39df34b155681968d706f8405a6ce0f35e7a3df5eaa0e4f7f1d58551791d", &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140)="cdd7d3be448a45bc90b5098257c0dd782916815a9b76546a466e90af81ccbc8faf239e982e0e4a506ff6b0763bcfe2a56518fd85e6557048f3f627a8747aaa15c8a13edbef4f7a60871e22eec9a0002e2875d4a57fcd4430a2cf6892ed3e1a11ab528640971bb13673953f23e5511df6e3f4028e08c3b5777652ea906cae5eb5f48b7d74763c3fb55c5fb56b50dc6b6344b166f773cbdac5ceacc3774d7891b22c195fa153ff43d45b9c5f70a5027014f3ffc7daa74ceca0") exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1b) mount$overlay(0x0, &(0x7f0000001400)='./file0\x00', &(0x7f0000001440), 0xdc80, &(0x7f0000001480)={[], [{@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@dont_measure}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@euid_lt={'euid<', 0xee00}}, {@pcr={'pcr', 0x3d, 0x19}}, {@pcr={'pcr', 0x3d, 0x17}}]}) clone(0x40856000, &(0x7f0000000200)="d37bdeb411c5e29e87dbb4f72b70cdcee0b09ec3d20832f015046987813a1c496b99eca235640e191912c1b3ffca7579c8818de4ed6fe73cc6e8107283093102ca082622f2150a5528c361ff9afa364471d420816eec265edda6b070245c9328a28d99082445825011f33c64efa41668723874cf18aefac9282aae1ec24f61620858fed1e62be84c732d621c1e7b516fb62c92bb8d3fd7708bbca846a8d1027c5d0886da21caee698f5d97eef9233f2fd39e52b5c8641348045f516b68d5832e1428bd41520f4a37697bf4aa9b64efd3929ae6244d3dc8fb9b5465636d4e176794f68a2bf6ca6617f643508191ec65e4a59b5ec202a8fdc739d7a785f006a0d6f64c062caf6e22351d538b58b28012d80a1260e26d31178d47510dacb5fb3835f648ac05c1e7b80e0938402d6746efd1f98b2442472e29dc756d1c77e33f979e8c393c6656f35c4e8dbcb5728aea856ae1feb97c8a0c7de15b2104bc6b7bed95beafca0a2152e4183463f82a8d4dd6f58f5a5a70dbe28a0c95cd84f16d72fcd745eb628a507249701e92701dae71d12d1f9807226f7e59f697c49c59cc95b620525b92abb813252ce0d4b09e6e51457c2673d12718fdb93de3efe5b511e8ede02f02c7c78a6de3e08c350221d3fac3c24926d30fc792a666e99fef89eabf4a40f1897edb27dc458cb112cbb84efebac6c649eb16a96a41a256aba0af37fc3c425008df0f28f91bc8a1ffa5544968541968a9791f8b51c22179f2ae28b7222515491e065fa948d96479e8be7f8d4057533185efbb6d1459dc27b2bdabb61e06d4321d516364dcb1a7006447d276cf508ab958a25b87c6090286e9eea4d24adf59e6c0b2ca416dab05bd10182f2c384acd465d729c135443fa1d9dea7964aa96428e7bfd90d5e9fca31f578083bbe3ebc458d3cf4ffa37af0f592e04f327e0749b3546bafa3779d381baf8c3375303d928f472dc0098df7102d29144d4fb017ae70abf7bf56d9a4dca311f53d55a27505f18a3d1df7584370b0a3b53c471345dcb1a47f7ba3bafde1a934cbc0d043b2e006d83440c1afe4cd14959597389507a18ce4c240ce197d3d000ee9a9ad3772b10e0a3bea7733b422028f26a0e2acc96694126eacb2fd6892b9d6d9d4a8ca6f6b8b03042539c724474b8de4c2ccda5a8eb49bcb1e686d32c4f2077344e981c03ab6f90df540c61a3eb7fa8ea38d916a647d7bf8552caaafc27551242a125e423e96b46a220fc59faf357cabdcd2b646e4016f2623483cc634c325dcb51bf547b8fcdb3be44bffec672113bcf64c3528178fe9539264357863ccc0fa18fdeac4b5599eec24507b55b2fa2beb42eb2419898d7be7dfe537df7a665cabcd222d1f60942653057d8f7a7e398b511c14756fe964b7a2e2252bff5569e7a59023642627c632169663894a676de30a688a3bb5c805b002ffd1f3f2a2da5f9f8c7c5cfcda08ba0743c0a9bd5b7c0e5a3ab82c0575b12a86b4815571cce552a133e09ed8ee08f1535b15ed63c72cb8cf68809d7e7e7412e0b6a2fe2fff58784979a2a886b6e3534d25a51c77683fac1276c4ad55e54b44fa0084e272a44ea25fc33a02d300ef050df11a38ccb7519043af9c34bfa6d0871a64c68d5bd74db164a4a0d82b89fc606adcf48dda88affef098270c629adad1f17222171a6c7d6590e453313dd3ad1a0f0c0ec4c590d26bab373dabd0631154bb803b3b3bb1840baeee167fc0fdef54a5b9053977714445044207cb81485853ff50540d59bc63b1839cda4331b576a1aca285901ce4e85a36e80e3aadd97c31e1ca0e00c16616fa167f98b7ce351f23801c7dc9142fdbeeacef4c83fb7d8600696e2d6586606d714bbfdd3d32070fee487e1cc4d63260aa9ee857367b8a92786cf70613cf0d0bf879afac438d7556b863b26687cb4484fe0f721eaa5a03abb5941b4f225987671955bfae375e53ef772f7144390485237543327ff37977135da1c0ee72cb869e2b74fc6a0b903aa9d4bc543bfad4a7653274317efb56e015b78ec33a3742cc902333da19e7372983e8c732384c45c256fc191e85cda5bb5fa56f2ba6be873af1f685cd958fea77178b86bb55caea612e3fd881a45d53d25d0577ede5cb6e3aa710fa10475f748e1394484b5040748ad020a7dfc2026ab19eca3400d80df3e9b5d27324c2d2f007686856423563b3cb82023d01a3b2415bb106f375545d438a8c87bbcf0c6bf49f93d905d6ed97d3cfebbe8d50354d26a6ceb2d06daa0c2a401a163ab25c7d5e31ccb91ed070508b3ce0065103db620b832559a845a6693a9594148a7bdf0b8452cda2f964c4fc7dc585c1540debb3ad0f7e762bb0d6b605f9d7c4b933d148e1726866a8c7ae4249f84f6d83f599e88a045d9a9b5f525bea3d1faeac16e9f5b24a4362ed33efa19f8278a2aa08776fcc827e8de94c14bae08464a6cf432168ce94b05d9679647365d8db359621f24536bafe31e04d48b1a2281282d48969cfe74032c7e27c7bc0541e2997b9112ca9ea5f5005067a526aacf1f061050b010fe607cbadd642d5ad9ed6455119a0d0a336015c23f8917d611547c730f0537174a030a056b008aecbce97cf80c9b38a8da45cf3933969e4475447717f5b679366f29d486b5565fdc6f102aa410e38fcfa46da73be731ce141b692270685f9cba9a71ab6b566261eca9906844103c70fca790a63270116ca5b5ceb36c171314b1dcabcfdc6e43885bcf8769466bd006a4cd373fad56dbeeb7d5f45e0b90d3039175dd0ccc15d01d72d906f2b2f20bac134095dffd78e2c563939069bce62483fd5c3bbf99e0f2d8529300409b7e94f469adfe1e2621e84fc2009f3f44032003d928fe09faa961c381d59175a96c45384c0affd07b19b2cb3ce8cf4416d71c2f853d37e3827474eb6a82d03ee097f8ac8b6bb35ad3ad98cf15ce880ccdb2eaf30bb1a5d8ce2ef4e6c67d23377afb294a0c546fd462834a5d41d0675b8c9a101130f0bb7e13bee89aa68c22468194f2d69fe2891678c7c3d63f1a0a6e51d75d10becf1bf32d9f0b880a51d48a4640839ac0d055821ba2aca735245158e30001023046a1ce3790dfebeae1b48a9c421a67e61c4896fde248e34affd128ccf29097dc88ea03d09b5ee1f76aa3f5c31cce892349a733a6506f36b01b33483a5ab0fc65596c6f0e94c5328d3febed7efdc4e0bece54222255ed5e39b1317d8b2ebba88281d38489b39ccd7361849618835cbe8c7a6dd7b3af9f868125a78c5f6bdae59370ae36ff4e57ade434105a6eb75f932c4e641fc11636bf9a72c81babd4ca0e3974b7b9343b43df06735b3c6530d10f46776188f7d2027f01e8ff4c65c292c54981589b52894a066382b201d61dacdbafd6e6bcce7a630e4575ab2856d24502d5005f43f3ddf41db02d7f607fece567441fe5de33b6b7e2995ecd48994b789ae4c3da5aed1b2c98641fa14a647f39a9dc7516da02cd2f23602e58cb7f53bb51d70ff0cf4c534225535b2a7639af82603c492f25ea026972fc618c145d23b8892395f5138a09b25cdf4184775877cbada3f5ff9fe020016ae85bf35804921176bc699e309065dd482dc01a77e85b356076bac180da64a153a267c09026eb87ed336a863aec83cd116088175a7f6b18ed25284facafe214ba40759dcd40933a5def670dfeffb3ef88539ab364993fc834bb3792dddb1d8a06e0a6b2a03f8633ab3744815b3258968455935da8b8aafaded04851d4b4055486ef33c6c9d8f34d3219e7b968314266cd9116b48bc04f7fd06e885b32f18bad0aeb39394c126adff119e9f8b30c279d7d5fbc954744c29684ef54973dde37796d68cb7a2de475906a9a98f32998ea68d6af8275da60712a5b33602669970f2a823f5dc97b4e97c0402f583d5cc4f68a73c3d1ebd254e1bd7959791810b536b0e781319968785979fbf345c43730bf0beb4b9ce5909a1ff9f89205ff9b12d9492848ffe9e66a78f311e860bd911b384598bd465c84acf575aa37db9d2d8b5cba7d2d94d052b42f677d4792985e407514a2fa2b621cca0573f92b43893053ed12283984173e9255e84bb68fbc1b9077eafd67643ccb249c44c025a51c340bd1df17a9fd1fbd14938f8d4f7e7f50230cb239bbff8d3580378679807d077b7f670200405a31605f8a5eb8442542906d356bb47d47769f7ce37926687a72ef860fa79e665e09fb0ad688df0548f0eac7283dddef1bcc514b905140408155c2a4fcf9ae4b5babccaca574ff5c92a419468c2ddaafbebd486733ff045f153670137cd823d19119841dcd7ca23d34d3052ce1cf1507227bfee7b1035571091fc60460e36b1aa46865e35671d10883d44cef55fe9c8372752296ecd8305a1885a89385ab42f9495abaa7657f99402cee28363db999beb10c29c97fdc0b734731797f41dffcfded8467aedc7b3062ca741a9531363fe853fc009ac8b55e067710978032ca8c6528f563b6ab89782aacdf09b7d8e3409fc1579e282c81b5b69f2b2f3238c6f3af58cdcec8bb9576e08e7c072f6fef559bf4becb9f28bf1af0d7031dadf83b4b5a30e7b625b08fb06be9d6a4471c94fd32c306c2a504b55828571ca5ef1caf2c10b6e5a54498c36a27f9e986050bca8ac400e66b1b2b76e288b8c595a5f4961913e80bcfb2472418ed57c84397b1f937e067d95d47b3516bf6d571b13da54e37e1814f5f74781c9eee6533b8b16d3693ee8f7ec8d60db2a4312eec6b5b19d73efa4ceec3b9572d088897754a9e1ef86f13e51caf9c65dfd812583da35fe7253acb58198483437bcf50377e61388a2d2b99e37d1e87a8d40e35626586f3df5a7f3ed13a67798ed99ebfc4082cd0c6cb88d2c1aca2592c56c153c8d96a66715610d470140bce90aac8474ffd6ba447dac01e127598d43bb4c0ba6abecff4419729d9b2335120887375a9acf2939597f5a3b097fb0c526970b456881ee17626343efb51811b55359104d6a7a740b1a2556a2c9deb65ddca1243e82e7468ee070b0be4f66046f679e4bb07ca4832cb10a81460898787b32b6e8d935f464f533f505f95e963e333cf9257b4e6bf39da7b823e52add39af0c5b95c1f4328d8b5aa1b81ee995c2b6e4b0c0e37d64733f789f486fcb79556f6b85c8c1dbf0789c67741ca002d6a397c18071c0de55e69852efc2c5c465601368799ecd970fd83c11cf648cf01486074f879dc9109ae55dcf27cdef1b4f4d15352be34b6456c9cb17b08c4d12c7c5307d8c596ed42f10fa81f0b15c1e09ade8baa9b1d1078c87cad8443d8aea3792474506b178a2e8454012a81807cd6b2cd19d5e77aecb94473c65f245acba6fbb2b7dbe19b613691d5ba5967d40052f0aa47d7ea48a301d7da78779505c3f96cb3207241f3d16436a4d8dd5da6ffa3c1006fb594d4920ae8f52a065c0344483fad3842dcda7769048e6be73d82239cac08e7e827baaed18baf558aa892f538531733b330e15609ca2de38035e081d5057757e42d95c7fc6ced278ea2076f0787479d1bd14ae4e6039f3ac0ae2232da8ab1edce84fdf17f979b0ed365ddaeaba5cb7a522687520d29aff0f8afe5d84ec91f6e269cab0b7d750a6fb330762adf77ae28805a46cb2c8f0bbbaaeb1caaeddb18b8e6b1d7ee2ae550f7cd59d66ddb651d21067aeb558eda0007daafdcbb2bc100cd495ea079f0b577335ba9c052b73d2b5bf274a63ef5e6143991e7f71c774854de0d9d35633aa0f74711693b44145ebe3af29f3297a16d7c215238b417399140efd533fb5d90342a", &(0x7f0000001200), &(0x7f0000001240), &(0x7f0000001280)="32f4e188e32a3d81859e7d8d20a90d9b3f559116a9f73262954b7ab59f2538d3a5b7013e79ecfe6256113c52aaf4d530e19d30e245f61910ca72b835ef8b1ad7e21cfbf13b9f355f0f2e37fecfa20391f78f3b730ca865aa2a") openat$incfs(0xffffffffffffff9c, &(0x7f0000001540)='.pending_reads\x00', 0x284180, 0x9) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x3) [ 1621.381943][T20840] loop4: detected capacity change from 0 to 69632 09:55:49 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f0000000280)={0x6, "b967dc19d81a0a17fb17d2952534bfb4cd9f8b12bec3803ad656b1b468bc3b6c8a1205ef088fc0e92fca1e909912e69a6c240ce8306b8a86397c70bc37d4fc1512a0f2323aeb6491529089e2c839e2a3b4ece02abbc989af61c2cec579aa73cb36578e087881d6b77d8db5d4721595a254c6b09cc0e2cc5952e9623c310e2967ccf01104ada6b9bbf55015e8f36fb7eb905be1b04417c77a9eaa70729e2dadde5ea40f82dc95844be9387ae4f4a18974383e67bc45993bba1c36beaa8c3dbc862c1efd0ad3319e5038a19e1cb505e98951a88cbf28edabfd589a35c4113694e8f530b9c2cba3f5a251100990e4ec354beaced5405de2544158b2d9700bbc185ab90407aad0423359ae7a88e3fc7bc77a56de80c55f72e618b14f95c61c4d272efc40eb775b9321d342796d756c4488d04b417922dd1ef6894ad86de3dfa63308803c26a2b45f0d8df2f4a6460a61a7a147a0f4134a80fc7c83a670e6db5aed0955f7efd3d634175c6e5922908eb78a7b46cc7ac944435d2c9ef5bca09e5b0a475307a889fabbb03aab05bc91af87217b9a0eaf58f97ad5d892598eeb5ec0bf2c51f8019a73af04b9ca98e9a2788229003b1b718db7756f3cc4f9c3029fddb46d637cd298217cb110f191d2fb0d84d515ef52be01f1bbab18791c3e7a2dc4058d38d2d064b8e3ed7b04d35b8b4e36dc80546d4d15b094dc4d83abb1d7a2d7350e"}) clone(0x20800, &(0x7f0000000100)="411e1c8c4c7114adb3a705d774e6a1331648c4f0ecdb012c5cfc9e307abd2dc2b4774fd4a41944b974fb7fe8ca0808dbad37d8fc33d8f5d5e0275e14cbd2ea0ecbbbff804fbdf304e3627a4a46aa888e9b6b98b655eb9f2ae45d45025b5c5ff2d342c5861b62247e97d38d769c4df47d965985e78798bef1e3e90fc7888c7b", &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)="7dba1c47496f4c099ca40e11a36f4e2dced4da2536afe049862cf4e4b5ac5e8a179e1ae9a537ca134cc651b3f4eda2ec4cf523b14e8610d047c571f9d9020529e1e329926d423f915bf191274b23e39d6d26bb5f917a0cc089d3bc416676ae51bfa91ac05b27dc0c6c300a3cf00ea62ff55db585d20778a97812ddc3") ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f0000000080)={0x431, 0xff, 0x6}) dup2(r0, r0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:55:49 executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair(0x9, 0x6, 0x7, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f0100000000000000003e0400000e0001006e65746444a173696d0000000f0002006e657464657673696d300048247c001c0082"], 0x58}}, 0x0) [ 1621.464477][T20840] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1621.474570][T20840] EXT4-fs (loop4): group descriptors corrupted! 09:55:49 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0) 09:55:49 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14}, 0x6d}}, 0x0) 09:55:49 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400), 0x0, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:55:49 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) exit_group(0x3ae376a6) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}}, &(0x7f0000000080)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1621.706231][T20867] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. 09:55:49 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = fsmount(r1, 0x1, 0x80) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) ioctl$KDADDIO(r3, 0x400455c8, 0x2) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) sendmsg$nl_route(r4, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@bridge_delneigh={0x50, 0x1d, 0x10, 0x70bd25, 0x25dfdbff, {0x1c, 0x0, 0x0, 0x0, 0x8, 0x90, 0x7}, [@NDA_PORT={0x6, 0x6, 0x4e24}, @NDA_DST_IPV4={0x8, 0x1, @rand_addr=0x64010100}, @NDA_PORT={0x6, 0x6, 0x4e22}, @NDA_PORT={0x6, 0x6, 0x4e20}, @NDA_LLADDR={0xa, 0x2, @random="614bd50a7df3"}, @NDA_VLAN={0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0xc0}, 0x8040) ioctl$KDADDIO(r2, 0x4b34, 0x1) [ 1621.779545][T20871] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1621.797985][T20872] loop4: detected capacity change from 0 to 69632 [ 1621.866838][T20872] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1621.941113][T20872] EXT4-fs (loop4): group descriptors corrupted! [ 1623.511515][T20484] Bluetooth: hci6: command 0x1003 tx timeout [ 1623.518460][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1625.591500][T20484] Bluetooth: hci6: command 0x1001 tx timeout [ 1625.598288][T18483] Bluetooth: hci6: sending frame failed (-49) [ 1627.681240][T20484] Bluetooth: hci6: command 0x1009 tx timeout 09:56:00 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc02064b2, &(0x7f0000000000)=0x32) 09:56:00 executing program 0: r0 = socket(0x2, 0xa, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000100), &(0x7f00000000c0)=0x8) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0x53, 0x0, &(0x7f0000000040)) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000000)={0x0, 'batadv0\x00', {}, 0x400}) 09:56:00 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f00000000c0)=[@in={0x2, 0x0, @broadcast}, @in6={0xa, 0x0, 0x0, @private2}], 0x2c) 09:56:00 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x13) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:56:00 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000080)=0x32) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in=@dev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@private}}, &(0x7f0000000100)=0xe8) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r5 = socket(0x10, 0x3, 0x0) sendfile(r5, r1, &(0x7f0000000200)=0xfffffffffffffffc, 0x6) r6 = socket(0x11, 0x800000003, 0x0) bind(r6, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_PLIMIT={0x8}]}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x24, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}]}, 0x60}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=@ipv6_newroute={0x64, 0x18, 0x4, 0x70bd2c, 0x25dfdbfb, {0xa, 0x0, 0x10, 0x9, 0x7f, 0x3, 0xc8, 0xb, 0x100}, [@RTA_MULTIPATH={0xc, 0x9, {0x12c0, 0x13, 0x3f}}, @RTA_MARK={0x8, 0x10, 0xfffffff7}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_ID={0xc, 0x1, 0x8ab2}}, @RTA_OIF={0x8, 0x4, r2}, @RTA_MULTIPATH={0xc, 0x9, {0x6, 0x10}}, @RTA_OIF={0x8, 0x4, r4}, @RTA_IIF={0x8, 0x3, r7}]}, 0x64}, 0x1, 0x0, 0x0, 0x20040000}, 0x4011) 09:56:00 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400), 0x0, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1632.148179][T20912] loop4: detected capacity change from 0 to 69632 [ 1632.226359][T20919] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:56:00 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc020660b, &(0x7f0000000000)=0x32) 09:56:00 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x1b, 0x0, &(0x7f00000002c0)=0x8300) 09:56:00 executing program 3: r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) r1 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmat(r1, &(0x7f0000ffe000/0x2000)=nil, 0x5000) [ 1632.272709][T20912] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1632.281835][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:56:00 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() exit_group(0x0) clone(0x1840000, &(0x7f0000000100)="d3d21afc8e9cc47d2870cafb32a77b704d660283ec2cc9ca04faefe83099b78fb4ccff85aec065c8996cc7ccd5e2e772f5482e5e8754f0d703ce7a0e9838d5d45bd08a35c9c4be0667555a351e951bfc570f31397ce50bcfa16370ecae63791556ce3c541350e2483c53c42b272d534903578b89e51f9e68d15ac295cb3a76737bfe", &(0x7f0000000000), &(0x7f0000000080), &(0x7f00000001c0)="fd715d7d1aafbc7e70afe0308add301766b37fcfacfae3dc76fabb86a42c88407718e80ef3ca507ef2f8e65986332e5561ae245cd1149c5f9d57e055be8d0375a4161be780964a58926b16974f5b0bc8ee9641172d47c371b39870b72b73c6603fa2c6d02c888799a7aa7f87af59384ceeeb067fa04d749b18dd4a74857974fcb381511ad18fb98519b46bd6d44b5462c2c34f61fc026c4a265ccb869bccb434a9f496ba8d55aac2aa418ca811aeb141384545a897f927cb4c84e449fa7bebc1005d68be6c990fdbe4c5dc1e8ea9424f32a60b99177f206dcfdcdcefc438d67c261f6eb37457af0aa45ddf29578541a7d8cca4aeaf32a15b9ec6fe3002fb860c3ea14acec150d999977cd9726d8c119686d7dbf9bd77e69e612c8adc60439f63c78a5c59aca2a0c9d3b1e72d0f456e95b5aba6e380b52841d3409bcb89fa106fc5d7382a392d5635965dc31a46448789dd5f61ce9a8152b8462597277054b9d8f48b1e3cd46bf82743f70c220c4ec7f2c4f1e2953da61354136fcadb34d4314d1c28b844dc6a067afdb60c4b97ac228b5d86cc5fc150b3891a97a5668b29c5e15867ff6e516a543594003bf500da47e823c1e8b290e2f23f3d6faba1af400c2afffd599ec25bd263a417ca7279f0c7ce8dc26edf8caa5392aeb6e0d9ac2a6ec077a27106cbbefa90ba36de5fdbf001a180210f56e40e0e3ebe715d65d817eb0a4145947084921a1450e7f55cb856ec5d100c1b5866fa25adf467070f3b324a18fddb3111175393e2f6705ec359454f6e052bfa48070f1cb520a1ed3b405f28b7d10870d10aad0971442acc25b0a99878412099cef674a4cab094f876679cdd84fb3adc7c7d56ffc26826562204a16b1f8c745acb37b8486f21ff7db14f948f3f0aadffd6608d25054dfac8500e622992fb4184895978c9a4d1dd0ccad89b22c6a1796e4cf60ba946f5312ef5c196f2b4779a7e2cb515db07ce05b76769c63a878ae992143a187b99e9bdf75afae78cfb15067cfaec37f6eb41ee8b4feceded7a50dfdc406e45306d46198db424008d3083c7046d09370821ed86bc7a2c9025ab9517db9dac8ed0b8804b1a6e148959234f87ee2c6aab5d67983430efd8a318ecbb79cb88f176d50a73d08595b97d817dbe0874489038c163bfd35f22fb2fc2768e73df6f9fb71ac11300cb44c18207018476b72004ab08a738435bce2036b6d71a8bef5b1ecf0d3b468a0666037932635cd6339af464f560eff203b666a40533aae9cd076ed8821b20092c8cf6be2944ebb1907f8b88cef846e9c5524b1ed2ef69336bbeb6afad5f0195f8530e5f240026034809cd48c4ef6c8c589f497a6ee63f96d75298ae3c1ffeda27c3b630b8ff786d7fd0ba4d6c8f09b4982c2e2c35a923cd4b5964f3b1f3a14d3923fc0e794b011c3f9d9022cf4b04eb8018deeae1e598833556d85d6d9d21297cbd557478486c7ec96c7f9fcd0d282becc9ae21b45820a925b1873d0f027e63a7aae0a072a6ae29585733450884c053a931c0273df9202f0f40078bc97c999d333b13fdd142979ecac37daef6d8337065a35cac8c484719e73bb31fbf588e2d9f13250c94c6e436e35555437d01a34e9a41984d91303f8de84bed8747ecd14db55cfbb5130a5fa431d4178b8ea2bd0e456cec1f75fb4d5b829a2d95fa1323120e76fbe497130f030261325b795ef4fa0c5fefece41f3a0280c560cd0b2c16c2ae5c41b59afb5b9a610e0be01d5e1e7b8b76584670c3ad7743df5ddf52ba8ad205a78e57be30eaa757a4d12e9783d1ad1812be1fd51ac4706935a93969c47c33e041afd09e597f16b0eb6bb4643ba3d990e58390fb0332ff920384fb38b7cb2085e7b13b1cca5e9da411e87d2850f00ab29397cd1bc3868b6ac79d64b34f9e4e08ce324d58c1c1249c18780facb70256185fcb39a86759733b77514d6676244dde792db6d0dccf354551e71086588dbf1d78b73ef84f3fafbed5cc2a4df0d228e353bf1acb5039b3d67884afeb06bf316fb18cbd2ba27e3e14d18b314ca1a2885306eef320fa71057c8646363d33567ee12fadb1bbb19efe5e20313f96c0e8fa600fd9225040f66d9c742a562dfa1f1a78140146e944e428a1d0e78dfc3e674b088234818b5b743ef7ce682cd898a4502451c56146286456660e537f8e9919c9002672e31ffb1e0c7a367d6e29d550d4d32abc1eb7deef56694899a8d36316ca9c47163c8f7470b2cf4c51f18a426c634cb413e6e43f97aaf608059970c99e2a2dafa210181de0c529fbe96cafb73a1e67e6b91333f045f67a7576e5adcde07e136dd4448115e523e0bb161f5b8fa111178d9ae20ef185f5e6cc8ef71304bc3469fd1929e5a7799807f21bd4ae0e437c5aa47bfd13eb7f48f4dd044e2b84a4f26d83af5d00c3404901917f810a7f11082cafb37b3c671359412fa6068fcb60f692073b4178a0e78254b464ae41390e823cf85d6b528fcedeb98afc7142ff47d47774ca145148e916fcb95b752fb94cacb8f4a1aa7dd8b7f7d825646340fbabb3c620355c74562c66b89869cdde82932529f013560359fd9ed2da03899b4098ff3114df5619127951657529b706f2dfa141f58d86003debb3922d2ca4ac1514710bdb0cd217cfe7ef4ec8369c1c4277b63cecce772bdd8e49fad33552312beb1b6016b6586db307f5e2e629db2150a6706497fdcf47b414772664b64fd727af27f8c9c9b6ac6d8e2906ce49b648030e6ec801ca35ec6b33e45fa556ce244d5d4c4b8df2d3bfd50f1c616cedb0052ddbbc5238bc57c45a377cc052dfe6f72fcdf0825a6684570b9d58aa28402c5f1c8b7d6f49453491b84fa65720dfb29e1462f2d6fc1228bb8c43a4573d39e7770231b7860332f5b7cf86fde788eaa717d2429fb3a6e8c2a4eede337e1f5ba196967a8de273d2f10e13558b87ead8008ec67cf33502126496f9c79a12fc313183ba5b1114335ac89bfd3a1b224d0225f56d3de724767718e2747be382fb59043d506639c2d03c53fb7b264dfea248c535350b78dcafcfee724aea088078415f288200be451c346d375c0a713d7c8efd3e371b43b77ad48d44b867e3c478564191438bfcdb0cb0adf5441785320b68ba80e62e3c1e6a12e352cc315cdf481205865e6bc43304a025c404cb8a91d7529b7de5acef29267d3e6da97d1737d7723b759940e57e1c3c7575dd008325392053311b51f47b88722adc0b50579872f58ec0e291bd9751f926143bd537825b8b656b1bf59e3a356132b9f818878f670af52729db6e4f67222429b8471f622426ea6df78c0c951eb54b91f595a93feb981a399c49b9ec926e65f464d881250e6d7331cb8ed285de47ab10841437d47dc232de411af5dcc520f4f0996b5408e65e9900e8032d5af82db1a927e2dee5676f2647c95b3568f006d24870e9bce38402dc9fc18132d225734e7fb0ae6fe6673394ef1ed95c394401d4ca2f6bf910f01c0356a6b496d7e7dfc87ddc33664d69a885fcf89c6b29ede13ec0e0162c2f149b4331717acbdbe95d0ed8ccf9ae70bbb273eb2455108726f6c5f28121a47ced26496225c039af47d3e8e2040707526ef06857408a19f645bd5f9610efaffcee4019db1e2fdc4a8925b9fb245736a4700b909347d747d7f78d268df074d9da6f4e0224f51a5dc9b5eb792fc610f248a3518507f874fb55da524703e19bedc91f9d372f9c8f20b5febb29f138092fbf5ff6e476628315d5b7d4ff7b9782fcbfbf25da0521e1ce9cc488c5e3cfccea736488f4307a76e6a12de93bc4feb369c8be67feedc4bc90377a559ccc0f0bfcb914b68596fbd296652ded0e4bbaccd0bce88c29012d05fdd3b05de3494513eef46af55953bddf7766143ada44a32a3108952edebb0870791af8db5488aae896a47173c4c5322fc0e81057946ae33d372afeb8f1ab07680d8b5bb33a7d5a65e51cd22fb88ced219b455ff5c92cfa893913ba29714e857da88308290f2cc76dcef80ef4c77846e362e1ebaee9bdc7aee80df60b89763f36016e5435facf0a07acb04cabc49b64db987a052a6157304a362c68f683a058edef84c8052f525338335fbfad5e1ac0592671af24cf64c66f8c8a4bc462006b01bd4b37ea8df7931f1164cab44d03e08f3035bee8b17d2bee2f0e994ef5ebbc860b0456787a3059a8f35461d8a19a367da822a5df4901a491300b2688e75125cd5874add9fe9360f1a04e7f1b6b6b1c23e2c3f3a54e7cb5991cd55204f54257ea396f94c5e40226810f9978bc75a7163dd86920cb23c47267cc1aa64d1385476402e65c5ed7451953239e5d92a80f8464a1528d307e6ae95376d638d5855e4184f983242772a66061d7a3bc402669eaf0a6966546e9f042f39de394512638f212be4b3ff987b6b7751ea4c06af7aecb50bd286519287cf1ae839ad7960de95b9d8ae04ded0d655e389da41dd04dc32a71e33541279c3f41033522a0d8897c499da3af966820f3bcfc14fc96db57a9d8b3d8b4d85d777d6b6df981b2ccd9431d3d59e5213818788e1e36d2601f55ed60b8dbe6579d7b5ccc467212f299073d2a5733a7decfd1810bd35090010bfe4ad43ba31048ac5495155cb1607359208c4ceabfa64bb9881d499f0c805d47346fb83d8b6658cf8ae3b5904ace0176a93964a67553bebd9833d06e20e0d02ce40e58ddc930d46baa9111ea100c2b8794d615823751af707ac37dd748e0cb9129433eb8ea0ebeff6b15d0916a6dd29afb2ed9630b9f72b9cf94d9d9980e5659175868b3fbcfa3d3646bf3ee9f1d5cb115fe16d9dc19dc9f9782e2d6ca56c99022fb0af7e3ead5161a08ef984c57ce8f1ed341d3f5ec5e515463ac10fb43176850d060ab7e8e5e8026e7a1a40a0a07205297dfd9222dead32c8284171e462c76673d1eb5b75e10828f48c3c44b9ec8e3bfaeda503ca3ec86f0cf9500a631bf50b3c89750c8e2ccad3497f1975e9b55630b6a4c9286dafbd6a3e8b527c07b14c15c001c7d1f7e8ffd36b30b78aea6cf5233f1f6c442e1dfd300e48ba8e5aca6a211e0b70dc91b3208bf3cc501794669b87e0adbb0517609d2ff0a83b2388f2797f2b0f9f7452af6fded305c9aac9ae5c1d4812d78277ed3a2029297e02be2294742116cb2cd2b6b967e41fba5f33f5c69de5ebc6b99582d7a197dbe178dfdaf05c09962b82c694a5a0a80d558ad032c4fef637f047a081248bd7a69c63b0897f4f809c4e76a5a334842965749f390953da043e31ff7bd88e637dd5dc049cb75ffce1de89d01874712501e3008b2f5dc3a5fc2dba896054c1de8ee816069686f16a7ea20be867ecb88c631d2ca22470949cdfc653a005f4beca0f0940593f577ad0ce41d24475e3772530e55aea87248ee047a3e756340b7a776c5d2414a0ec5253f94a9d2aa997f5b2fcc2bfdbbd745aee03b37eab4a7eb0489ca1015917a52670352457ec19a225d6814663412ace948243e9ab99e91e47f1b36cf691a0ae219318cbfb8df804e5e85b822e2ae2c59d281a7b8e2058ce903c94eb01b86c46c4078373c869b6dc4d70c2b68ce24b88444dbd61b990adbdac41d88581e39799556922d1c6a1238087e5d8d0cd3330ea39323d26dcf87dc1403dc1b70ef584ae9ad9509f7deee9a91ec512bccfddda57c8afde5f7c4b7dd26de9432f5fb5e7b86ff356ababe926c1b6625d786cdb838f78deae8be15aae5d01feb7342ce0e39af5a192ea7e3c95fe072d442959f109b15c945ecbd3f52313264f5d82673f5d5e9af2b2230f6d473c347f0398a") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1632.352567][T20912] EXT4-fs (loop4): group descriptors corrupted! 09:56:00 executing program 3: syz_genetlink_get_family_id$l2tp(&(0x7f0000000400), 0xffffffffffffffff) socket$inet6_sctp(0xa, 0x5, 0x84) 09:56:00 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x8924, &(0x7f0000000000)={'veth1_to_bridge\x00', @ifru_settings={0x0, 0x0, @sync=0x0}}) 09:56:00 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f00", 0x10, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1632.611274][T20950] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:56:00 executing program 3: syz_mount_image$squashfs(0x0, 0x0, 0x0, 0x2, &(0x7f0000002540)=[{&(0x7f0000001280)='N', 0x1}, {&(0x7f0000001340)="9b", 0x1}], 0x0, 0x0) [ 1632.732115][T20963] loop4: detected capacity change from 0 to 69632 [ 1632.770403][T20963] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (61595!=0) 09:56:01 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r0, 0x8912, &(0x7f0000000240)={'veth0_macvtap\x00', @ifru_names}) [ 1632.797158][T20963] EXT4-fs (loop4): group descriptors corrupted! 09:56:01 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f00", 0x10, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1633.044945][T20984] loop4: detected capacity change from 0 to 69632 [ 1633.057835][T20984] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (61595!=0) [ 1633.069324][T20984] EXT4-fs (loop4): group descriptors corrupted! [ 1634.310842][T20468] Bluetooth: hci6: command 0x1003 tx timeout [ 1634.320441][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1634.550878][T20721] Bluetooth: hci7: command 0x1003 tx timeout [ 1634.557274][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1634.721137][ T25] Bluetooth: hci8: command 0x1003 tx timeout [ 1634.730827][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1636.390787][T20468] Bluetooth: hci6: command 0x1001 tx timeout [ 1636.402386][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1636.630807][T20468] Bluetooth: hci7: command 0x1001 tx timeout [ 1636.637942][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1636.790869][T20468] Bluetooth: hci8: command 0x1001 tx timeout [ 1636.798051][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1638.470786][ T25] Bluetooth: hci6: command 0x1009 tx timeout [ 1638.710653][ T25] Bluetooth: hci7: command 0x1009 tx timeout [ 1638.880924][ T25] Bluetooth: hci8: command 0x1009 tx timeout 09:56:10 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, @isdn={0x22, 0x0, 0x6, 0x2, 0x6}, @ax25={0x3, @bcast, 0x3}, @qipcrtr={0x2a, 0xffffffffffffffff, 0x4000}, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xffffffffffffffe0, 0x8001}) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000000)=0x32) 09:56:10 executing program 0: clone(0x50001000, 0x0, &(0x7f0000000080), 0x0, 0x0) [ 1642.457126][T21016] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1642.485127][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:56:11 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc020f509, &(0x7f0000000000)=0x32) 09:56:11 executing program 3: openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) 09:56:11 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f00", 0x10, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:56:11 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) clone(0x40000000, &(0x7f00000001c0)="492b56e2acac31d748a764d48d271ee97690d9a03f729e7e313bab04750cf2deae3188b74c17a067c7de7bd6ce7a08e5bac1b40adb4582456ec2a95f1bae6b434209a1c0841d9bd2fbc3490a4e45868215e392006fcce6218f622e17216d3d20d534af6ed8d699f64afae917ff6dbd204e2bb407057bb609cbad0bfe3e745999e4db3f2b95d6c11b26", &(0x7f0000000000), &(0x7f0000000280), &(0x7f00000002c0)="79926fd9f70e168174bfbe7ccaaf4521d65612e110c7f04a0dcb0ac7696140ee71b8b44ce7c9b4d4563aba0642d659c3dbcab49592254950eaff1e02baae85f46f1c446211b30a8ea76f31955fcb4fad531aeb0f5eb6ded58a294cadf38f0d1e41ee0e5182b0afcabef2c22439bbcfbb397c4f297ecf2cf1cdbc68779a0f05a135788b568be5bc0a63c15a698ec5f3dfb1dea4fa99148cc713882c7fb3359d7f79d8e54d0fabe7e717ffc611f74e0676083e1b39ef96a09f7aa8f2a56a2c6752109236f2a876a63f54c6aa14752c0944f33260907850386ea0bb30138276e722b19f173f4d5ef5cba254a56601111920b31aa3e2b3f01a6f") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x2, 0x1, 0x75, 0x81, 0x0, 0xff, 0x200, 0xa, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0x7fff, 0x6}, 0x10402, 0x200, 0x9, 0x6, 0x1f, 0x3ff, 0x2, 0x0, 0x0, 0x0, 0x8001}, 0x0, 0x0, 0xffffffffffffffff, 0xa) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000180)={0xfffffffa, 0x3}) ioctl$KDADDIO(r0, 0x400455c8, 0x4) syz_open_pts(r0, 0x20000) 09:56:11 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000600)=""/175, &(0x7f00000006c0)=0xaf) [ 1643.003912][T21075] loop4: detected capacity change from 0 to 69632 09:56:11 executing program 3: mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x88}, 0x20) [ 1643.052026][T21081] IPVS: length: 175 != 8 [ 1643.057063][T21075] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (61595!=0) [ 1643.085526][T21075] EXT4-fs (loop4): group descriptors corrupted! 09:56:11 executing program 0: r0 = socket(0x2, 0xa, 0x0) ioctl$sock_ifreq(r0, 0x8943, &(0x7f0000000180)={'veth0_to_team\x00', @ifru_names}) [ 1643.149971][T16482] Bluetooth: hci7: Frame reassembly failed (-84) 09:56:11 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000", 0x18, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1643.243713][T21094] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:56:11 executing program 3: ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) [ 1643.310630][ T1136] Bluetooth: hci8: Frame reassembly failed (-84) [ 1643.349670][T21113] loop4: detected capacity change from 0 to 69632 [ 1643.375381][T21113] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (33325!=0) [ 1643.397160][T21113] EXT4-fs (loop4): group descriptors corrupted! 09:56:11 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 1644.471562][ T25] Bluetooth: hci6: command 0x1003 tx timeout [ 1644.477942][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1645.200232][T20484] Bluetooth: hci7: command 0x1003 tx timeout [ 1645.207055][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1645.350336][T20484] Bluetooth: hci8: command 0x1003 tx timeout [ 1645.356537][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1646.550417][T20484] Bluetooth: hci6: command 0x1001 tx timeout [ 1646.557289][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1647.270246][T20468] Bluetooth: hci7: command 0x1001 tx timeout [ 1647.276440][T11339] Bluetooth: hci7: sending frame failed (-49) [ 1647.430206][T20468] Bluetooth: hci8: command 0x1001 tx timeout [ 1647.437152][T11339] Bluetooth: hci8: sending frame failed (-49) [ 1648.630551][T20484] Bluetooth: hci6: command 0x1009 tx timeout [ 1649.350141][T20468] Bluetooth: hci7: command 0x1009 tx timeout [ 1649.510218][T20484] Bluetooth: hci8: command 0x1009 tx timeout 09:56:20 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) gettid() r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x20c240, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) recvmsg$unix(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000280)=@abs, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000300)=""/201, 0xc9}, {&(0x7f0000000400)=""/83, 0x53}, {&(0x7f0000000480)=""/51, 0x33}, {&(0x7f00000004c0)=""/167, 0xa7}, {&(0x7f0000000580)=""/101, 0x65}], 0x5, &(0x7f0000000680)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x20}, 0x40) wait4(r1, &(0x7f0000000700), 0x1000001, &(0x7f0000000740)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) clone(0x40000, &(0x7f00000000c0)="c8db16ebdaf288624315797e81e736c9bd7302669c60ca26ef1cfda5a091df6477b278cd878bfe29815af338f5b79c6c6f0372b63c2115", &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="95a9dfce1cf55205bd85b9fc26344621c2e4ce3d0ee4f64d3995ccd4d7644c5919472fd23d4c8747dc833762c99331196169ae2d7b77c3a9aba2b6a540a508f865f2d2fbac4852e4c4fb451d627d6eb478d12e8cab745d9d3a344f73085f1e903a9d1f45a99a5dc30a691198aeb53d1f52d2e0483c1805d40241551ba0fb7deeed3bbef6d908ae186ab9b699b1234c9ddc5629d007380ea92e9cca7f54189022874287a97202c6f4d7e4ea7111eba9564c8379289114a3943b39cfc128c17fc05af4d733aaeededb7f45fb4e6acf65f010937312c6e521063665f5bb3038fe8f957949799747b37697bbaeb921e46defe79a1ce4bb") 09:56:20 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000", 0x18, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1652.630459][T21156] loop4: detected capacity change from 0 to 69632 [ 1652.685676][T21156] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (33325!=0) [ 1652.711014][T21156] EXT4-fs (loop4): group descriptors corrupted! 09:56:22 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc038563b, &(0x7f0000000000)=0x32) 09:56:22 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001ec0)={0x12, 0x3, &(0x7f0000000d80)=@framed, &(0x7f0000000e00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 09:56:22 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x81, 0x0, 0x7e, 0x20}, 0x9c) 09:56:22 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x0, &(0x7f0000000100)="2bb338c094ce947ff2a80e16c252f8e20150adf22199aea3919e007f621f206de45536d6d91b73e5d2cf726ff408fdf02a1b82fec7699d06e9742c4129d7fd6518a9ada2703c1849567bf5a28528311d3e600d72a3e8f2c4c8f3741e328fcc3d14426b43d7ddd1b8c626fd65aeaaf98faa5d9039ecf735094121d40559886965062008bf9ca50dfdc899a7bcae048250f86058c7efcc27282a8f1065bc", &(0x7f0000000080), &(0x7f0000000240), &(0x7f0000000280)="68515922704d700be86a56c367e955334ea94c61a54c6769a0f1e7cc4821f1d34dc50a3ec8a3fee213270bb2ffe00a2705e82b105c02b1f1f653993ba0d9c7d8eeb5e520fb89594f1ea4d1bf500565aceedc69b65bb16c346c4c8c473bcc46c411cce7c814b641d6764b24a649461c971d82ca86e6") exit_group(0x0) clone(0x320a2080, &(0x7f0000000400)="a4fc926ae08fddb7331692ed975933bcf5fa1059b5c9ef07081723877b609a5b043bb2738e7146cb7563c5a25544a0c4379dbe40e75ae95dec2d723f98b152f5d624e335feef341009c4", &(0x7f0000000200), &(0x7f0000000480), &(0x7f00000004c0)="b24a173a2ed53ca7cc89bfe34f716ced2526f75f16fa708a4a66de235588f40ad447b35e80d92306e7fc4cedc70a8d959490bace11e6e3cc519b8ae3143ca66bebb20fe11fcc02d4dad9deb948808ca9e5f874") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSIG(r0, 0x40045436, 0x2c) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) ioctl$VT_ACTIVATE(r0, 0x5606, 0x5) r1 = perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x52, 0x81, 0x3f, 0x7, 0x0, 0x0, 0x20, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000001c0), 0x7}, 0x100, 0x7, 0x7, 0x3, 0x4, 0x6, 0x9, 0x0, 0x6, 0x0, 0x6c}, 0x0, 0x5, 0xffffffffffffffff, 0x8) read(r1, &(0x7f0000000380)=""/125, 0x7d) 09:56:22 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000", 0x18, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:56:22 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) clone(0xa0000, &(0x7f0000000100)="2f7fa3c75fa1af885646b90c5e7bdcb23bcb249ac739350183f015b1eab88a9fd5deb59d0508a1564453ec51d998a1d135c943e2ffa126909a028b1ddb8e7b51ee942d812f23bd8a75f2428919e379133850974cc9a1402fdda7d282dad6c9419f20078512058810e7121d119fbf6ad16fab9d73e20ea79407c5c619f4c2dfcd4bcef7ff478faa8c3440a722cb0e711fbdbae073f0e645f9bffb26960898a354af6d52722e78ff68c09171a5648fb6c336fafdc5d229c336e6", &(0x7f0000000000), &(0x7f0000000080), &(0x7f00000001c0)="dfd888775eef25dc5abe8cd45522d8169d6e0fe80253282d69c23931b8c2d7ecd2f7dc18f883d9015fd09ff6997695336932203dcf8c22056ddb57ed8e359db520eac16caba3f536025db6a7ae90cc4d3677023acde94ee1b6921b57b686f37f0a3ee052ed91d7e70e6ab1f1c8eb4be0038588edde225a2657cd0b4c586708e3634fdd3407b83c988502cfc69761dff6b4e1be3fd126fac19296818408c3fdd9a1f6dee796b92320b4213fa5971c8fa6e190ab0160f5f7cb") ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:56:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x0, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) [ 1653.993439][T21186] loop4: detected capacity change from 0 to 69632 [ 1654.031534][T21181] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1654.050643][ T1136] Bluetooth: hci7: Frame reassembly failed (-84) [ 1654.087750][ T9149] Bluetooth: hci6: Frame reassembly failed (-84) 09:56:22 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc054561d, &(0x7f0000000000)=0x32) 09:56:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r0, 0x8930, &(0x7f0000000240)={'veth1_to_batadv\x00', @ifru_names}) [ 1654.104312][T21186] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (33325!=0) [ 1654.118349][T21186] EXT4-fs (loop4): group descriptors corrupted! 09:56:22 executing program 0: r0 = socket$inet6(0x2, 0x3, 0x3) ioctl$sock_ifreq(r0, 0x8920, &(0x7f0000000000)={'bond0\x00', @ifru_names}) 09:56:22 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f00030004000000000000000000", 0x1c, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1654.275484][T21211] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 09:56:22 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x0, &(0x7f0000000000)="604eadc33d", &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140)="f3e1e1") exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:56:22 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_netdev_private(r0, 0x89fc, 0x0) [ 1654.317533][ T1136] Bluetooth: hci8: Frame reassembly failed (-84) 09:56:22 executing program 0: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0xffffffffffffffff}}) [ 1654.511342][T21228] loop4: detected capacity change from 0 to 69632 [ 1654.542418][T21228] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (33325!=0) 09:56:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000001c0)={'gre0\x00', &(0x7f0000000140)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2f, 0x0, @multicast2, @private, {[@lsrr={0x83, 0x3}]}}}}}) [ 1654.561733][T21228] EXT4-fs (loop4): group descriptors corrupted! [ 1656.069758][T20484] Bluetooth: hci7: command 0x1003 tx timeout [ 1656.076208][T20484] Bluetooth: hci6: command 0x1003 tx timeout [ 1656.077476][T19170] Bluetooth: hci7: sending frame failed (-49) [ 1656.095258][T19170] Bluetooth: hci6: sending frame failed (-49) [ 1656.389732][T20484] Bluetooth: hci8: command 0x1003 tx timeout [ 1656.396996][T19170] Bluetooth: hci8: sending frame failed (-49) [ 1656.549772][ T7] Bluetooth: hci9: command 0x1003 tx timeout [ 1656.556156][T19170] Bluetooth: hci9: sending frame failed (-49) [ 1658.155461][ T25] Bluetooth: hci6: command 0x1001 tx timeout [ 1658.159657][T20721] Bluetooth: hci7: command 0x1001 tx timeout [ 1658.162728][T19170] Bluetooth: hci6: sending frame failed (-49) [ 1658.172892][ T6581] Bluetooth: hci7: sending frame failed (-49) [ 1658.469649][ T25] Bluetooth: hci8: command 0x1001 tx timeout [ 1658.476100][T21260] Bluetooth: hci8: sending frame failed (-49) [ 1658.629677][ T25] Bluetooth: hci9: command 0x1001 tx timeout [ 1658.636611][T21260] Bluetooth: hci9: sending frame failed (-49) [ 1660.229571][ T7582] Bluetooth: hci7: command 0x1009 tx timeout [ 1660.229693][ T25] Bluetooth: hci6: command 0x1009 tx timeout [ 1660.549632][ T7582] Bluetooth: hci8: command 0x1009 tx timeout [ 1660.709579][ T7582] Bluetooth: hci9: command 0x1009 tx timeout 09:56:32 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x16) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.swap.current\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000000)=0x9) 09:56:32 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f00030004000000000000000000", 0x1c, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:56:32 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8914, &(0x7f0000000000)={0x0, 'batadv0\x00'}) 09:56:32 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x14, &(0x7f0000000040), 0x8) 09:56:32 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc058560f, &(0x7f0000000000)=0x32) 09:56:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) clone(0x2200000, &(0x7f0000000100)="50483f7b71b31c8750eb71413c635651dafcf1cab8fe4e78ecb4b680f90d5f205673987dff249e68b14971915f869a7107fcd4dbe10506d2645c4ebd7fd55f1851aa11b677fcb2e6ade04bdd818d95fa7a2a6e4346956120a6caee8d2eb045a7c555eed3fdb4876cf4062d4eeee593f84bec2f4412dc8041460b6b8f2426afb01ec156390f4376fe4db70fe7948d9f8569879a07fed575c93a80fb66c81830fa6fded2bdf97790ad6d2c42f8139c92b0e461620730c7aa4ae9dd3b90663ed98cddc102815df258213812545681d51a45b76f609e66fe9822fe28e403a08a09abae39582804", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000200)="b34beaa57e45cf75b57b830f2cee49ffe0716419444f785717d6d42f073aaffc2af8b4d2ea7384704fc48d763c2d6f620982e0fbce28c0869a64adc7a6e380b2") ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x602100, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000280)=0x1a) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1664.890382][T21280] loop4: detected capacity change from 0 to 69632 09:56:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000e80)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000e40)={0x0}}, 0x0) [ 1664.965194][T21280] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (33325!=0) 09:56:33 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) [ 1665.028181][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 1665.053885][T21280] EXT4-fs (loop4): group descriptors corrupted! [ 1665.063511][ T1124] Bluetooth: hci7: Frame reassembly failed (-84) 09:56:33 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) exit_group(0x9cf1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 09:56:33 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f00030004000000000000000000", 0x1c, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:56:33 executing program 3: perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8200}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 09:56:33 executing program 0: r0 = io_uring_setup(0x5959, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x13, 0x0, 0x1) [ 1665.354616][T21316] loop4: detected capacity change from 0 to 69632 [ 1665.418937][T21316] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (33325!=0) [ 1665.468496][T21316] EXT4-fs (loop4): group descriptors corrupted! [ 1667.039168][T20718] Bluetooth: hci6: command 0x1003 tx timeout [ 1667.046212][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1667.109626][ T25] Bluetooth: hci7: command 0x1003 tx timeout [ 1667.115831][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1668.479878][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.486255][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.109160][T20484] Bluetooth: hci6: command 0x1001 tx timeout [ 1669.116070][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1669.189615][ T25] Bluetooth: hci7: command 0x1001 tx timeout [ 1669.195729][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1671.189022][ T25] Bluetooth: hci6: command 0x1009 tx timeout [ 1671.269350][ T25] Bluetooth: hci7: command 0x1009 tx timeout 09:56:43 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000080)) 09:56:43 executing program 3: syz_open_dev$evdev(&(0x7f0000000b40), 0x9, 0x80182) 09:56:43 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x4142c0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x20000, 0x39) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) mmap(&(0x7f0000144000/0x3000)=nil, 0x3000, 0x2, 0x10, r2, 0xb465c000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0) ioctl$KDADDIO(r3, 0x400455c8, 0x20000000001) ioctl$KVM_DIRTY_TLB(0xffffffffffffffff, 0x4010aeaa, &(0x7f0000000080)={0x80000000, 0x2f}) exit_group(0x7bd) 09:56:43 executing program 0: r0 = io_uring_setup(0x5959, &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0xc, 0x0, 0x1) 09:56:43 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0845657, &(0x7f0000000000)=0x32) 09:56:43 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f00", 0x1e, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1675.759815][T21357] loop4: detected capacity change from 0 to 69632 09:56:44 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x7c, &(0x7f00000000c0)={r2, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c) 09:56:44 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) exit_group(0x7) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) syz_emit_ethernet(0x3b, &(0x7f0000000000)={@broadcast, @empty, @val={@void, {0x8100, 0x5, 0x1, 0x1}}, {@llc={0x4, {@llc={0xf2b0adfacf511e89, 0x1, "f0", "d578ce66905743d28eb05a79f2a10017a77d2fb940adc8ed589217b4c4902c24ecd581bd6e24"}}}}}, &(0x7f0000000080)={0x0, 0x2, [0x7f, 0x6a4, 0xf6f, 0xff]}) ioctl$KDADDIO(r0, 0x400455c8, 0x4005) [ 1675.825074][T21357] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (26926!=0) [ 1675.827459][ T1136] Bluetooth: hci6: Frame reassembly failed (-84) 09:56:44 executing program 3: syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xc1, 0x7e, 0x55, 0x40, 0xdeee, 0x300, 0x7a85, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x42, 0xf7, 0xb1, 0x0, [], [{{0x9, 0x5, 0x0, 0x1, 0x8}}]}}]}}]}}, 0x0) [ 1675.878140][T21357] EXT4-fs (loop4): group descriptors corrupted! [ 1675.894379][T21360] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:56:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, 0x0, 0x0) 09:56:44 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f00000003c0)={&(0x7f0000000240), 0xffffffffffffffdc, &(0x7f0000000380)={0x0}}, 0x0) 09:56:44 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f00", 0x1e, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1676.242385][T21389] loop4: detected capacity change from 0 to 69632 [ 1676.276600][T21389] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (26926!=0) [ 1676.293831][T21389] EXT4-fs (loop4): group descriptors corrupted! [ 1676.328688][T20484] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1676.693993][T20484] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1676.718915][T20484] usb 4-1: New USB device found, idVendor=deee, idProduct=0300, bcdDevice=7a.85 [ 1676.740277][T20484] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1676.762878][T20484] usb 4-1: config 0 descriptor?? [ 1676.812169][T20484] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1676.837258][T20484] usb 4-1: Detected FT-X [ 1677.038790][T20484] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1677.076846][T20484] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1677.128857][T20484] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1677.175482][T20484] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1677.243036][T20484] usb 4-1: USB disconnect, device number 4 [ 1677.305646][T20484] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1677.335566][T20484] ftdi_sio 4-1:0.0: device disconnected [ 1677.828932][T20480] Bluetooth: hci6: command 0x1003 tx timeout [ 1677.836914][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1677.908629][T20484] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1677.988709][T20480] Bluetooth: hci7: command 0x1003 tx timeout [ 1677.995076][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1678.269513][T20484] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1678.280090][T20484] usb 4-1: New USB device found, idVendor=deee, idProduct=0300, bcdDevice=7a.85 [ 1678.291464][T20484] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1678.302023][T20484] usb 4-1: config 0 descriptor?? [ 1678.340031][T20484] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1678.356309][T20484] usb 4-1: Detected FT-X [ 1678.548913][T20484] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1678.568836][T20484] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1678.608627][T20484] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1678.622952][T20484] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1678.647299][T20484] usb 4-1: USB disconnect, device number 5 [ 1678.672435][T20484] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1678.682876][T20484] ftdi_sio 4-1:0.0: device disconnected [ 1679.918798][T20468] Bluetooth: hci6: command 0x1001 tx timeout [ 1679.925586][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1680.068603][T20480] Bluetooth: hci7: command 0x1001 tx timeout [ 1680.075612][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1681.988857][T20468] Bluetooth: hci6: command 0x1009 tx timeout [ 1682.148481][T20468] Bluetooth: hci7: command 0x1009 tx timeout 09:56:54 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x280183, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:56:54 executing program 1: mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x10010, 0xffffffffffffffff, 0xbebff000) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x18) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:56:54 executing program 0: timer_create(0x2, 0x0, &(0x7f0000001540)) timer_settime(0x0, 0x0, &(0x7f0000000380)={{}, {0x77359400}}, 0x0) 09:56:54 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f00", 0x1e, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:56:54 executing program 3: openat$drirender128(0xffffffffffffff9c, &(0x7f00000005c0), 0x8680, 0x0) 09:56:54 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0845658, &(0x7f0000000000)=0x32) 09:56:54 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000040), 0x90) [ 1686.637096][T21466] loop4: detected capacity change from 0 to 69632 09:56:54 executing program 3: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x44000, 0x0) [ 1686.701058][ T8] Bluetooth: hci6: Frame reassembly failed (-84) [ 1686.736705][T21466] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (26926!=0) 09:56:54 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="ac010000170001000000000000000000fe8000000000000000000000000000000000000000000000e0000001000000000000000000000000e000000100000000000000000000000000000000000000000000ffffac1414aa00"/104, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000800000000000bb0000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008400050020010000000000000000000000000002000000002b00000000000000ac1414000000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000aa000000003200000000000000ac1414aa00"/260], 0x1ac}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) r4 = accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000002c00)) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000002c40)={0x1d, 0x2, 0x4, 0x5e5e41ba69a59624, 0x2, {}, {0x1, 0x2, 0x80, 0x1, 0x2, 0x28, "a054e3fb"}, 0x4, 0x4, @fd, 0xfffffff9, 0x0, 0xffffffffffffffff}) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@acquire={0x1ac, 0x17, 0x1, 0x0, 0x0, {{@in6=@dev}, @in=@multicast1, {@in=@multicast1, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, [@tmpl={0x84, 0x5, [{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2b}, 0x0, @in=@dev}, {{@in6=@local, 0x0, 0x32}, 0x0, @in=@local}]}]}, 0x1ac}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002d80)={&(0x7f0000000080)=@kern={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000002b00)=[{&(0x7f0000000100)={0x125c, 0x42, 0x2, 0x70bd2c, 0x25dfdbff, "", [@typed={0x8, 0x46, 0x0, 0x0, @fd=r0}, @generic="760a228c1c4a97630f6b7b6c35dd09406eda5d98a70ee1dff22d64fe29757d37ea76d35e2eb327f8be07ece4679c22bed5", @nested={0x1138, 0x35, 0x0, 0x1, [@generic="92e21e40ace67826772353551c6e3b97ea2fbfe699e78c86f484b5d208774d384c12c0bacf94a20f2410a8d2ff449981c3e34bfde1c13144588a988c15187a89d9053ecd89db9c51fbae0111c29d6fdec5daa172cb01ce726de4af47f83d2fba023c1d06bf36f3", @generic="f34e4e6c2e336129f2a17796c115308ddd455ab9dceb354e65d849c932c2c1bf1a5aef194e3cb5dbbc2b55fc999ed4cc2e8bdfe5b783b66c76e069f853866d4be7d10d629f7983111421fd1fe891e1596be9edf064d549fd00f7a7e85943a433933e2880844e34501835e8c1fe9b0104", @generic="049206699abe659cccb322211b6004740309eef1d68f64d48fcdf6b10f1d44df40f840a3b25a675bf1b83b6b72544184619b53f6433d98324ee690cdf4520d96c9", @typed={0x1004, 0x81, 0x0, 0x0, @binary="73ca0672402dd6c08ae1be9e7e09e8e5c8f7b932a9341c8a7097309933b06857242cdb8f15898137966d25438fe5334ca164acc5b5cf71dd970d7bfb751a57aa5020f2c066131fb0bcb01191837f2575948e5811a544e1cec126084b15d76254704d23b381336c6e53c70b8161656b321196eeae99fd8620ea2e52f15464137f05b55db21545cca46888a5636cbb242141c20fa97d4b0293f05186af287be6a5d3f75ccd00f40b335cd8fcbd5c7deb65e515fbb109b4ba461b811f8533b6c569f46aafcd98a041bdf717968cd5e1356879e23bfc1a5c4cb700ae14f8bfcf567b978c018f6b344fe9396a6dd9da667e03f3c7fbb5888393115e18cf59e3cab2f6fb496188eba00aa5034d16ef828c0807ded7c92fe7be64c1375d3fed52a502a6edb4dc20ceccf2f19982113141484662ddff20e6e796f11419b4add229080caa6ff5b9c834f1665c0d56f314e202a14c2f05f3fb37b34b6bc27c6be126268e49853d6057563fc5a4b20c24ea0d461cbbdf09d939cbfcbd45739194955cfdb767e012a8b14b08db4bfb8ca01ef222d68063b4fd56f04400cee0868e649960df8d9135115e15ac7f63bde3f3fd46ea901732b03db687dce04181c1b145868f40ad25006febca58f17021d8ac7582cc549a3622f68fb35024f7296df800852867a3b361b3495fbad6cfc914d01118a86037d50375ee80d00a99e73a6214c133aa2336870623350cd1c761764eb81ae166b4fb3ab3a28d7da6733fc1b2b3bb35af29223fdc3d33f1ad5598c7c2137d209cb3b50af9bb60c60d95a4f3e96c23fa83b2d53140a44783eae758564de0201098d99fc20350926b1a55da55ca9e3ef6b41517357734280e74d54d801be9eb0e0c56403f6f0a8b72c9353ce2a6579a759d41e7ba98eec24d3453b398d5247a904959cb8cd85e80bde67258768716394acd27a1567564690ff5bd7ef21812e3bed6741cea46b7a2f77b408ac62e08d5a83f01645663beeaf44a33088d4312abf2c1514314ae09e85079db9e74c901d9954c595093d50bd47ff48c80cfd065bcaa49a966c30b3194614ec6214fc3f98dfe4d342e31d176e38c046672e3f7bf92ac999038323810d8f052ed4881fb826ee04b5a1eab084c43ce3a9d8bd64e8795f19e280c5e3bf69a7fa8ad04acc082e3d39b343fb79965f0b0af470011ccc4d3a1fd7779d0e6c828da9548ff27b030aad3079423004beef09c101da3f0444c2b46fd92ede0655ff28ccfac338c6e6e8eedb4f90b1c5f3dd67e6462b84e14e89fe1d87a4007a07f85b3624d07606bfe2d863bb94e85550c4fe619f4c94b8b6918da97fc2c9451ad18b47bb73ae9d43e3872085cb17c419cf7679b2d4daeb03c4ff1641e0a3e8f2fbba739bec59d22a00f625aa264ecc5fa12c49b75673f93bc24b016af0e4deac550d54ed5130f346ac59b38dbde772121de13c40baa154d0ae41d1580e46ce85853c3cd862823297e4ed35abf90a81d0368c96074c5f5f67e4fc27b817d153abc9c67c6640b83d7d3b0fc945289c0a79ab1704f71c2d5bed82a440b7137b5a61a35fa49978162268df87ec434ff7ff31cd5faa2f7bf4edfcb12118703cfd7a3d86b961050df55a40082db7020d2c91e9950a0e26774f6a0ec8e2ba06a0305d8c003e3130856a2ba37e22393adac81ace803709bbaa455418c0fc660da7c52d5e7786a3cf34993eac960ccf0ae32a4c879bc8d8ac83856d2c04c45c9499b2087cd0fc09dd710f4054bb1ec324bd8a22d527ceffaec579ac29d3059bb262f3d4a45b7f837f3ebee55cd06f1d7b80684b253d44592ccc72b2218299c1054c5242fc3185a544ed2d91d23b2231e7ad6482ad24d9ef7d5136c35d47010259ed33eb10653e1a4ffe98ff7cf139b1ccb1552200f3b91f44734dce8937dfaa6fa1594f13bfcff3770c186ce4bd777783aa2082c89a63961bb7a7822b83a920efc66378fcc0c28e7eb78bbd04eab5d6ba6aed723e6a7a6339b262ddd39f220037c7e0ebfb819f94ee614347883bf2a5fe0219d6ac970b32a141923678ed8e09b0d7d934ad4c398b89ae25585eb5f165b83dbc741c5848888e0e48ee016105e5fdd8e9803bb068b39be55a6c461ad013ed466fb5e5d4b7323562524dca52c8a6773527922b206df3d024dc298ef236b120aab84499a2cd0ed003f77586da89ded044d5731ca0850fccdb59b695b8a31f8c1d107c1262bb387a2fd82156d14174129b96677e67a875cbc73360c4537cab3898a9838c4cbef560c3f7d4c1b802a4b2b19ff1770e48a6607576846ae2fb6d5847236b5d04fc00be1850f90b269edf75ca68a617f4d73bf8adea3f7718b95519ea4833af7966d9dade06e391f1026dfe9bbe993c04d6d0b3f1ffe008d3687728d3d26a87128686a10bbd30da2c7cb9b9696c8b8a0c4b94bac773fb05f0c9d149b8c71af20cf658f78e9c22097fce61a2a5b7f9fac5c94d96736888e62f1817f31a6ac31545ce8f3adb4f692538d4e6b42da3fbb62415f7b79f8e05bbfc9c03713f4fe612522a199e2578e4ea8b584468e5d816cc10468c436942a40b83a984b20a816d1ed5793193423885bb6a0537b94e258d4d0e7c98b979602cdc65947621acce6b9f4d57574b45635d33d9ef3f0e2c7d4def0bd02e342fa944a520c58e351afcb53ecb677562d3379806f4b3f0a9ba9a2face2aa30fddbaa33243d58867cea5d15dae1d4449d3f614786781b13324dd568a8ed93b6c873dd73d4dbb2cf2f53bdbf8cf5141b53f1b08927e87dc8187222e62a4705fd92c978a1fe41940053e9ec2525ed92575c52599f8ebf11a997bd21c3dbb48b7500733b910ccf5688cc8027e6546539030009413c28082f5fefd4066654a4daace08e22c79527eec2f8de044082b166c73959d5f6f34a065cdb4a73ed325bddb3c7c37dd7aadbf110822569e47f04a8c48a8c4744151179a75dab8acd2d77991516edbe8ea09b7df28e28f40b520430a1fb1bc73a8fa51c0bab593ee99c0d31378c276ef25f7a9b1fe9c67116e0ac0aa0323b95302f2f0fa5c30a8e1965c3cb2450cc99cd50ba14401dba26bc82681b2450c5fcf10475a17b220341cb7d8357a01bd09035aaf32353bbdbd161a557e3047ab0489f2be7806580cf5524cdd59b7490da861b7c1355d61f4bed8ffb1657b405f3b273d89d1119cacc9ff419fd299b054691c0a848043b93efe0d14d328e66431756dd921f3d55148b2963fb3b45ecf50fe95a1f807f4823b24e8d78db3b7bb8adbefce411d1a83c55698e4cce56118ead54dbf7bd1b4005a26565ea28a4d54263f57757794d93b63a2f54ba48524f37e3153d633d296cc1b87e9002ebf6d3f06646e3b7758232202214aa2f780bf841892173271bb88d4afb3f514bc616df5cf50c597db7bf03f5b1ed3d3737285e1974dfa0c3c8a3c1a054779cfeeef56e668952553755e1dd8e333773bafef0d49dc0f2d966a8ebc317e07ed118d4da92e57f2dc41f8a3221702929b06d757617242404fdcff165b5707d8493e0254b0e57c8628d102013ff80a96b8a629547558fa026d6a131139df417d27ae5fe41b6da768e1838c35b4689695889ced0e956ea208b3ba944ee5cb8c23aa6690f56a9eea58901428d4897ca46a868d47ed8ce45215fad3e88123582288a8f7bef25a263e84cd39b0966b2fd3766312a759db5487df4f246adf21a23ee2073c9e34b6248892f3d45828d1940c81ed344dd98e762233dec0ba6487b102472976b863f3542178014cd2d7893d7bee871ad2989eea2cadcb7257ec841395f965c41effbb2ea50b8f4c23d7ff17d3b21950498041c5c2517f2f0a5587ff6823e9977fba0fbf064fb828e72b4972c56da0ade5a0c56ba44718d4eaa9a1bf7e1300a5c7815a852c954242ccfa728c00e96ea57bb499bcaf195c337247021b9b755fde28db9a82b8ca13b4c52ac459135e35ffe4d9e6d876abc291b6c1707125adafde1a1d5641732cfb71329ba6f1c1df7087c0483e77464c0f524986357e3a7c6937f3c22deb1f7a5284a5f91ed02122ca48c958a3ae8f5a8e52baf44faa2ee18a373a8ebe0ccaf4b9711740316954d421baf1fd0306221e33ebdc4daa0cb8f5587ae705941952110220ded4e74d079b2bf65c197cde296f377d1d87d7e463d24c2aa51fecc429842243073028e7b58b44094942f33a5ff9e2c21fbaa31b9fbdb24710b7bf472a308df7872e778920b3c6e1173f3f28511e8129e36ffff826bb825c0f529595bc69dff34fdbe9fcdd52e674184c62f2d327a17fcc091578d37ab85d94d29b0252d56cd2928f20e54f12b10fce35257692e5607e43815c42610170c24d8e073ecb53ecbb34d9d97303c0b387357c909881c208fb878df2aec90a1e72dc702ebbfe6f1d1253897e4015f222928c691b28ee8de46596ded9604d48d0292ce5c54a1771de1a886e5ce63fb77d7846d0fc61157daf4ebffd0cbe8dfe3ab2b05b9bee5eb2325cc065c94f763f82a06874e9e72e4de5eaa1022c09d5af92eae8b640bb62f7a9e81389b7aa5ac6e4f483807473a479a98d2329d266cabcc8e33eff667ccd53cd3aebf04eaf9c8cf100219e2de27a08f1475b0fdf7ad1492a7f450b9361a0536a54016dac7be6add654f4ae3dc24288dc36dfd3ee7ff643160473d47a08fe6274c556cc20e82aeccb01ddd6975e53d10577271a8e880939aa31c9ddf42bc54a0e47a98cf321b001af556213faac85e327d765d698578604667a099001bd2ec404d5f5fa1af39738b09a27762dded45aa3905a55a41ab574d14a6e26ebd3f30141a9905a37edbf8348b40213be3cf5da0294dbf8e08193ef9598969c116f8d10eee2e965efce9efd86fbfbeed2e23a6e047ce2f6e403cbe07676629660096181d18ae4c0d24e2b9ff75c428b65d015f14964dd6233e68be5fe1f82428c3e685eeac0ce5492263bec77b9e04105889a003faa8796fd07a4f507d905b6b77ff47d29cf1b435ce615fd408699c2eabdd1d8d088dcd8510f4d33d77b74e073664765cbe46607bba30b3a4d6046670fda02e0259380f9e7bfa5dd34dbb99d1ec18ee0c98da59ea4af3cd01ac270090546494774f2b7a98419dc325ebfa8f8a9b61665d777b24fd376aa6d787fc76c83d4e4d043d1de0a73ed6d4f95456cc3797fb4412c36207a3bf32c67839f80949d7db95380852bec9d98ee2f4596420a518a8fe296376db56ce3424776cb1526359332950c7670dc13b9d9bc70636c2aa9d151588158056136f9f6ee7303df7dbe4e9646e66768be202097fcc9244108d67d41f30bd1d33949729e095e44ef7ea3a1bc17aca9bdda122025769f27157c30643bcd5dff0f51e5734727956f4eef9de5ccd968cad2484d3296a8e7283cda7d4db47ac1e4119383acd632275bfbe85418dff0f2ee0d396e8660d31e8c5face3dc2dd01a1083cfa9844c97dd5579e67f99c97f28259c841875f8664f5fce046aa699b39c755f63256bc7b286526de5baec3ff39bb64ba0cfc9bac071ec534175813758959a9dfef39dd93851731b0321cd51b9b85350af02442cd7984d7d75bf63c8c79b29111f0e4d9a9e84a8a93cb7d66db7b9fc0d060df2e8a9c1805c17e46357366a01718acfabf1895798da99087e2bf5e8dbadaa7bec6ec739e129cb51b250d8f077c1a0abdfa3dfb0cb370044cc584488e7cab3badc6133a2f4e101ee31b2aafa950faca8b01eab719a16e85f6ad2404940f6f454b154be9ef705aef8ff669d644c8ba59679d28d042ab4a2aa923efedf9e46457a0f92"}, @typed={0x8, 0x45, 0x0, 0x0, @pid}, @typed={0x7, 0x8e, 0x0, 0x0, @binary="1eaef7"}, @typed={0x8, 0x8b, 0x0, 0x0, @ipv4=@private=0xa010102}]}, @generic="c65590ed33851e2239056e0f30b23e8be623001f9ade2db10fca544ae073b6c3d89ca6049d90b2c39b45dfe0843457e81f0f49d6d09570158df1b192e237c2c68183c12e7170909dd03f4b9c3ecbc5c3f07a8453ba9de533787daaa20c87ea6a46dc847ed70b8f6d8e5358446030ba25870df79a95031d585d4d1b2b3311cb037e35d4ec31ca8ee50deea02b6ebcda479a5133a7275a46ec19ce73e4d5ca7a9d0df58a2b80ce00e98fa31b76e04509411adcb87efcd9922443b6fa35c178c0b1849d10941285", @typed={0x14, 0x4d, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x125c}, {&(0x7f0000001380)={0x1dc, 0x21, 0x8, 0x70bd27, 0x25dfdbfb, "", [@generic="ee609a036d46a16b35b3358ab971aa10ed33b73af021678a12eddf171522e39a63a5c7cb57611a64a69e00d4a4052b380a420e4226ac0f2d71e55a62b4bd6ea5302011fd29393b4de22a2c0f51ba218beef907ee0927ee1001c33ad7ab31e566ad1fd6fe6edcdb4a83254614b34a7ea30a529896626bcc38798aba963a97c57db09c96d348a45cae83f4bf80a2ebcc73cf14ad085d1c05930b8ae45c093fdd14cb0e400029e9c7b5994cd1b5b6b1dfb0666d0df5ef893210f98300f23bb1e3cb5a422948f7de52babee1e804778da43a123b5a9baf829dfb5639caee28d679409bcfeb5fd3a399ddf51a10ebe0bc1a8f5fec", @generic="f84ad695", @typed={0xd1, 0x25, 0x0, 0x0, @binary="d433796760a34dabdf383bf149253a786d2980e902b84eab451b0f28b3dac82dd6f8169b19d5827e37e2a638646fbd1d2b5ed39a8324d8c3b323cd6d884dd8bf4ab3de5c5dfe01bf0aec2445b0a0cae31ee69d0abc87d61810b179227e2610422c5c1f317579639255e58547fd03b07da72f946398fdd88ce724a7a7e24b5afdb0ab18febf127f59a70f54813207e8d6950d40652c8147246f8ea241853ea62e5c502f4a56a91ff9ba626786ac2534a2677258a6d4bc20fd8d642f3d789d637edd8b555ab4ba18c2beda66ef46"}]}, 0x1dc}, {&(0x7f0000001580)={0x133c, 0x35, 0x200, 0x70bd2a, 0x7ff, "", [@generic="b2a4bbdfba17f2939b654c75142aae56c0eb83bc0fcdc7fd84cf693be02155d249f0cd4e7662f561796b302238f7db26a5ce3b2a5e675c3cf3b39624b36e81b008092460bdfc80e2416ea4dd084308686dc414c4d457b509254f7dcbd3976596b1f84cbe481de76b4e5399d29576f88128fde5315c6f4777cd3e49fe498b9b462cb88b4d135565cbe24dce95383d0204c4f267b6ea09f8692b2291736173cfedffd72f657e5b40242378376d757d3b68af5e87a92f8e65943e5d136a2202db056067813e851a0210eceb979fba87069ea097b6c8d4da082fb6571510f1ef52dd406f77fcc38feafc02af63a573", @nested={0x11f6, 0x63, 0x0, 0x1, [@typed={0x8, 0x41, 0x0, 0x0, @ipv4=@loopback}, @typed={0x5e, 0x8c, 0x0, 0x0, @binary="93809c3c699e1911c8d4a9a025a495e94d6750db91221b2dac0406ab1ab742b0523f58aef90d5c2c27ea26e5925ccfa4fa1061ce5566419d268a320af51ae9cea70f932b9b4067f53b6ac2f5cbb9d63ec54a44283a6c2efa4f67"}, @typed={0x14, 0x1f, 0x0, 0x0, @ipv6=@loopback}, @generic="ce3c9b8be4213e9c3826990b249c1d70e3da62d3cb0ad228d3f1f0bcd1729029b5e752b91101b527925fef04c3c8421c097eef726332d9d9231cdf06493f5f0ac182f4f44b954c1a298006d040d091f05d8f89e3859431ebe5af7f413598a940804f309c9213edc3483f99132fd8b9dbce56d4227048f9ec94f0a903ac66800943148f26bab90f620cd21213f39162d680c61fb540", @typed={0xe, 0x24, 0x0, 0x0, @str='/dev/ptmx\x00'}, @generic="cdcd578a6638277eb0faf09e088013996c880b74f3a55bd6889d35a306474f707234a032116be356d183949a9e4723f6024f04c757d71f7c02dcb3b3319980dd40fb46b0525d559130054b53eff89be925f0ea091c2f8ca95aa7d997ffc3f38c359c3b60f9d9e40fbfc6f17593660ac70cd7638400676190d007078dd1547b12dc4d34afed3db3b3ffcd93ef95c1796f793c563347b9cded919ad45286d7f9e3d126e265fdedb58eb2a394186aecccbe4a005add7517b89dd0395cd8157eccc1ea7632c3d4a7007af6", @generic="6e9e97d8e02bfe29a20c9903db6c42b748f15e48d01cfa6f0544d08af841b18a0c6223696ee9b602a07887d0bfeaeae82191455906f67cff835008e26d1d9b6bb6563f3a6183962c656e67ded6c50ae18d5a5d5309e385ce03dda15e85eb42a838a61bb901ff09ec9517f134d3998eb599825afaeabe77c81a72eac2875d7034506e021ff752c41b5af382fa271a53b3a3ca89be04539def10c84944eb0af919efadbc00e861c32586de6b40de63c002d661bb7108a9fdedb60b5d7c799eae1621fdf0bb79d2889e71e2086d893e92dd34befce59d738cbdc26d440a8c48784372c81dc8d0babdc6e893414b5def3f1ffc8c2b69f67099660212352981ab9c2fa31f51f494dc67ef9446372930dd60cf986f54be6a3f1b03ec6a4eb50d5a5bb41a7aca386becfc00b844a3da4b7b36a6d6a2ae3e92efef8643710a772d4f74ce6eb5c2303fb576be351bf94862bc4e37fec9440383a11daa5b3d2843ad2c9a2c52d6534ae8fa8d887a695eaba29a7b6963f2b67dc6d4111cdf2779c8b59ab844f59321d0386526c5c010f571be388bc1d4ea38cfed4edc2a53827133f417b95b33b764f64610c790946b9fd2e221aeff603f1e2e348894d4916a353cc372fe5f49fa58bec00d7055c5d68760592d52e0b0a2db30b7bf82dafcc7743972d59182d5d0a721d6887da9ec4e169eb166df7706655552640c1ab69fcca201114e65d386075337405af499cd63a2053188386e841f312e41c88b542c48fa37f7c3cdf69011decefbc07263bdba58e04fe2ace28c135e9c5f4e51f9ed6ed3557edf93a093a361f83eedcc659efb0fdbb18927894d3a77ada772784a653696ef577844bcd695a2242f82cabfb6f44103afefe3e21db11e2367e26992cd4bf356ed532588cb875b24677dd6b29467f739b3a083dad53bed27c7b565aa16c9f2638e5aa4411813259953837a4199bb6048f9fef946b5910b6edacbdfcb6e36c925be24cae7a67cf8202d3d752aeb839e09d6522798e2a4f4427c38d58bc7b0980ebdca61a34eb3c1d2837bdbddcd7fc29b53c688354d5f8eac7573788d71369202a9ab7fcf25c2663db42831a1950b0c8165d2513b3541785be03e48aba42be01ca4df9f5a6b74dbab00ca67fd3734b583758aa002b48cf77b42877d34d001c4e428c7251faba9dc2f561c143a8d2fb93045beff8f2cbe0c5868d753ce77d32590864eb9cba89e2f0b890e610d919d60c6cdb847dc2b2b540c644a85b72a05aa4e5e0ba4fd5ce8ea891063e322d770263fd123f9fc2a79c5ee14570419239fdf2588276ef28f986c2cdc3d739ac50f12551fdc91a30b5c17a83a712dd67fc1fe0d74932b4c1c08dcf36867545a35cce26bc0398d2dd95cf9bff43f595551654b53a38f961d2b03742da7a3fe969bbd215746498b358e8783af205fa62e5f3fb2b6b30d21bcecb155d5bc3d040cf81008742358aae00e43f19ac648fdc20bca48d0f363319a368d00396851930d812b8c3949f7c04ffc46a5926b83a463c5ab6d2859070c76d25caece04bf316a83e6a0764a083f2b8500fc403b71d2b4062f30ca7faa9285967ff54db25d7121321ad95618bfbd3debdacd71d415628d558bd4578a9baed7ee0af94fcdd6ae427183e5fa300aee3111bb8449d8625cd090aac6a51e64c48c9f8c7204dbe0bca215337a90afafb0bb2c0645139f5587d9d15bfe69cd64996838ad81462b0531e4cac0c5aefd577549fd3a2c43d6d2fa21a52822cfbee5c159b43581603ccbf1eebc499efff427696c58192b3be30c4d145f8e20b0b1ea8aa349b320d6329ba13fe9bf87abb5ac53d74df7202fa09b097343c235c799ed3f505c07631fd83b73e945a9d31f221afb143e2bd07c723edc5bbd1a3a4a03aa9a0f02bd18280e466072e28746c1eee13c59d5600824427c4da2a016e84a21cad864eeeb3db1686c1267c013b0959cd0e6c7c70fdbd68cfa08164c12367d36b81928b2c685cd3b3c139ac20a0f4ae22b9d6364e6863bd74b0b7e4436670ec1562a99dbedeadb65ec9ce9ff49db0b631ef4f04bace4dadb2eae34763ac300df687b595a5c12cf22006219763122cc211541c4938dbae590b0bd5be9740f23baa155d231e7c43ca6b9f5d192cc68f4f2b8e1ecd37a2495b740e5148d9b6f26266219f904c545087857a7132472e33f8c438d9500615c5b4860712101e7ccfc3ee0f870df29eb8897f5f53e3f252df500271b19ad56c6575e3190c54e91fd77afb9382718b358772071d47818de7180938ee02896856c3988b474bfb2953ef9ce109d290b2b35c461468946b3a98a0ca3ccabe7a7e08603fa662f1d3208e3a4f9ce6b1c54c74844271f078a42d94b7f75f608156f5759f150e09fd84530336852efa16fbf13b48afa08b58f65e4adb2170181af99d82e254d38a1a21930145bb6f5a38b7040fa97384d4fe14f4f90dcbf9ca6663327cde7e5858eb7a44b89ad67d0ed2fce8ddd87bc3ff32fdecf6f402ea8d3678db6319d9e038a857c58718759b7458179457eff7574e3fa47072c1ed6d71e45004ad8e45d0030786f23dbb1a426abc64382a7876179443be2c696c954b429f6ab0c6dc25b91179a6762f4ecdbc280d04f2eb603234f1f4d0eec90f29e1925914043ee3c846e853406388e226b1d3229dcb75c9fd42af45e7e3a40f3a622e7eb212b5bd6606ab9cc08e87024f9e21c08ee0bff5e3f6d4f75c7052806bff4e3a9472444bb82047bc5a47c234e2a0f060ad388806737b053825f8cf1214a8e4877d0c837f60648ab56a54e2fcf7def65709bd78997925f9f61b5cac5b12b9cbd6b9a4c17869140639cf385cdc694d8c5582db9f50923f81f51c2b4966bd80433511555c8b5d3c8bd376646de30965841ae557891968a3aed8acf5864d5a54da8902d5d205a2e24a959350b080c87513079a1131afbe5bf19a7aa91effcc7e5ea3f54fd6838381fd42eb0f1ea506ba9875bde7048137c5063a966cf57e7a4bdaf534a73c36e430864ade97e12b754b8132956864b67932b81aaa6ea781b66f9b3328a3913a400454cf5464b377fd49f93c7150cb4f3cc55a9f9f135de704b15fcc95eb5635d8fd0329d07c57dd7bff71cfb5ca09c642c577c93a316fcb6dd0a389c9040c1091cac7006179d86c031e7b854a3058c983d8f8e5eff305ad29b28d70d5021db83fdc27dd16a996fbf7f97b81133e3903ea699cba5753e0543bd9cee35b086aa45e9c3d06481f51ce85a7a74f364cadfc3be8857221c14f9f5321808da86839edece2bdd06bae4b31acb49d818d128f458a77e05f8a9c6e8c8a92db863a06ffaff807477bef2333f57ccb414b9cc318524772b4fb3fe1f3218f83e111411100de71606d6e002d856b09eea3e2898c97339e32603acb5169de88e73fe13742f6ba968c3a4f0cd829c1c4112c0f6b432c1741e45812ebcdc158b34fe963ed382cf0f84e3f0105ce621b933cce54bf815b886adaf1d418997b71cf0e4885c3f4bdc21d3b28c83cc323968d40f341554eddf9634100bef4158912ce319d2d980ffdcec03f75c96476f5454b5b831c518507f1af14c3745d7929f2eb363410036779e1343215e6f21988d3053c3a7c1bd30ede2f63d4530f073176677a3f244bb9bc0e50b69defc704be376e59788a3b2101b303e6e8d93d18095dfb788b47265e8ae86990b1af87d778d7ca16e86e51d96781ef79fc53a72899f175c00062a0e95e758ed3463b6f9dc50c8713aed668da3a697210391a63866adfbfd467a6c86b924a15e8c8038b8be22243abeeca0278e2a5069826b4e82bd7e64012c5114f41c6af994f2733220a62d8035bb5974ae1c954b60e78d57e0b3cec677e22030bfbc84fc8e125d06c09c4f0cd4030ddfe28bb36f4d545c336e444d9f618741bf4e6792e0dc8006513a78d765cb76e0e7e534f2a842adf14ecb25e0a069b1828f7a7bae0fea23e93e0b55695e25cf5e9ea0d3dcca6bbfb402861e4f6a3a8b6038017f3a098e67435dce7633484e2ff7954a4834fe7599c7dd2ccb1e7f9fbca5d9c48d9318f3bc40f72c403f15776f9ae756f627542064b0903783ba4b198fa4366bc7dc62e1c804462f8f71fa92d0f36bf5ee58a5e144577fcaf2d282e0791473ea2b8275c3ff0a4b8aec817845d65f4b947b11cc1f64852affa086cb52f2228d0f218daac4e0405d82c1144b1816e61e467a41e125e3a6715252bf26bf46cf6b84bc03ac5237c88f2f36646db0b50bb8fa32f6672391bf121c5d85de7fd317820e4e341b33f14529b50b608fb1227ef6f10fdbb0255eaec22e50030b6361b5b46ab544768c32bd4d34eddf136c4efd7aa433015bbf086573d6c2715a43ae2c9ee97df4af7cf7438034bf86237a6fa0b425e1156e1a9a5684b55fa3176221087794263538f5d1300f4d811fd438d082bd2944a784652b021889cc6ef378b870d05ff4096a767fd4d229c5b30d0ec151616759aad29f27f9f5b946f6e89d8415af07b6d4630ebf41c8cbae69b81a691cc684055cc1e45092dccc1fcc3800f949c4344301aad73a5c02a18c1d273ad8d73f23883f854a8a1bb3e621d9714b1f41f5b32dd32e168899a04ea31a3160acad5d0f2b5324b0e3dd00f6dd3261b32a2291711ed354f4a3ca77d03f82bf9d6b733e10389e9e9d9e40c7e6346f62bb033673135c0970a39890ce695cd138c6bdd663d0ff00a55e198a9d0103b356f68c7fbc37282f906e1c0e251026cf465d518d0f299ded4104d92ab1c5815ee8abbc2fef1bb8c1f1ee20ec91fc8dc56e8d4209eeac87cf77e5e61ffc342d218885bb60fd39d85392a84f6a0d6df22b94c3d65611a43cbf74292b815af0782fee996ff952e0a1633939e384c76bed8f4517951a5ff73cb449fdd69d6e93ea2d0975bf43e154171e4f7d2447bf1c0c3443a89ae19fba5b98210e88ca94865cd736b7de0e4307ffea214e4ed04a42581b6b413f8a36e30cd2b4736e0764922026fbaa7420978891a11724bb2f68ed785577371376b70c83eaf3b879cec917570ad4b2bff882609ee3637fdefcc289fb7f8879a1217dee543e2e53490ae3202982907e96285b20d3ac52dc26a9bad46570630c014579ee2d9052212d2e2b8295044e1975d39b5d5eb820334902e0bd26110f0b2ab220fef768e74f9de31be1ff9929d042f673a3f0fd5baaa33454e914408ed7833604303b33129a0dc240d0df4c6e43ef753f8e98ec3c6c6dacb519779caa5d3a231f34f5107dd390673a270e05f1661f0daf852c74aa1a2ee5ebf0b3be66d9f77d6d25fc9c837a7f3cd08b8bffacfb186b4194c4c50ea0e35af3593a69e6f80840769cb2d28a4847438a913940b9f056ee91ecb76fe074b537d312fcd94065c73ba49de4528567b697fb88b9b1567180d8aafa0d2dc12e157c6f55347e45ac89ff1c0ba0242ded9a91e3e4626ccba7ba97d5aac18355b6ede959863b5ae23d2bf3378774f85d36ba27a09706c7238e2e92b797c28185f6eba4ff6a0455a1ba8db3e4d4fcfc56bf7310e9142c88cc12429ec67d07670c7fe06b4d77b23860e6a6a6c673a3965c75354136579c6b361b573f6d2d60cba22ea933d3679f26aabfd1ff9edc7bdaf015961f7137776047668c293fd8f6e7fe9ebf2164c8ed7d9334700eb93654a45a913a2a1a18113b432139f5b745788e45d3e48daac3b620c383512a107e5439ef39223d4b6c89280255f25b2017ffeb0c6ecc0eaf78207e584e0bb5e5cda1006db71223cabd40054e00a8a890bcbc34d0aaae75b407bcfc59f1522093", @typed={0x7, 0x15, 0x0, 0x0, @str='6[\x00'}]}, @generic, @typed={0x8, 0xb, 0x0, 0x0, @fd=r0}, @typed={0x8, 0x64, 0x0, 0x0, @u32=0x5}, @generic="04e59e3a81b63afec4b4bb5675d90761b30f1482b7607c34bc369ae594b4016e34bf8c1bbc36bb558ac38b76f943b6f70f02c79a1ff672"]}, 0x133c}, {&(0x7f00000028c0)={0x10, 0x2b, 0x200, 0x70bd2a, 0x25dfdbfc}, 0x10}, {&(0x7f0000002900)={0x1e4, 0x3e, 0x400, 0x70bd29, 0x25dfdbfc, "", [@generic="8e132e59a013c7573e25f2798b295295255d89102564b2f891b8a96a90a55ce5d857c30833863c79128f16287dbe9cd60736be7d11e5785cba3b12424b1b9b9cfd137d7ba6df467e15cd8c593faf50e77f01400769f8725d94b457cba1d01fa4ec033d3514633e643169b9ed8009b9bf49750e7cb9bf04f9c3de32515ee9acfb92637953ed9bcc930360611caef2d2b061abcdc943ef800fafe0ac6843e44f7a330af0d5bb869161cf1bb4a7e44e16c69f1afd525f5bbc050a6a4d9e11eda93fe44ac6d1db81", @generic="893b927d2c2daabe861c64eb8ea6ca1868f01c43a8d8745d40babe0da8cdd3764159f9ec5c814a028b0820159aad10df2b2f9e4d5d1807ce52b59cc1fdf57cf1565540902583", @nested={0xc8, 0x6b, 0x0, 0x1, [@generic="b9d386698dfcafbbe436b2976e34835aa63c7b570fcf234f991266", @typed={0x4, 0x85}, @generic="dc56c5b61525b9bfc7193b355b461a9e1293de9142b861caed499c6d120891badaf35df0588c6537695599844969a4f9eed6c86fc1968cd408cabadf917f33bf15fbd0c54fa37ea1ed437423c01c95ed58a148646968ca233442a1a3b573dca58dddf97dff385b0bdf425e68ea11751a600cfb9bdb1bcb006b8dad80ebe7c296d5acfabc5ef6fdd632e0a56710b1c7af959250bfd7739a6322938c6853", @typed={0x8, 0x50, 0x0, 0x0, @uid=0xee01}]}]}, 0x1e4}], 0x5, &(0x7f0000002cc0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0]}}, @rights={{0x20, 0x1, 0x1, [r0, r1, r2, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [r0, r3, r0, r0]}}, @rights={{0x20, 0x1, 0x1, [r4, r5, r6, r7]}}], 0x88, 0x4000011}, 0x1) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000000)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1686.795835][T21466] EXT4-fs (loop4): group descriptors corrupted! 09:56:55 executing program 1: clone(0x48231180, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:56:55 executing program 2: r0 = inotify_init() ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f000004db80)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000065c40)={{0x0, 0x0, 0x7, 0x6, 0x0, 0x0, 0xdb5, 0xfd, 0x0, 0x71eb, 0xd2e3, 0xcc, 0x3ff, 0x101}}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000067c40)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}], 0x0, "7b4fd199c2a802"}) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f00000012c0)={0x7fffffff, 0xc, [0xffffff71, 0xfffffffd, 0x5]}) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000100)={{r1, 0x80, 0x8f6a, 0x7fff, 0x3, 0x1, 0x81, 0x400, 0x7, 0x534, 0x8, 0x0, 0x80000000, 0x400, 0xca}}) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000001100)='./file0\x00', 0x80, 0x80) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000001180)={@loopback, 0x0}, &(0x7f00000011c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000001280)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)=@ipv6_getaddrlabel={0x1c, 0x4a, 0x8, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x1f, 0x0, r5, 0x1f}}, 0x1c}}, 0x800) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x4) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000000)=0x32) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, &(0x7f0000000080)) 09:56:55 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e", 0x1f, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:56:55 executing program 0: openat$fb0(0xffffffffffffff9c, 0x0, 0x4400, 0x0) 09:56:55 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockname(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000080)=0x80) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) [ 1687.086141][ T8] Bluetooth: hci7: Frame reassembly failed (-84) [ 1687.097333][T21497] Bluetooth: received HCILL_WAKE_UP_IND in state 2 09:56:55 executing program 1: clone(0x72270200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1687.128626][T21502] loop4: detected capacity change from 0 to 69632 09:56:55 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x100000, 0xa9) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x105802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0xf7ce4ea, 0x103000) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000100)=""/115, 0x73}, {&(0x7f0000000180)=""/186, 0xba}], 0x2, 0x8, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 09:56:55 executing program 0: r0 = socket$inet6(0x2, 0x3, 0x3) sendmmsg$inet(r0, &(0x7f0000004780)=[{{&(0x7f0000000000), 0x10, 0x0, 0x0, &(0x7f0000000640)=[@ip_tos_u8={{0x11}}, @ip_retopts={{0x24, 0x0, 0x7, {[@ra={0x94, 0x4}, @generic={0x88, 0x2}, @timestamp_addr={0x44, 0xc, 0x5, 0x1, 0x0, [{@private}]}]}}}], 0x40}}], 0x1, 0x0) [ 1687.197006][T21502] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (26926!=46) [ 1687.219565][T21502] EXT4-fs (loop4): group descriptors corrupted! [ 1688.708297][T20480] Bluetooth: hci6: command 0x1003 tx timeout [ 1688.714449][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1689.108033][ T25] Bluetooth: hci7: command 0x1003 tx timeout [ 1689.115023][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1690.798122][T20480] Bluetooth: hci6: command 0x1001 tx timeout [ 1690.805588][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1691.187974][T20480] Bluetooth: hci7: command 0x1001 tx timeout [ 1691.194271][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1692.877955][ T25] Bluetooth: hci6: command 0x1009 tx timeout [ 1693.267842][T20480] Bluetooth: hci7: command 0x1009 tx timeout 09:57:05 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x2) 09:57:05 executing program 3: openat$audio1(0xffffffffffffff9c, 0xfffffffffffffffd, 0x0, 0x0) 09:57:05 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e", 0x1f, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:57:05 executing program 1: clone(0x20006004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:57:05 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x2}, 0xc, &(0x7f0000000100)={0x0}}, 0x0) 09:57:05 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) ptrace$setopts(0x4200, r2, 0x7, 0x4c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r3 = accept$netrom(0xffffffffffffffff, &(0x7f0000002140)={{0x3, @null}, [@bcast, @netrom, @bcast, @bcast, @default, @remote, @remote, @default]}, &(0x7f00000021c0)=0x48) r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) write$FUSE_LSEEK(r4, &(0x7f0000002240)={0x18, 0x0, r1, {0x53}}, 0x18) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000002200)) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x7) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f0000000080)=""/60) [ 1697.472996][T21552] loop4: detected capacity change from 0 to 69632 09:57:05 executing program 3: syz_open_dev$audion(&(0x7f0000000080), 0x1, 0x0) 09:57:05 executing program 0: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) [ 1697.547732][T21552] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (26926!=46) [ 1697.583322][T21552] EXT4-fs (loop4): group descriptors corrupted! [ 1697.623621][T21566] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1697.671281][ T9149] Bluetooth: hci8: Frame reassembly failed (-84) [ 1697.681710][ T9149] Bluetooth: hci8: Frame reassembly failed (-84) 09:57:05 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e", 0x1f, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) [ 1697.726288][T21566] Bluetooth: hci8: Frame reassembly failed (-84) 09:57:05 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x1}, 0x14}}, 0x0) 09:57:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x3c}, [@ldst={0x6, 0x2, 0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) [ 1697.942452][T21584] loop4: detected capacity change from 0 to 69632 09:57:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @dev}}}, &(0x7f00000000c0)=0x90) [ 1697.983956][T21584] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (26926!=46) [ 1698.030788][T21584] EXT4-fs (loop4): group descriptors corrupted! [ 1699.597527][T20718] Bluetooth: hci6: command 0x1003 tx timeout [ 1699.605134][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1699.667826][ T25] Bluetooth: hci7: command 0x1003 tx timeout [ 1699.674174][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1699.748162][T20718] Bluetooth: hci8: command 0x1003 tx timeout [ 1699.755457][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1701.677565][T18029] Bluetooth: hci6: command 0x1001 tx timeout [ 1701.684011][T11358] Bluetooth: hci6: sending frame failed (-49) [ 1701.747769][ T7] Bluetooth: hci7: command 0x1001 tx timeout [ 1701.755687][T11358] Bluetooth: hci7: sending frame failed (-49) [ 1701.827469][T18029] Bluetooth: hci8: command 0x1001 tx timeout [ 1701.834722][T11358] Bluetooth: hci8: sending frame failed (-49) [ 1703.747386][ T7] Bluetooth: hci6: command 0x1009 tx timeout [ 1703.837456][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 1703.907616][ T7] Bluetooth: hci8: command 0x1009 tx timeout 09:57:16 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x3) 09:57:16 executing program 3: r0 = socket(0xa, 0x1, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 09:57:16 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) 09:57:16 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:57:16 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) clone(0x2000, &(0x7f0000000080)="20da79e8c7dfa0b2e436d82ae572ca8d378c478ffd13d7216dfdf7e2418c75ae3e3fad6438f71b4d65a6e1c65899ca089ea3dc2ab5f3dadad51e449d0db9a2155bffd4894d70f85c81", &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="78d6f9973f64831b4de0bb7c52b164666ff36a4409041df98717d1edace8daecdc57b8a405648b0d56132fdcbc0d0480758e98d74686cee77fbe8fd753ffc52613e3ecae2f04d345f53cc14cedad92dad9277d5b34950dc54bb780c9b886b03265a4b984a7b1e8fa0296a5e29aba7793201ce40f4b42662f76c561221f984bea6410d5002140bb1de7659ab81f8ad35ae06b945350a3de70d010e996214cea2288af73c3ca259cc8cb558c86bf0074537e04721aec7815e18a89a4511950453f7ae36ba5876ce9eb647d8fdb58f3adff7a99075d06cbe7e60772abf8750bcb821130f916e86a9cc54777192b3eaab7") clone(0x80, &(0x7f0000000280)="49761d0e4f469779cc185f88ff594280dc", &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) r0 = open(&(0x7f0000000340)='./file0\x00', 0x282802, 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000002, 0x80010, r0, 0x8d721000) getpid() ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000380)=0x12) [ 1708.467432][T21627] loop4: detected capacity change from 0 to 69632 09:57:16 executing program 3: r0 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x0) read$hidraw(r0, 0x0, 0x0) 09:57:16 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000001100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r1) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r3, 0x701}, 0x14}}, 0x0) [ 1708.548466][T21627] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1708.581942][T11339] Bluetooth: hci6: sending frame failed (-49) [ 1708.683683][T21627] EXT4-fs (loop4): group descriptors corrupted! 09:57:16 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x1, 0x60) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) 09:57:16 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000001100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r1) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r3, 0x701}, 0x14}}, 0x0) 09:57:17 executing program 3: r0 = socket(0xa, 0x1, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x21, 0x0, &(0x7f0000000040)) 09:57:17 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:57:17 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000001100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r1) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r3, 0x701}, 0x14}}, 0x0) [ 1708.930183][ T9149] Bluetooth: hci7: Frame reassembly failed (-84) [ 1708.949572][T21655] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1709.060144][T21667] loop4: detected capacity change from 0 to 69632 [ 1709.085843][T21667] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1709.096712][T21667] EXT4-fs (loop4): group descriptors corrupted! [ 1710.636996][T20468] Bluetooth: hci6: command 0x1003 tx timeout [ 1710.644076][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1710.947059][ T25] Bluetooth: hci7: command 0x1003 tx timeout [ 1710.953397][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1712.716923][T20480] Bluetooth: hci6: command 0x1001 tx timeout [ 1712.723927][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1713.036992][T20480] Bluetooth: hci7: command 0x1001 tx timeout [ 1713.044134][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1714.786837][T20480] Bluetooth: hci6: command 0x1009 tx timeout [ 1715.106901][T20468] Bluetooth: hci7: command 0x1009 tx timeout 09:57:27 executing program 1: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', 0x0}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="0d0400000000000000001700000008000300", @ANYRES32=r0, @ANYBLOB="4c00258005000200000000002c00018020000380060001000000000008000200030000000c000400000000ebffffffff0700010000000000140004"], 0x68}}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000080)={'wpan1\x00', 0x0}) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_KEY(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0d0400000000000000001700000008000300", @ANYRES32=r4, @ANYBLOB="4c00258005000200000000002c00018020000380060001000000000008000200030000000c000400000000ebffffffff0700010000000000140004"], 0x68}}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000080)={'wpan1\x00', 0x0}) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_KEY(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0d0400000000000000001700000008000300", @ANYRES32=r8, @ANYBLOB="4c00258005000200000000002c00018020000380060001000000000008000200030000000c000400000000ebffffffff0700010000000000140004"], 0x68}}, 0x0) sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000540)={&(0x7f0000000240)={0x2cc, 0x0, 0x4, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_KEY={0x1e8, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "4b788aeee254c9134b3c8620ca888b7af3b8f9556aca8a39bc56e657c0e118c4"}, @NL802154_KEY_ATTR_ID={0x68, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x50, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x555e}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "da5ee328d88d28b6df0322060c481af9"}, @NL802154_KEY_ATTR_ID={0x60, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3ff}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xddd3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "39fb11453f894d173f61a1b42ae8c6b1"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "cf8458f90bacb49c1fa3cbe2cb46a0de"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "cd053600815e340d8a30e6e886149609"}, @NL802154_KEY_ATTR_ID={0xa0, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x10000}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x60, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x100000001}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0xad}]}, @NL802154_ATTR_SEC_KEY={0xb0, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "7b72bbc144b9ac993696954935448930"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "ee0f04ac01126c2051f3dd528f416700e91aef43145d9f0a458437a27f746cdf"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x20}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "b51a654b11feade612802ac9c24a58e0"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "af573b9c93a00ac44b6beae5d5fedf96"}, @NL802154_KEY_ATTR_ID={0x2c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x54}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x9}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x4040004}, 0x24000804) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x4000000, &(0x7f0000000100)="1b0599893b9edfa06cecd8a80fe2e061222e36011789faca0e2e93c1db34856b63d7929612a9a93866a74bd6a0b261b4f71a384f9c571a93c6b19f4e837a84983943ab26194db76c186a0bd7ae91d6f6ccdc1c798f71c5558e58af8969b16da507d4", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000180)="0b11a9dd126095ff3782f1cefbaaba652217987a8b7f22fdc2e5dbbc0b151fd85424ff8723704c8a0939f86a2f8835486b0018581c2108ed2caaf70f46d215429b2035aa5b30a8872e182fce97859cdf6e57bf127033a77df076079d1b6909c1ee302deec407b6aac196702927a4e642960f9920594c161f") exit_group(0x0) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r10, 0x400455c8, 0x4) 09:57:27 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x4) 09:57:27 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000001100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r1) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r3, 0x701}, 0x14}}, 0x0) 09:57:27 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x4, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000000c0)="000000000000000000000000e2aa000000000000846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:57:27 executing program 2: clone(0x6d0913f2d62650a4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000080)={0x2, 0x5, 0xb01a}) 09:57:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f00000000000005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r2, @ANYBLOB="0000100000000000030007000c0001007463696e646578000c000200080001009f"], 0x3c}}, 0x0) r3 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000200), 0x4924924924926d3, 0x0) [ 1719.272232][T21701] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1719.298719][T21703] loop4: detected capacity change from 0 to 69632 [ 1719.351660][T21703] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1719.412615][T21703] EXT4-fs (loop4): group descriptors corrupted! [ 1719.440484][T21702] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 1719.463707][T21728] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1719.497683][ T8] Bluetooth: hci7: Frame reassembly failed (-84) 09:57:27 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000001100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, 0x0, 0x701}, 0x14}}, 0x0) 09:57:27 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:57:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f00000000000005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r2, @ANYBLOB="0000100000000000030007000c0001007463696e646578000c000200080001009f"], 0x3c}}, 0x0) r3 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000200), 0x4924924924926d3, 0x0) 09:57:27 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000001100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, 0x0, 0x701}, 0x14}}, 0x0) [ 1719.768619][T21761] loop4: detected capacity change from 0 to 69632 [ 1719.804396][T21761] EXT4-fs (loop4): unsupported descriptor size 0 [ 1719.823989][T21767] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 09:57:28 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:57:28 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000001100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, 0x0, 0x701}, 0x14}}, 0x0) [ 1720.041924][T21792] loop4: detected capacity change from 0 to 69632 [ 1720.073643][T21792] EXT4-fs (loop4): unsupported descriptor size 0 [ 1721.426487][T20468] Bluetooth: hci6: command 0x1003 tx timeout [ 1721.441710][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1721.506824][T20468] Bluetooth: hci7: command 0x1003 tx timeout [ 1721.513357][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1723.506421][T20480] Bluetooth: hci6: command 0x1001 tx timeout [ 1723.513042][T11051] Bluetooth: hci6: sending frame failed (-49) [ 1723.586600][ T25] Bluetooth: hci7: command 0x1001 tx timeout [ 1723.593125][T11051] Bluetooth: hci7: sending frame failed (-49) [ 1725.586423][ T25] Bluetooth: hci6: command 0x1009 tx timeout [ 1725.666713][T20468] Bluetooth: hci7: command 0x1009 tx timeout [ 1729.910704][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 1729.917216][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 09:57:38 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x280000, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x2, 0xf2e9, 0x7f, 0x7, 0x1b, "dcc3c5c878f776bc56c5021856dc0fa202e5a1"}) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 09:57:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f00000000000005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r2, @ANYBLOB="0000100000000000030007000c0001007463696e646578000c000200080001009f"], 0x3c}}, 0x0) r3 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000200), 0x4924924924926d3, 0x0) 09:57:38 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000001100)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1}, 0x14}}, 0x0) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r1) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r3, 0x701}, 0x14}}, 0x0) 09:57:38 executing program 4: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2200000, 0x3, &(0x7f0000000380)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000000680)="ed41000010001200000004008000000000000800050000000af3010004000000000000000000010009", 0x29, 0x4400}], 0x4, &(0x7f0000000380)=ANY=[]) getdents64(r1, 0x0, 0x19) 09:57:38 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x32) r1 = syz_mount_image$nfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x7, 0x7, &(0x7f0000002400)=[{&(0x7f0000000140)="4c06c547d2cde91c", 0x8, 0x4}, {&(0x7f0000000180)="d87331e670b39470af59ecfdae98822e4187d576e8061c44721c21268814e67037ed89074c1876464f96b835b69f3a3883fbfa24c8bd405aa6a643c7cc0602f27c97fb271149906d1914eca3f12146670a7816e960ae69875a6de5f443ab2dee917e78ab4b196f3d5c18a272bc14fe9fa874e565ba6afc38b8d403438905d02022a8aa7171fcd03d8afd4d7accb1b8e6872efb7f552c8beddaba0644626c5fb718adfdeb73e8151ff0b50efe5ac71b8f9165ceb3cf76fb66d9f2575c3534dc19e9205f14469a5566f086e26f11bca2bbbcd1c0d1fc58a1b8a7d235475d100b11d61bb5644f0eaba4df7752e7154bb8d32d9f0b3a9c07383262e25a4f7a4bfc7b18f2386b43d6ad26dcca85768101df4e24bf5a38581cac0a7b7adbfe2ea7ae6a98dd4d1ced01325aee291057e9e6816352202280548acf00e6462cf04fe8bfbf60a990e8bbd9afe0e3c3138e81dd4f78108be641be8a15a9cda11445e572fe95446512b75ec35a2c0eb7ec5b37d8b76584bfefbb034cccf73cf0b9e6ad200eac29d5df20544f26ba8c06ca10ae3c1de300fdd939858b6480c2bdfb057c29b71304e877d7fb309e1ee6f2a6f9ce4b9a52226de5e77ef4382941ede38a26b3e9c18c7661aad8b3300a430998707d2753b17e65569a989677c1da902c16cdc3aec3f1f16f6c9331acab8d8690e8226d77d014bef8f897d544e91fbdb635f3599ab7736aaa2014e447df9f5a07b92b72f461bd45d33907893d61ad6b6fadc4ec1ad29d25acc944f077941e3a29784674582d5730d8cf41d2e03559583ae9f4d09b0c8d023385676d9b6c1bbbdd0c474295c80c676ed8bb89c3cc66deab0c10c83628ec417157f553fbc502b99fc3de67a03f1d19dbfabe7a07cc4930dd75701d49ef530dc73bd379921c8df5256f85e75991a823faa7dd94aacc61cfcd9616b12f9a7bfb24ea8316f97d95ae60ed26c290c28b1ad1d88564b7f98bcce7eaa4fb3a2cd09b183000ed329541e4609f9e2452923572db1b14d5ece8de474c22754e48765929d7c79669d301be270bf8c885aa35f1ec71c5991f1e876594cbf35582258f7e11a96be1acf4349e2dbc11fc0ee82b1c411e79970f4a21d1f6b63dee078cde821c5a1ad35df02de790db816a66a8d7a35df6a821e6a91e675382868951862f480d9428dded77bfacab3f5035aca3c9ac993dd08ca09ffd4e760a585843beaeba45d2b1af69af9f96eb552d0eef175ae8477aca74a15e773fdeb7cd6b8cd2381d6a35c9fcf0d5f6f65987c65bf2809b10768e1bc6a37a7863b9e5745745a7b93b390cb6818d748d90745e4f7366293f25613de37599bfc61faaf4465f2458d5279ed2309bdf91c6b078281ec25c61beebbf561b7ccce56f85faca0ebfacd17b6715922f6b3a8f78efa857fb5f9331487333635d53fae995bfba2d87228099ae1e68c36cf6383e057a0c8e993ff0d448fd64f8286019d5362282b8e2c4e6cf75a27eebf62dc71a8e2a6967346441b80a44d8b7f2b14b1ecabe14a7a844182999c813c98adace9136a5f83ca5f401229aed41052cfd21d6977c63e033a9cf64163456b951b4d47f3e58552f35cb4ca57cf38e7ed93becca5d0b05991a1a29c2b4809410bebbeb367cb26857fd42c3b92a69f539769cdc252e4e31427c96f7fe0d9e43fbf688620f963340c62cb7ed0eb320a912c73f4459da6c3c806e18aa8f168197b93237715ec27fbe6dd2aeff6375ee039991aba2abdaf78eed983b0b4bb4ccb3fb2a950fe97264ab694ff5183e7a9f62bc70c41507f048bc3f6eac8e2eac44981ee6744c787f4420a8534ab34225c9ef4149d0ae31c9d162f73395791ca4e31594f91592ae171a82215607177805e77d9900cb19b0f9d5778bdc82acb812341ba04d5c844dddf2c90d6f2eef4e1b8539d963aaf956f7cb70ec92271991a0ac97ace7d9f25675c53974dd4192fb805852d05161fff550350e921e3d572b28994ea852372b1ab2ede6860381c2006612763d32a4640a9ed035efe14fc8f20138fe1e1664149bd2da8e8177293ac0aba6db14889628605d0c3e991e70769bc8f9f25bc130eee4f0c6c1698f5e2f04775dfb622dd495e99ea1378cd85e803881e023cc95828099a2337e54498abca75c2a5bcec2cd10884c2c4a20c1959dd279b4ab183efe38a29764a60cb2d5d6ce540e827b947f3413982a38660778a3886ac49c20dc286274e242fa80b98ff6380764393111c6fb023311e590e003d892e01a7aad043a5b929fa22d72ea6fb4f52b469779f348451a0c981f512ff0c79d6c8449a6d09be8fed003590a2b82fb628e04a4bf0d00af2978f87d1b38c411079dff4449fe197c8e20ba9c43f760f6626f0050415a9d55f5d8c6948ecb1caa5cc979dc011701359baf970ddae4e27163e0433d2b1c383bab1835bbc12a478d51f401602dc85c1667b8b33c73646b16f28f5777cc97aefa4beff55fdb84b820e4840c6eb91d190b129c07f835ce9c17aba1761a9a6971a7afe7d376fbeb4089c9459f25515724dca6bc8df277d7aea351f323c673578258130fd3e514245c64ed4febc8b5b205def69256970a1507dc19776d5d2dcb7ed43c6c703092bcc5dbaa05bb5f64c721af6d67de7a3486f942533242d7eb7219424cda5ce19b1e799e6139c3647eee40c1c55e2d40729ce332ed675cc592777eccb2d032fa8d9fa59e9f45a4999ed5a0afc643fb19d4224f3c16ef1b98441518c97563974579c5a41809968ba09e9ddeea33e7a2d304bcbb6ac6e103533fab10572d6620849f01fe73120f78f024040e8eb17051a99803bc420eaa47d2b28fc851679dc7465ab1bc963e8bdd00c903c2c8ad38d67c625c47b886f6fb49a15e8123aae3d1f6da84978e19e3a09531fe7d0d7a897654ee242601347021b4ade880853ab3fa2611e84e4a6c4ae57f87a3456748d9d13d74725461db4b4a4ef68a48ef7c97cae27069963f5df99a3af2af4c177770eac5791d786d38d460892231d7a9fb9ab1ff3cca24cbbc07de5a15eaaabcd9b080689370f547f270bc3ff8fe225359ef969448eb3f6c9cb1047ca1bbd9f3aff4cab3b41d95dea6037fd6ab64d0a2e3d7288cfad7fbe21d316ac99d7f71aa6917900a30e97a99434f2e0494e7e3f8f7cb06f303f48458d64a2ba923da940e2730c02ab021fc600217b337fd25b33706a9ee6de25c14c4df0dee91d0cb0b5671213a0a3dbaa71e063edc1f5a6759b8a073cc64487f07a38100d2fc60a2941cd242f0abdbbcf5fa6f5c21cbb1693a2925b044387f35b277f636d14f7d0affe73dedef6e8b7dfe41d9c3c1b216359e91563e38acc12d9338e6e7b9046b0f965b8b8390ffb10d8041e1d41435a46457fbff4ae6e6b1baa742b2d7fab2e1460e7d65888d28d6eb6d75bedfcd51b29842bdccad96958df0d4e297dd3871f1fedc18e6b087a1a94fc758e30a0e32472090165f20245d707af940e36163e39dcc133e09c2525d12f41a4e146008563bb7c1bd84c5f82c29aa87dbd307b4adf2d5a8a857250c798fe62771c0330fbe20a2a746df5a2b4dca55bf9ca5a6b0510d9dd47a7b02c2c29031992bb3fba633a6e89580ba0967b3d0e1d2b0b591df7abc38528ca04247d12103e9ce85845412a870f9c183f3c68fadd9300809e74c46d0c0f7eb9a775add3b3b78c0213d0983de455c668404334a1f47133ccdb7c38bb6d8fd4bc92cba9b0908e51a2ee2305a62ed33403e5d7a6a83489c9a25826945342171d285769ed50bd7bcdcb3d48ca89b61cb483060ae9e112535d9bfa45e54f4f7ff8a979deb0b08e152b02de22b2ffb3aee59b0b093f80a3f8f25527e4501e2943707864ae69e7ae8e7311544eb851574750ed8bac18f2737c0d655f2ba1e40e5749b6e052e8c9c1ef2794b8f46adab15280198edb95464cf53c423c4afb17afa95573ba90de06a5f3466a0257c5bb6de3fb752a48ebd998b14b75c1ec443b31893fe984b13979d4a7a1600e39674619f314a58a7364ac5a55cc018b02e78ec3c7f20f2431d76b1a939331fbd1f4a6c83f7fe9488e43c3a50ff58ce10ceda4fe99ccd87be0f7004c765197ba9d61df20f919ebf9691031a11ac671a01df91fcf60906832f09552779420bf6474d1bae6e4b9782caae1d0abd4fb212842309b29a49093620ce391b0f660f9c8157748a938856c8cf4aac389b1a3898e6e6973e91967add40af44058b8170f966b4e966398f37516d309759212b9a0810f7cccc24f2db9666e3987a95ac7fb523446cb782a34049049bbb7d71008957840038ab882d0fb1208f63a42c2737ce32f7f7d10a10f47760077d5b63a018c704081a28c91c4979a401a1b1b4da29176574fffa75d517c491773c4224264d1db49189490a48886f6420c631ec171df3286f4e1a94835f7b1d91e8cc7146ded9d00f2de740fd7300574a746ed47bb353744475c3e46a56d6ee72e052d7781aab5b249356459c31e10767b20604df31ec6f138702f6b88df94abfb62e57814bf2438d1ddba659e50edda7e959837e71ef1c08014f0e00cd0e696aee802f4b33c6600d0d4d88df5283836b54b51eb5481ac941498472d2d5d757aa338ca125a6f262abe80bd70c15adf0433c6f15fede6e95b8922e986d233c4504f4bdaf6e6c2314773864b70d3add3410a39dcf222d6b83b3fc729ae1ddbf451899a2335179b51433d98b0912973e5dff81664294b55cb38a1e8e9ed7f5043b3429d8718a2f1cd284b5e56f10431df21d145a349e72dd64613c9e720be07629b9859585b03ae2a2d9e948afebbe0988fefc4700d7e604562cc50b27f850178f14e400828bd8d217b8f78d56e302a1ea860f2bcdee78fe41cf8532888ff4d818522d5863c4f8e21ae700c38216aad117c07060688aa108128df9a1d3a5ee6df219e23a59db4d81bef657ebebdc888c1eda6fb5e649c6dd9d7e001cdf279fe9158685656186d04af95a3e408e785604e1add2accfac1ced407e5a57566e8fdf5b0e4ef9bec71162929e6b2d77a2a3430a7f200424bf0bee7a8902cced0dd50a28e1483fb708ba14521af28e0914be1e6f891e2423a34ae069fe99131b4064056ff558a391dd9dc5547f564281796e5be8d3aebe84f03f52603f3b3788af5948b8ad9b855abdf5f6de9c0dc5cc81bd00058c5db1bdbc7f6cd99aaaf359a3621e10065960e8199fea0c71548e277072f41930c698daaba33d4616b36c636ea7931826c834511b0c2d8fcb19907b10fe59f9de831a6f80b7205168019447e192c862ff8de2a7476471183f753a9f46a645b76787b6b50c2ec2c534b93c5641b377fffe2c462d01f4210130d445b91008a650c78d8a4593723f5e815d34f81b71a0c397dc292e1b9f607b5e5901b03b7c6c864567d1782fb72d6b94ed7a2e45b00caef9ff504f57856cfb88d78bab3f9159757c9667f5002383559b9e6460deec16c9a216bf49ca96ad8b5209711f30ee5448ab646da2704b327ee6aeefafa4b6b360dd905e2df11454ca98a3f245c38d8e585c4b6ba8882978aada0fa8a6a94003199e2f9003377294a0b226b306f0e2c01d926d9cf59d7552742b00f2651d75ad294308372209c775c2fcfc227da78b9ab12d81fdd2c4f8708ecc698b9c5b8727137e7409caa9625afa3ab1b07f05eb1bc65f478eb98d4bbb9ddd4a9d33ef5e365a9c670a428dde467abdc20f2058e29efd0f29f934a5ff36f187635dd4aee920f87e1ff14e3e758c265e45df4ba2ec896134f844b4cf24b2ed75ff2da79fa96f85687fc0acc5b17623", 0x1000, 0xede1}, {&(0x7f0000001180)="9a163523eafba5b6b24a29a6e0fbe2f8edc54a1dde94db2cdcb6e2cdc49b4fe66c66b8d62be6a95fdfae0f4a6296a52335b3d3ddd1e914269152e8c03381e1b41d39df8fddcd6491001bceb56fa19b0273629c7b929c6818bc65c8b08c37c352344d17db923ac541f46af551b67636fe799263c9d2cb6d816cd4785d80d7028d28625c27b4fd3484d1d7f044484db3dcbbc8bad60d9c91350d5a5c8cb4703031c54a153bf5a52e0a54e224fb211fbf2fa75978582cf16b720ea5e47866203441b5e5cb255d2e2a267dc8ecfbc4c6437b1440d28f010a17de6dd308e2ff7c988f71065fc6f527", 0xe6}, {&(0x7f0000001280)="ee169f8b19403cf163af9f734de561d70d1f35cddb8777aaddffd51a0a2ed1cd1364dce78f373653bf405ec7baf0796e6e85288b5f05a89e3bc8d3484e56a665a1c47d010cc6333585e75a9b5c1b9690ca681d52ece03e71bf64426b425f96ba33d2300ca2a5db17b45810d1927443310608900296e6f2163101c9f6a97c9152a3f70d1dcafba22e9babe471e2bf3efc1be3d86ec4c5e1b080bb1d252288d93a11352f7f3db627c058f079485f6549a093b85b64e44065b11c4438df4e5d762be301336837deb6ed1b5934fb36a3428e8ebbb4cc1dabed832ce4d19083530dbc6f58574b7d5b8d225950a7cd09629e2945c3163f0db1615c6b96b33af5fa1b6073856338d4605900a7d77192acf831aed07dd02dd7d4dd193c00e38fd2833ffd3e1862c3ac2102346ded1f2efda82be0f60d9882e6c529beb61c150cb0dbe9f88e5fd46601ec2b07e41b147634d8b8db5ee6794c26beb4a835b28ef944cca0ff108a15e304620400f197bbf93d1046b368196c4641c68fd7bd6b0a5afa39553f14fff6564db4c487f25ede80d976412ca1896373d5a12789d7fb8b93812c22d5a23e188b42a297cbc4a64c700ee3bb5a1bc552685fcc94f425e9f0941614d5ea3c952bbe0160d3021a35019ea7fee9aeef3635817f1371f0b35c4d9ff18759b8c48d34472fe77db8f1ae50a508e0d4e5befd80b9a7a5108b56de227ebd4daaebdc217fdefae3befeeea0a30d9782ae8c91a44aad4e0f55ff2fb22c54b6a81a516eff2429a52f01cf84ae0e88734bea5f3280ce488fd27e305e936ae71bf96df2247221d95576c734d5958ae81592db65901dd1dac5c7e253f970dcf1e18461a6f1fd72938c62af1758d426dcdea6a3ae1e4558f06b7b0de1ffc7b2c6270edd59184400fb7e77194f181b32c54b74a7c3c53c8b565bf652004fc5a62cd77fdce2f11e8a703908d7ac703197e8ae17bcec3dbf91056b8014562f07128ecfa49dee2c4cd2f50e3ae4494c35bb83095a46dbf3cc98c2a4f4770403e32caa1a38518ca5fc53007d22410c9c97ce305e2f84749c9dfcf90d1198fe730ed3722de21be51aee7cbd70ce65687bcf2681e406ed3da33786641f5f95db422680f16b0dae928dc50d828c04fd705864ad62f7f936a90c23cc42d492b22eb3553e92dc810759b789cb4ba31df4d88106607449b922b3b63bb12e8bb6d232ca89cf7fe330f34eeaf356a53b1fc88a2b6b0289ea13333123c22a49676a7ceb183b64f95f1ea3e2c6810904126eaf7ace1ff6af6f53efd466b0c6e7c1a735d06b2d28e2a1346c362299a28c4387fe361b633cdb058f5a3ac86a6bb02eedb10c5efe2bdbb44f16cd7752a39567708006eeeb014f9f15580507999313bb9d12a2b45790b5bc5e9a5adae923e676697b6963e16305215b65f216096f29a2a4ab1807272b4f5d810427b3b5283e9ca5dc5ca5c07ee255e93d37ab6d56db8a05c38b526c633d96b9f129d3cff587c4f361af1144c427f054bb9dc8c3478d95fdf5b0cda6039fea50b1fa36416bfc29524ba3dc04fb4773b066c556384373f1b4a84ab6a4851ec1f4a5fed5351aac1249b4c1d36e97660192bc84f334a1a4b5911ef83c57bfb9310464a13148ebd078693a009a27c4d7444a7ed56294c998d6919e0e0e390611a8dd461446888a1b5e89db0b66f6163d747c99fc53f373685425daf7a7f8551e5f66354c383afef713de0409e185db0a8258fe3512cf430e10755180cda0b1285e7d6f704a0895118bd5ed2abde71ddc2963215f9665407eddc969ca2e090e3a85fd3d5611a079a83179511c4a9f0fd9661a6d42e644ba94beb1fb0b64b74f4e86f2d76a847d6265166f4f10c00def6c97dc95e5f66c919a7b3bf765923deede6041e160991bc4c4afd70a91489bd662ce6fc54e97333b780dc151bfb2b076292a8e9681b3d2f6b442561d2419dc256925af3148365b99390ca725f7e753600274af24494a00b72da9b202775ceab9b6b267ad70c5fd8ac0632b97ed56d9b9a0594ba3365f2de06db5ca6920146fad50cbca90fc50f8b716d231bba6953575f96e68cb84f0a999af881cb00563aa813f319297590e638365628fc91d44457e3b28253ac4b61cd3557dc0ef20a0c450217c4e51d52111f056b9c1a65858e6c9bf10959944f839f18306db00852e6be413cae03806c17c51a795e386af1b757ac4297de7e5948ad922043fb8eaf66506ee63dff8df0317901e022811036851c3accb31376fcf1a520703f6a45a46f6430f3ac534f86a094466685bf012b873ea34e3d3967803c071d81de91ef67f3192cb1267c641ee0aae80b905e26f907d1abc2317d905182ce35e2d6e56363bac7b5057304cec0d918d4c2b9e63cf1d5f89a4076462e4b230fab413aecf73f152202c51bf11fa6ea2a1d1215e141fc4998d6e4470c966326aa4c95f87f28f142c9c778b2aedbfb9914e4e40a714ec5d2363b2449534c8a2fa33fccf9c906444081dc285a7fb9d5980b4a9e61bcffd59a6d5f8fec262985eac2d4edf94cc0c4e6e243e3caa92ed376ca245a9e0d3a77d84894379002d7041bf7465859aec6735f67ffd1d27b3fab4d799ea9756c0868ba88e656cd35042e898291cf4f052cfeb852dec10ec91ced50f992fd16cc1d3645431c80d781c4599e3b176e0b9773ab1c84d514e50157dbcbd55308a19f583adce7f19beead14abe516fc4f00815a27d80eab198b8fcd071a9c65f9924d3e9732a8bdb913991e608d1553d243530ab6af4c25813ccb2fa17eea90876646d8124687b4abbe740c4cd6556e3283e822efce903b31e76b9ffc1cca4b171857fd9e2752f1126b07437bf70bff701421e71d616d9151af206f9c62dba9627678ae63dfda9760e29dd5acb39ed6a74503be46c07f7a0c38fbfb29115c2007f9b3b6142c46892a7072e8297d01b2b6259e63651ffc4bad611593bd3c425d6f44fb731acb331a82258ec6916882d16ab8776604adbca0ab3bda87154d8efe2dd9a49aab5b4443e82aa308908c6929f0bd1f2f03f4867fba9457eddc2ea8a475a666992af2c8d77cf3636aa0796e059704204ece8b4bde3f8b6cad4614f6f72ec020c7df4412cb5e3d028cbeac3b1c9553e7f19dfb739c5a1c531fbef4d37be981447e81f5528a52ba945b6ba89c6c7f1955aedb2b6348eb181282fcf7be510e80aae13ac16a626cbf77bd12ba52ad11fc8bbbb855ec58641739c81c84dbdea9664123cd160bae17a7cd7b82ac0e2cd45f6da7c395e2afa361f234cfd6c0b0fc9886f007dfa763c118cf5f11d36df2288722b508ede3bf3bc94c6e814e51f5cd277454359b4b2094f0ad9fc3507c1f47284b3fc3aca76b74f1ef545eacb3113327a84d0071fd4c9cd1556071e8227cf77aaa69819d9f380e8159768f6aa0c3c80de787074c88ce1fbd6b5bf9d374f10e246cd9f892f29ab9e8230ea82a18177af31c88f95771929b649f9b36d8b6c64623ed1f703212e3ca2749efddb83f382361712e46e1080463ebe0bcadea1c41878104ef8b16da777f6412601740fba50e0e71808bc32cff27983cbe7803e3fd618fead2c9496c83edfc7c7ed7af104c4f6f2b12fe5103957c0d25aa5531e8be11fc6107d3193b8ceae2c77efa7d3c85832b278fee4b5a8e5e177e4f1b1534f334d4bb76cea81ae94b2ca8cb7bec1e750a7074b0dc5bdf062a430cc8658d3dc209ef1e81c5a33caccfb5504a029f09de85bfc6bf1f9e34084e02d79c17fd735a6646e5ff1d7ffc098588cc8e71ce082a76ab30ce95c816b9a8817982e3912d56f956614ca6f398362f255128984c20d44609a787a52bad74c038aec4672afb72cfe2692126b5f82cde75fbb4e8c5c6e49feabe987ac4860b0e6d2fea6c46e22fe532808512cd60b298cbc9cceb569e91e7ee2a3fe243fe476ae2cec2e9854692a93e5d401bd7915c8a944572d37f0b12cd8257ca16dc04cab0e0793b2b02cbb5903760b90e61fd6db1df1cd49f28bdd23f567af30d25a39e377f3e232786d9abaee8d9f2bb518435a670aa6b36c9764383dfc5f638290a8798b2e9cb75ce892061863c3d16b8b4431d641b294d315bd7384b12db97c15144549d20e2f610bbee2df3678a44f24de77a30479762d8ae6ff2ed46edcec4d3bd1244d7ee51dfc030a1995039ac89874282e4effac13586ea8e6dbaa6d7f2142d26dcc51489046b780c81396b244c871276af9d0d611a4c3e9a783f699323f284fe33e66d9d0b32be5f4a54402619fc948c67e3bf451d0aaa3dccc987d1ab8b70700417c39050579cc644c812c2d4eea82f8de176ecf1acb195b5c746979d7a3cc12a3f7c4b9a354146aa91c7fc39bfdee20ad046f35a4aff171155a79a16666149929bcacebb6a355344360619d7ad12f259ef5564232be7ba207955c5d850bbdde33f227f2ac6d7c36eb28f3fa4bcf8841531b17a960ad89f8ca93a8e2a5e3040430e605b35ef7dd39952e5e4d34e4c371c1c1b5022a64f09557355d59f809c0ef88f52aca7dbe344be640585e9ae1ed9cb0053ca7044cab1265a3c858b8fa1959fad5587ff0780d99cff805a14aee3e28716c7a382d2e137c33049095854d5254e3ba4fad474a27570675ce98f3d781dcab2583ba535b9698008ea083cc3a51605eac7407263f4009f19608b69d1ba95c12cb01fc1249d966ddc7d4e7059aee0de425891d8747ca40ee6edfc9fba48b2bcdf1832127ec53c05431c9c7234ce3c11e53c8dd58a3021a7967874fac90f2d136f77115d5d42137d84184a082f07f5c11cd8dabab5d5260760953d6734eb40135612917a4d846a2b28c96b446f6de8fd505cc4364bab1ff045a79c8b98100f6d17ad9909082ec44e8c500b886185bb654f33a239de5527d3582eb769d5371ca953b61c22eb5fc30aa49c3e807146d1c386861253a0b650fd5370f549ce9d05a0c8fa96e3d63fcbec789751bb68f381137a0ce86f7100e4af5d854b474fcf156cd59e8da944779fbc6e3611cd3c4fccf5a91437fbd5e742c9c9b5639f8f568a0600ac0cc75cf261bb45f152af86f8876ad5b5b47b49211edfd8f0b9d592d04e7ddba372ee071ef4e3787a11ff14b87c992a6c2374c0ce0f804579269916c1262fc13a49988fb80cfb3f6814007b390344e6ffc768fa1396eb9046fd28b05e95e73809ca877c5b9aed5e0822a793f6058f8fa1acc6cb843efbf325031b135178b94443b71f2552cc65a7efbe02ecd1b29b27e658f34e6b730a449627b8ab63efaabab356de219875a1391df70815a31a4bcbd2e0e2faaebe7599d430eb78f55c1374f11c2d3c3032fa27e19b537a1ee0140114307651a9d91ec25d6aaff7901f9d3eca3f8eae7a5658052324cbe34eb794bf8236599c8925f3c1e42fcfec161add4973848cc6970d9cf64f40e33114e6375b98ab1448368f514b9005f183698fae328948976c80f45f28d2591eaab81e8a22d687f7808c9f6c3052094f7732732ef15601592e2a5e187a5da5fa3e2cd700e701acbd9c8057165bbad1e5bb110a3ff4f6c0fc0680816358dec756c7912ce83fd9d24ef4105a71db5a97dce056b2d497c1c41b9bf78982088f9737e95f635de5d229414f56fa52ee1cea870209f512024933a64551e8f7129eae56b0a124fc73957e1ca357afe63666753be365b6605e6d5d2e6764d9e74ef528a05951e2ac70493757c84c3088a1c46d2363797bf7b19a2d38a525f8556edde5dc25b2f55ec0d1041dd3d64dbe76bc9cf9f2fff81b4adba511b95f93ca9000649106bdd9a1536bc", 0x1000, 0x3}, {&(0x7f0000002280)="b991f8046b5af31f27c81540422f7e89d4b6ee5047cf9bb1ae8b998412051e4642998ddb024f418b07fcc6f2048fd92521f459f34281c433941e73070f417cddded3540c832d7bcf3c909bffe4b9d07be5a68ee427bdfe5a9720a1d25605a6412b46a27161f089bb2b7e95de8f3c2fbed49bc955cffdd30bb3684e9ab87defb3f18be090f7f34983f7aa8f95c4229caf21d55c0155edc01d9a22dc9ec4d794e1fc75ea556886d064e1cea684e350dee590e1931e8e54611fb2418a2a660cd0c42103bf1c20b36f027585cba94b1d8686fd74a05261493ee0a9d6b9428204cf", 0xdf, 0x8001}, {&(0x7f0000002380)="7af35b6597776cc7dc4a2ad0d4bc3fe3bbeafc077d52daed0ebed8662d15e926f88f", 0x22, 0x100}, {&(0x7f00000023c0)="e605ac6c36278de2b2d22e555533d430ef4a1abc3fa999723fea9357519200cd79544d4765f1a1c5585140ad1c211fb5bba0", 0x32, 0x2}], 0x801001, &(0x7f00000024c0)={[{'/dev/ptmx\x00'}, {'/dev/ptmx\x00'}]}) preadv(r1, &(0x7f0000002a80)=[{&(0x7f0000002500)=""/254, 0xfe}, {&(0x7f0000002600)=""/223, 0xdf}, {&(0x7f0000002700)=""/146, 0x92}, {&(0x7f00000027c0)=""/232, 0xe8}, {&(0x7f00000028c0)=""/72, 0x48}, {&(0x7f0000002940)=""/210, 0xd2}, {&(0x7f0000002a40)}], 0x7, 0x0, 0x4e1) 09:57:38 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0xa) [ 1730.179659][T21830] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1730.200113][T21825] ================================================================== [ 1730.206508][T21823] Bluetooth: hci6: Frame reassembly failed (-84) [ 1730.208738][T21825] BUG: KASAN: null-ptr-deref in __pm_runtime_resume+0x154/0x180 [ 1730.222797][T21825] Write of size 4 at addr 0000000000000388 by task syz-executor.2/21825 [ 1730.231232][T21825] [ 1730.233571][T21825] CPU: 1 PID: 21825 Comm: syz-executor.2 Not tainted 5.14.0-next-20210901-syzkaller #0 [ 1730.243316][T21825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1730.253526][T21825] Call Trace: [ 1730.257431][T21825] dump_stack_lvl+0xcd/0x134 [ 1730.262061][T21825] kasan_report.cold+0x66/0xdf [ 1730.266914][T21825] ? __pm_runtime_resume+0x154/0x180 [ 1730.272224][T21825] kasan_check_range+0x13d/0x180 [ 1730.277200][T21825] __pm_runtime_resume+0x154/0x180 [ 1730.282346][T21825] h5_recv+0x2c4/0x680 [ 1730.286446][T21825] ? h5_slip_one_byte+0x150/0x150 [ 1730.291498][T21825] hci_uart_tty_receive+0x24d/0x710 [ 1730.296801][T21825] ? hci_uart_send_frame+0x6c0/0x6c0 [ 1730.302271][T21825] tty_ioctl+0x909/0x1670 [ 1730.306609][T21825] ? tty_lookup_driver+0x550/0x550 [ 1730.311733][T21825] ? lock_downgrade+0x6e0/0x6e0 [ 1730.316607][T21825] ? __fget_files+0x23d/0x3e0 [ 1730.321296][T21825] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1730.327569][T21825] ? tty_lookup_driver+0x550/0x550 [ 1730.332701][T21825] __x64_sys_ioctl+0x193/0x200 [ 1730.337474][T21825] do_syscall_64+0x35/0xb0 [ 1730.341896][T21825] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1730.347800][T21825] RIP: 0033:0x4665f9 [ 1730.351702][T21825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.371316][T21825] RSP: 002b:00007f5e27997188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1730.379741][T21825] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 1730.388585][T21825] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 1730.396729][T21825] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 1730.404786][T21825] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1730.412756][T21825] R13: 00007fff9368acdf R14: 00007f5e27997300 R15: 0000000000022000 [ 1730.420759][T21825] ================================================================== [ 1730.429592][T21825] Disabling lock debugging due to kernel taint [ 1730.446950][T21825] Kernel panic - not syncing: panic_on_warn set ... [ 1730.448964][T21827] loop4: detected capacity change from 0 to 69632 [ 1730.453585][T21825] CPU: 1 PID: 21825 Comm: syz-executor.2 Tainted: G B 5.14.0-next-20210901-syzkaller #0 [ 1730.453616][T21825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1730.453630][T21825] Call Trace: [ 1730.453640][T21825] dump_stack_lvl+0xcd/0x134 [ 1730.483236][T21846] loop2: detected capacity change from 0 to 237 [ 1730.485679][T21825] panic+0x2b0/0x6dd [ 1730.500395][T21825] ? __warn_printk+0xf3/0xf3 [ 1730.505110][T21825] ? preempt_schedule_common+0x59/0xc0 [ 1730.510690][T21825] ? __pm_runtime_resume+0x154/0x180 [ 1730.515990][T21825] ? preempt_schedule_thunk+0x16/0x18 [ 1730.521522][T21825] ? trace_hardirqs_on+0x38/0x1c0 [ 1730.526660][T21825] ? trace_hardirqs_on+0x51/0x1c0 [ 1730.531725][T21825] ? __pm_runtime_resume+0x154/0x180 [ 1730.537031][T21825] ? __pm_runtime_resume+0x154/0x180 [ 1730.542336][T21825] end_report.cold+0x63/0x6f [ 1730.546950][T21825] kasan_report.cold+0x71/0xdf [ 1730.551718][T21825] ? __pm_runtime_resume+0x154/0x180 [ 1730.557002][T21825] kasan_check_range+0x13d/0x180 [ 1730.561941][T21825] __pm_runtime_resume+0x154/0x180 [ 1730.567319][T21825] h5_recv+0x2c4/0x680 [ 1730.571501][T21825] ? h5_slip_one_byte+0x150/0x150 [ 1730.576635][T21825] hci_uart_tty_receive+0x24d/0x710 [ 1730.581930][T21825] ? hci_uart_send_frame+0x6c0/0x6c0 [ 1730.587314][T21825] tty_ioctl+0x909/0x1670 [ 1730.591644][T21825] ? tty_lookup_driver+0x550/0x550 [ 1730.596846][T21825] ? lock_downgrade+0x6e0/0x6e0 [ 1730.601704][T21825] ? __fget_files+0x23d/0x3e0 [ 1730.606483][T21825] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1730.612732][T21825] ? tty_lookup_driver+0x550/0x550 [ 1730.617932][T21825] __x64_sys_ioctl+0x193/0x200 [ 1730.622701][T21825] do_syscall_64+0x35/0xb0 [ 1730.627118][T21825] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1730.633020][T21825] RIP: 0033:0x4665f9 [ 1730.636916][T21825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.656610][T21825] RSP: 002b:00007f5e27997188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1730.665037][T21825] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 1730.673095][T21825] RDX: 0000000020000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 1730.681064][T21825] RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 [ 1730.689404][T21825] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 1730.697373][T21825] R13: 00007fff9368acdf R14: 00007f5e27997300 R15: 0000000000022000 [ 1730.707033][T21825] Kernel Offset: disabled [ 1730.711364][T21825] Rebooting in 86400 seconds..