vfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 1019.504970][T16264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1019.513347][T16264] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
[ 1019.528094][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
02:40:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28032e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000016b0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1019.564422][T16277] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1019.581364][T16280] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1019.628608][T16288] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1021.532905][ T3302] Bluetooth: hci0: command 0x1003 tx timeout
[ 1021.538979][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1023.612803][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1023.618875][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1025.692639][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:40:21 executing program 5 (fault-call:2 fault-nth:61):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:40:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000810008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:40:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803300010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:21 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x669, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:40:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000006c0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:40:21 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x19)
write$binfmt_script(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="230228be53a21fd103ff030000000000007ad75aaf045737655231dbd54bebb278237f2a56e377b1664c9bbca78fb95cac851e9f994d070c6a10be1479c0fcd3cfd7330d03d828fd22416abbae9786d8e67435329abda6e445acaeb4dceea0b1b7acac484277348c8772c617f8b7a0ddad336210ace210a4c9b34ec07f35175f68ac78c40319d71d5b1451e0664ee06c1a13eda4bcb263b6c6adb4823b91016a4eb973f19b88d5038681b76c8280019f8c5fb303f05e8be61f82f6fafa21701befb4438b560400d711e71c033c63b04a4d4ec27ceb88c86d32dbf1db2f0dd6ea950c0023f1e4467077e32722d8551af898323639575f7a27c0128edb0aa627524f624921010e3982a5ac90b6ccc26c1eb79a6dbcb0a200faa2d61a753967c2f8debb89152afb0710de3b0fd01591d07253a25df2f4fc8a1628c9cb3eadf58f3740000800000000009e2d4e6924854b468da5f8bb631c30a169a289af57479cab5c8831d24e9e603a791bf5d2dd5f9e2d0f365fced4cc264cd67210bedc85528d66293262c9fb02e41adea29ee416598f94eac972ef7208d2a9d640314259de478be546fb0cd6503d2de6a2adf9f56dbdd8779b8d3c7f2470087900000100000000001c6a3a82e95c401569300bef91d7435b1773f2fe7225b8427a4bbc8f8fceb97c25b2c1d15c94a2d906acb7ac22fcb25ffdc64fee5481ff71"], 0x141)
close(r1)
sendto$inet6(r1, &(0x7f0000000080)='BG', 0x2, 0x4000890, &(0x7f00000000c0)={0xa, 0x4e23, 0x4, @mcast2, 0xfffffffb}, 0x1c)

02:40:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000740000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:40:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803320010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000ffffff810008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1030.042473][T16304] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1030.058835][T16305] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1030.071952][T16308] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1030.085115][T16308] FAULT_INJECTION: forcing a failure.
[ 1030.085115][T16308] name failslab, interval 1, probability 0, space 0, times 0
[ 1030.098155][T16308] CPU: 1 PID: 16308 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1030.108974][T16308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1030.119415][T16308] Call Trace:
[ 1030.122801][T16308]  dump_stack+0x1d8/0x24e
[ 1030.127229][T16308]  ? devkmsg_release+0x11c/0x11c
[ 1030.132150][T16308]  ? show_regs_print_info+0x12/0x12
[ 1030.137347][T16308]  should_fail+0x6f6/0x860
[ 1030.141740][T16308]  ? setup_fault_attr+0x3d0/0x3d0
[ 1030.147182][T16308]  ? kzalloc+0x1d/0x30
[ 1030.151680][T16308]  should_failslab+0x5/0x20
[ 1030.156910][T16308]  __kmalloc+0x5f/0x2f0
[ 1030.161051][T16308]  kzalloc+0x1d/0x30
[ 1030.164934][T16308]  kobject_get_path+0xb3/0x190
[ 1030.169712][T16308]  kobject_uevent_env+0x269/0x1000
[ 1030.174906][T16308]  device_add+0xf42/0x18a0
[ 1030.179750][T16308]  ? virtual_device_parent+0x50/0x50
[ 1030.185059][T16308]  ? device_initialize+0x1d3/0x3e0
[ 1030.190252][T16308]  rfkill_register+0x180/0x720
[ 1030.195000][T16308]  hci_register_dev+0x398/0x710
[ 1030.199847][T16308]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1030.205062][T16308]  ? hci_uart_tty_write+0x10/0x10
[ 1030.212188][T16308]  tty_ioctl+0xf68/0x1710
[ 1030.216514][T16308]  ? tty_do_resize+0x170/0x170
[ 1030.221379][T16308]  ? avc_ss_reset+0x3a0/0x3a0
[ 1030.226099][T16308]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1030.232348][T16308]  ? refcount_inc_checked+0x50/0x50
[ 1030.237714][T16308]  ? memcg_check_events+0x5c/0x5b0
[ 1030.243545][T16308]  ? proc_fail_nth_write+0x1d5/0x240
[ 1030.249267][T16308]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1030.254558][T16308]  ? __lru_cache_add+0x1c4/0x210
[ 1030.259483][T16308]  ? memset+0x1f/0x40
[ 1030.263444][T16308]  ? fsnotify+0x1332/0x13f0
[ 1030.268046][T16308]  ? tty_do_resize+0x170/0x170
[ 1030.272911][T16308]  do_vfs_ioctl+0x76a/0x1720
[ 1030.277491][T16308]  ? selinux_file_ioctl+0x72f/0x990
[ 1030.282757][T16308]  ? ioctl_preallocate+0x250/0x250
[ 1030.288772][T16308]  ? __fget+0x37b/0x3c0
[ 1030.292917][T16308]  ? vfs_write+0x422/0x4e0
[ 1030.297322][T16308]  ? fget_many+0x20/0x20
[ 1030.301570][T16308]  ? debug_smp_processor_id+0x20/0x20
[ 1030.307105][T16308]  ? security_file_ioctl+0x9d/0xb0
[ 1030.312283][T16308]  __x64_sys_ioctl+0xd4/0x110
[ 1030.317336][T16308]  do_syscall_64+0xcb/0x1e0
[ 1030.322126][T16308]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1030.328103][T16308] RIP: 0033:0x4665d9
[ 1030.331971][T16308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1030.351847][T16308] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1030.361623][T16308] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1030.370186][T16308] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1030.378232][T16308] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
02:40:22 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)

02:40:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803340010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1030.386191][T16308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1030.395223][T16308] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
[ 1030.407509][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
02:40:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000ffffff9e0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1030.444079][T16319] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1030.468744][T16316] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1030.506344][T16327] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1032.412100][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1032.418414][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1034.492025][ T3302] Bluetooth: hci0: command 0x1001 tx timeout
[ 1034.498091][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1036.571873][ T3302] Bluetooth: hci0: command 0x1009 tx timeout
02:40:32 executing program 5 (fault-call:2 fault-nth:62):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:40:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000007a0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:40:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2802360010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:32 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x66a, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:40:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000ffffffea0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:40:32 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0xfffffffffffffc72, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

02:40:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803380010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000ffffffef0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1040.923843][T16343] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1040.931834][T16345] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1040.948960][T16341] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1040.959109][T16345] FAULT_INJECTION: forcing a failure.
02:40:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000810000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1040.959109][T16345] name failslab, interval 1, probability 0, space 0, times 0
[ 1040.981038][T16345] CPU: 0 PID: 16345 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1040.991641][T16345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1041.002150][T16345] Call Trace:
[ 1041.005452][T16345]  dump_stack+0x1d8/0x24e
[ 1041.010056][T16345]  ? devkmsg_release+0x11c/0x11c
02:40:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000800300000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:40:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000fffffff00008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1041.012296][T16354] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1041.014990][T16345]  ? show_regs_print_info+0x12/0x12
[ 1041.015010][T16345]  should_fail+0x6f6/0x860
[ 1041.040021][T16345]  ? setup_fault_attr+0x3d0/0x3d0
[ 1041.042991][T16355] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1041.045038][T16345]  ? alloc_uevent_skb+0x73/0x220
[ 1041.045049][T16345]  should_failslab+0x5/0x20
02:40:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28003a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1041.045061][T16345]  __kmalloc_track_caller+0x5d/0x2e0
[ 1041.045069][T16345]  ? kmem_cache_alloc+0x115/0x290
[ 1041.045078][T16345]  ? mutex_lock+0xa6/0x110
[ 1041.045093][T16345]  ? alloc_uevent_skb+0x73/0x220
[ 1041.089497][T16345]  __alloc_skb+0xaf/0x4d0
[ 1041.093833][T16345]  alloc_uevent_skb+0x73/0x220
[ 1041.098702][T16345]  kobject_uevent_env+0xaee/0x1000
[ 1041.103820][T16345]  device_add+0xf42/0x18a0
[ 1041.104459][T16364] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1041.108406][T16345]  ? virtual_device_parent+0x50/0x50
[ 1041.108414][T16345]  ? device_initialize+0x1d3/0x3e0
[ 1041.108434][T16345]  rfkill_register+0x180/0x720
[ 1041.139112][T16345]  hci_register_dev+0x398/0x710
[ 1041.140600][T16363] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1041.143974][T16345]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1041.143983][T16345]  ? hci_uart_tty_write+0x10/0x10
[ 1041.143993][T16345]  tty_ioctl+0xf68/0x1710
[ 1041.144003][T16345]  ? tty_do_resize+0x170/0x170
[ 1041.144012][T16345]  ? avc_ss_reset+0x3a0/0x3a0
[ 1041.144021][T16345]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1041.144028][T16345]  ? refcount_inc_checked+0x50/0x50
[ 1041.144040][T16345]  ? memcg_check_events+0x5c/0x5b0
[ 1041.144054][T16345]  ? proc_fail_nth_write+0x1d5/0x240
[ 1041.144064][T16345]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1041.144080][T16345]  ? __lru_cache_add+0x1c4/0x210
[ 1041.215080][T16345]  ? memset+0x1f/0x40
[ 1041.219045][T16345]  ? fsnotify+0x1332/0x13f0
[ 1041.223583][T16345]  ? tty_do_resize+0x170/0x170
[ 1041.228366][T16345]  do_vfs_ioctl+0x76a/0x1720
[ 1041.233113][T16345]  ? selinux_file_ioctl+0x72f/0x990
[ 1041.238314][T16345]  ? ioctl_preallocate+0x250/0x250
[ 1041.243404][T16345]  ? __fget+0x37b/0x3c0
[ 1041.247543][T16345]  ? vfs_write+0x422/0x4e0
[ 1041.251938][T16345]  ? fget_many+0x20/0x20
[ 1041.256237][T16345]  ? debug_smp_processor_id+0x20/0x20
[ 1041.261602][T16345]  ? security_file_ioctl+0x9d/0xb0
[ 1041.267051][T16345]  __x64_sys_ioctl+0xd4/0x110
[ 1041.271710][T16345]  do_syscall_64+0xcb/0x1e0
[ 1041.276282][T16345]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1041.282222][T16345] RIP: 0033:0x4665d9
[ 1041.286122][T16345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1041.305908][T16345] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1041.314300][T16345] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1041.322244][T16345] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1041.330324][T16345] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1041.338415][T16345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1041.346453][T16345] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
[ 1041.355104][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1043.371390][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1043.377654][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1045.451302][ T3302] Bluetooth: hci0: command 0x1001 tx timeout
[ 1045.457779][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1047.531176][ T3302] Bluetooth: hci0: command 0x1009 tx timeout
02:40:43 executing program 5 (fault-call:2 fault-nth:63):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:40:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000fffffffe0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:40:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000038000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:40:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28013a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:43 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x66b, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:40:43 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
clock_gettime(0x0, &(0x7f0000004000)={<r2=>0x0, <r3=>0x0})
recvmmsg(r1, &(0x7f0000003e80)=[{{&(0x7f0000000080)=@caif=@rfm, 0x80, &(0x7f0000001580)=[{&(0x7f0000000100)=""/249, 0xf9}, {&(0x7f0000000280)=""/66, 0x42}, {&(0x7f0000000300)=""/84, 0x54}, {&(0x7f0000000200)=""/39, 0x27}, {&(0x7f0000000380)=""/137, 0x89}, {&(0x7f0000000440)=""/51, 0x33}, {&(0x7f0000000480)=""/33, 0x21}, {&(0x7f0000001500)=""/114, 0x72}], 0x8, &(0x7f0000001600)=""/199, 0xc7}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000001700)=""/221, 0xdd}, {&(0x7f0000001800)=""/21, 0x15}], 0x2, &(0x7f0000001880)=""/59, 0x3b}, 0xa86}, {{&(0x7f00000018c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000001c00)=[{&(0x7f0000001940)=""/87, 0x57}, {&(0x7f00000019c0)=""/26, 0x1a}, {&(0x7f0000001a00)=""/164, 0xa4}, {&(0x7f0000001ac0)=""/104, 0x68}, {&(0x7f0000001b40)}, {&(0x7f0000001b80)=""/106, 0x6a}], 0x6}, 0xff}, {{&(0x7f0000001c80)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000002300)=[{&(0x7f0000001d00)=""/65, 0x41}, {&(0x7f0000001d80)=""/88, 0x58}, {&(0x7f0000001e00)=""/201, 0xc9}, {&(0x7f0000001f00)=""/170, 0xaa}, {&(0x7f0000001fc0)=""/138, 0x8a}, {&(0x7f0000002080)=""/221, 0xdd}, {&(0x7f0000002180)=""/124, 0x7c}, {&(0x7f0000002200)=""/55, 0x37}, {&(0x7f0000002240)=""/143, 0x8f}], 0x9}, 0x82}, {{&(0x7f00000023c0)=@l2tp6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000003800)=[{&(0x7f0000002440)=""/127, 0x7f}, {&(0x7f00000024c0)=""/39, 0x27}, {&(0x7f0000003580)=""/209, 0xd1}, {&(0x7f0000003680)=""/193, 0xc1}, {&(0x7f0000003780)=""/87, 0x57}], 0x5, &(0x7f0000003880)=""/175, 0xaf}, 0x3f}, {{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000003940)=""/189, 0xbd}, {&(0x7f0000003500)=""/52, 0x34}, {&(0x7f0000003a00)=""/162, 0xa2}, {&(0x7f0000003ac0)=""/34, 0x22}, {&(0x7f0000003b00)=""/223, 0xdf}, {&(0x7f0000003c00)=""/158, 0x9e}, {&(0x7f0000003cc0)=""/144, 0x90}], 0x7, &(0x7f0000003e00)=""/128, 0x80}, 0x6}], 0x6, 0x40000060, &(0x7f0000004040)={r2, r3+10000000})
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

02:40:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000001000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:40:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28033a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0600007fffffff0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1051.791634][T16381] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1051.812055][T16386] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:40:43 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x41395527)
preadv(r1, &(0x7f0000001740)=[{&(0x7f0000000280)=""/233, 0xe9}, {&(0x7f0000000380)=""/230, 0xe6}, {&(0x7f0000001500)=""/68, 0x44}, {&(0x7f0000001580)=""/202, 0xca}, {&(0x7f0000001680)=""/169, 0xa9}], 0x5, 0x5, 0xffff)
write$binfmt_script(r1, &(0x7f00000017c0)=ANY=[@ANYBLOB="2321202e2f66696c65302000200020002023247b402f2c2bef20ffff20ffff20272d20292e2940200020ffff0ab6a8224c029af9cd3a74c3dc6be413c77d5a291cfc347fc15531f1e150466dd10f41554f8d60e33be504957464989d7014bbe626f8f599cd59e1bcfd08efa8c7cfbbeb6770edf6e2fdf6c3c1e25d8dfb8325991af77a273d6cf860b1b319ff0ab6ee214560b72d4638fd4eb7"], 0x2d)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sendto$inet6(r2, &(0x7f0000000080)="9ab9da8f34670c0b88050f771eb8fde6da31b747e76237ec01aeb0f2419cad2cf66a3ebb9b168e20a78e91882c5f71d4f40f734f8b7a72c111c24603ff0982c2484f76f84b37b14105eb20e3b2420259ae9d3554c6ea7b66eb9e1cba1b8c59edf13f831270fee60bc50cbd19faf1e0fa9224a8006634abe191ed402e44cfb3166ebf1caa3994ed52ff541f73a7f49a4274a737df80e358a093a50d980dd634b38f4eb6aa3c95ca6ac5baa47eba8e9786d02c5cd04762c57c4c320a923726730a631d564c6b3b0bef6a903b8b4005024b1280299509b0eb92551a03e6", 0xdc, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x7fff, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x4}, 0x1c)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 1051.852381][T16390] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1051.874998][T16390] FAULT_INJECTION: forcing a failure.
[ 1051.874998][T16390] name failslab, interval 1, probability 0, space 0, times 0
[ 1051.881953][T16399] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1051.906496][T16390] CPU: 0 PID: 16390 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1051.906502][T16390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1051.906506][T16390] Call Trace:
[ 1051.906526][T16390]  dump_stack+0x1d8/0x24e
[ 1051.906539][T16390]  ? devkmsg_release+0x11c/0x11c
[ 1051.906549][T16390]  ? show_regs_print_info+0x12/0x12
[ 1051.906566][T16390]  should_fail+0x6f6/0x860
02:40:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28033e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000081ffffff0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1051.906576][T16390]  ? setup_fault_attr+0x3d0/0x3d0
[ 1051.906586][T16390]  ? alloc_uevent_skb+0x73/0x220
[ 1051.906599][T16390]  should_failslab+0x5/0x20
[ 1051.906616][T16390]  __kmalloc_track_caller+0x5d/0x2e0
[ 1051.906628][T16390]  ? kmem_cache_alloc+0x115/0x290
[ 1051.906638][T16390]  ? alloc_uevent_skb+0x73/0x220
[ 1051.906651][T16390]  __alloc_skb+0xaf/0x4d0
[ 1051.906660][T16390]  alloc_uevent_skb+0x73/0x220
[ 1051.906676][T16390]  kobject_uevent_env+0xaee/0x1000
[ 1051.953937][T16397] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1051.957457][T16390]  device_add+0xf42/0x18a0
[ 1051.957469][T16390]  ? virtual_device_parent+0x50/0x50
[ 1051.957476][T16390]  ? device_initialize+0x1d3/0x3e0
[ 1051.957488][T16390]  rfkill_register+0x180/0x720
[ 1051.957499][T16390]  hci_register_dev+0x398/0x710
[ 1051.957511][T16390]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1051.957520][T16390]  ? hci_uart_tty_write+0x10/0x10
[ 1051.957530][T16390]  tty_ioctl+0xf68/0x1710
[ 1051.957540][T16390]  ? tty_do_resize+0x170/0x170
[ 1051.957557][T16390]  ? avc_ss_reset+0x3a0/0x3a0
[ 1051.995888][T16407] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1051.998746][T16390]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1051.998756][T16390]  ? refcount_inc_checked+0x50/0x50
[ 1051.998767][T16390]  ? memcg_check_events+0x5c/0x5b0
[ 1051.998780][T16390]  ? proc_fail_nth_write+0x1d5/0x240
[ 1051.998789][T16390]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1051.998798][T16390]  ? __lru_cache_add+0x1c4/0x210
[ 1051.998805][T16390]  ? memset+0x1f/0x40
[ 1051.998821][T16390]  ? fsnotify+0x1332/0x13f0
[ 1052.128192][T16390]  ? tty_do_resize+0x170/0x170
[ 1052.132949][T16390]  do_vfs_ioctl+0x76a/0x1720
[ 1052.137708][T16390]  ? selinux_file_ioctl+0x72f/0x990
[ 1052.143875][T16390]  ? ioctl_preallocate+0x250/0x250
[ 1052.152979][T16390]  ? __fget+0x37b/0x3c0
[ 1052.157456][T16390]  ? vfs_write+0x422/0x4e0
[ 1052.161886][T16390]  ? fget_many+0x20/0x20
[ 1052.166134][T16390]  ? debug_smp_processor_id+0x20/0x20
[ 1052.171897][T16390]  ? security_file_ioctl+0x9d/0xb0
[ 1052.177203][T16390]  __x64_sys_ioctl+0xd4/0x110
[ 1052.182288][T16390]  do_syscall_64+0xcb/0x1e0
[ 1052.186919][T16390]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1052.192826][T16390] RIP: 0033:0x4665d9
[ 1052.198855][T16390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1052.219448][T16390] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1052.229630][T16390] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1052.238150][T16390] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1052.246106][T16390] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1052.254071][T16390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1052.263399][T16390] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
[ 1052.273189][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1054.330783][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1054.337100][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1056.410595][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1056.417081][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1058.490434][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:40:54 executing program 5 (fault-call:2 fault-nth:64):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:40:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000002000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:40:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28003f0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:40:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0600009effffff0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:40:54 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x66c, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:40:54 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
recvfrom$inet6(r0, 0x0, 0x0, 0x2020, 0x0, 0x0)

02:40:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000003000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:40:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800400010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1062.677329][T16426] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1062.692719][T16427] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1062.703012][T16420] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1062.708807][T16427] FAULT_INJECTION: forcing a failure.
02:40:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000eaffffff0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1062.708807][T16427] name failslab, interval 1, probability 0, space 0, times 0
[ 1062.745087][T16427] CPU: 0 PID: 16427 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1062.755347][T16427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
02:40:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000004000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1062.764257][T16436] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1062.765567][T16427] Call Trace:
[ 1062.765586][T16427]  dump_stack+0x1d8/0x24e
[ 1062.765605][T16427]  ? devkmsg_release+0x11c/0x11c
[ 1062.793753][T16427]  ? vsnprintf+0x1cb4/0x1d60
[ 1062.798428][T16427]  ? show_regs_print_info+0x12/0x12
[ 1062.803635][T16427]  should_fail+0x6f6/0x860
[ 1062.808147][T16427]  ? setup_fault_attr+0x3d0/0x3d0
[ 1062.813175][T16427]  ? add_uevent_var+0x1c2/0x360
[ 1062.818043][T16427]  ? call_usermodehelper_setup+0x91/0x200
02:40:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803400010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1062.818699][T16445] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1062.824279][T16427]  should_failslab+0x5/0x20
[ 1062.824292][T16427]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1062.824303][T16427]  call_usermodehelper_setup+0x91/0x200
[ 1062.824312][T16427]  ? add_uevent_var+0x360/0x360
[ 1062.824326][T16427]  kobject_uevent_env+0xdd6/0x1000
02:40:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000efffffff0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1062.850626][T16446] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1062.856207][T16427]  device_add+0xf42/0x18a0
[ 1062.856218][T16427]  ? virtual_device_parent+0x50/0x50
[ 1062.856232][T16427]  ? device_initialize+0x1d3/0x3e0
[ 1062.896731][T16427]  rfkill_register+0x180/0x720
[ 1062.901505][T16427]  hci_register_dev+0x398/0x710
[ 1062.903730][T16451] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1062.906525][T16427]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1062.906534][T16427]  ? hci_uart_tty_write+0x10/0x10
[ 1062.906544][T16427]  tty_ioctl+0xf68/0x1710
[ 1062.906554][T16427]  ? tty_do_resize+0x170/0x170
[ 1062.906563][T16427]  ? avc_ss_reset+0x3a0/0x3a0
[ 1062.906578][T16427]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1062.952546][T16427]  ? refcount_inc_checked+0x50/0x50
[ 1062.957746][T16427]  ? memcg_check_events+0x5c/0x5b0
[ 1062.963034][T16427]  ? proc_fail_nth_write+0x1d5/0x240
[ 1062.968318][T16427]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1062.973515][T16427]  ? __lru_cache_add+0x1c4/0x210
[ 1062.978444][T16427]  ? memset+0x1f/0x40
[ 1062.982417][T16427]  ? fsnotify+0x1332/0x13f0
[ 1062.986998][T16427]  ? tty_do_resize+0x170/0x170
[ 1062.991752][T16427]  do_vfs_ioctl+0x76a/0x1720
[ 1062.996344][T16427]  ? selinux_file_ioctl+0x72f/0x990
[ 1063.001536][T16427]  ? ioctl_preallocate+0x250/0x250
[ 1063.006636][T16427]  ? __fget+0x37b/0x3c0
[ 1063.010767][T16427]  ? vfs_write+0x422/0x4e0
[ 1063.015169][T16427]  ? fget_many+0x20/0x20
[ 1063.019383][T16427]  ? debug_smp_processor_id+0x20/0x20
[ 1063.024817][T16427]  ? security_file_ioctl+0x9d/0xb0
[ 1063.030511][T16427]  __x64_sys_ioctl+0xd4/0x110
[ 1063.035279][T16427]  do_syscall_64+0xcb/0x1e0
[ 1063.039768][T16427]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1063.045639][T16427] RIP: 0033:0x4665d9
[ 1063.049645][T16427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1063.070111][T16427] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1063.078589][T16427] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1063.086651][T16427] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1063.094599][T16427] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1063.102632][T16427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1063.110581][T16427] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
[ 1063.120506][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1065.130034][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1065.137075][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1067.209832][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1067.219216][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1069.289712][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:41:05 executing program 5 (fault-call:2 fault-nth:65):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:41:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000005000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2801460010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000f0ffffff0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:41:05 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540), 0x0)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x6005, 0x4)
sendto$inet6(r0, &(0x7f0000000480)="4e301bd31c61d2631d7c10a3b07e2ebe2fdb659dffb27172f402dfd3808ce22cc8238f3b677c2c26af71fc45ff7464150274", 0x32, 0x4000040, &(0x7f00000004c0)={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xc0000000}, 0x1c)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1)
r2 = accept4(r0, &(0x7f0000000180)=@nfc, &(0x7f0000000200)=0x80, 0x800)
sendto$inet6(r2, &(0x7f0000000380)="93973ac5ae83aba55d944b9412053f401838f0cc1880d824938128db8f405d3da1b723b13df59e93fc6aea903860766b08665c9231458b5b7e5ff4b5f45bdccb79d541a9d4723398682fb1c686e4048ea86bc8fa2b890bf8755c49b7fdce6fc6a22a80821db0aa00615b2fa15e4b9f8099693e0cd95792ca189a66ea362e56355aab7f243606a92c8a140cf3270c92395c7b2087b59b5726fd501a6091480f364d04e04847632463a7647a028d778a4aa3be82f95569731d28aaf40618f02613735a6ad036", 0xc5, 0x20000001, 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000000080)={{0x0, 0x3, 0x80, 0xd5, 0x2cf, 0x72fe, 0x56, 0x4}, "e2e830028cbb2bc23a7f94f6f8eda8a34caa1a0fc9aafc400b013610cb0747971b71b61e4d9cf640ec77bae95842d4a4f147b5"}, 0x53)
recvfrom$inet6(r1, &(0x7f0000000280)=""/242, 0xf2, 0x10000, 0x0, 0x0)

02:41:05 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x66d, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:41:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000006000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000feffffff0008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1073.555113][T16464] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1073.571857][T16461] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1073.583480][T16469] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:41:05 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x8840, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="e1b0754f8def6ec5de10d7ec9054734e144978526cc66af25b8a6e19805a323dcbce79ec9207b564da8df002e3c4b1ad7a085355e5b72e5d15a1ddc30d80fc0bba50c0e89c6098179017395d71135f459fc481f37f9d4df8da", 0x59}], 0x1, 0x4)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff})
fcntl$setpipe(r1, 0x407, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
getsockname(r2, &(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f00000001c0)=0x80)
recvfrom$inet6(r3, &(0x7f0000000280)=""/117, 0x9, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

02:41:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2802480010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1073.601808][T16469] FAULT_INJECTION: forcing a failure.
[ 1073.601808][T16469] name failslab, interval 1, probability 0, space 0, times 0
[ 1073.622418][T16469] CPU: 1 PID: 16469 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1073.632768][T16469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1073.642937][T16469] Call Trace:
[ 1073.646278][T16469]  dump_stack+0x1d8/0x24e
[ 1073.650929][T16469]  ? devkmsg_release+0x11c/0x11c
[ 1073.655992][T16469]  ? vsnprintf+0x1cb4/0x1d60
[ 1073.660809][T16469]  ? show_regs_print_info+0x12/0x12
[ 1073.666035][T16469]  should_fail+0x6f6/0x860
[ 1073.670554][T16469]  ? setup_fault_attr+0x3d0/0x3d0
[ 1073.675676][T16469]  ? add_uevent_var+0x1c2/0x360
[ 1073.681065][T16469]  ? call_usermodehelper_setup+0x91/0x200
[ 1073.686961][T16469]  should_failslab+0x5/0x20
[ 1073.692002][T16469]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1073.697443][T16469]  call_usermodehelper_setup+0x91/0x200
[ 1073.703271][T16469]  ? add_uevent_var+0x360/0x360
[ 1073.708105][T16469]  kobject_uevent_env+0xdd6/0x1000
[ 1073.713371][T16469]  device_add+0xf42/0x18a0
[ 1073.717887][T16469]  ? virtual_device_parent+0x50/0x50
[ 1073.723955][T16469]  ? device_initialize+0x1d3/0x3e0
[ 1073.729288][T16469]  rfkill_register+0x180/0x720
[ 1073.734056][T16469]  hci_register_dev+0x398/0x710
[ 1073.739035][T16469]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1073.744063][T16469]  ? hci_uart_tty_write+0x10/0x10
[ 1073.749212][T16469]  tty_ioctl+0xf68/0x1710
[ 1073.753549][T16469]  ? tty_do_resize+0x170/0x170
[ 1073.758486][T16469]  ? avc_ss_reset+0x3a0/0x3a0
[ 1073.763343][T16469]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1073.770317][T16469]  ? refcount_inc_checked+0x50/0x50
[ 1073.775714][T16469]  ? memcg_check_events+0x5c/0x5b0
[ 1073.781160][T16469]  ? proc_fail_nth_write+0x1d5/0x240
[ 1073.786539][T16469]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1073.791723][T16469]  ? __lru_cache_add+0x1c4/0x210
[ 1073.796897][T16469]  ? memset+0x1f/0x40
[ 1073.800855][T16469]  ? fsnotify+0x1332/0x13f0
[ 1073.805349][T16469]  ? tty_do_resize+0x170/0x170
[ 1073.810095][T16469]  do_vfs_ioctl+0x76a/0x1720
[ 1073.814818][T16469]  ? selinux_file_ioctl+0x72f/0x990
[ 1073.821241][T16469]  ? ioctl_preallocate+0x250/0x250
[ 1073.826335][T16469]  ? __fget+0x37b/0x3c0
[ 1073.830490][T16469]  ? vfs_write+0x422/0x4e0
[ 1073.834880][T16469]  ? fget_many+0x20/0x20
[ 1073.839119][T16469]  ? debug_smp_processor_id+0x20/0x20
[ 1073.845077][T16469]  ? security_file_ioctl+0x9d/0xb0
[ 1073.850226][T16469]  __x64_sys_ioctl+0xd4/0x110
[ 1073.855117][T16469]  do_syscall_64+0xcb/0x1e0
[ 1073.859601][T16469]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1073.865643][T16469] RIP: 0033:0x4665d9
[ 1073.869539][T16469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1073.890057][T16469] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1073.898454][T16469] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1073.906526][T16469] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1073.914588][T16469] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1073.922557][T16469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1073.930522][T16469] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
02:41:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1073.951527][T16475] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1073.982643][T16477] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:41:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1074.005682][T16483] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1076.009299][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1076.015375][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1078.089106][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1078.095316][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1080.168981][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:41:16 executing program 5 (fault-call:2 fault-nth:66):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:41:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000200000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:41:16 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x66e, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:41:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000008000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28024a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:16 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000080), 0xffffffffffff2ec4, 0x200000)
sendto$inet6(r1, &(0x7f00000000c0)="5417a8151130240326ef9b27ac32df05414d72dde6014bc20d3eaf018a0f47dc95a5d36b77f6a62880b0e2583b6c2a09ea10d9d259192ac7d813ae9ca58e27d033a85e688da00765598f9d8313dab39308167ff01737f4fa5e7a915126ac132b7c305d76ae50a972849210ee13391589fa54eeb6fc9ae2863182e00de570373e6d40b70a50a02977fd31a4a76d9e94b4c00a8e9e1aa0d22571d002f10c4afeed1bd293e2896045a466f31bc649aedd15bb86a31292", 0xb5, 0x200480a0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000180)="a3d8955ac68fd88e747fd38893c1a6ef03e0e31796dd3b917d058a11cf5f64e0f3cd8c1613303a212427ae950638", 0x2e, 0x0, &(0x7f00000001c0)={0xa, 0x4e24, 0xc0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x6}, 0x1c)

02:41:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000300000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1084.437646][T16502] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1084.449378][T16509] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1084.464275][T16508] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1084.470340][T16509] FAULT_INJECTION: forcing a failure.
[ 1084.470340][T16509] name failslab, interval 1, probability 0, space 0, times 0
[ 1084.500490][T16509] CPU: 0 PID: 16509 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1084.510737][T16509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
02:41:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000400000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1084.518187][T16516] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1084.523208][T16509] Call Trace:
[ 1084.523230][T16509]  dump_stack+0x1d8/0x24e
[ 1084.523278][T16509]  ? devkmsg_release+0x11c/0x11c
[ 1084.523295][T16509]  ? show_regs_print_info+0x12/0x12
[ 1084.559177][T16509]  should_fail+0x6f6/0x860
[ 1084.564402][T16509]  ? setup_fault_attr+0x3d0/0x3d0
[ 1084.569433][T16509]  ? create_monitor_event+0x58/0x8b0
02:41:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000601000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1084.573934][T16518] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1084.574698][T16509]  should_failslab+0x5/0x20
[ 1084.574719][T16509]  __kmalloc_track_caller+0x5d/0x2e0
[ 1084.601105][T16509]  ? kmem_cache_alloc+0x115/0x290
[ 1084.606135][T16509]  ? preempt_schedule+0x16b/0x190
[ 1084.611153][T16509]  ? create_monitor_event+0x58/0x8b0
[ 1084.616737][T16509]  __alloc_skb+0xaf/0x4d0
[ 1084.618633][T16520] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:41:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000003000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1084.621941][T16509]  create_monitor_event+0x58/0x8b0
[ 1084.621951][T16509]  ? _raw_write_trylock+0x1b0/0x1b0
[ 1084.621967][T16509]  hci_sock_dev_event+0x46/0x570
[ 1084.653132][T16509]  hci_register_dev+0x641/0x710
[ 1084.659447][T16509]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1084.664453][T16509]  ? hci_uart_tty_write+0x10/0x10
[ 1084.669462][T16509]  tty_ioctl+0xf68/0x1710
[ 1084.670373][T16522] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:41:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000106000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1084.673785][T16509]  ? tty_do_resize+0x170/0x170
[ 1084.673794][T16509]  ? avc_ss_reset+0x3a0/0x3a0
[ 1084.673808][T16509]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1084.705165][T16509]  ? refcount_inc_checked+0x50/0x50
[ 1084.710358][T16509]  ? memcg_check_events+0x5c/0x5b0
[ 1084.715466][T16509]  ? proc_fail_nth_write+0x1d5/0x240
[ 1084.720907][T16509]  ? proc_fail_nth_read+0x1c0/0x1c0
02:41:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000040000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1084.721168][T16524] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1084.726299][T16509]  ? __lru_cache_add+0x1c4/0x210
[ 1084.726309][T16509]  ? memset+0x1f/0x40
[ 1084.726316][T16509]  ? fsnotify+0x1332/0x13f0
[ 1084.726332][T16509]  ? tty_do_resize+0x170/0x170
[ 1084.760416][T16509]  do_vfs_ioctl+0x76a/0x1720
[ 1084.765005][T16509]  ? selinux_file_ioctl+0x72f/0x990
[ 1084.770181][T16509]  ? ioctl_preallocate+0x250/0x250
[ 1084.775430][T16509]  ? __fget+0x37b/0x3c0
[ 1084.779654][T16509]  ? vfs_write+0x422/0x4e0
[ 1084.784053][T16509]  ? fget_many+0x20/0x20
[ 1084.788283][T16509]  ? debug_smp_processor_id+0x20/0x20
[ 1084.793808][T16509]  ? security_file_ioctl+0x9d/0xb0
[ 1084.798896][T16509]  __x64_sys_ioctl+0xd4/0x110
[ 1084.803855][T16509]  do_syscall_64+0xcb/0x1e0
[ 1084.808606][T16509]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1084.814492][T16509] RIP: 0033:0x4665d9
[ 1084.818365][T16509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1084.838324][T16509] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1084.846716][T16509] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1084.854661][T16509] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1084.862662][T16509] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1084.871329][T16509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1084.879297][T16509] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
[ 1084.912021][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1084.965041][T16530] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1086.968738][ T3677] Bluetooth: hci0: command 0x1003 tx timeout
[ 1086.974789][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1089.048408][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1089.054888][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1091.128172][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
02:41:27 executing program 5 (fault-call:2 fault-nth:67):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:41:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28034a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:27 executing program 1:
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x4}, 0x80)
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, &(0x7f0000000380)=""/107, 0x6b, 0x12042, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
preadv(r1, &(0x7f0000004780)=[{&(0x7f0000002480)=""/114, 0x72}, {&(0x7f0000004700)=""/103, 0x67}, {&(0x7f0000003500)=""/2, 0x2}], 0x3, 0x81, 0x8)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000280)=""/190, 0xbe, 0x40010021, &(0x7f0000000200)={0xa, 0x4e21, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000015c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001280)='V', 0x1}], 0x4}, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
setsockopt$inet6_mreq(r1, 0x29, 0x8, &(0x7f0000000140)={@empty}, 0x14)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
accept4$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @private1}, &(0x7f00000001c0)=0x1c, 0x80800)
bind$tipc(0xffffffffffffffff, &(0x7f0000000100)=@name={0x1e, 0x2, 0x2, {{0x2, 0x1}, 0x3}}, 0x10)
sendto$inet6(r0, &(0x7f0000000080)="9e77cb35de5187d2f1565d5eed6b87dfd36b9e9ef15b0964c4460c71f42405a391c1e6e67aff5b30b1f8b1", 0x2b, 0x40004, &(0x7f00000000c0)={0xa, 0x4e20, 0x5, @mcast2, 0x5b}, 0x1c)

02:41:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000009000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000081000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:41:27 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x66f, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:41:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1095.314801][T16537] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1095.332277][T16543] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1095.333816][T16544] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1095.357334][T16544] FAULT_INJECTION: forcing a failure.
02:41:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000000a000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1095.357334][T16544] name failslab, interval 1, probability 0, space 0, times 0
[ 1095.384771][T16544] CPU: 0 PID: 16544 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1095.395103][T16544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1095.400898][T16554] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1095.405931][T16544] Call Trace:
[ 1095.405950][T16544]  dump_stack+0x1d8/0x24e
[ 1095.405967][T16544]  ? devkmsg_release+0x11c/0x11c
[ 1095.434567][T16544]  ? show_regs_print_info+0x12/0x12
[ 1095.440146][T16544]  should_fail+0x6f6/0x860
[ 1095.444544][T16544]  ? setup_fault_attr+0x3d0/0x3d0
[ 1095.449935][T16544]  ? create_monitor_event+0x58/0x8b0
[ 1095.456939][T16544]  should_failslab+0x5/0x20
[ 1095.461690][T16544]  __kmalloc_track_caller+0x5d/0x2e0
[ 1095.467661][T16544]  ? kmem_cache_alloc+0x115/0x290
[ 1095.472841][T16544]  ? preempt_schedule+0x16b/0x190
[ 1095.477951][T16544]  ? create_monitor_event+0x58/0x8b0
[ 1095.483383][T16544]  __alloc_skb+0xaf/0x4d0
[ 1095.487777][T16544]  create_monitor_event+0x58/0x8b0
[ 1095.493279][T16544]  ? _raw_write_trylock+0x1b0/0x1b0
[ 1095.498459][T16544]  hci_sock_dev_event+0x46/0x570
[ 1095.503737][T16544]  hci_register_dev+0x641/0x710
[ 1095.508573][T16544]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1095.513578][T16544]  ? hci_uart_tty_write+0x10/0x10
[ 1095.518663][T16544]  tty_ioctl+0xf68/0x1710
[ 1095.523112][T16544]  ? tty_do_resize+0x170/0x170
[ 1095.527860][T16544]  ? avc_ss_reset+0x3a0/0x3a0
[ 1095.532506][T16544]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1095.538637][T16544]  ? refcount_inc_checked+0x50/0x50
[ 1095.543803][T16544]  ? memcg_check_events+0x5c/0x5b0
[ 1095.549146][T16544]  ? proc_fail_nth_write+0x1d5/0x240
[ 1095.554578][T16544]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1095.559763][T16544]  ? __lru_cache_add+0x1c4/0x210
[ 1095.564850][T16544]  ? memset+0x1f/0x40
[ 1095.568801][T16544]  ? fsnotify+0x1332/0x13f0
[ 1095.573273][T16544]  ? tty_do_resize+0x170/0x170
[ 1095.578025][T16544]  do_vfs_ioctl+0x76a/0x1720
[ 1095.582595][T16544]  ? selinux_file_ioctl+0x72f/0x990
[ 1095.587765][T16544]  ? ioctl_preallocate+0x250/0x250
[ 1095.592848][T16544]  ? __fget+0x37b/0x3c0
[ 1095.597096][T16544]  ? vfs_write+0x422/0x4e0
[ 1095.601496][T16544]  ? fget_many+0x20/0x20
[ 1095.605717][T16544]  ? debug_smp_processor_id+0x20/0x20
[ 1095.611105][T16544]  ? security_file_ioctl+0x9d/0xb0
[ 1095.616193][T16544]  __x64_sys_ioctl+0xd4/0x110
[ 1095.621038][T16544]  do_syscall_64+0xcb/0x1e0
[ 1095.625522][T16544]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1095.631393][T16544] RIP: 0033:0x4665d9
[ 1095.635266][T16544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1095.654843][T16544] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:41:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000000b000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000080030008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1095.663237][T16544] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1095.671189][T16544] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1095.679170][T16544] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1095.687320][T16544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1095.695269][T16544] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
02:41:27 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 1095.731683][T16559] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1095.739884][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1095.778997][T16564] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1097.767829][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1097.774240][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1099.847676][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1099.853791][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1101.927554][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:41:37 executing program 5 (fault-call:2 fault-nth:68):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:41:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000000c000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:37 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000003800008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:41:37 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28034e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:37 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
r5 = creat(&(0x7f0000000240)='./file0\x00', 0x19)
write$binfmt_script(r5, &(0x7f00000004c0)=ANY=[@ANYBLOB="230228be53a21fd103ff030000000000007ad75aaf045737655231dbd54bebb278237f2a56e377b1664c9bbca78fb95cac851e9f994d070c6a10be1479c0fcd3cfd7330d03d828fd22416abbae9786d8e67435329abda6e445acaeb4dceea0b1b7acac484277348c8772c617f8b7a0ddad336210ace210a4c9b34ec07f35175f68ac78c40319d71d5b1451e0664ee06c1a13eda4bcb263b6c6adb4823b91016a4eb973f19b88d5038681b76c8280019f8c5fb303f05e8be61f82f6fafa21701befb4438b560400d711e71c033c63b04a4d4ec27ceb88c86d32dbf1db2f0dd6ea950c0023f1e4467077e32722d8551af898323639575f7a27c0128edb0aa627524f624921010e3982a5ac90b6ccc26c1eb79a6dbcb0a200faa2d61a753967c2f8debb89152afb0710de3b0fd01591d07253a25df2f4fc8a1628c9cb3eadf58f3740000800000000009e2d4e6924854b468da5f8bb631c30a169a289af57479cab5c8831d24e9e603a791bf5d2dd5f9e2d0f365fced4cc264cd67210bedc85528d66293262c9fb02e41adea29ee416598f94eac972ef7208d2a9d640314259de478be546fb0cd6503d2de6a2adf9f56dbdd8779b8d3c7f2470087900000100000000001c6a3a82e95c401569300bef91d7435b1773f2fe7225b8427a4bbc8f8fceb97c25b2c1d15c94a2d906acb7ac22fcb25ffdc64fee5481ff71"], 0x141)
write(r4, &(0x7f0000001600)="cc5ba96779b4b94d691840fd2a651a361ef609bd846bcfea957914494c7d44a75252211ccc7e1f0375128874a686310c2de9b1d3f34eec9afc4a18c9d21665a043759d4adbd2f7221fde", 0x4a)
close(r5)
io_submit(0x0, 0x3, &(0x7f0000001500)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, r1, &(0x7f0000000280)="45ac22faac1f95f51d8b17b1ef9cf77012b75c865eb42516bfeea413392ae2ac885223fdb2640f80fff54f2f740864a49e7514711f8736ca30c21787aa608731d043916876bb5ea7d3bf", 0x4a, 0x1ff, 0x0, 0x2, r2}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x8, 0x8, r4, &(0x7f0000000300)="922da03563b07b7e36bf557397be12f364d1ee54d7b82b34fc15d3cdfc27a140d28be1614febe8da97d59e76bf323026cde414f70830f0ce9ade0b90cf593fe4295075edb19da974bf8499cfa0c238ae0ed05ea730c3f78f8022790fb4d4d20885ecb1e4f28cfdc85f44bf2b1585a0716a362966c77b50e9679b527a65a0f8628514dcab51bc122c7df126efb78c310079bb18062b8191d6775044ea8ffd8d284d5d003d9d157d37a9728a97331e0fcd0df24170169635052b217cb7bad2", 0xbe, 0x339, 0x0, 0x2}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0xf9, r5, &(0x7f0000000400)="a3a2d8400a07c33bb208c89aa6e5c76e06a72397711b02afad3c72c12031d1bed429c636726e321c275ffc49a936ffa56bff48daf616fa7c38b07419a29bd58fb9fd663163d7ce858c1934ca352bf4c47a468e0a35e6626d64c76d5f5ae5d4", 0x5f, 0x3, 0x0, 0x1}])
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
sendto$inet6(r0, &(0x7f0000000080)="bf40ac53511995e8d989832866120d5dda108998b70055adbb737c5e4ea6451d5d3f7d69d96957ab461cbf3050d021275355983a191f009efd068ca0845f7ff40e5db9964f59f20aef6ec1e8a06bb442e0e82fd1a5a692c9ac261ee83be839aee4341029c0a5f6bd196f6e3af6f3f89f21a575f48e8a298c917ad324b89b280220f997f6a147ebc392b0ddb3e6fde669a19fd7c2aed3537a7c486d2eb05703115a794f0fd0bd9cf38ca91f19261c2fdb92cd91faa4f48f83d9845cc49bdc96d7ee635127620de884e090935e99595baab8e343", 0xd3, 0x0, &(0x7f0000000180)={0xa, 0x4e21, 0x8, @local, 0x6}, 0x1c)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
pread64(r3, &(0x7f0000001540)=""/156, 0x9c, 0x8)

02:41:37 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x670, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:41:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803540010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000108001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1106.193897][T16582] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1106.216756][T16583] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:41:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000000d000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800580010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1106.251323][T16587] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1106.262529][T16587] FAULT_INJECTION: forcing a failure.
[ 1106.262529][T16587] name failslab, interval 1, probability 0, space 0, times 0
[ 1106.276452][T16587] CPU: 1 PID: 16587 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1106.289833][T16587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1106.300469][T16587] Call Trace:
[ 1106.303843][T16587]  dump_stack+0x1d8/0x24e
[ 1106.308153][T16587]  ? devkmsg_release+0x11c/0x11c
[ 1106.313336][T16587]  ? show_regs_print_info+0x12/0x12
[ 1106.319334][T16587]  should_fail+0x6f6/0x860
[ 1106.325962][T16587]  ? setup_fault_attr+0x3d0/0x3d0
[ 1106.331060][T16587]  ? __alloc_skb+0x75/0x4d0
[ 1106.335546][T16587]  should_failslab+0x5/0x20
[ 1106.340291][T16587]  kmem_cache_alloc+0x36/0x290
[ 1106.345039][T16587]  ? kmem_cache_free+0xb8/0x5f0
[ 1106.350171][T16587]  __alloc_skb+0x75/0x4d0
[ 1106.354754][T16587]  hci_sock_dev_event+0xe4/0x570
[ 1106.359675][T16587]  hci_register_dev+0x641/0x710
[ 1106.364505][T16587]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1106.369506][T16587]  ? hci_uart_tty_write+0x10/0x10
[ 1106.374506][T16587]  tty_ioctl+0xf68/0x1710
[ 1106.378827][T16587]  ? tty_do_resize+0x170/0x170
[ 1106.385353][T16587]  ? avc_ss_reset+0x3a0/0x3a0
[ 1106.390223][T16587]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1106.396448][T16587]  ? refcount_inc_checked+0x50/0x50
[ 1106.401836][T16587]  ? memcg_check_events+0x5c/0x5b0
[ 1106.407239][T16587]  ? proc_fail_nth_write+0x1d5/0x240
[ 1106.412503][T16587]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1106.418082][T16587]  ? __lru_cache_add+0x1c4/0x210
[ 1106.424878][T16587]  ? memset+0x1f/0x40
[ 1106.429000][T16587]  ? fsnotify+0x1332/0x13f0
[ 1106.433482][T16587]  ? tty_do_resize+0x170/0x170
[ 1106.438313][T16587]  do_vfs_ioctl+0x76a/0x1720
[ 1106.443142][T16587]  ? selinux_file_ioctl+0x72f/0x990
[ 1106.448324][T16587]  ? ioctl_preallocate+0x250/0x250
[ 1106.454499][T16587]  ? __fget+0x37b/0x3c0
[ 1106.458666][T16587]  ? vfs_write+0x422/0x4e0
[ 1106.463067][T16587]  ? fget_many+0x20/0x20
[ 1106.467394][T16587]  ? debug_smp_processor_id+0x20/0x20
[ 1106.473652][T16587]  ? security_file_ioctl+0x9d/0xb0
[ 1106.478865][T16587]  __x64_sys_ioctl+0xd4/0x110
[ 1106.483546][T16587]  do_syscall_64+0xcb/0x1e0
[ 1106.488035][T16587]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1106.493940][T16587] RIP: 0033:0x4665d9
[ 1106.497929][T16587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1106.520221][T16587] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1106.529710][T16587] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1106.538846][T16587] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1106.546828][T16587] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1106.554774][T16587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1106.564871][T16587] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
[ 1106.577616][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
02:41:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28005a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000208001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1106.604684][T16598] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1106.621821][T16603] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1106.662923][T16610] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1108.647038][ T3678] Bluetooth: hci0: command 0x1003 tx timeout
[ 1108.655187][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1110.726963][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1110.733498][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1112.806798][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
02:41:48 executing program 5 (fault-call:2 fault-nth:69):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:41:48 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x671, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:41:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000000e000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:48 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28005c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:48 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000308001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:41:48 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
recvfrom$inet6(r0, 0x0, 0x0, 0x40010023, 0x0, 0xfffffffffffffed4)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
r1 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @hyper}, 0x10, 0x0)
getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x53, &(0x7f00000000c0)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000100)=0x28)
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0x5, &(0x7f0000000140)=0x4, 0x4)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

02:41:48 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000408001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:41:48 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28035c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000010000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1117.067908][T16624] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1117.085610][T16622] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1117.106530][T16629] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1117.116846][T16629] FAULT_INJECTION: forcing a failure.
[ 1117.116846][T16629] name failslab, interval 1, probability 0, space 0, times 0
[ 1117.129897][T16629] CPU: 1 PID: 16629 Comm: syz-executor.5 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1117.140243][T16629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1117.150680][T16629] Call Trace:
[ 1117.153975][T16629]  dump_stack+0x1d8/0x24e
[ 1117.158631][T16629]  ? devkmsg_release+0x11c/0x11c
[ 1117.163573][T16629]  ? show_regs_print_info+0x12/0x12
[ 1117.168888][T16629]  should_fail+0x6f6/0x860
[ 1117.173407][T16629]  ? setup_fault_attr+0x3d0/0x3d0
[ 1117.178410][T16629]  ? __alloc_skb+0x75/0x4d0
[ 1117.182888][T16629]  should_failslab+0x5/0x20
[ 1117.187372][T16629]  kmem_cache_alloc+0x36/0x290
[ 1117.192650][T16629]  ? kmem_cache_free+0xb8/0x5f0
[ 1117.197491][T16629]  __alloc_skb+0x75/0x4d0
[ 1117.201899][T16629]  hci_sock_dev_event+0xe4/0x570
[ 1117.206822][T16629]  hci_register_dev+0x641/0x710
[ 1117.211842][T16629]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1117.217383][T16629]  ? hci_uart_tty_write+0x10/0x10
[ 1117.222520][T16629]  tty_ioctl+0xf68/0x1710
[ 1117.226851][T16629]  ? tty_do_resize+0x170/0x170
[ 1117.231606][T16629]  ? avc_ss_reset+0x3a0/0x3a0
[ 1117.236442][T16629]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1117.242895][T16629]  ? refcount_inc_checked+0x50/0x50
[ 1117.248226][T16629]  ? memcg_check_events+0x5c/0x5b0
[ 1117.253329][T16629]  ? proc_fail_nth_write+0x1d5/0x240
[ 1117.259374][T16629]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1117.264657][T16629]  ? __lru_cache_add+0x1c4/0x210
[ 1117.269589][T16629]  ? memset+0x1f/0x40
[ 1117.273557][T16629]  ? fsnotify+0x1332/0x13f0
[ 1117.278046][T16629]  ? tty_do_resize+0x170/0x170
[ 1117.282970][T16629]  do_vfs_ioctl+0x76a/0x1720
[ 1117.287718][T16629]  ? selinux_file_ioctl+0x72f/0x990
[ 1117.293002][T16629]  ? ioctl_preallocate+0x250/0x250
[ 1117.298223][T16629]  ? __fget+0x37b/0x3c0
[ 1117.302532][T16629]  ? vfs_write+0x422/0x4e0
[ 1117.306940][T16629]  ? fget_many+0x20/0x20
[ 1117.311186][T16629]  ? debug_smp_processor_id+0x20/0x20
[ 1117.316662][T16629]  ? security_file_ioctl+0x9d/0xb0
[ 1117.321844][T16629]  __x64_sys_ioctl+0xd4/0x110
[ 1117.326519][T16629]  do_syscall_64+0xcb/0x1e0
[ 1117.331008][T16629]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1117.336876][T16629] RIP: 0033:0x4665d9
[ 1117.340767][T16629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1117.360980][T16629] RSP: 002b:00007f7add9d2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1117.369384][T16629] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1117.380633][T16629] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1117.388658][T16629] RBP: 00007f7add9d21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1117.396633][T16629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1117.404671][T16629] R13: 00007ffc6c6998ef R14: 00007f7add9d2300 R15: 0000000000022000
02:41:49 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@loopback, 0x5, 0x2, 0x1, 0x5, 0x3}, 0x20)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x8, 0x400003)
sendto$inet6(r1, &(0x7f00000000c0)="6906c3791314ef9712d5cf3df60d1b194fa3bf5da170fd20f4a76a911f0dc56c34b8b55b50647303d623b0000d59dc8b0df97a002627c999b48fe4f3d000d2ef693f740fe2e61c91745cb7559ea1bc6a401a24ac706e70ccf74c241495133c814b34da9d8bdab8ac2266736002b2b398afb72eb0af3d8134a0d6c80aacc363c06985e0aa161f3f6b188a2a07d84ec6ac40f83275012b741f26fc281f1ae6dfc5795b70bce428f2d5fa99df3af2de2234ddae986f010047c642d53f2b8c1423c9bfd157a4ec08090dcd221e1754bcbfb57e2505381600"/225, 0x115, 0x20000050, &(0x7f00000001c0)={0xa, 0x4e23, 0x1, @mcast2, 0x1f}, 0x1c)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e21, 0x3f, @dev={0xfe, 0x80, '\x00', 0x42}, 0x83f}, 0x1c)
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 1117.417026][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1117.433083][T16636] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:41:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800600010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000010608001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1117.473425][T16640] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1117.512383][T16648] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1119.446367][T16033] Bluetooth: hci0: command 0x1003 tx timeout
[ 1119.452861][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1121.526270][T16033] Bluetooth: hci0: command 0x1001 tx timeout
[ 1121.534599][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1123.606116][T16033] Bluetooth: hci0: command 0x1009 tx timeout
02:41:59 executing program 5 (fault-call:2 fault-nth:70):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:41:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000011000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:59 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000004008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:41:59 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x672, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:41:59 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2801600010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:59 executing program 1:
r0 = socket$inet6(0x10, 0x3, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000240)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'wg2\x00'})
readv(r0, &(0x7f0000003540)=[{&(0x7f0000002500)=""/4090, 0xffa}, {&(0x7f00000004c0)=""/4119, 0x1017}], 0x2)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r1, 0x407, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'veth1_macvtap\x00'})
recvfrom$inet6(r0, 0x0, 0x34, 0x0, 0x0, 0x0)
ftruncate(r2, 0x9)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x314aaee635b9c1b6, 0x0, 0x0, 0x26713e7aa99b227f)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

02:41:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000012000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1127.946393][T16662] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1127.962683][T16665] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1127.973800][T16669] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:41:59 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000008108001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:41:59 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803600010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1127.995775][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1128.021496][T16677] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:41:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000020000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:41:59 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2801620010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:41:59 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000ffffff8108001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1128.037922][T16676] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1128.078394][T16684] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1128.123493][T16688] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1130.005655][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1130.012034][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1132.085552][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1132.091816][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1134.165435][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:42:09 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:09 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000025000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:09 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000ffffff9e08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:09 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28006c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:09 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x673, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:09 executing program 1:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x65e, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000040000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:10 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000ffffffea08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1138.184951][T16702] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1138.203733][T16705] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1138.213899][T16709] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:42:10 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28036c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1138.233909][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
02:42:10 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28026e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000048000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:10 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000ffffffef08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1138.266888][T16717] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1138.283693][T16716] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1138.322528][T16725] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1138.365609][T16730] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1140.244979][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1140.251743][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1142.324848][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1142.331003][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1144.404728][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:42:20 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x2, 0x0)

02:42:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000004c000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:20 executing program 1 (fault-call:2 fault-nth:0):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:20 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28036e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:20 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000fffffff008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:20 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x674, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000060000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1148.426371][T16741] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.435301][T16744] FAULT_INJECTION: forcing a failure.
[ 1148.435301][T16744] name failslab, interval 1, probability 0, space 0, times 0
[ 1148.456062][T16739] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.457985][T16744] CPU: 0 PID: 16744 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1148.481616][T16744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1148.491865][T16744] Call Trace:
[ 1148.495185][T16744]  dump_stack+0x1d8/0x24e
[ 1148.499517][T16744]  ? devkmsg_release+0x11c/0x11c
[ 1148.504456][T16744]  ? show_regs_print_info+0x12/0x12
[ 1148.509825][T16744]  ? check_preemption_disabled+0x9e/0x330
02:42:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000068000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1148.513069][T16752] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.516024][T16744]  ? __set_page_owner+0x35/0x200
[ 1148.516035][T16744]  should_fail+0x6f6/0x860
[ 1148.516045][T16744]  ? setup_fault_attr+0x3d0/0x3d0
[ 1148.516053][T16744]  ? ldsem_down_read+0xb7/0x890
[ 1148.516070][T16744]  ? hci_alloc_dev+0x4d/0x15e0
[ 1148.555339][T16744]  should_failslab+0x5/0x20
[ 1148.559830][T16744]  kmem_cache_alloc_trace+0x39/0x2b0
02:42:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000016b000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1148.563787][T16756] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.565097][T16744]  hci_alloc_dev+0x4d/0x15e0
[ 1148.565109][T16744]  hci_uart_tty_ioctl+0x3c0/0xa10
[ 1148.565118][T16744]  ? hci_uart_tty_write+0x10/0x10
[ 1148.565134][T16744]  tty_ioctl+0xf68/0x1710
[ 1148.599575][T16744]  ? tty_do_resize+0x170/0x170
[ 1148.604326][T16744]  ? avc_ss_reset+0x3a0/0x3a0
[ 1148.608209][T16758] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:42:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000006c000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1148.608985][T16744]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1148.609000][T16744]  ? refcount_inc_checked+0x50/0x50
[ 1148.635480][T16744]  ? proc_fail_nth_write+0x1d5/0x240
[ 1148.640762][T16744]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1148.645958][T16744]  ? __lru_cache_add+0x1c4/0x210
[ 1148.650916][T16744]  ? memset+0x1f/0x40
[ 1148.654892][T16744]  ? fsnotify+0x1332/0x13f0
[ 1148.659389][T16744]  ? tty_do_resize+0x170/0x170
[ 1148.664238][T16744]  do_vfs_ioctl+0x76a/0x1720
[ 1148.668952][T16744]  ? selinux_file_ioctl+0x72f/0x990
02:42:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000074000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1148.673030][T16761] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.674272][T16744]  ? ioctl_preallocate+0x250/0x250
[ 1148.674288][T16744]  ? __fget+0x37b/0x3c0
[ 1148.699304][T16744]  ? vfs_write+0x422/0x4e0
[ 1148.703824][T16744]  ? fget_many+0x20/0x20
[ 1148.708360][T16744]  ? debug_smp_processor_id+0x20/0x20
[ 1148.713738][T16744]  ? security_file_ioctl+0x9d/0xb0
[ 1148.718840][T16744]  __x64_sys_ioctl+0xd4/0x110
02:42:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000000007a000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1148.721673][T16764] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.723523][T16744]  do_syscall_64+0xcb/0x1e0
[ 1148.723541][T16744]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1148.748970][T16744] RIP: 0033:0x4665d9
[ 1148.752874][T16744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1148.768085][T16766] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.772546][T16744] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1148.772557][T16744] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1148.772562][T16744] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1148.772566][T16744] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
02:42:20 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x4b47, 0x0)

02:42:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000081000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:20 executing program 1 (fault-call:2 fault-nth:1):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:20 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2802700010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:20 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000fffffffe08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1148.772579][T16744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1148.828380][T16744] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1148.838064][T16744] Bluetooth: Can't allocate HCI device
[ 1148.849852][T16768] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.887247][T16775] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1148.894867][T16779] FAULT_INJECTION: forcing a failure.
[ 1148.894867][T16779] name failslab, interval 1, probability 0, space 0, times 0
[ 1148.926125][T16779] CPU: 1 PID: 16779 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1148.936383][T16779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1148.947234][T16779] Call Trace:
[ 1148.950535][T16779]  dump_stack+0x1d8/0x24e
[ 1148.954838][T16779]  ? devkmsg_release+0x11c/0x11c
[ 1148.959863][T16779]  ? show_regs_print_info+0x12/0x12
[ 1148.965220][T16779]  ? _raw_spin_lock_irqsave+0xf8/0x210
[ 1148.970892][T16779]  should_fail+0x6f6/0x860
[ 1148.975299][T16779]  ? setup_fault_attr+0x3d0/0x3d0
[ 1148.980297][T16779]  ? memset+0x1f/0x40
[ 1148.984253][T16779]  ? h4_open+0x4f/0x140
[ 1148.988385][T16779]  should_failslab+0x5/0x20
[ 1148.993177][T16779]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1148.998437][T16779]  h4_open+0x4f/0x140
[ 1149.002827][T16779]  hci_uart_tty_ioctl+0x7ea/0xa10
[ 1149.007840][T16779]  ? hci_uart_tty_write+0x10/0x10
[ 1149.012851][T16779]  tty_ioctl+0xf68/0x1710
[ 1149.017260][T16779]  ? tty_do_resize+0x170/0x170
[ 1149.022166][T16779]  ? avc_ss_reset+0x3a0/0x3a0
[ 1149.026835][T16779]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1149.033313][T16779]  ? refcount_inc_checked+0x50/0x50
[ 1149.038576][T16779]  ? memcg_check_events+0x5c/0x5b0
[ 1149.043693][T16779]  ? proc_fail_nth_write+0x1d5/0x240
[ 1149.048968][T16779]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1149.054156][T16779]  ? __lru_cache_add+0x1c4/0x210
[ 1149.059082][T16779]  ? memset+0x1f/0x40
[ 1149.063320][T16779]  ? fsnotify+0x1332/0x13f0
[ 1149.068014][T16779]  ? tty_do_resize+0x170/0x170
[ 1149.073629][T16779]  do_vfs_ioctl+0x76a/0x1720
[ 1149.078728][T16779]  ? selinux_file_ioctl+0x72f/0x990
[ 1149.083897][T16779]  ? ioctl_preallocate+0x250/0x250
[ 1149.089463][T16779]  ? __fget+0x37b/0x3c0
[ 1149.094037][T16779]  ? vfs_write+0x422/0x4e0
[ 1149.098942][T16779]  ? fget_many+0x20/0x20
[ 1149.103167][T16779]  ? debug_smp_processor_id+0x20/0x20
[ 1149.108745][T16779]  ? security_file_ioctl+0x9d/0xb0
[ 1149.113969][T16779]  __x64_sys_ioctl+0xd4/0x110
[ 1149.118669][T16779]  do_syscall_64+0xcb/0x1e0
[ 1149.123603][T16779]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1149.129582][T16779] RIP: 0033:0x4665d9
[ 1149.133719][T16779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1149.153783][T16779] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1149.162268][T16779] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1149.170505][T16779] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1149.178454][T16779] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
02:42:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000ffffff81000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000007fffffff08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x4b49, 0x0)

02:42:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2802720010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:21 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x675, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:21 executing program 1 (fault-call:2 fault-nth:2):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1149.186500][T16779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1149.194444][T16779] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5409, 0x0)

02:42:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2802780010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1149.241622][T16787] FAULT_INJECTION: forcing a failure.
[ 1149.241622][T16787] name failslab, interval 1, probability 0, space 0, times 0
[ 1149.269502][T16787] CPU: 0 PID: 16787 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1149.279749][T16787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x540b, 0x0)

02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x540c, 0x0)

[ 1149.289798][T16787] Call Trace:
[ 1149.293131][T16787]  dump_stack+0x1d8/0x24e
[ 1149.297586][T16787]  ? devkmsg_release+0x11c/0x11c
[ 1149.302519][T16787]  ? memset+0x1f/0x40
[ 1149.306595][T16787]  ? show_regs_print_info+0x12/0x12
[ 1149.311795][T16787]  ? number+0xea3/0x1300
[ 1149.316069][T16787]  ? xas_create+0x12c3/0x13b0
[ 1149.320747][T16787]  should_fail+0x6f6/0x860
[ 1149.325160][T16787]  ? setup_fault_attr+0x3d0/0x3d0
[ 1149.330183][T16787]  ? xas_store+0xae3/0x1610
[ 1149.334711][T16787]  ? vsnprintf+0x1e4/0x1d60
02:42:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28007a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x540d, 0x0)

[ 1149.339210][T16787]  ? alloc_workqueue+0x156/0x11d0
[ 1149.344479][T16787]  should_failslab+0x5/0x20
[ 1149.348995][T16787]  __kmalloc+0x5f/0x2f0
[ 1149.353151][T16787]  alloc_workqueue+0x156/0x11d0
[ 1149.358165][T16787]  ? ptr_to_hashval+0x60/0x60
[ 1149.362840][T16787]  ? sprintf+0xd6/0x120
[ 1149.366994][T16787]  ? idr_replace+0x230/0x230
[ 1149.371578][T16787]  ? vsnprintf+0x1caa/0x1d60
[ 1149.376160][T16787]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1149.382224][T16787]  ? h4_open+0x4f/0x140
[ 1149.386387][T16787]  hci_register_dev+0x19a/0x710
[ 1149.391341][T16787]  ? h4_open+0x60/0x140
[ 1149.395497][T16787]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1149.400612][T16787]  ? hci_uart_tty_write+0x10/0x10
[ 1149.405659][T16787]  tty_ioctl+0xf68/0x1710
[ 1149.409989][T16787]  ? tty_do_resize+0x170/0x170
[ 1149.414750][T16787]  ? avc_ss_reset+0x3a0/0x3a0
[ 1149.419426][T16787]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1149.425605][T16787]  ? refcount_inc_checked+0x50/0x50
[ 1149.430797][T16787]  ? memcg_check_events+0x5c/0x5b0
[ 1149.435911][T16787]  ? proc_fail_nth_write+0x1d5/0x240
[ 1149.441198][T16787]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1149.446386][T16787]  ? __lru_cache_add+0x1c4/0x210
[ 1149.451397][T16787]  ? memset+0x1f/0x40
[ 1149.455358][T16787]  ? fsnotify+0x1332/0x13f0
[ 1149.459869][T16787]  ? tty_do_resize+0x170/0x170
[ 1149.464651][T16787]  do_vfs_ioctl+0x76a/0x1720
[ 1149.469240][T16787]  ? selinux_file_ioctl+0x72f/0x990
[ 1149.474429][T16787]  ? ioctl_preallocate+0x250/0x250
[ 1149.479534][T16787]  ? __fget+0x37b/0x3c0
[ 1149.483666][T16787]  ? vfs_write+0x422/0x4e0
[ 1149.488260][T16787]  ? fget_many+0x20/0x20
[ 1149.492563][T16787]  ? debug_smp_processor_id+0x20/0x20
[ 1149.498169][T16787]  ? security_file_ioctl+0x9d/0xb0
[ 1149.503293][T16787]  __x64_sys_ioctl+0xd4/0x110
[ 1149.508052][T16787]  do_syscall_64+0xcb/0x1e0
[ 1149.512528][T16787]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1149.518413][T16787] RIP: 0033:0x4665d9
[ 1149.522283][T16787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1149.542033][T16787] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1149.550522][T16787] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1149.558500][T16787] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1149.566725][T16787] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1149.574671][T16787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1149.582636][T16787] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
02:42:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000ffffff9e000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28027a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x540e, 0x0)

02:42:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0600000081ffffff08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1149.594097][T16787] Bluetooth: Can't register HCI device
02:42:21 executing program 1 (fault-call:2 fault-nth:3):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28027c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x540f, 0x0)

02:42:21 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x676, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000ffffffea000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000009effffff08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000eaffffff08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000ffffffef000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5410, 0x0)

[ 1149.694847][T16837] FAULT_INJECTION: forcing a failure.
[ 1149.694847][T16837] name failslab, interval 1, probability 0, space 0, times 0
[ 1149.710125][T16837] CPU: 1 PID: 16837 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1149.720371][T16837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1149.730503][T16837] Call Trace:
[ 1149.733778][T16837]  dump_stack+0x1d8/0x24e
[ 1149.738094][T16837]  ? devkmsg_release+0x11c/0x11c
[ 1149.743007][T16837]  ? show_regs_print_info+0x12/0x12
[ 1149.748207][T16837]  should_fail+0x6f6/0x860
[ 1149.752690][T16837]  ? setup_fault_attr+0x3d0/0x3d0
[ 1149.757687][T16837]  ? alloc_workqueue+0x156/0x11d0
[ 1149.762783][T16837]  ? alloc_workqueue+0x1cb/0x11d0
[ 1149.767885][T16837]  should_failslab+0x5/0x20
[ 1149.772360][T16837]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1149.777627][T16837]  ? alloc_workqueue+0x156/0x11d0
[ 1149.782631][T16837]  alloc_workqueue+0x1cb/0x11d0
[ 1149.787837][T16837]  ? sprintf+0xd6/0x120
[ 1149.792318][T16837]  ? idr_replace+0x230/0x230
[ 1149.797158][T16837]  ? vsnprintf+0x1caa/0x1d60
[ 1149.802040][T16837]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1149.808326][T16837]  ? h4_open+0x4f/0x140
[ 1149.812468][T16837]  hci_register_dev+0x19a/0x710
[ 1149.817307][T16837]  ? h4_open+0x60/0x140
[ 1149.821748][T16837]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1149.827177][T16837]  ? hci_uart_tty_write+0x10/0x10
[ 1149.832351][T16837]  tty_ioctl+0xf68/0x1710
[ 1149.837233][T16837]  ? tty_do_resize+0x170/0x170
[ 1149.841978][T16837]  ? avc_ss_reset+0x3a0/0x3a0
[ 1149.846730][T16837]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1149.852859][T16837]  ? refcount_inc_checked+0x50/0x50
[ 1149.858105][T16837]  ? memcg_check_events+0x5c/0x5b0
[ 1149.864058][T16837]  ? proc_fail_nth_write+0x1d5/0x240
[ 1149.869321][T16837]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1149.874516][T16837]  ? __lru_cache_add+0x1c4/0x210
[ 1149.879433][T16837]  ? memset+0x1f/0x40
[ 1149.883393][T16837]  ? fsnotify+0x1332/0x13f0
[ 1149.887877][T16837]  ? tty_do_resize+0x170/0x170
[ 1149.892728][T16837]  do_vfs_ioctl+0x76a/0x1720
[ 1149.897409][T16837]  ? selinux_file_ioctl+0x72f/0x990
[ 1149.902602][T16837]  ? ioctl_preallocate+0x250/0x250
[ 1149.907701][T16837]  ? __fget+0x37b/0x3c0
[ 1149.911836][T16837]  ? vfs_write+0x422/0x4e0
[ 1149.916405][T16837]  ? fget_many+0x20/0x20
[ 1149.920625][T16837]  ? debug_smp_processor_id+0x20/0x20
[ 1149.925977][T16837]  ? security_file_ioctl+0x9d/0xb0
[ 1149.931075][T16837]  __x64_sys_ioctl+0xd4/0x110
[ 1149.935727][T16837]  do_syscall_64+0xcb/0x1e0
[ 1149.940223][T16837]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1149.946272][T16837] RIP: 0033:0x4665d9
[ 1149.950403][T16837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1149.970101][T16837] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1149.978487][T16837] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1149.986452][T16837] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
02:42:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28017d0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:21 executing program 1 (fault-call:2 fault-nth:4):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000fffffff0000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000efffffff08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1149.994489][T16837] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1150.002540][T16837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1150.010657][T16837] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1150.023953][T16837] Bluetooth: Can't register HCI device
02:42:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5412, 0x0)

[ 1150.102868][T16862] FAULT_INJECTION: forcing a failure.
[ 1150.102868][T16862] name failslab, interval 1, probability 0, space 0, times 0
[ 1150.116623][T16862] CPU: 1 PID: 16862 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1150.126865][T16862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1150.136946][T16862] Call Trace:
[ 1150.140214][T16862]  dump_stack+0x1d8/0x24e
[ 1150.144519][T16862]  ? devkmsg_release+0x11c/0x11c
[ 1150.149457][T16862]  ? arch_stack_walk+0xf8/0x140
[ 1150.154285][T16862]  ? show_regs_print_info+0x12/0x12
[ 1150.159477][T16862]  should_fail+0x6f6/0x860
[ 1150.163868][T16862]  ? setup_fault_attr+0x3d0/0x3d0
[ 1150.168873][T16862]  ? __unwind_start+0x72f/0x8e0
[ 1150.174042][T16862]  ? apply_wqattrs_prepare+0xcb/0x17e0
[ 1150.179629][T16862]  should_failslab+0x5/0x20
[ 1150.184215][T16862]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1150.189584][T16862]  apply_wqattrs_prepare+0xcb/0x17e0
[ 1150.194863][T16862]  ? alloc_workqueue+0x1cb/0x11d0
[ 1150.200098][T16862]  ? hci_register_dev+0x19a/0x710
[ 1150.205390][T16862]  ? hci_uart_tty_ioctl+0x89e/0xa10
[ 1150.210653][T16862]  ? tty_ioctl+0xf68/0x1710
[ 1150.215189][T16862]  ? do_vfs_ioctl+0x76a/0x1720
[ 1150.219935][T16862]  ? __x64_sys_ioctl+0xd4/0x110
[ 1150.224768][T16862]  ? do_syscall_64+0xcb/0x1e0
[ 1150.229423][T16862]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1150.235904][T16862]  ? format_decode+0xc5c/0x1ab0
[ 1150.241272][T16862]  ? cwt_wakefn+0x70/0x70
[ 1150.245779][T16862]  ? vsnprintf+0x1d60/0x1d60
[ 1150.250640][T16862]  ? string+0x280/0x2c0
[ 1150.254767][T16862]  ? widen_string+0x3a/0x340
[ 1150.259340][T16862]  ? string+0x280/0x2c0
[ 1150.263783][T16862]  apply_workqueue_attrs_locked+0x136/0x6d0
[ 1150.269651][T16862]  ? check_preemption_disabled+0x9e/0x330
[ 1150.275347][T16862]  ? apply_workqueue_attrs+0x40/0x40
[ 1150.280608][T16862]  ? mutex_lock+0xa6/0x110
[ 1150.285002][T16862]  ? mutex_trylock+0xb0/0xb0
[ 1150.289564][T16862]  ? kmem_cache_alloc_trace+0x139/0x2b0
[ 1150.295089][T16862]  alloc_workqueue+0xcc4/0x11d0
[ 1150.299915][T16862]  ? sprintf+0xd6/0x120
[ 1150.304043][T16862]  ? idr_replace+0x230/0x230
[ 1150.309045][T16862]  ? vsnprintf+0x1caa/0x1d60
[ 1150.313704][T16862]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1150.319832][T16862]  ? h4_open+0x4f/0x140
[ 1150.324324][T16862]  hci_register_dev+0x19a/0x710
[ 1150.329441][T16862]  ? h4_open+0x60/0x140
[ 1150.333581][T16862]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1150.338777][T16862]  ? hci_uart_tty_write+0x10/0x10
[ 1150.343859][T16862]  tty_ioctl+0xf68/0x1710
[ 1150.348159][T16862]  ? tty_do_resize+0x170/0x170
[ 1150.352978][T16862]  ? avc_ss_reset+0x3a0/0x3a0
[ 1150.357622][T16862]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1150.363918][T16862]  ? refcount_inc_checked+0x50/0x50
[ 1150.370104][T16862]  ? memcg_check_events+0x5c/0x5b0
[ 1150.375421][T16862]  ? proc_fail_nth_write+0x1d5/0x240
[ 1150.380698][T16862]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1150.385974][T16862]  ? __lru_cache_add+0x1c4/0x210
[ 1150.391338][T16862]  ? memset+0x1f/0x40
[ 1150.395475][T16862]  ? fsnotify+0x1332/0x13f0
[ 1150.400482][T16862]  ? tty_do_resize+0x170/0x170
[ 1150.405527][T16862]  do_vfs_ioctl+0x76a/0x1720
[ 1150.410352][T16862]  ? selinux_file_ioctl+0x72f/0x990
[ 1150.415530][T16862]  ? ioctl_preallocate+0x250/0x250
[ 1150.420882][T16862]  ? __fget+0x37b/0x3c0
[ 1150.425194][T16862]  ? vfs_write+0x422/0x4e0
[ 1150.429586][T16862]  ? fget_many+0x20/0x20
[ 1150.433821][T16862]  ? debug_smp_processor_id+0x20/0x20
[ 1150.439170][T16862]  ? security_file_ioctl+0x9d/0xb0
[ 1150.444271][T16862]  __x64_sys_ioctl+0xd4/0x110
[ 1150.448922][T16862]  do_syscall_64+0xcb/0x1e0
[ 1150.453507][T16862]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1150.459457][T16862] RIP: 0033:0x4665d9
[ 1150.463326][T16862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1150.482996][T16862] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1150.491381][T16862] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1150.499950][T16862] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1150.507896][T16862] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1150.515841][T16862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1150.524519][T16862] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1150.534120][T16862] Bluetooth: Can't register HCI device
02:42:22 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x677, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800810010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000fffffffe000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000f0ffffff08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5413, 0x0)

02:42:22 executing program 1 (fault-call:2 fault-nth:5):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803840010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5414, 0x0)

02:42:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000feffffff08001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1150.651144][T16884] FAULT_INJECTION: forcing a failure.
[ 1150.651144][T16884] name failslab, interval 1, probability 0, space 0, times 0
[ 1150.665380][T16884] CPU: 1 PID: 16884 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1150.675987][T16884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1150.686283][T16884] Call Trace:
[ 1150.689559][T16884]  dump_stack+0x1d8/0x24e
[ 1150.693897][T16884]  ? devkmsg_release+0x11c/0x11c
[ 1150.699104][T16884]  ? show_regs_print_info+0x12/0x12
[ 1150.704948][T16884]  should_fail+0x6f6/0x860
[ 1150.709362][T16884]  ? setup_fault_attr+0x3d0/0x3d0
[ 1150.714873][T16884]  ? apply_wqattrs_prepare+0x102/0x17e0
[ 1150.720396][T16884]  should_failslab+0x5/0x20
[ 1150.724914][T16884]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1150.730281][T16884]  ? apply_wqattrs_prepare+0xcb/0x17e0
[ 1150.735951][T16884]  apply_wqattrs_prepare+0x102/0x17e0
[ 1150.741314][T16884]  ? alloc_workqueue+0x1cb/0x11d0
[ 1150.746322][T16884]  ? hci_register_dev+0x19a/0x710
[ 1150.751320][T16884]  ? hci_uart_tty_ioctl+0x89e/0xa10
[ 1150.756580][T16884]  ? tty_ioctl+0xf68/0x1710
[ 1150.761064][T16884]  ? do_vfs_ioctl+0x76a/0x1720
[ 1150.765856][T16884]  ? __x64_sys_ioctl+0xd4/0x110
[ 1150.770682][T16884]  ? do_syscall_64+0xcb/0x1e0
[ 1150.775578][T16884]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1150.782966][T16884]  ? format_decode+0xc5c/0x1ab0
[ 1150.787805][T16884]  ? cwt_wakefn+0x70/0x70
[ 1150.792343][T16884]  ? vsnprintf+0x1d60/0x1d60
[ 1150.797092][T16884]  ? string+0x280/0x2c0
[ 1150.801413][T16884]  ? widen_string+0x3a/0x340
[ 1150.805987][T16884]  ? string+0x280/0x2c0
[ 1150.810211][T16884]  apply_workqueue_attrs_locked+0x136/0x6d0
[ 1150.816160][T16884]  ? check_preemption_disabled+0x9e/0x330
[ 1150.822465][T16884]  ? apply_workqueue_attrs+0x40/0x40
[ 1150.827810][T16884]  ? mutex_lock+0xa6/0x110
[ 1150.832211][T16884]  ? mutex_trylock+0xb0/0xb0
[ 1150.836774][T16884]  ? kmem_cache_alloc_trace+0x139/0x2b0
[ 1150.842291][T16884]  alloc_workqueue+0xcc4/0x11d0
[ 1150.847111][T16884]  ? sprintf+0xd6/0x120
[ 1150.851236][T16884]  ? idr_replace+0x230/0x230
[ 1150.855809][T16884]  ? vsnprintf+0x1caa/0x1d60
[ 1150.860556][T16884]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1150.867375][T16884]  ? h4_open+0x4f/0x140
[ 1150.871512][T16884]  hci_register_dev+0x19a/0x710
[ 1150.876520][T16884]  ? h4_open+0x60/0x140
[ 1150.880749][T16884]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1150.885829][T16884]  ? hci_uart_tty_write+0x10/0x10
[ 1150.891082][T16884]  tty_ioctl+0xf68/0x1710
[ 1150.895469][T16884]  ? tty_do_resize+0x170/0x170
[ 1150.900202][T16884]  ? avc_ss_reset+0x3a0/0x3a0
[ 1150.904843][T16884]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1150.911850][T16884]  ? refcount_inc_checked+0x50/0x50
[ 1150.917216][T16884]  ? memcg_check_events+0x5c/0x5b0
[ 1150.922311][T16884]  ? proc_fail_nth_write+0x1d5/0x240
[ 1150.927567][T16884]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1150.932739][T16884]  ? __lru_cache_add+0x1c4/0x210
[ 1150.937949][T16884]  ? memset+0x1f/0x40
[ 1150.941931][T16884]  ? fsnotify+0x1332/0x13f0
[ 1150.946415][T16884]  ? tty_do_resize+0x170/0x170
[ 1150.951163][T16884]  do_vfs_ioctl+0x76a/0x1720
[ 1150.955763][T16884]  ? selinux_file_ioctl+0x72f/0x990
[ 1150.960936][T16884]  ? ioctl_preallocate+0x250/0x250
[ 1150.966024][T16884]  ? __fget+0x37b/0x3c0
[ 1150.970151][T16884]  ? vfs_write+0x422/0x4e0
[ 1150.974537][T16884]  ? fget_many+0x20/0x20
[ 1150.978889][T16884]  ? debug_smp_processor_id+0x20/0x20
[ 1150.984251][T16884]  ? security_file_ioctl+0x9d/0xb0
[ 1150.989335][T16884]  __x64_sys_ioctl+0xd4/0x110
[ 1150.993984][T16884]  do_syscall_64+0xcb/0x1e0
[ 1150.998463][T16884]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1151.004340][T16884] RIP: 0033:0x4665d9
[ 1151.008207][T16884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1151.027804][T16884] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1151.036198][T16884] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1151.044226][T16884] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
02:42:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000007fffffff000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:22 executing program 1 (fault-call:2 fault-nth:6):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1151.052167][T16884] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1151.060121][T16884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1151.068061][T16884] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1151.084558][T16884] Bluetooth: Can't register HCI device
02:42:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5415, 0x0)

[ 1151.164183][T16902] FAULT_INJECTION: forcing a failure.
[ 1151.164183][T16902] name failslab, interval 1, probability 0, space 0, times 0
[ 1151.178159][T16902] CPU: 0 PID: 16902 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1151.188527][T16902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1151.198619][T16902] Call Trace:
[ 1151.202150][T16902]  dump_stack+0x1d8/0x24e
[ 1151.206507][T16902]  ? devkmsg_release+0x11c/0x11c
[ 1151.211440][T16902]  ? show_regs_print_info+0x12/0x12
[ 1151.216896][T16902]  should_fail+0x6f6/0x860
[ 1151.221304][T16902]  ? setup_fault_attr+0x3d0/0x3d0
[ 1151.226310][T16902]  ? apply_wqattrs_prepare+0x1c0/0x17e0
[ 1151.231847][T16902]  should_failslab+0x5/0x20
[ 1151.236415][T16902]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1151.241766][T16902]  ? apply_wqattrs_prepare+0x102/0x17e0
[ 1151.247757][T16902]  apply_wqattrs_prepare+0x1c0/0x17e0
[ 1151.253225][T16902]  ? alloc_workqueue+0x1cb/0x11d0
[ 1151.258321][T16902]  ? hci_uart_tty_ioctl+0x89e/0xa10
[ 1151.263712][T16902]  ? tty_ioctl+0xf68/0x1710
[ 1151.268736][T16902]  ? do_vfs_ioctl+0x76a/0x1720
[ 1151.274065][T16902]  ? __x64_sys_ioctl+0xd4/0x110
[ 1151.278923][T16902]  ? do_syscall_64+0xcb/0x1e0
[ 1151.283583][T16902]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1151.289721][T16902]  ? format_decode+0xc5c/0x1ab0
[ 1151.294924][T16902]  ? cwt_wakefn+0x70/0x70
[ 1151.299428][T16902]  ? vsnprintf+0x1d60/0x1d60
[ 1151.304043][T16902]  ? string+0x280/0x2c0
[ 1151.308179][T16902]  ? widen_string+0x3a/0x340
[ 1151.312742][T16902]  ? string+0x280/0x2c0
[ 1151.317046][T16902]  apply_workqueue_attrs_locked+0x136/0x6d0
[ 1151.322921][T16902]  ? check_preemption_disabled+0x9e/0x330
[ 1151.328699][T16902]  ? apply_workqueue_attrs+0x40/0x40
[ 1151.334301][T16902]  ? mutex_lock+0xa6/0x110
[ 1151.338707][T16902]  ? mutex_trylock+0xb0/0xb0
[ 1151.343627][T16902]  ? kmem_cache_alloc_trace+0x139/0x2b0
[ 1151.349147][T16902]  alloc_workqueue+0xcc4/0x11d0
[ 1151.354165][T16902]  ? sprintf+0xd6/0x120
[ 1151.358603][T16902]  ? idr_replace+0x230/0x230
[ 1151.363174][T16902]  ? vsnprintf+0x1caa/0x1d60
[ 1151.367738][T16902]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1151.374040][T16902]  ? h4_open+0x4f/0x140
[ 1151.378455][T16902]  hci_register_dev+0x19a/0x710
[ 1151.383741][T16902]  ? h4_open+0x60/0x140
[ 1151.388072][T16902]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1151.393190][T16902]  ? hci_uart_tty_write+0x10/0x10
[ 1151.398831][T16902]  tty_ioctl+0xf68/0x1710
[ 1151.403142][T16902]  ? tty_do_resize+0x170/0x170
[ 1151.408061][T16902]  ? avc_ss_reset+0x3a0/0x3a0
[ 1151.412801][T16902]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1151.419114][T16902]  ? refcount_inc_checked+0x50/0x50
[ 1151.424482][T16902]  ? memcg_check_events+0x5c/0x5b0
[ 1151.430082][T16902]  ? proc_fail_nth_write+0x1d5/0x240
[ 1151.435527][T16902]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1151.440895][T16902]  ? __lru_cache_add+0x1c4/0x210
[ 1151.445992][T16902]  ? memset+0x1f/0x40
[ 1151.449946][T16902]  ? fsnotify+0x1332/0x13f0
[ 1151.454561][T16902]  ? tty_do_resize+0x170/0x170
[ 1151.459309][T16902]  do_vfs_ioctl+0x76a/0x1720
[ 1151.464168][T16902]  ? selinux_file_ioctl+0x72f/0x990
[ 1151.469343][T16902]  ? ioctl_preallocate+0x250/0x250
[ 1151.474435][T16902]  ? __fget+0x37b/0x3c0
[ 1151.478585][T16902]  ? vfs_write+0x422/0x4e0
[ 1151.482991][T16902]  ? fget_many+0x20/0x20
[ 1151.487318][T16902]  ? debug_smp_processor_id+0x20/0x20
[ 1151.492853][T16902]  ? security_file_ioctl+0x9d/0xb0
[ 1151.498160][T16902]  __x64_sys_ioctl+0xd4/0x110
[ 1151.502911][T16902]  do_syscall_64+0xcb/0x1e0
[ 1151.507394][T16902]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1151.513258][T16902] RIP: 0033:0x4665d9
[ 1151.517144][T16902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1151.537697][T16902] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1151.546805][T16902] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1151.554756][T16902] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1151.562700][T16902] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1151.570651][T16902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1151.578859][T16902] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1151.588053][T16902] Bluetooth: Can't register HCI device
02:42:23 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000001001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:23 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800880010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000081ffffff000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:23 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x678, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:23 executing program 1 (fault-call:2 fault-nth:7):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:23 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5416, 0x0)

02:42:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000009effffff000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:23 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28018c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:23 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5417, 0x0)

[ 1151.668769][T16916] __nla_validate_parse: 3 callbacks suppressed
[ 1151.668776][T16916] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1151.686211][T16915] FAULT_INJECTION: forcing a failure.
[ 1151.686211][T16915] name failslab, interval 1, probability 0, space 0, times 0
[ 1151.702744][T16915] CPU: 0 PID: 16915 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
02:42:23 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000004001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:23 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000005001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1151.713446][T16915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1151.723492][T16915] Call Trace:
[ 1151.726818][T16915]  dump_stack+0x1d8/0x24e
[ 1151.729170][T16927] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1151.731138][T16915]  ? devkmsg_release+0x11c/0x11c
[ 1151.731156][T16915]  ? show_regs_print_info+0x12/0x12
[ 1151.749508][T16915]  should_fail+0x6f6/0x860
[ 1151.754014][T16915]  ? setup_fault_attr+0x3d0/0x3d0
[ 1151.759130][T16915]  ? apply_wqattrs_prepare+0x8a5/0x17e0
02:42:23 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5418, 0x0)

[ 1151.765194][T16915]  should_failslab+0x5/0x20
[ 1151.769693][T16915]  kmem_cache_alloc+0x36/0x290
[ 1151.774468][T16915]  apply_wqattrs_prepare+0x8a5/0x17e0
[ 1151.780224][T16915]  ? __x64_sys_ioctl+0xd4/0x110
[ 1151.785338][T16915]  ? format_decode+0xc5c/0x1ab0
[ 1151.790416][T16915]  ? cwt_wakefn+0x70/0x70
[ 1151.794920][T16915]  ? vsnprintf+0x1d60/0x1d60
[ 1151.799592][T16915]  ? string+0x280/0x2c0
[ 1151.803329][T16935] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1151.803892][T16915]  ? widen_string+0x3a/0x340
02:42:23 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000006001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:23 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28018e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1151.803901][T16915]  ? string+0x280/0x2c0
[ 1151.803916][T16915]  apply_workqueue_attrs_locked+0x136/0x6d0
[ 1151.827810][T16915]  ? check_preemption_disabled+0x9e/0x330
[ 1151.833627][T16915]  ? apply_workqueue_attrs+0x40/0x40
[ 1151.838910][T16915]  ? mutex_lock+0xa6/0x110
[ 1151.843337][T16915]  ? mutex_trylock+0xb0/0xb0
[ 1151.848107][T16915]  ? kmem_cache_alloc_trace+0x139/0x2b0
[ 1151.853739][T16915]  alloc_workqueue+0xcc4/0x11d0
[ 1151.858905][T16915]  ? sprintf+0xd6/0x120
[ 1151.863078][T16915]  ? idr_replace+0x230/0x230
[ 1151.867806][T16915]  ? vsnprintf+0x1caa/0x1d60
[ 1151.872495][T16915]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1151.877221][T16944] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1151.878551][T16915]  ? h4_open+0x4f/0x140
[ 1151.878561][T16915]  hci_register_dev+0x19a/0x710
[ 1151.878574][T16915]  ? h4_open+0x60/0x140
[ 1151.901241][T16915]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1151.906435][T16915]  ? hci_uart_tty_write+0x10/0x10
[ 1151.911627][T16915]  tty_ioctl+0xf68/0x1710
[ 1151.915954][T16915]  ? tty_do_resize+0x170/0x170
[ 1151.921135][T16915]  ? avc_ss_reset+0x3a0/0x3a0
[ 1151.925824][T16915]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1151.932203][T16915]  ? refcount_inc_checked+0x50/0x50
[ 1151.937390][T16915]  ? memcg_check_events+0x5c/0x5b0
[ 1151.942485][T16915]  ? proc_fail_nth_write+0x1d5/0x240
[ 1151.947749][T16915]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1151.952953][T16915]  ? __lru_cache_add+0x1c4/0x210
[ 1151.957869][T16915]  ? memset+0x1f/0x40
[ 1151.961832][T16915]  ? fsnotify+0x1332/0x13f0
[ 1151.966414][T16915]  ? tty_do_resize+0x170/0x170
[ 1151.971161][T16915]  do_vfs_ioctl+0x76a/0x1720
[ 1151.975922][T16915]  ? selinux_file_ioctl+0x72f/0x990
[ 1151.981096][T16915]  ? ioctl_preallocate+0x250/0x250
[ 1151.986270][T16915]  ? __fget+0x37b/0x3c0
[ 1151.990399][T16915]  ? vfs_write+0x422/0x4e0
[ 1151.994805][T16915]  ? fget_many+0x20/0x20
[ 1151.999283][T16915]  ? debug_smp_processor_id+0x20/0x20
[ 1152.004635][T16915]  ? security_file_ioctl+0x9d/0xb0
[ 1152.009839][T16915]  __x64_sys_ioctl+0xd4/0x110
[ 1152.014504][T16915]  do_syscall_64+0xcb/0x1e0
[ 1152.019118][T16915]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1152.024992][T16915] RIP: 0033:0x4665d9
[ 1152.028863][T16915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1152.048562][T16915] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1152.057074][T16915] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1152.065155][T16915] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1152.073216][T16915] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1152.081343][T16915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.089304][T16915] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1152.098481][T16915] Bluetooth: Can't register HCI device
02:42:24 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x679, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:24 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x541b, 0x0)

02:42:24 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2801900010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:24 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000002000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000eaffffff000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 1 (fault-call:2 fault-nth:8):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:24 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000003000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000efffffff000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x541d, 0x0)

[ 1152.306869][T16957] FAULT_INJECTION: forcing a failure.
[ 1152.306869][T16957] name failslab, interval 1, probability 0, space 0, times 0
[ 1152.320640][T16957] CPU: 0 PID: 16957 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1152.330931][T16957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1152.340984][T16957] Call Trace:
[ 1152.344409][T16957]  dump_stack+0x1d8/0x24e
[ 1152.349149][T16957]  ? devkmsg_release+0x11c/0x11c
02:42:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000f0ffffff000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x541e, 0x0)

02:42:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000feffffff000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1152.354522][T16957]  ? show_regs_print_info+0x12/0x12
[ 1152.359724][T16957]  ? kfree+0xe0/0x660
[ 1152.363706][T16957]  ? apply_wqattrs_commit+0x3d1/0x730
[ 1152.369165][T16957]  should_fail+0x6f6/0x860
[ 1152.373577][T16957]  ? setup_fault_attr+0x3d0/0x3d0
[ 1152.378728][T16957]  ? check_preemption_disabled+0x9e/0x330
[ 1152.384799][T16957]  ? pwq_adjust_max_active+0xc0/0x900
[ 1152.390167][T16957]  ? mutex_lock+0xa6/0x110
[ 1152.394585][T16957]  ? alloc_workqueue+0x156/0x11d0
[ 1152.399611][T16957]  should_failslab+0x5/0x20
[ 1152.404116][T16957]  __kmalloc+0x5f/0x2f0
[ 1152.408272][T16957]  alloc_workqueue+0x156/0x11d0
[ 1152.413205][T16957]  ? sprintf+0xd6/0x120
[ 1152.417353][T16957]  ? idr_replace+0x230/0x230
[ 1152.421936][T16957]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1152.428256][T16957]  ? h4_open+0x4f/0x140
[ 1152.432538][T16957]  hci_register_dev+0x1f2/0x710
[ 1152.437386][T16957]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1152.442499][T16957]  ? hci_uart_tty_write+0x10/0x10
[ 1152.447520][T16957]  tty_ioctl+0xf68/0x1710
[ 1152.451845][T16957]  ? tty_do_resize+0x170/0x170
[ 1152.456608][T16957]  ? avc_ss_reset+0x3a0/0x3a0
[ 1152.461276][T16957]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1152.467602][T16957]  ? refcount_inc_checked+0x50/0x50
[ 1152.472855][T16957]  ? memcg_check_events+0x5c/0x5b0
[ 1152.477964][T16957]  ? proc_fail_nth_write+0x1d5/0x240
[ 1152.483244][T16957]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1152.488566][T16957]  ? __lru_cache_add+0x1c4/0x210
[ 1152.493845][T16957]  ? memset+0x1f/0x40
[ 1152.497952][T16957]  ? fsnotify+0x1332/0x13f0
[ 1152.502653][T16957]  ? tty_do_resize+0x170/0x170
[ 1152.507403][T16957]  do_vfs_ioctl+0x76a/0x1720
[ 1152.511985][T16957]  ? selinux_file_ioctl+0x72f/0x990
[ 1152.517172][T16957]  ? ioctl_preallocate+0x250/0x250
[ 1152.522273][T16957]  ? __fget+0x37b/0x3c0
[ 1152.526402][T16957]  ? vfs_write+0x422/0x4e0
[ 1152.530815][T16957]  ? fget_many+0x20/0x20
[ 1152.535037][T16957]  ? debug_smp_processor_id+0x20/0x20
[ 1152.541455][T16957]  ? security_file_ioctl+0x9d/0xb0
[ 1152.546657][T16957]  __x64_sys_ioctl+0xd4/0x110
[ 1152.551313][T16957]  do_syscall_64+0xcb/0x1e0
[ 1152.555809][T16957]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1152.561834][T16957] RIP: 0033:0x4665d9
[ 1152.565736][T16957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1152.585436][T16957] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1152.593907][T16957] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1152.601851][T16957] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1152.609803][T16957] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1152.617752][T16957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.626392][T16957] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1152.634698][T16957] Bluetooth: Can't register HCI device
02:42:24 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x67a, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:24 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x541e, 0x0)

02:42:24 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800920010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000380000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000004000008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 1 (fault-call:2 fault-nth:9):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000010000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000006010008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:24 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803920010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:24 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5420, 0x0)

02:42:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000020000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1152.872724][T16997] FAULT_INJECTION: forcing a failure.
[ 1152.872724][T16997] name failslab, interval 1, probability 0, space 0, times 0
[ 1152.887351][T16997] CPU: 0 PID: 16997 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1152.898045][T16997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1152.908331][T16997] Call Trace:
[ 1152.911911][T16997]  dump_stack+0x1d8/0x24e
[ 1152.916249][T16997]  ? devkmsg_release+0x11c/0x11c
02:42:24 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5421, 0x0)

[ 1152.921275][T16997]  ? show_regs_print_info+0x12/0x12
[ 1152.926484][T16997]  should_fail+0x6f6/0x860
[ 1152.930907][T16997]  ? setup_fault_attr+0x3d0/0x3d0
[ 1152.936192][T16997]  ? mutex_lock+0xa6/0x110
[ 1152.940606][T16997]  ? alloc_workqueue+0x1cb/0x11d0
[ 1152.945801][T16997]  should_failslab+0x5/0x20
[ 1152.950300][T16997]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1152.955663][T16997]  ? alloc_workqueue+0x156/0x11d0
[ 1152.960680][T16997]  alloc_workqueue+0x1cb/0x11d0
[ 1152.965617][T16997]  ? sprintf+0xd6/0x120
[ 1152.969769][T16997]  ? idr_replace+0x230/0x230
[ 1152.974354][T16997]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1152.980417][T16997]  ? h4_open+0x4f/0x140
[ 1152.984568][T16997]  hci_register_dev+0x1f2/0x710
[ 1152.989417][T16997]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1152.994438][T16997]  ? hci_uart_tty_write+0x10/0x10
[ 1152.999467][T16997]  tty_ioctl+0xf68/0x1710
[ 1153.003794][T16997]  ? tty_do_resize+0x170/0x170
[ 1153.008563][T16997]  ? avc_ss_reset+0x3a0/0x3a0
[ 1153.013239][T16997]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1153.019388][T16997]  ? refcount_inc_checked+0x50/0x50
[ 1153.024578][T16997]  ? memcg_check_events+0x5c/0x5b0
[ 1153.029946][T16997]  ? proc_fail_nth_write+0x1d5/0x240
[ 1153.035312][T16997]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1153.040574][T16997]  ? __lru_cache_add+0x1c4/0x210
[ 1153.045582][T16997]  ? memset+0x1f/0x40
[ 1153.049543][T16997]  ? fsnotify+0x1332/0x13f0
[ 1153.054117][T16997]  ? tty_do_resize+0x170/0x170
[ 1153.058868][T16997]  do_vfs_ioctl+0x76a/0x1720
[ 1153.063437][T16997]  ? selinux_file_ioctl+0x72f/0x990
[ 1153.068613][T16997]  ? ioctl_preallocate+0x250/0x250
[ 1153.073699][T16997]  ? __fget+0x37b/0x3c0
[ 1153.077828][T16997]  ? vfs_write+0x422/0x4e0
[ 1153.082218][T16997]  ? fget_many+0x20/0x20
[ 1153.086432][T16997]  ? debug_smp_processor_id+0x20/0x20
[ 1153.091783][T16997]  ? security_file_ioctl+0x9d/0xb0
[ 1153.096977][T16997]  __x64_sys_ioctl+0xd4/0x110
[ 1153.101715][T16997]  do_syscall_64+0xcb/0x1e0
[ 1153.106194][T16997]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1153.112078][T16997] RIP: 0033:0x4665d9
[ 1153.115961][T16997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1153.135736][T16997] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1153.144206][T16997] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1153.152339][T16997] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1153.160315][T16997] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1153.168412][T16997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1153.176547][T16997] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1153.185012][T16997] Bluetooth: Can't register HCI device
02:42:25 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x67b, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000030000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:25 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000030008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:25 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28029c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:25 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5422, 0x0)

02:42:25 executing program 1 (fault-call:2 fault-nth:10):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000040000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:25 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28039e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:25 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5423, 0x0)

02:42:25 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000001060008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1153.353097][T17034] FAULT_INJECTION: forcing a failure.
[ 1153.353097][T17034] name failslab, interval 1, probability 0, space 0, times 0
[ 1153.369255][T17034] CPU: 1 PID: 17034 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1153.379928][T17034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1153.390250][T17034] Call Trace:
[ 1153.393536][T17034]  dump_stack+0x1d8/0x24e
[ 1153.397958][T17034]  ? devkmsg_release+0x11c/0x11c
[ 1153.402874][T17034]  ? arch_stack_walk+0xf8/0x140
[ 1153.407702][T17034]  ? show_regs_print_info+0x12/0x12
[ 1153.412885][T17034]  should_fail+0x6f6/0x860
[ 1153.417279][T17034]  ? setup_fault_attr+0x3d0/0x3d0
[ 1153.422316][T17034]  ? apply_wqattrs_prepare+0xcb/0x17e0
[ 1153.427761][T17034]  should_failslab+0x5/0x20
[ 1153.432243][T17034]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1153.437537][T17034]  apply_wqattrs_prepare+0xcb/0x17e0
[ 1153.442903][T17034]  ? alloc_workqueue+0x1cb/0x11d0
[ 1153.447929][T17034]  ? hci_register_dev+0x1f2/0x710
[ 1153.453200][T17034]  ? hci_uart_tty_ioctl+0x89e/0xa10
[ 1153.458374][T17034]  ? tty_ioctl+0xf68/0x1710
[ 1153.462855][T17034]  ? do_vfs_ioctl+0x76a/0x1720
[ 1153.467620][T17034]  ? __x64_sys_ioctl+0xd4/0x110
[ 1153.472470][T17034]  ? do_syscall_64+0xcb/0x1e0
[ 1153.477122][T17034]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1153.483172][T17034]  ? format_decode+0xc5c/0x1ab0
[ 1153.488093][T17034]  ? cwt_wakefn+0x70/0x70
[ 1153.492401][T17034]  ? vsnprintf+0x1d60/0x1d60
[ 1153.497051][T17034]  ? string+0x280/0x2c0
[ 1153.501178][T17034]  ? widen_string+0x3a/0x340
[ 1153.505862][T17034]  ? string+0x280/0x2c0
[ 1153.510001][T17034]  apply_workqueue_attrs_locked+0x136/0x6d0
[ 1153.515891][T17034]  ? check_preemption_disabled+0x9e/0x330
[ 1153.521584][T17034]  ? apply_workqueue_attrs+0x40/0x40
[ 1153.526841][T17034]  ? mutex_lock+0xa6/0x110
[ 1153.531229][T17034]  ? mutex_trylock+0xb0/0xb0
[ 1153.535929][T17034]  ? kmem_cache_alloc_trace+0x139/0x2b0
[ 1153.541623][T17034]  alloc_workqueue+0xcc4/0x11d0
[ 1153.546457][T17034]  ? sprintf+0xd6/0x120
[ 1153.550605][T17034]  ? idr_replace+0x230/0x230
[ 1153.555173][T17034]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1153.561218][T17034]  ? h4_open+0x4f/0x140
[ 1153.565419][T17034]  hci_register_dev+0x1f2/0x710
[ 1153.570260][T17034]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1153.575432][T17034]  ? hci_uart_tty_write+0x10/0x10
[ 1153.580611][T17034]  tty_ioctl+0xf68/0x1710
[ 1153.585036][T17034]  ? tty_do_resize+0x170/0x170
[ 1153.589785][T17034]  ? avc_ss_reset+0x3a0/0x3a0
[ 1153.594608][T17034]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1153.600740][T17034]  ? refcount_inc_checked+0x50/0x50
[ 1153.606026][T17034]  ? memcg_check_events+0x5c/0x5b0
[ 1153.611436][T17034]  ? proc_fail_nth_write+0x1d5/0x240
[ 1153.616699][T17034]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1153.621873][T17034]  ? __lru_cache_add+0x1c4/0x210
[ 1153.626794][T17034]  ? memset+0x1f/0x40
[ 1153.630827][T17034]  ? fsnotify+0x1332/0x13f0
[ 1153.635324][T17034]  ? tty_do_resize+0x170/0x170
[ 1153.640653][T17034]  do_vfs_ioctl+0x76a/0x1720
[ 1153.645231][T17034]  ? selinux_file_ioctl+0x72f/0x990
[ 1153.650416][T17034]  ? ioctl_preallocate+0x250/0x250
[ 1153.655507][T17034]  ? __fget+0x37b/0x3c0
[ 1153.659635][T17034]  ? vfs_write+0x422/0x4e0
[ 1153.664042][T17034]  ? fget_many+0x20/0x20
[ 1153.668268][T17034]  ? debug_smp_processor_id+0x20/0x20
[ 1153.673910][T17034]  ? security_file_ioctl+0x9d/0xb0
[ 1153.679060][T17034]  __x64_sys_ioctl+0xd4/0x110
[ 1153.684093][T17034]  do_syscall_64+0xcb/0x1e0
[ 1153.688627][T17034]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1153.694626][T17034] RIP: 0033:0x4665d9
[ 1153.698511][T17034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1153.718535][T17034] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1153.726928][T17034] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1153.735083][T17034] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1153.743051][T17034] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1153.750997][T17034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1153.759226][T17034] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1153.772545][T17034] Bluetooth: Can't register HCI device
[ 1153.781424][T17039] net_ratelimit: 29 callbacks suppressed
[ 1153.781432][T17039] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:42:25 executing program 1 (fault-call:2 fault-nth:11):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000050000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1153.803379][T17042] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1153.861124][T17051] FAULT_INJECTION: forcing a failure.
[ 1153.861124][T17051] name failslab, interval 1, probability 0, space 0, times 0
[ 1153.874563][T17051] CPU: 1 PID: 17051 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1153.879998][T17053] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1153.885348][T17051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1153.885352][T17051] Call Trace:
[ 1153.885374][T17051]  dump_stack+0x1d8/0x24e
[ 1153.885385][T17051]  ? devkmsg_release+0x11c/0x11c
[ 1153.885396][T17051]  ? show_regs_print_info+0x12/0x12
[ 1153.885411][T17051]  should_fail+0x6f6/0x860
[ 1153.885423][T17051]  ? setup_fault_attr+0x3d0/0x3d0
[ 1153.885435][T17051]  ? apply_wqattrs_prepare+0x102/0x17e0
[ 1153.885447][T17051]  should_failslab+0x5/0x20
[ 1153.885457][T17051]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1153.885466][T17051]  ? apply_wqattrs_prepare+0xcb/0x17e0
[ 1153.885474][T17051]  apply_wqattrs_prepare+0x102/0x17e0
[ 1153.885489][T17051]  ? alloc_workqueue+0x1cb/0x11d0
[ 1153.970228][T17051]  ? hci_register_dev+0x1f2/0x710
[ 1153.975316][T17051]  ? hci_uart_tty_ioctl+0x89e/0xa10
[ 1153.980512][T17051]  ? tty_ioctl+0xf68/0x1710
[ 1153.984989][T17051]  ? do_vfs_ioctl+0x76a/0x1720
[ 1153.989737][T17051]  ? __x64_sys_ioctl+0xd4/0x110
[ 1153.994567][T17051]  ? do_syscall_64+0xcb/0x1e0
[ 1153.999243][T17051]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1154.005502][T17051]  ? format_decode+0xc5c/0x1ab0
[ 1154.010330][T17051]  ? cwt_wakefn+0x70/0x70
[ 1154.014636][T17051]  ? vsnprintf+0x1d60/0x1d60
[ 1154.019202][T17051]  ? string+0x280/0x2c0
[ 1154.023327][T17051]  ? widen_string+0x3a/0x340
[ 1154.027904][T17051]  ? string+0x280/0x2c0
[ 1154.032238][T17051]  apply_workqueue_attrs_locked+0x136/0x6d0
[ 1154.038107][T17051]  ? check_preemption_disabled+0x9e/0x330
[ 1154.043803][T17051]  ? apply_workqueue_attrs+0x40/0x40
[ 1154.049081][T17051]  ? mutex_lock+0xa6/0x110
[ 1154.053467][T17051]  ? mutex_trylock+0xb0/0xb0
[ 1154.058030][T17051]  ? kmem_cache_alloc_trace+0x139/0x2b0
[ 1154.063544][T17051]  alloc_workqueue+0xcc4/0x11d0
[ 1154.068366][T17051]  ? sprintf+0xd6/0x120
[ 1154.072491][T17051]  ? idr_replace+0x230/0x230
[ 1154.077052][T17051]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1154.083094][T17051]  ? h4_open+0x4f/0x140
[ 1154.087417][T17051]  hci_register_dev+0x1f2/0x710
[ 1154.092277][T17051]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1154.097308][T17051]  ? hci_uart_tty_write+0x10/0x10
[ 1154.102326][T17051]  tty_ioctl+0xf68/0x1710
[ 1154.106628][T17051]  ? tty_do_resize+0x170/0x170
[ 1154.111604][T17051]  ? avc_ss_reset+0x3a0/0x3a0
[ 1154.116251][T17051]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1154.122374][T17051]  ? refcount_inc_checked+0x50/0x50
[ 1154.127904][T17051]  ? memcg_check_events+0x5c/0x5b0
[ 1154.133207][T17051]  ? proc_fail_nth_write+0x1d5/0x240
[ 1154.138729][T17051]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1154.143993][T17051]  ? __lru_cache_add+0x1c4/0x210
[ 1154.148913][T17051]  ? memset+0x1f/0x40
[ 1154.152900][T17051]  ? fsnotify+0x1332/0x13f0
[ 1154.157500][T17051]  ? tty_do_resize+0x170/0x170
[ 1154.162331][T17051]  do_vfs_ioctl+0x76a/0x1720
[ 1154.166909][T17051]  ? selinux_file_ioctl+0x72f/0x990
[ 1154.172087][T17051]  ? ioctl_preallocate+0x250/0x250
[ 1154.177186][T17051]  ? __fget+0x37b/0x3c0
[ 1154.181332][T17051]  ? vfs_write+0x422/0x4e0
[ 1154.185822][T17051]  ? fget_many+0x20/0x20
[ 1154.190040][T17051]  ? debug_smp_processor_id+0x20/0x20
[ 1154.195388][T17051]  ? security_file_ioctl+0x9d/0xb0
[ 1154.200637][T17051]  __x64_sys_ioctl+0xd4/0x110
[ 1154.205390][T17051]  do_syscall_64+0xcb/0x1e0
[ 1154.209945][T17051]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1154.215911][T17051] RIP: 0033:0x4665d9
[ 1154.219874][T17051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1154.239542][T17051] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1154.247933][T17051] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
02:42:26 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x67c, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:26 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000400008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:26 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800a20010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:26 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5424, 0x0)

02:42:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:26 executing program 1 (fault-call:2 fault-nth:12):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1154.256109][T17051] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1154.264094][T17051] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1154.272156][T17051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1154.280123][T17051] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1154.291243][T17051] Bluetooth: Can't register HCI device
02:42:26 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000810008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1154.336146][T17060] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1154.365421][T17066] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:42:26 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5425, 0x0)

02:42:26 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803a40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000070000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1154.382628][T17071] FAULT_INJECTION: forcing a failure.
[ 1154.382628][T17071] name failslab, interval 1, probability 0, space 0, times 0
[ 1154.397228][T17071] CPU: 0 PID: 17071 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1154.407701][T17071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1154.418616][T17071] Call Trace:
[ 1154.421967][T17071]  dump_stack+0x1d8/0x24e
[ 1154.426489][T17071]  ? devkmsg_release+0x11c/0x11c
02:42:26 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000009001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:26 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800aa0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1154.426590][T17073] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1154.431519][T17071]  ? show_regs_print_info+0x12/0x12
[ 1154.431537][T17071]  should_fail+0x6f6/0x860
[ 1154.431550][T17071]  ? setup_fault_attr+0x3d0/0x3d0
[ 1154.431569][T17071]  ? apply_wqattrs_prepare+0x1c0/0x17e0
[ 1154.467801][T17071]  should_failslab+0x5/0x20
[ 1154.472311][T17071]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1154.477599][T17071]  ? apply_wqattrs_prepare+0x102/0x17e0
[ 1154.483153][T17071]  apply_wqattrs_prepare+0x1c0/0x17e0
[ 1154.488611][T17071]  ? alloc_workqueue+0x1cb/0x11d0
[ 1154.493638][T17071]  ? hci_uart_tty_ioctl+0x89e/0xa10
[ 1154.498835][T17071]  ? tty_ioctl+0xf68/0x1710
[ 1154.503339][T17071]  ? do_vfs_ioctl+0x76a/0x1720
[ 1154.508101][T17071]  ? __x64_sys_ioctl+0xd4/0x110
[ 1154.508841][T17085] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1154.513376][T17071]  ? do_syscall_64+0xcb/0x1e0
[ 1154.513387][T17071]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1154.513401][T17071]  ? format_decode+0xc5c/0x1ab0
[ 1154.513410][T17071]  ? cwt_wakefn+0x70/0x70
[ 1154.513426][T17071]  ? vsnprintf+0x1d60/0x1d60
[ 1154.524945][T17087] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1154.528526][T17071]  ? string+0x280/0x2c0
[ 1154.528534][T17071]  ? widen_string+0x3a/0x340
[ 1154.528542][T17071]  ? string+0x280/0x2c0
[ 1154.528560][T17071]  apply_workqueue_attrs_locked+0x136/0x6d0
[ 1154.583285][T17071]  ? check_preemption_disabled+0x9e/0x330
[ 1154.589016][T17071]  ? apply_workqueue_attrs+0x40/0x40
[ 1154.594380][T17071]  ? mutex_lock+0xa6/0x110
[ 1154.598790][T17071]  ? mutex_trylock+0xb0/0xb0
[ 1154.603374][T17071]  ? kmem_cache_alloc_trace+0x139/0x2b0
[ 1154.609284][T17071]  alloc_workqueue+0xcc4/0x11d0
[ 1154.614136][T17071]  ? sprintf+0xd6/0x120
[ 1154.618286][T17071]  ? idr_replace+0x230/0x230
[ 1154.622968][T17071]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1154.629127][T17071]  ? h4_open+0x4f/0x140
[ 1154.633260][T17071]  hci_register_dev+0x1f2/0x710
[ 1154.638090][T17071]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1154.643198][T17071]  ? hci_uart_tty_write+0x10/0x10
[ 1154.648200][T17071]  tty_ioctl+0xf68/0x1710
[ 1154.652518][T17071]  ? tty_do_resize+0x170/0x170
[ 1154.657265][T17071]  ? avc_ss_reset+0x3a0/0x3a0
[ 1154.661944][T17071]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1154.668077][T17071]  ? refcount_inc_checked+0x50/0x50
[ 1154.673342][T17071]  ? memcg_check_events+0x5c/0x5b0
[ 1154.678447][T17071]  ? proc_fail_nth_write+0x1d5/0x240
[ 1154.683704][T17071]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1154.688877][T17071]  ? __lru_cache_add+0x1c4/0x210
[ 1154.693802][T17071]  ? memset+0x1f/0x40
[ 1154.697985][T17071]  ? fsnotify+0x1332/0x13f0
[ 1154.702465][T17071]  ? tty_do_resize+0x170/0x170
[ 1154.707212][T17071]  do_vfs_ioctl+0x76a/0x1720
[ 1154.711951][T17071]  ? selinux_file_ioctl+0x72f/0x990
[ 1154.717127][T17071]  ? ioctl_preallocate+0x250/0x250
[ 1154.722234][T17071]  ? __fget+0x37b/0x3c0
[ 1154.726375][T17071]  ? vfs_write+0x422/0x4e0
[ 1154.730765][T17071]  ? fget_many+0x20/0x20
[ 1154.734980][T17071]  ? debug_smp_processor_id+0x20/0x20
[ 1154.740351][T17071]  ? security_file_ioctl+0x9d/0xb0
[ 1154.745432][T17071]  __x64_sys_ioctl+0xd4/0x110
[ 1154.750195][T17071]  do_syscall_64+0xcb/0x1e0
[ 1154.754672][T17071]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1154.760535][T17071] RIP: 0033:0x4665d9
[ 1154.764409][T17071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1154.784229][T17071] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1154.792703][T17071] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1154.800662][T17071] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1154.808611][T17071] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1154.816818][T17071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1154.825025][T17071] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1154.833206][T17071] Bluetooth: Can't register HCI device
02:42:26 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x67d, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:26 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000000000000a001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000080000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:26 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5427, 0x0)

02:42:26 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803ac0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:26 executing program 1 (fault-call:2 fault-nth:13):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:26 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5428, 0x0)

02:42:26 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000000000000b001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:26 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800b00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1155.065614][T17100] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1155.072015][T17102] FAULT_INJECTION: forcing a failure.
[ 1155.072015][T17102] name failslab, interval 1, probability 0, space 0, times 0
[ 1155.087679][T17096] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1155.092849][T17102] CPU: 0 PID: 17102 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
02:42:26 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5429, 0x0)

[ 1155.113390][T17102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1155.123444][T17102] Call Trace:
[ 1155.126736][T17102]  dump_stack+0x1d8/0x24e
[ 1155.131063][T17102]  ? devkmsg_release+0x11c/0x11c
[ 1155.135995][T17102]  ? show_regs_print_info+0x12/0x12
[ 1155.141291][T17102]  should_fail+0x6f6/0x860
[ 1155.145710][T17102]  ? setup_fault_attr+0x3d0/0x3d0
[ 1155.150733][T17102]  ? apply_wqattrs_prepare+0x8a5/0x17e0
[ 1155.156276][T17102]  should_failslab+0x5/0x20
[ 1155.160779][T17102]  kmem_cache_alloc+0x36/0x290
02:42:26 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000010001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803b00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1155.165656][T17111] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1155.165687][T17102]  apply_wqattrs_prepare+0x8a5/0x17e0
[ 1155.179278][T17102]  ? __x64_sys_ioctl+0xd4/0x110
[ 1155.184129][T17102]  ? format_decode+0xc5c/0x1ab0
[ 1155.189845][T17102]  ? cwt_wakefn+0x70/0x70
[ 1155.194268][T17102]  ? vsnprintf+0x1d60/0x1d60
[ 1155.199375][T17102]  ? string+0x280/0x2c0
[ 1155.203820][T17102]  ? widen_string+0x3a/0x340
[ 1155.208662][T17102]  ? string+0x280/0x2c0
[ 1155.212988][T17102]  apply_workqueue_attrs_locked+0x136/0x6d0
[ 1155.218961][T17102]  ? check_preemption_disabled+0x9e/0x330
[ 1155.222610][T17120] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1155.224668][T17102]  ? apply_workqueue_attrs+0x40/0x40
[ 1155.224678][T17102]  ? mutex_lock+0xa6/0x110
[ 1155.224686][T17102]  ? mutex_trylock+0xb0/0xb0
[ 1155.224696][T17102]  ? kmem_cache_alloc_trace+0x139/0x2b0
[ 1155.224708][T17102]  alloc_workqueue+0xcc4/0x11d0
[ 1155.224722][T17102]  ? sprintf+0xd6/0x120
[ 1155.233374][T17120] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1155.238644][T17102]  ? idr_replace+0x230/0x230
[ 1155.238654][T17102]  ? apply_workqueue_attrs_locked+0x6d0/0x6d0
[ 1155.238664][T17102]  ? h4_open+0x4f/0x140
[ 1155.238674][T17102]  hci_register_dev+0x1f2/0x710
[ 1155.238686][T17102]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1155.238694][T17102]  ? hci_uart_tty_write+0x10/0x10
[ 1155.238711][T17102]  tty_ioctl+0xf68/0x1710
[ 1155.309144][T17102]  ? tty_do_resize+0x170/0x170
[ 1155.313900][T17102]  ? avc_ss_reset+0x3a0/0x3a0
[ 1155.319617][T17102]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1155.325889][T17102]  ? refcount_inc_checked+0x50/0x50
[ 1155.331252][T17102]  ? memcg_check_events+0x5c/0x5b0
[ 1155.336346][T17102]  ? proc_fail_nth_write+0x1d5/0x240
[ 1155.341603][T17102]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1155.346788][T17102]  ? __lru_cache_add+0x1c4/0x210
[ 1155.351960][T17102]  ? memset+0x1f/0x40
[ 1155.356108][T17102]  ? fsnotify+0x1332/0x13f0
[ 1155.360585][T17102]  ? tty_do_resize+0x170/0x170
[ 1155.365325][T17102]  do_vfs_ioctl+0x76a/0x1720
[ 1155.370076][T17102]  ? selinux_file_ioctl+0x72f/0x990
[ 1155.375253][T17102]  ? ioctl_preallocate+0x250/0x250
[ 1155.380455][T17102]  ? __fget+0x37b/0x3c0
[ 1155.384682][T17102]  ? vfs_write+0x422/0x4e0
[ 1155.389232][T17102]  ? fget_many+0x20/0x20
[ 1155.393544][T17102]  ? debug_smp_processor_id+0x20/0x20
[ 1155.399060][T17102]  ? security_file_ioctl+0x9d/0xb0
[ 1155.404142][T17102]  __x64_sys_ioctl+0xd4/0x110
[ 1155.409300][T17102]  do_syscall_64+0xcb/0x1e0
[ 1155.413889][T17102]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1155.419969][T17102] RIP: 0033:0x4665d9
[ 1155.423908][T17102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1155.444170][T17102] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1155.452626][T17102] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1155.461106][T17102] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1155.469315][T17102] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1155.477362][T17102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1155.485566][T17102] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1155.496717][T17102] Bluetooth: Can't register HCI device
02:42:27 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x67e, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5437, 0x0)

02:42:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000011001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803b20010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000090000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:27 executing program 1 (fault-call:2 fault-nth:14):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000000a0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5441, 0x0)

[ 1155.711927][T17133] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1155.715320][T17137] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1155.739172][T17137] FAULT_INJECTION: forcing a failure.
[ 1155.739172][T17137] name failslab, interval 1, probability 0, space 0, times 0
[ 1155.752313][T17135] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
02:42:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800b40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000012001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1155.754413][T17137] CPU: 1 PID: 17137 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1155.761548][T17135] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1155.770881][T17137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1155.770885][T17137] Call Trace:
[ 1155.770906][T17137]  dump_stack+0x1d8/0x24e
[ 1155.770916][T17137]  ? devkmsg_release+0x11c/0x11c
[ 1155.770924][T17137]  ? show_regs_print_info+0x12/0x12
[ 1155.770933][T17137]  ? __irq_work_queue_local+0xd1/0xe0
[ 1155.770941][T17137]  ? irq_work_queue+0xfa/0x110
[ 1155.770951][T17137]  should_fail+0x6f6/0x860
[ 1155.770959][T17137]  ? setup_fault_attr+0x3d0/0x3d0
[ 1155.770967][T17137]  ? _raw_spin_lock+0xa3/0x1b0
[ 1155.770975][T17137]  ? __rcu_read_lock+0x50/0x50
[ 1155.770985][T17137]  ? __d_lookup+0x4b8/0x510
[ 1155.770994][T17137]  ? kobject_set_name_vargs+0x5d/0x110
[ 1155.771005][T17137]  should_failslab+0x5/0x20
[ 1155.771015][T17137]  __kmalloc_track_caller+0x5d/0x2e0
[ 1155.771024][T17137]  ? mntput_no_expire+0x32b/0xbd0
[ 1155.771036][T17137]  kstrdup_const+0x51/0x90
[ 1155.771044][T17137]  kobject_set_name_vargs+0x5d/0x110
[ 1155.771058][T17137]  dev_set_name+0xd1/0x120
[ 1155.771066][T17137]  ? mntput_no_expire+0x307/0xbd0
[ 1155.771073][T17137]  ? get_device+0x30/0x30
[ 1155.771090][T17137]  ? h4_open+0x4f/0x140
[ 1155.891518][T17137]  hci_register_dev+0x326/0x710
[ 1155.896555][T17137]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1155.901583][T17137]  ? hci_uart_tty_write+0x10/0x10
[ 1155.906841][T17137]  tty_ioctl+0xf68/0x1710
[ 1155.911545][T17137]  ? tty_do_resize+0x170/0x170
[ 1155.916417][T17137]  ? avc_ss_reset+0x3a0/0x3a0
[ 1155.921318][T17137]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1155.927812][T17137]  ? refcount_inc_checked+0x50/0x50
[ 1155.933266][T17137]  ? memcg_check_events+0x5c/0x5b0
[ 1155.938824][T17137]  ? proc_fail_nth_write+0x1d5/0x240
[ 1155.944188][T17137]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1155.949366][T17137]  ? __lru_cache_add+0x1c4/0x210
[ 1155.954287][T17137]  ? memset+0x1f/0x40
[ 1155.958290][T17137]  ? fsnotify+0x1332/0x13f0
[ 1155.962775][T17137]  ? tty_do_resize+0x170/0x170
[ 1155.967516][T17137]  do_vfs_ioctl+0x76a/0x1720
[ 1155.972081][T17137]  ? selinux_file_ioctl+0x72f/0x990
[ 1155.977370][T17137]  ? ioctl_preallocate+0x250/0x250
[ 1155.982461][T17137]  ? __fget+0x37b/0x3c0
[ 1155.986602][T17137]  ? vfs_write+0x422/0x4e0
[ 1155.991079][T17137]  ? fget_many+0x20/0x20
[ 1155.995300][T17137]  ? debug_smp_processor_id+0x20/0x20
[ 1156.000747][T17137]  ? security_file_ioctl+0x9d/0xb0
[ 1156.005835][T17137]  __x64_sys_ioctl+0xd4/0x110
[ 1156.010602][T17137]  do_syscall_64+0xcb/0x1e0
[ 1156.015113][T17137]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1156.020982][T17137] RIP: 0033:0x4665d9
[ 1156.024982][T17137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1156.044592][T17137] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1156.052978][T17137] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
02:42:27 executing program 1 (fault-call:2 fault-nth:15):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1156.060924][T17137] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1156.068866][T17137] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1156.077021][T17137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1156.084977][T17137] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1156.093878][T17137] Bluetooth: Can't register HCI device
02:42:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5450, 0x0)

[ 1156.134672][T17150] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1156.152042][T17147] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1156.162055][T17147] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1156.207487][T17157] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1156.216910][T17157] FAULT_INJECTION: forcing a failure.
[ 1156.216910][T17157] name failslab, interval 1, probability 0, space 0, times 0
[ 1156.235274][T17157] CPU: 1 PID: 17157 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1156.245792][T17157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1156.255920][T17157] Call Trace:
[ 1156.259369][T17157]  dump_stack+0x1d8/0x24e
[ 1156.263711][T17157]  ? devkmsg_release+0x11c/0x11c
[ 1156.268892][T17157]  ? show_regs_print_info+0x12/0x12
[ 1156.274079][T17157]  should_fail+0x6f6/0x860
[ 1156.278472][T17157]  ? setup_fault_attr+0x3d0/0x3d0
[ 1156.283537][T17157]  ? refcount_add_checked+0x50/0x50
[ 1156.288882][T17157]  ? device_add+0x121/0x18a0
[ 1156.293471][T17157]  should_failslab+0x5/0x20
[ 1156.297951][T17157]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1156.303209][T17157]  device_add+0x121/0x18a0
[ 1156.307599][T17157]  ? dev_set_name+0xd1/0x120
[ 1156.312172][T17157]  ? get_device+0x30/0x30
[ 1156.316740][T17157]  ? virtual_device_parent+0x50/0x50
[ 1156.322000][T17157]  ? h4_open+0x4f/0x140
[ 1156.326145][T17157]  hci_register_dev+0x32e/0x710
[ 1156.331004][T17157]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1156.336004][T17157]  ? hci_uart_tty_write+0x10/0x10
[ 1156.341188][T17157]  tty_ioctl+0xf68/0x1710
[ 1156.345507][T17157]  ? tty_do_resize+0x170/0x170
[ 1156.350773][T17157]  ? avc_ss_reset+0x3a0/0x3a0
[ 1156.355426][T17157]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1156.361558][T17157]  ? refcount_inc_checked+0x50/0x50
[ 1156.366801][T17157]  ? memcg_check_events+0x5c/0x5b0
[ 1156.371907][T17157]  ? proc_fail_nth_write+0x1d5/0x240
[ 1156.377182][T17157]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1156.382488][T17157]  ? __lru_cache_add+0x1c4/0x210
[ 1156.387434][T17157]  ? memset+0x1f/0x40
[ 1156.391408][T17157]  ? fsnotify+0x1332/0x13f0
[ 1156.395971][T17157]  ? tty_do_resize+0x170/0x170
[ 1156.400846][T17157]  do_vfs_ioctl+0x76a/0x1720
[ 1156.405540][T17157]  ? selinux_file_ioctl+0x72f/0x990
[ 1156.410757][T17157]  ? ioctl_preallocate+0x250/0x250
[ 1156.415860][T17157]  ? __fget+0x37b/0x3c0
[ 1156.420183][T17157]  ? vfs_write+0x422/0x4e0
[ 1156.424572][T17157]  ? fget_many+0x20/0x20
[ 1156.428892][T17157]  ? debug_smp_processor_id+0x20/0x20
[ 1156.434241][T17157]  ? security_file_ioctl+0x9d/0xb0
[ 1156.439412][T17157]  __x64_sys_ioctl+0xd4/0x110
[ 1156.444165][T17157]  do_syscall_64+0xcb/0x1e0
[ 1156.448739][T17157]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1156.454778][T17157] RIP: 0033:0x4665d9
[ 1156.458906][T17157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1156.479524][T17157] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1156.487908][T17157] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1156.495862][T17157] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
02:42:28 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x67f, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000000b0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:28 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000013001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803b40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5451, 0x0)

02:42:28 executing program 1 (fault-call:2 fault-nth:16):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1156.503816][T17157] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1156.511764][T17157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1156.519711][T17157] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1156.529339][T17157] Bluetooth: Can't register HCI device
02:42:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000000c0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803b60010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:28 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000014001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5452, 0x0)

[ 1156.581012][T17171] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1156.590308][T17172] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1156.595937][T17171] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1156.600598][T17172] FAULT_INJECTION: forcing a failure.
[ 1156.600598][T17172] name failslab, interval 1, probability 0, space 0, times 0
[ 1156.643445][T17172] CPU: 1 PID: 17172 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1156.653697][T17172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1156.663752][T17172] Call Trace:
[ 1156.667464][T17172]  dump_stack+0x1d8/0x24e
[ 1156.671772][T17172]  ? devkmsg_release+0x11c/0x11c
[ 1156.676696][T17172]  ? show_regs_print_info+0x12/0x12
[ 1156.682145][T17172]  ? check_preemption_disabled+0x9e/0x330
[ 1156.687849][T17172]  ? __rcu_read_lock+0x50/0x50
[ 1156.692587][T17172]  ? __unwind_start+0x72f/0x8e0
[ 1156.697452][T17172]  should_fail+0x6f6/0x860
[ 1156.701947][T17172]  ? setup_fault_attr+0x3d0/0x3d0
[ 1156.707070][T17172]  ? stack_trace_save+0x1f0/0x1f0
[ 1156.712075][T17172]  ? __kernel_text_address+0x93/0x100
[ 1156.717441][T17172]  ? __kernfs_new_node+0x99/0x6d0
[ 1156.722495][T17172]  should_failslab+0x5/0x20
[ 1156.727089][T17172]  __kmalloc_track_caller+0x5d/0x2e0
[ 1156.732462][T17172]  kstrdup_const+0x51/0x90
[ 1156.736881][T17172]  __kernfs_new_node+0x99/0x6d0
[ 1156.741826][T17172]  ? stack_trace_snprint+0x150/0x150
[ 1156.747494][T17172]  ? kernfs_new_node+0x160/0x160
[ 1156.752499][T17172]  ? __schedule+0x9b8/0x1170
[ 1156.757156][T17172]  ? __kasan_kmalloc+0x1a3/0x1e0
[ 1156.762433][T17172]  ? kstrdup_const+0x51/0x90
[ 1156.767004][T17172]  kernfs_create_dir_ns+0x90/0x220
[ 1156.772087][T17172]  sysfs_create_dir_ns+0x181/0x390
[ 1156.777172][T17172]  ? sysfs_warn_dup+0xa0/0xa0
[ 1156.781822][T17172]  kobject_add_internal+0x595/0xbd0
[ 1156.787095][T17172]  kobject_add+0x14c/0x210
[ 1156.791497][T17172]  ? _raw_spin_lock+0xa3/0x1b0
[ 1156.796239][T17172]  ? kobject_init+0x1d0/0x1d0
[ 1156.800906][T17172]  ? get_device_parent+0x2cd/0x430
[ 1156.805993][T17172]  device_add+0x46a/0x18a0
[ 1156.810382][T17172]  ? get_device+0x30/0x30
[ 1156.814684][T17172]  ? virtual_device_parent+0x50/0x50
[ 1156.820030][T17172]  ? h4_open+0x4f/0x140
[ 1156.824155][T17172]  hci_register_dev+0x32e/0x710
[ 1156.828977][T17172]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1156.833980][T17172]  ? hci_uart_tty_write+0x10/0x10
[ 1156.838996][T17172]  tty_ioctl+0xf68/0x1710
[ 1156.843299][T17172]  ? tty_do_resize+0x170/0x170
[ 1156.848235][T17172]  ? avc_ss_reset+0x3a0/0x3a0
[ 1156.852889][T17172]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1156.859123][T17172]  ? refcount_inc_checked+0x50/0x50
[ 1156.864393][T17172]  ? memcg_check_events+0x5c/0x5b0
[ 1156.869666][T17172]  ? proc_fail_nth_write+0x1d5/0x240
[ 1156.875015][T17172]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1156.880185][T17172]  ? __lru_cache_add+0x1c4/0x210
[ 1156.885093][T17172]  ? memset+0x1f/0x40
[ 1156.889079][T17172]  ? fsnotify+0x1332/0x13f0
[ 1156.893579][T17172]  ? tty_do_resize+0x170/0x170
[ 1156.898325][T17172]  do_vfs_ioctl+0x76a/0x1720
[ 1156.902907][T17172]  ? selinux_file_ioctl+0x72f/0x990
[ 1156.908108][T17172]  ? ioctl_preallocate+0x250/0x250
[ 1156.913312][T17172]  ? __fget+0x37b/0x3c0
[ 1156.917583][T17172]  ? vfs_write+0x422/0x4e0
[ 1156.922351][T17172]  ? fget_many+0x20/0x20
[ 1156.926577][T17172]  ? debug_smp_processor_id+0x20/0x20
[ 1156.931928][T17172]  ? security_file_ioctl+0x9d/0xb0
[ 1156.937016][T17172]  __x64_sys_ioctl+0xd4/0x110
[ 1156.941687][T17172]  do_syscall_64+0xcb/0x1e0
[ 1156.946171][T17172]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1156.952123][T17172] RIP: 0033:0x4665d9
[ 1156.956137][T17172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1156.975730][T17172] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1156.984381][T17172] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
02:42:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2802b80010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1156.992597][T17172] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1157.000559][T17172] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1157.008643][T17172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1157.016593][T17172] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1157.025816][T17172] kobject_add_internal failed for hci0 (error: -12 parent: bluetooth)
[ 1157.034117][T17172] Bluetooth: Can't register HCI device
02:42:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x545d, 0x0)

[ 1157.045859][T17188] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1157.070209][T17188] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
02:42:28 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000020001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:28 executing program 1 (fault-call:2 fault-nth:17):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000000d0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800be0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:28 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x680, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x5460, 0x0)

02:42:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000000e0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800c00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x40045431, 0x0)

02:42:29 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000040001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1157.150874][T17207] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1157.164249][T17208] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1157.178041][T17207] FAULT_INJECTION: forcing a failure.
[ 1157.178041][T17207] name failslab, interval 1, probability 0, space 0, times 0
[ 1157.207316][T17207] CPU: 0 PID: 17207 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1157.217568][T17207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1157.227978][T17207] Call Trace:
[ 1157.231379][T17207]  dump_stack+0x1d8/0x24e
[ 1157.235706][T17207]  ? devkmsg_release+0x11c/0x11c
[ 1157.240816][T17207]  ? show_regs_print_info+0x12/0x12
[ 1157.246024][T17207]  should_fail+0x6f6/0x860
[ 1157.250448][T17207]  ? setup_fault_attr+0x3d0/0x3d0
02:42:29 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800c40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000100000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:29 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x40045436, 0x0)

[ 1157.255467][T17207]  ? __kernel_text_address+0x93/0x100
[ 1157.260844][T17207]  ? __kernfs_new_node+0xdb/0x6d0
[ 1157.265873][T17207]  should_failslab+0x5/0x20
[ 1157.270371][T17207]  kmem_cache_alloc+0x36/0x290
[ 1157.275128][T17207]  ? memcpy+0x38/0x50
[ 1157.279211][T17207]  __kernfs_new_node+0xdb/0x6d0
[ 1157.284058][T17207]  ? stack_trace_snprint+0x150/0x150
[ 1157.289348][T17207]  ? kernfs_new_node+0x160/0x160
[ 1157.294283][T17207]  ? __schedule+0x9b8/0x1170
[ 1157.298871][T17207]  ? __kasan_kmalloc+0x1a3/0x1e0
[ 1157.303903][T17207]  ? kstrdup_const+0x51/0x90
[ 1157.308495][T17207]  kernfs_create_dir_ns+0x90/0x220
[ 1157.313607][T17207]  sysfs_create_dir_ns+0x181/0x390
[ 1157.318714][T17207]  ? sysfs_warn_dup+0xa0/0xa0
[ 1157.323393][T17207]  kobject_add_internal+0x595/0xbd0
[ 1157.328582][T17207]  kobject_add+0x14c/0x210
[ 1157.332987][T17207]  ? _raw_spin_lock+0xa3/0x1b0
[ 1157.337742][T17207]  ? kobject_init+0x1d0/0x1d0
[ 1157.342507][T17207]  ? get_device_parent+0x2cd/0x430
[ 1157.347606][T17207]  device_add+0x46a/0x18a0
[ 1157.352014][T17207]  ? get_device+0x30/0x30
[ 1157.356337][T17207]  ? virtual_device_parent+0x50/0x50
[ 1157.361717][T17207]  ? h4_open+0x4f/0x140
[ 1157.365868][T17207]  hci_register_dev+0x32e/0x710
[ 1157.370788][T17207]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1157.373401][T17238] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1157.375895][T17207]  ? hci_uart_tty_write+0x10/0x10
[ 1157.375904][T17207]  tty_ioctl+0xf68/0x1710
[ 1157.375913][T17207]  ? tty_do_resize+0x170/0x170
[ 1157.375921][T17207]  ? avc_ss_reset+0x3a0/0x3a0
[ 1157.375934][T17207]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1157.375948][T17207]  ? refcount_inc_checked+0x50/0x50
[ 1157.415743][T17207]  ? memcg_check_events+0x5c/0x5b0
[ 1157.421004][T17207]  ? proc_fail_nth_write+0x1d5/0x240
[ 1157.426268][T17207]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1157.431545][T17207]  ? __lru_cache_add+0x1c4/0x210
[ 1157.436472][T17207]  ? memset+0x1f/0x40
[ 1157.440486][T17207]  ? fsnotify+0x1332/0x13f0
[ 1157.445081][T17207]  ? tty_do_resize+0x170/0x170
[ 1157.449820][T17207]  do_vfs_ioctl+0x76a/0x1720
[ 1157.454401][T17207]  ? selinux_file_ioctl+0x72f/0x990
[ 1157.459673][T17207]  ? ioctl_preallocate+0x250/0x250
[ 1157.464840][T17207]  ? __fget+0x37b/0x3c0
[ 1157.468967][T17207]  ? vfs_write+0x422/0x4e0
[ 1157.473632][T17207]  ? fget_many+0x20/0x20
[ 1157.478013][T17207]  ? debug_smp_processor_id+0x20/0x20
[ 1157.483536][T17207]  ? security_file_ioctl+0x9d/0xb0
[ 1157.488730][T17207]  __x64_sys_ioctl+0xd4/0x110
[ 1157.493390][T17207]  do_syscall_64+0xcb/0x1e0
[ 1157.497889][T17207]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1157.503756][T17207] RIP: 0033:0x4665d9
[ 1157.507627][T17207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1157.527218][T17207] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1157.535685][T17207] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1157.544028][T17207] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
02:42:29 executing program 1 (fault-call:2 fault-nth:18):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000110000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:29 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455cb, 0x0)

[ 1157.552438][T17207] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1157.560595][T17207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1157.568639][T17207] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1157.577156][T17207] kobject_add_internal failed for hci0 (error: -12 parent: bluetooth)
[ 1157.585610][T17207] Bluetooth: Can't register HCI device
[ 1157.617453][T17244] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1157.631918][T17244] FAULT_INJECTION: forcing a failure.
[ 1157.631918][T17244] name failslab, interval 1, probability 0, space 0, times 0
[ 1157.644718][T17244] CPU: 1 PID: 17244 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1157.655149][T17244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1157.665314][T17244] Call Trace:
[ 1157.668661][T17244]  dump_stack+0x1d8/0x24e
[ 1157.672974][T17244]  ? devkmsg_release+0x11c/0x11c
[ 1157.677888][T17244]  ? arch_stack_walk+0xf8/0x140
[ 1157.682712][T17244]  ? show_regs_print_info+0x12/0x12
[ 1157.687888][T17244]  should_fail+0x6f6/0x860
[ 1157.692372][T17244]  ? setup_fault_attr+0x3d0/0x3d0
[ 1157.697370][T17244]  ? radix_tree_node_alloc+0x18c/0x370
[ 1157.702810][T17244]  should_failslab+0x5/0x20
[ 1157.707313][T17244]  kmem_cache_alloc+0x36/0x290
[ 1157.712072][T17244]  ? __kasan_kmalloc+0x1a3/0x1e0
[ 1157.716980][T17244]  ? kstrdup_const+0x51/0x90
[ 1157.721586][T17244]  radix_tree_node_alloc+0x18c/0x370
[ 1157.726842][T17244]  ? device_add+0x46a/0x18a0
[ 1157.731417][T17244]  ? hci_register_dev+0x32e/0x710
[ 1157.736413][T17244]  ? hci_uart_tty_ioctl+0x89e/0xa10
[ 1157.741580][T17244]  ? tty_ioctl+0xf68/0x1710
[ 1157.746053][T17244]  idr_get_free+0x2aa/0x900
[ 1157.750684][T17244]  idr_alloc_cyclic+0x1ef/0x5d0
[ 1157.755534][T17244]  ? idr_alloc+0x2f0/0x2f0
[ 1157.759929][T17244]  ? _raw_spin_lock+0xa3/0x1b0
[ 1157.764691][T17244]  ? memcpy+0x38/0x50
[ 1157.768661][T17244]  __kernfs_new_node+0x122/0x6d0
[ 1157.773650][T17244]  ? stack_trace_snprint+0x150/0x150
[ 1157.779347][T17244]  ? kernfs_new_node+0x160/0x160
[ 1157.784263][T17244]  ? __schedule+0x9b8/0x1170
[ 1157.788867][T17244]  ? __kasan_kmalloc+0x1a3/0x1e0
[ 1157.793777][T17244]  ? kstrdup_const+0x51/0x90
[ 1157.798359][T17244]  kernfs_create_dir_ns+0x90/0x220
[ 1157.803606][T17244]  sysfs_create_dir_ns+0x181/0x390
[ 1157.808713][T17244]  ? sysfs_warn_dup+0xa0/0xa0
[ 1157.813377][T17244]  kobject_add_internal+0x595/0xbd0
[ 1157.818558][T17244]  kobject_add+0x14c/0x210
[ 1157.823211][T17244]  ? _raw_spin_lock+0xa3/0x1b0
[ 1157.827945][T17244]  ? kobject_init+0x1d0/0x1d0
[ 1157.832657][T17244]  ? get_device_parent+0x2cd/0x430
[ 1157.837746][T17244]  device_add+0x46a/0x18a0
[ 1157.842142][T17244]  ? get_device+0x30/0x30
[ 1157.846474][T17244]  ? virtual_device_parent+0x50/0x50
[ 1157.851740][T17244]  ? h4_open+0x4f/0x140
[ 1157.855875][T17244]  hci_register_dev+0x32e/0x710
[ 1157.860712][T17244]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1157.865733][T17244]  ? hci_uart_tty_write+0x10/0x10
[ 1157.870794][T17244]  tty_ioctl+0xf68/0x1710
[ 1157.875224][T17244]  ? tty_do_resize+0x170/0x170
[ 1157.879972][T17244]  ? avc_ss_reset+0x3a0/0x3a0
[ 1157.884713][T17244]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1157.890860][T17244]  ? refcount_inc_checked+0x50/0x50
[ 1157.896040][T17244]  ? memcg_check_events+0x5c/0x5b0
[ 1157.901139][T17244]  ? proc_fail_nth_write+0x1d5/0x240
[ 1157.906514][T17244]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1157.911786][T17244]  ? __lru_cache_add+0x1c4/0x210
[ 1157.916697][T17244]  ? memset+0x1f/0x40
[ 1157.920662][T17244]  ? fsnotify+0x1332/0x13f0
[ 1157.925143][T17244]  ? tty_do_resize+0x170/0x170
[ 1157.929889][T17244]  do_vfs_ioctl+0x76a/0x1720
[ 1157.934459][T17244]  ? selinux_file_ioctl+0x72f/0x990
[ 1157.939635][T17244]  ? ioctl_preallocate+0x250/0x250
[ 1157.944724][T17244]  ? __fget+0x37b/0x3c0
[ 1157.948853][T17244]  ? vfs_write+0x422/0x4e0
[ 1157.953261][T17244]  ? fget_many+0x20/0x20
[ 1157.957563][T17244]  ? debug_smp_processor_id+0x20/0x20
[ 1157.962915][T17244]  ? security_file_ioctl+0x9d/0xb0
[ 1157.967998][T17244]  __x64_sys_ioctl+0xd4/0x110
[ 1157.972667][T17244]  do_syscall_64+0xcb/0x1e0
[ 1157.977326][T17244]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1157.983209][T17244] RIP: 0033:0x4665d9
[ 1157.987080][T17244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1158.007647][T17244] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:42:29 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x681, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:29 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000020008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:29 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x40049409, 0x0)

02:42:29 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2802c40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000120000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1158.016068][T17244] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1158.025623][T17244] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1158.034322][T17244] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1158.042759][T17244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1158.051477][T17244] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
02:42:29 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000030008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:29 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x40086602, 0x0)

02:42:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000200000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:29 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803c40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1160.083577][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1160.090534][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1162.163531][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1162.170828][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1164.243375][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:42:40 executing program 1 (fault-call:2 fault-nth:19):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:40 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000040008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:40 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800c60010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:40 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x40087602, 0x0)

02:42:40 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000250000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:40 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x682, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:40 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2801c80010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1168.270486][T17283] net_ratelimit: 10 callbacks suppressed
[ 1168.270493][T17283] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1168.272468][T17290] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1168.282368][T17286] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:42:40 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000060108001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:40 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000400000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:40 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x4020940d, 0x0)

[ 1168.294012][T17290] FAULT_INJECTION: forcing a failure.
[ 1168.294012][T17290] name failslab, interval 1, probability 0, space 0, times 0
[ 1168.331885][T17290] CPU: 1 PID: 17290 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1168.342591][T17290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1168.352624][T17290] Call Trace:
[ 1168.355919][T17290]  dump_stack+0x1d8/0x24e
[ 1168.360483][T17290]  ? devkmsg_release+0x11c/0x11c
[ 1168.365631][T17290]  ? show_regs_print_info+0x12/0x12
[ 1168.371222][T17290]  ? _raw_spin_lock+0xa3/0x1b0
[ 1168.375981][T17290]  should_fail+0x6f6/0x860
[ 1168.380651][T17290]  ? setup_fault_attr+0x3d0/0x3d0
[ 1168.385745][T17290]  ? mutex_lock+0xa6/0x110
[ 1168.390158][T17290]  ? mutex_trylock+0xb0/0xb0
[ 1168.394821][T17290]  ? __kernfs_new_node+0xdb/0x6d0
[ 1168.400087][T17290]  should_failslab+0x5/0x20
[ 1168.404596][T17290]  kmem_cache_alloc+0x36/0x290
[ 1168.409438][T17290]  __kernfs_new_node+0xdb/0x6d0
[ 1168.414277][T17290]  ? kernfs_add_one+0x49e/0x5c0
[ 1168.419205][T17290]  ? kernfs_new_node+0x160/0x160
[ 1168.424319][T17290]  ? __kernfs_create_file+0x1f1/0x260
[ 1168.429975][T17290]  ? sysfs_add_file_mode_ns+0x293/0x340
[ 1168.435532][T17290]  ? sysfs_add_file_mode_ns+0x2b4/0x340
[ 1168.441062][T17290]  kernfs_new_node+0x95/0x160
[ 1168.445720][T17290]  kernfs_create_link+0x9c/0x1f0
[ 1168.450730][T17290]  sysfs_do_create_link_sd+0x85/0x100
[ 1168.456280][T17290]  device_add+0x74b/0x18a0
[ 1168.460690][T17290]  ? get_device+0x30/0x30
[ 1168.465084][T17290]  ? virtual_device_parent+0x50/0x50
[ 1168.470431][T17290]  ? h4_open+0x4f/0x140
[ 1168.474662][T17290]  hci_register_dev+0x32e/0x710
[ 1168.480996][T17290]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1168.486008][T17290]  ? hci_uart_tty_write+0x10/0x10
[ 1168.491104][T17290]  tty_ioctl+0xf68/0x1710
[ 1168.495514][T17290]  ? tty_do_resize+0x170/0x170
[ 1168.501042][T17290]  ? avc_ss_reset+0x3a0/0x3a0
[ 1168.505703][T17290]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1168.511891][T17290]  ? refcount_inc_checked+0x50/0x50
[ 1168.517338][T17290]  ? memcg_check_events+0x5c/0x5b0
[ 1168.522604][T17290]  ? proc_fail_nth_write+0x1d5/0x240
[ 1168.527896][T17290]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1168.533289][T17290]  ? __lru_cache_add+0x1c4/0x210
[ 1168.538216][T17290]  ? memset+0x1f/0x40
[ 1168.542446][T17290]  ? fsnotify+0x1332/0x13f0
[ 1168.546940][T17290]  ? tty_do_resize+0x170/0x170
[ 1168.551696][T17290]  do_vfs_ioctl+0x76a/0x1720
[ 1168.556443][T17290]  ? selinux_file_ioctl+0x72f/0x990
[ 1168.561889][T17290]  ? ioctl_preallocate+0x250/0x250
[ 1168.566996][T17290]  ? __fget+0x37b/0x3c0
[ 1168.571217][T17290]  ? vfs_write+0x422/0x4e0
[ 1168.575612][T17290]  ? fget_many+0x20/0x20
[ 1168.579926][T17290]  ? debug_smp_processor_id+0x20/0x20
[ 1168.585290][T17290]  ? security_file_ioctl+0x9d/0xb0
[ 1168.590394][T17290]  __x64_sys_ioctl+0xd4/0x110
[ 1168.595068][T17290]  do_syscall_64+0xcb/0x1e0
[ 1168.599549][T17290]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1168.605413][T17290] RIP: 0033:0x4665d9
[ 1168.609277][T17290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1168.629252][T17290] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1168.637658][T17290] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1168.645873][T17290] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1168.654566][T17290] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1168.662525][T17290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1168.670733][T17290] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1168.679444][T17290] Bluetooth: Can't register HCI device
02:42:40 executing program 1 (fault-call:2 fault-nth:20):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:40 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800ca0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:40 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000480000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:40 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000308001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1168.714830][T17301] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1168.737134][T17302] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:42:40 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x683, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:40 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x80045430, 0x0)

[ 1168.781195][T17309] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1168.805251][T17314] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1168.806414][T17309] FAULT_INJECTION: forcing a failure.
02:42:40 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800cc0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1168.806414][T17309] name failslab, interval 1, probability 0, space 0, times 0
[ 1168.833699][T17318] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1168.840962][T17309] CPU: 0 PID: 17309 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1168.859098][T17309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1168.869313][T17309] Call Trace:
[ 1168.872605][T17309]  dump_stack+0x1d8/0x24e
02:42:40 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x80045432, 0x0)

02:42:40 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800d00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1168.877043][T17309]  ? devkmsg_release+0x11c/0x11c
[ 1168.881994][T17309]  ? show_regs_print_info+0x12/0x12
[ 1168.887184][T17309]  ? mutex_unlock+0x19/0x40
[ 1168.891685][T17309]  ? kernfs_xattr_get+0x81/0x90
[ 1168.896545][T17309]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1168.902610][T17309]  should_fail+0x6f6/0x860
[ 1168.907028][T17309]  ? setup_fault_attr+0x3d0/0x3d0
[ 1168.912052][T17309]  ? __kernfs_new_node+0x99/0x6d0
[ 1168.917078][T17309]  should_failslab+0x5/0x20
[ 1168.921578][T17309]  __kmalloc_track_caller+0x5d/0x2e0
[ 1168.926874][T17309]  kstrdup_const+0x51/0x90
02:42:40 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800d20010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:40 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x80045438, 0x0)

02:42:40 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800d60010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1168.931289][T17309]  __kernfs_new_node+0x99/0x6d0
[ 1168.936136][T17309]  ? mutex_lock+0xa6/0x110
[ 1168.940569][T17309]  ? kernfs_new_node+0x160/0x160
[ 1168.945507][T17309]  ? kernfs_activate+0x3fc/0x420
[ 1168.950443][T17309]  kernfs_new_node+0x95/0x160
[ 1168.955119][T17309]  kernfs_create_link+0x9c/0x1f0
[ 1168.960051][T17309]  sysfs_do_create_link_sd+0x85/0x100
[ 1168.965418][T17309]  device_add+0x989/0x18a0
[ 1168.969833][T17309]  ? get_device+0x30/0x30
[ 1168.974159][T17309]  ? virtual_device_parent+0x50/0x50
[ 1168.979441][T17309]  ? h4_open+0x4f/0x140
[ 1168.983641][T17309]  hci_register_dev+0x32e/0x710
[ 1168.988488][T17309]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1168.993511][T17309]  ? hci_uart_tty_write+0x10/0x10
[ 1168.998535][T17309]  tty_ioctl+0xf68/0x1710
[ 1169.002864][T17309]  ? tty_do_resize+0x170/0x170
[ 1169.007739][T17309]  ? avc_ss_reset+0x3a0/0x3a0
[ 1169.012408][T17309]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1169.018591][T17309]  ? refcount_inc_checked+0x50/0x50
[ 1169.023792][T17309]  ? memcg_check_events+0x5c/0x5b0
[ 1169.028899][T17309]  ? proc_fail_nth_write+0x1d5/0x240
[ 1169.034180][T17309]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1169.039462][T17309]  ? __lru_cache_add+0x1c4/0x210
[ 1169.044402][T17309]  ? memset+0x1f/0x40
[ 1169.048550][T17309]  ? fsnotify+0x1332/0x13f0
[ 1169.053038][T17309]  ? tty_do_resize+0x170/0x170
[ 1169.057793][T17309]  do_vfs_ioctl+0x76a/0x1720
[ 1169.062369][T17309]  ? selinux_file_ioctl+0x72f/0x990
[ 1169.067546][T17309]  ? ioctl_preallocate+0x250/0x250
[ 1169.072821][T17309]  ? __fget+0x37b/0x3c0
[ 1169.077146][T17309]  ? vfs_write+0x422/0x4e0
[ 1169.081545][T17309]  ? fget_many+0x20/0x20
[ 1169.085973][T17309]  ? debug_smp_processor_id+0x20/0x20
[ 1169.091343][T17309]  ? security_file_ioctl+0x9d/0xb0
[ 1169.096453][T17309]  __x64_sys_ioctl+0xd4/0x110
[ 1169.101114][T17309]  do_syscall_64+0xcb/0x1e0
[ 1169.105610][T17309]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1169.111663][T17309] RIP: 0033:0x4665d9
[ 1169.115806][T17309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1169.136151][T17309] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1169.144562][T17309] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1169.152529][T17309] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1169.160494][T17309] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1169.168449][T17309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
02:42:41 executing program 1 (fault-call:2 fault-nth:21):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:41 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x80045439, 0x0)

02:42:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800da0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:41 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000010608001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1169.177121][T17309] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1169.187325][T17309] Bluetooth: Can't register HCI device
[ 1169.241311][T17357] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1169.265591][T17361] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1169.273906][T17361] FAULT_INJECTION: forcing a failure.
[ 1169.273906][T17361] name failslab, interval 1, probability 0, space 0, times 0
[ 1169.287101][T17361] CPU: 0 PID: 17361 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1169.297327][T17361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1169.307410][T17361] Call Trace:
[ 1169.310850][T17361]  dump_stack+0x1d8/0x24e
[ 1169.315160][T17361]  ? devkmsg_release+0x11c/0x11c
[ 1169.320342][T17361]  ? show_regs_print_info+0x12/0x12
[ 1169.325639][T17361]  should_fail+0x6f6/0x860
[ 1169.330046][T17361]  ? setup_fault_attr+0x3d0/0x3d0
[ 1169.335053][T17361]  ? __kernfs_new_node+0xdb/0x6d0
[ 1169.340054][T17361]  should_failslab+0x5/0x20
[ 1169.344530][T17361]  kmem_cache_alloc+0x36/0x290
[ 1169.349276][T17361]  ? memcpy+0x38/0x50
[ 1169.353331][T17361]  __kernfs_new_node+0xdb/0x6d0
[ 1169.358194][T17361]  ? mutex_lock+0xa6/0x110
[ 1169.362698][T17361]  ? kernfs_new_node+0x160/0x160
[ 1169.367617][T17361]  ? kernfs_activate+0x3fc/0x420
[ 1169.373468][T17361]  kernfs_new_node+0x95/0x160
[ 1169.378121][T17361]  kernfs_create_link+0x9c/0x1f0
[ 1169.383044][T17361]  sysfs_do_create_link_sd+0x85/0x100
[ 1169.388403][T17361]  device_add+0x989/0x18a0
[ 1169.392801][T17361]  ? get_device+0x30/0x30
[ 1169.397109][T17361]  ? virtual_device_parent+0x50/0x50
[ 1169.402379][T17361]  ? h4_open+0x4f/0x140
[ 1169.406514][T17361]  hci_register_dev+0x32e/0x710
[ 1169.413216][T17361]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1169.418345][T17361]  ? hci_uart_tty_write+0x10/0x10
[ 1169.423585][T17361]  tty_ioctl+0xf68/0x1710
[ 1169.428112][T17361]  ? tty_do_resize+0x170/0x170
[ 1169.433076][T17361]  ? avc_ss_reset+0x3a0/0x3a0
02:42:41 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x684, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000004c0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:41 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x80045440, 0x0)

02:42:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800dc0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:41 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000004008001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1169.439898][T17361]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1169.446354][T17361]  ? refcount_inc_checked+0x50/0x50
[ 1169.451526][T17361]  ? memcg_check_events+0x5c/0x5b0
[ 1169.456624][T17361]  ? proc_fail_nth_write+0x1d5/0x240
[ 1169.461904][T17361]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1169.467097][T17361]  ? __lru_cache_add+0x1c4/0x210
[ 1169.472023][T17361]  ? memset+0x1f/0x40
[ 1169.475993][T17361]  ? fsnotify+0x1332/0x13f0
02:42:41 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x800455c9, 0x0)

02:42:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000600000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1169.478076][T17368] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1169.480484][T17361]  ? tty_do_resize+0x170/0x170
[ 1169.480495][T17361]  do_vfs_ioctl+0x76a/0x1720
[ 1169.480511][T17361]  ? selinux_file_ioctl+0x72f/0x990
[ 1169.510246][T17361]  ? ioctl_preallocate+0x250/0x250
[ 1169.515356][T17361]  ? __fget+0x37b/0x3c0
[ 1169.519631][T17361]  ? vfs_write+0x422/0x4e0
[ 1169.524050][T17361]  ? fget_many+0x20/0x20
[ 1169.528288][T17361]  ? debug_smp_processor_id+0x20/0x20
[ 1169.533651][T17361]  ? security_file_ioctl+0x9d/0xb0
02:42:41 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x800455ca, 0x0)

[ 1169.539107][T17361]  __x64_sys_ioctl+0xd4/0x110
[ 1169.544215][T17361]  do_syscall_64+0xcb/0x1e0
[ 1169.548712][T17361]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1169.554680][T17361] RIP: 0033:0x4665d9
[ 1169.558694][T17361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1169.571534][T17380] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1169.578467][T17361] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1169.578477][T17361] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1169.578482][T17361] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1169.578487][T17361] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1169.578491][T17361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
02:42:41 executing program 1 (fault-call:2 fault-nth:22):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:41 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000008108001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000680000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800de0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1169.578495][T17361] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1169.583795][T17361] Bluetooth: Can't register HCI device
[ 1169.674266][T17391] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1169.704970][T17398] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1169.715786][T17398] FAULT_INJECTION: forcing a failure.
[ 1169.715786][T17398] name failslab, interval 1, probability 0, space 0, times 0
[ 1169.728872][T17398] CPU: 0 PID: 17398 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1169.739108][T17398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1169.749326][T17398] Call Trace:
[ 1169.752603][T17398]  dump_stack+0x1d8/0x24e
[ 1169.757132][T17398]  ? devkmsg_release+0x11c/0x11c
[ 1169.762052][T17398]  ? __kasan_kmalloc+0x1a3/0x1e0
[ 1169.767111][T17398]  ? show_regs_print_info+0x12/0x12
[ 1169.772291][T17398]  ? kmem_cache_alloc+0x115/0x290
[ 1169.777297][T17398]  ? __kernfs_new_node+0xdb/0x6d0
[ 1169.782301][T17398]  ? kernfs_new_node+0x95/0x160
[ 1169.787132][T17398]  ? sysfs_do_create_link_sd+0x85/0x100
[ 1169.792694][T17398]  should_fail+0x6f6/0x860
[ 1169.797101][T17398]  ? setup_fault_attr+0x3d0/0x3d0
[ 1169.802105][T17398]  ? mutex_unlock+0x19/0x40
[ 1169.806616][T17398]  ? kernfs_xattr_get+0x81/0x90
[ 1169.811449][T17398]  ? __kernfs_new_node+0xdb/0x6d0
[ 1169.816457][T17398]  should_failslab+0x5/0x20
[ 1169.820936][T17398]  kmem_cache_alloc+0x36/0x290
[ 1169.825673][T17398]  __kernfs_new_node+0xdb/0x6d0
[ 1169.830797][T17398]  ? kernfs_new_node+0x160/0x160
[ 1169.835844][T17398]  ? _raw_spin_lock+0xa3/0x1b0
[ 1169.840720][T17398]  ? security_kernfs_init_security+0x9a/0xb0
[ 1169.846691][T17398]  ? __kernfs_new_node+0x50b/0x6d0
[ 1169.851822][T17398]  kernfs_new_node+0x95/0x160
[ 1169.856501][T17398]  __kernfs_create_file+0x45/0x260
[ 1169.861587][T17398]  sysfs_add_file_mode_ns+0x293/0x340
[ 1169.866948][T17398]  sysfs_create_file_ns+0x18c/0x2b0
[ 1169.872161][T17398]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1169.877691][T17398]  ? device_create_file+0xe2/0x1a0
[ 1169.882812][T17398]  device_add+0xc44/0x18a0
[ 1169.887212][T17398]  ? virtual_device_parent+0x50/0x50
[ 1169.892476][T17398]  ? h4_open+0x4f/0x140
[ 1169.896605][T17398]  hci_register_dev+0x32e/0x710
[ 1169.901435][T17398]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1169.906458][T17398]  ? hci_uart_tty_write+0x10/0x10
[ 1169.911459][T17398]  tty_ioctl+0xf68/0x1710
[ 1169.915768][T17398]  ? tty_do_resize+0x170/0x170
[ 1169.920506][T17398]  ? avc_ss_reset+0x3a0/0x3a0
[ 1169.925173][T17398]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1169.931318][T17398]  ? refcount_inc_checked+0x50/0x50
[ 1169.936486][T17398]  ? memcg_check_events+0x5c/0x5b0
[ 1169.941571][T17398]  ? proc_fail_nth_write+0x1d5/0x240
[ 1169.946825][T17398]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1169.951994][T17398]  ? __lru_cache_add+0x1c4/0x210
[ 1169.956906][T17398]  ? memset+0x1f/0x40
[ 1169.960867][T17398]  ? fsnotify+0x1332/0x13f0
[ 1169.965457][T17398]  ? tty_do_resize+0x170/0x170
[ 1169.970194][T17398]  do_vfs_ioctl+0x76a/0x1720
[ 1169.974843][T17398]  ? selinux_file_ioctl+0x72f/0x990
[ 1169.980013][T17398]  ? ioctl_preallocate+0x250/0x250
[ 1169.985176][T17398]  ? __fget+0x37b/0x3c0
[ 1169.989315][T17398]  ? vfs_write+0x422/0x4e0
[ 1169.993960][T17398]  ? fget_many+0x20/0x20
[ 1169.998451][T17398]  ? debug_smp_processor_id+0x20/0x20
[ 1170.004030][T17398]  ? security_file_ioctl+0x9d/0xb0
[ 1170.009299][T17398]  __x64_sys_ioctl+0xd4/0x110
[ 1170.013988][T17398]  do_syscall_64+0xcb/0x1e0
[ 1170.018474][T17398]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1170.024351][T17398] RIP: 0033:0x4665d9
[ 1170.028279][T17398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
02:42:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000016b0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:41 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x800455cc, 0x0)

02:42:41 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000005001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800e40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:41 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x685, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:41 executing program 1 (fault-call:2 fault-nth:23):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1170.049690][T17398] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1170.058169][T17398] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1170.066207][T17398] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1170.074157][T17398] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1170.082101][T17398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1170.090051][T17398] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1170.099343][T17398] Bluetooth: Can't register HCI device
02:42:41 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000006c0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:41 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x80086601, 0x0)

02:42:41 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2801e80010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:41 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000006001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1170.155435][T17412] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1170.173911][T17414] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1170.182433][T17414] FAULT_INJECTION: forcing a failure.
[ 1170.182433][T17414] name failslab, interval 1, probability 0, space 0, times 0
02:42:42 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x80087601, 0x0)

02:42:42 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000208001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1170.207613][T17414] CPU: 0 PID: 17414 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1170.217864][T17414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1170.228169][T17414] Call Trace:
[ 1170.228998][T17424] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1170.231451][T17414]  dump_stack+0x1d8/0x24e
[ 1170.231462][T17414]  ? devkmsg_release+0x11c/0x11c
[ 1170.231472][T17414]  ? __kasan_kmalloc+0x1a3/0x1e0
02:42:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000740000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:42 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000308001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1170.231483][T17414]  ? show_regs_print_info+0x12/0x12
[ 1170.231544][T17414]  ? kmem_cache_alloc+0x115/0x290
[ 1170.264711][T17414]  ? __kernfs_new_node+0xdb/0x6d0
[ 1170.269733][T17414]  ? kernfs_new_node+0x95/0x160
[ 1170.274586][T17414]  ? sysfs_do_create_link_sd+0x85/0x100
[ 1170.280132][T17414]  should_fail+0x6f6/0x860
[ 1170.284549][T17414]  ? setup_fault_attr+0x3d0/0x3d0
[ 1170.289664][T17414]  ? mutex_unlock+0x19/0x40
[ 1170.294159][T17414]  ? kernfs_xattr_get+0x81/0x90
[ 1170.299044][T17414]  ? __kernfs_new_node+0xdb/0x6d0
02:42:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000000007a0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1170.304065][T17414]  should_failslab+0x5/0x20
[ 1170.308568][T17414]  kmem_cache_alloc+0x36/0x290
[ 1170.313335][T17414]  __kernfs_new_node+0xdb/0x6d0
[ 1170.318185][T17414]  ? kernfs_new_node+0x160/0x160
[ 1170.323118][T17414]  ? _raw_spin_lock+0xa3/0x1b0
[ 1170.327879][T17414]  ? security_kernfs_init_security+0x9a/0xb0
[ 1170.333855][T17414]  ? __kernfs_new_node+0x50b/0x6d0
[ 1170.339049][T17414]  kernfs_new_node+0x95/0x160
[ 1170.343723][T17414]  __kernfs_create_file+0x45/0x260
[ 1170.348918][T17414]  sysfs_add_file_mode_ns+0x293/0x340
[ 1170.354286][T17414]  sysfs_create_file_ns+0x18c/0x2b0
[ 1170.359785][T17414]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1170.365335][T17414]  ? device_create_file+0xe2/0x1a0
[ 1170.370859][T17414]  device_add+0xc44/0x18a0
[ 1170.375391][T17414]  ? virtual_device_parent+0x50/0x50
[ 1170.380668][T17414]  ? h4_open+0x4f/0x140
[ 1170.384820][T17414]  hci_register_dev+0x32e/0x710
[ 1170.390215][T17414]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1170.395352][T17414]  ? hci_uart_tty_write+0x10/0x10
[ 1170.400356][T17414]  tty_ioctl+0xf68/0x1710
[ 1170.404845][T17414]  ? tty_do_resize+0x170/0x170
[ 1170.410453][T17414]  ? avc_ss_reset+0x3a0/0x3a0
[ 1170.415103][T17414]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1170.421583][T17414]  ? refcount_inc_checked+0x50/0x50
[ 1170.426868][T17414]  ? memcg_check_events+0x5c/0x5b0
[ 1170.432058][T17414]  ? proc_fail_nth_write+0x1d5/0x240
[ 1170.437320][T17414]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1170.442499][T17414]  ? __lru_cache_add+0x1c4/0x210
[ 1170.447426][T17414]  ? memset+0x1f/0x40
[ 1170.451472][T17414]  ? fsnotify+0x1332/0x13f0
[ 1170.456047][T17414]  ? tty_do_resize+0x170/0x170
[ 1170.460881][T17414]  do_vfs_ioctl+0x76a/0x1720
[ 1170.465451][T17414]  ? selinux_file_ioctl+0x72f/0x990
[ 1170.470744][T17414]  ? ioctl_preallocate+0x250/0x250
[ 1170.475844][T17414]  ? __fget+0x37b/0x3c0
[ 1170.479982][T17414]  ? vfs_write+0x422/0x4e0
[ 1170.484382][T17414]  ? fget_many+0x20/0x20
[ 1170.488627][T17414]  ? debug_smp_processor_id+0x20/0x20
[ 1170.493986][T17414]  ? security_file_ioctl+0x9d/0xb0
[ 1170.499068][T17414]  __x64_sys_ioctl+0xd4/0x110
[ 1170.503722][T17414]  do_syscall_64+0xcb/0x1e0
[ 1170.508382][T17414]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1170.514597][T17414] RIP: 0033:0x4665d9
[ 1170.518591][T17414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1170.538652][T17414] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1170.547295][T17414] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1170.555258][T17414] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1170.563333][T17414] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1170.571731][T17414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1170.580186][T17414] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1170.589132][T17414] Bluetooth: Can't register HCI device
02:42:42 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x686, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:42 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0xc0045878, 0x0)

02:42:42 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000408001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000800000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:42 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2801ea0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:42 executing program 1 (fault-call:2 fault-nth:24):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000810000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:42 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000009001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:42 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0xc0045878, 0x0)

02:42:42 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803ea0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1170.688573][T17458] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1170.698701][T17458] FAULT_INJECTION: forcing a failure.
[ 1170.698701][T17458] name failslab, interval 1, probability 0, space 0, times 0
[ 1170.711938][T17458] CPU: 0 PID: 17458 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1170.722184][T17458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1170.732369][T17458] Call Trace:
02:42:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000ffffff810000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1170.735661][T17458]  dump_stack+0x1d8/0x24e
[ 1170.740312][T17458]  ? devkmsg_release+0x11c/0x11c
[ 1170.745247][T17458]  ? mutex_unlock+0x19/0x40
[ 1170.747012][T17467] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1170.749745][T17458]  ? show_regs_print_info+0x12/0x12
[ 1170.749756][T17458]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1170.749773][T17458]  should_fail+0x6f6/0x860
[ 1170.773826][T17458]  ? setup_fault_attr+0x3d0/0x3d0
[ 1170.778848][T17458]  ? _raw_spin_lock+0xa3/0x1b0
[ 1170.783698][T17458]  ? __kernfs_new_node+0xdb/0x6d0
02:42:42 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000000000000a001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1170.788720][T17458]  should_failslab+0x5/0x20
[ 1170.793220][T17458]  kmem_cache_alloc+0x36/0x290
[ 1170.798104][T17458]  __kernfs_new_node+0xdb/0x6d0
[ 1170.802960][T17458]  ? mutex_lock+0xa6/0x110
[ 1170.807375][T17458]  ? kernfs_new_node+0x160/0x160
[ 1170.812302][T17458]  ? _raw_spin_lock+0xa3/0x1b0
[ 1170.817063][T17458]  ? kernfs_activate+0x3fc/0x420
[ 1170.820935][T17473] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1170.821993][T17458]  kernfs_create_dir_ns+0x90/0x220
[ 1170.822010][T17458]  internal_create_group+0x294/0xf10
[ 1170.840744][T17458]  ? sysfs_create_group+0x20/0x20
[ 1170.845939][T17458]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1170.851484][T17458]  ? bus_add_device+0x92/0x3f0
[ 1170.856244][T17458]  dpm_sysfs_add+0x59/0x260
[ 1170.860746][T17458]  device_add+0xde7/0x18a0
[ 1170.865253][T17458]  ? virtual_device_parent+0x50/0x50
[ 1170.870530][T17458]  ? h4_open+0x4f/0x140
[ 1170.874685][T17458]  hci_register_dev+0x32e/0x710
[ 1170.879533][T17458]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1170.884734][T17458]  ? hci_uart_tty_write+0x10/0x10
[ 1170.889751][T17458]  tty_ioctl+0xf68/0x1710
[ 1170.894072][T17458]  ? tty_do_resize+0x170/0x170
[ 1170.898995][T17458]  ? avc_ss_reset+0x3a0/0x3a0
[ 1170.903682][T17458]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1170.909926][T17458]  ? refcount_inc_checked+0x50/0x50
[ 1170.915110][T17458]  ? memcg_check_events+0x5c/0x5b0
[ 1170.920204][T17458]  ? proc_fail_nth_write+0x1d5/0x240
[ 1170.925466][T17458]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1170.930642][T17458]  ? __lru_cache_add+0x1c4/0x210
[ 1170.935562][T17458]  ? memset+0x1f/0x40
[ 1170.939646][T17458]  ? fsnotify+0x1332/0x13f0
[ 1170.944506][T17458]  ? tty_do_resize+0x170/0x170
[ 1170.949351][T17458]  do_vfs_ioctl+0x76a/0x1720
[ 1170.954097][T17458]  ? selinux_file_ioctl+0x72f/0x990
[ 1170.959273][T17458]  ? ioctl_preallocate+0x250/0x250
[ 1170.964548][T17458]  ? __fget+0x37b/0x3c0
[ 1170.968771][T17458]  ? vfs_write+0x422/0x4e0
[ 1170.973179][T17458]  ? fget_many+0x20/0x20
[ 1170.977400][T17458]  ? debug_smp_processor_id+0x20/0x20
[ 1170.982864][T17458]  ? security_file_ioctl+0x9d/0xb0
[ 1170.987971][T17458]  __x64_sys_ioctl+0xd4/0x110
[ 1170.992628][T17458]  do_syscall_64+0xcb/0x1e0
[ 1170.997288][T17458]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1171.003421][T17458] RIP: 0033:0x4665d9
[ 1171.007330][T17458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1171.026914][T17458] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1171.035604][T17458] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1171.043684][T17458] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1171.051838][T17458] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1171.059797][T17458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1171.067744][T17458] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1171.076432][T17458] Bluetooth: Can't register HCI device
02:42:43 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x687, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000ffffff9e0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000000000000b001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0xc0189436, 0x0)

02:42:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800f00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:43 executing program 1 (fault-call:2 fault-nth:25):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000ffffffea0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800f30010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000011001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0xc020660b, 0x0)

[ 1171.225072][T17490] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1171.236012][T17493] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1171.236114][T17490] FAULT_INJECTION: forcing a failure.
[ 1171.236114][T17490] name failslab, interval 1, probability 0, space 0, times 0
[ 1171.258241][T17490] CPU: 1 PID: 17490 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1171.269307][T17490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1171.279428][T17490] Call Trace:
[ 1171.282943][T17490]  dump_stack+0x1d8/0x24e
[ 1171.287358][T17490]  ? devkmsg_release+0x11c/0x11c
[ 1171.292485][T17490]  ? show_regs_print_info+0x12/0x12
[ 1171.297804][T17490]  ? mutex_unlock+0x19/0x40
[ 1171.302317][T17490]  should_fail+0x6f6/0x860
[ 1171.306884][T17490]  ? setup_fault_attr+0x3d0/0x3d0
[ 1171.311879][T17490]  ? selinux_path_notify+0x6c0/0x6c0
[ 1171.317161][T17490]  ? __kernfs_new_node+0xdb/0x6d0
[ 1171.322434][T17490]  should_failslab+0x5/0x20
[ 1171.326996][T17490]  kmem_cache_alloc+0x36/0x290
[ 1171.331828][T17490]  ? _raw_spin_lock+0xa3/0x1b0
[ 1171.336563][T17490]  __kernfs_new_node+0xdb/0x6d0
[ 1171.341420][T17490]  ? kernfs_new_node+0x160/0x160
[ 1171.346338][T17490]  ? mutex_lock+0xa6/0x110
[ 1171.350983][T17490]  ? mutex_trylock+0xb0/0xb0
[ 1171.355543][T17490]  ? kernfs_activate+0x3fc/0x420
[ 1171.360584][T17490]  kernfs_new_node+0x95/0x160
[ 1171.365556][T17490]  __kernfs_create_file+0x45/0x260
[ 1171.370768][T17490]  sysfs_add_file_mode_ns+0x293/0x340
[ 1171.376115][T17490]  sysfs_merge_group+0x204/0x440
[ 1171.381254][T17490]  ? sysfs_remove_groups+0xb0/0xb0
[ 1171.386549][T17490]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1171.392082][T17490]  ? bus_add_device+0x92/0x3f0
[ 1171.396819][T17490]  dpm_sysfs_add+0xbd/0x260
[ 1171.401395][T17490]  device_add+0xde7/0x18a0
[ 1171.405785][T17490]  ? virtual_device_parent+0x50/0x50
[ 1171.411052][T17490]  ? h4_open+0x4f/0x140
[ 1171.415200][T17490]  hci_register_dev+0x32e/0x710
[ 1171.420127][T17490]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1171.425242][T17490]  ? hci_uart_tty_write+0x10/0x10
[ 1171.430255][T17490]  tty_ioctl+0xf68/0x1710
[ 1171.434705][T17490]  ? tty_do_resize+0x170/0x170
[ 1171.439534][T17490]  ? avc_ss_reset+0x3a0/0x3a0
[ 1171.444221][T17490]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1171.450353][T17490]  ? refcount_inc_checked+0x50/0x50
[ 1171.455529][T17490]  ? memcg_check_events+0x5c/0x5b0
[ 1171.460728][T17490]  ? proc_fail_nth_write+0x1d5/0x240
[ 1171.465992][T17490]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1171.471531][T17490]  ? __lru_cache_add+0x1c4/0x210
[ 1171.476626][T17490]  ? memset+0x1f/0x40
[ 1171.480577][T17490]  ? fsnotify+0x1332/0x13f0
[ 1171.485228][T17490]  ? tty_do_resize+0x170/0x170
[ 1171.490075][T17490]  do_vfs_ioctl+0x76a/0x1720
[ 1171.494657][T17490]  ? selinux_file_ioctl+0x72f/0x990
[ 1171.499923][T17490]  ? ioctl_preallocate+0x250/0x250
[ 1171.505014][T17490]  ? __fget+0x37b/0x3c0
[ 1171.509144][T17490]  ? vfs_write+0x422/0x4e0
[ 1171.513555][T17490]  ? fget_many+0x20/0x20
[ 1171.517788][T17490]  ? debug_smp_processor_id+0x20/0x20
[ 1171.523136][T17490]  ? security_file_ioctl+0x9d/0xb0
[ 1171.528223][T17490]  __x64_sys_ioctl+0xd4/0x110
[ 1171.533223][T17490]  do_syscall_64+0xcb/0x1e0
[ 1171.537701][T17490]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1171.543650][T17490] RIP: 0033:0x4665d9
[ 1171.547524][T17490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1171.567119][T17490] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1171.575509][T17490] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1171.583471][T17490] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1171.591433][T17490] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1171.599394][T17490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1171.607340][T17490] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1171.621372][T17490] Bluetooth: Can't register HCI device
02:42:43 executing program 1 (fault-call:2 fault-nth:26):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000ffffffef0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1171.660975][T17508] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1171.688002][T17508] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
02:42:43 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x688, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x2)

02:42:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000012001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800f60010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1171.713237][T17515] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1171.722301][T17515] FAULT_INJECTION: forcing a failure.
[ 1171.722301][T17515] name failslab, interval 1, probability 0, space 0, times 0
[ 1171.735653][T17515] CPU: 1 PID: 17515 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1171.746229][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1171.756267][T17515] Call Trace:
[ 1171.759549][T17515]  dump_stack+0x1d8/0x24e
[ 1171.763862][T17515]  ? devkmsg_release+0x11c/0x11c
[ 1171.768812][T17515]  ? mutex_unlock+0x19/0x40
[ 1171.773312][T17515]  ? show_regs_print_info+0x12/0x12
[ 1171.778484][T17515]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1171.784520][T17515]  should_fail+0x6f6/0x860
[ 1171.788908][T17515]  ? setup_fault_attr+0x3d0/0x3d0
[ 1171.793903][T17515]  ? _raw_spin_lock+0xa3/0x1b0
[ 1171.798636][T17515]  ? __kernfs_new_node+0xdb/0x6d0
[ 1171.803633][T17515]  should_failslab+0x5/0x20
[ 1171.808225][T17515]  kmem_cache_alloc+0x36/0x290
[ 1171.813004][T17515]  __kernfs_new_node+0xdb/0x6d0
[ 1171.818052][T17515]  ? mutex_lock+0xa6/0x110
[ 1171.822444][T17515]  ? kernfs_new_node+0x160/0x160
[ 1171.827364][T17515]  ? mutex_lock+0xa6/0x110
[ 1171.831932][T17515]  ? kernfs_activate+0x3fc/0x420
[ 1171.836855][T17515]  kernfs_new_node+0x95/0x160
[ 1171.841516][T17515]  __kernfs_create_file+0x45/0x260
[ 1171.846604][T17515]  sysfs_add_file_mode_ns+0x293/0x340
[ 1171.851950][T17515]  sysfs_merge_group+0x204/0x440
[ 1171.856968][T17515]  ? sysfs_remove_groups+0xb0/0xb0
[ 1171.862346][T17515]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1171.868052][T17515]  ? bus_add_device+0x92/0x3f0
[ 1171.872798][T17515]  dpm_sysfs_add+0xbd/0x260
[ 1171.877295][T17515]  device_add+0xde7/0x18a0
[ 1171.881709][T17515]  ? virtual_device_parent+0x50/0x50
[ 1171.887002][T17515]  ? h4_open+0x4f/0x140
[ 1171.891156][T17515]  hci_register_dev+0x32e/0x710
[ 1171.895983][T17515]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1171.900980][T17515]  ? hci_uart_tty_write+0x10/0x10
[ 1171.905976][T17515]  tty_ioctl+0xf68/0x1710
[ 1171.910277][T17515]  ? tty_do_resize+0x170/0x170
[ 1171.915011][T17515]  ? avc_ss_reset+0x3a0/0x3a0
[ 1171.919659][T17515]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1171.925792][T17515]  ? refcount_inc_checked+0x50/0x50
[ 1171.931085][T17515]  ? memcg_check_events+0x5c/0x5b0
[ 1171.936176][T17515]  ? proc_fail_nth_write+0x1d5/0x240
[ 1171.941437][T17515]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1171.947163][T17515]  ? __lru_cache_add+0x1c4/0x210
[ 1171.952419][T17515]  ? memset+0x1f/0x40
[ 1171.956385][T17515]  ? fsnotify+0x1332/0x13f0
[ 1171.960871][T17515]  ? tty_do_resize+0x170/0x170
[ 1171.965871][T17515]  do_vfs_ioctl+0x76a/0x1720
[ 1171.970496][T17515]  ? selinux_file_ioctl+0x72f/0x990
[ 1171.975838][T17515]  ? ioctl_preallocate+0x250/0x250
[ 1171.980934][T17515]  ? __fget+0x37b/0x3c0
[ 1171.985068][T17515]  ? vfs_write+0x422/0x4e0
[ 1171.989635][T17515]  ? fget_many+0x20/0x20
[ 1171.993873][T17515]  ? debug_smp_processor_id+0x20/0x20
[ 1171.999483][T17515]  ? security_file_ioctl+0x9d/0xb0
[ 1172.004577][T17515]  __x64_sys_ioctl+0xd4/0x110
[ 1172.009311][T17515]  do_syscall_64+0xcb/0x1e0
[ 1172.013800][T17515]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1172.019701][T17515] RIP: 0033:0x4665d9
[ 1172.023568][T17515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1172.043927][T17515] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1172.052677][T17515] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
02:42:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000fffffff00000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:43 executing program 1 (fault-call:2 fault-nth:27):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1172.060737][T17515] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1172.068776][T17515] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1172.077364][T17515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1172.085734][T17515] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1172.098503][T17515] Bluetooth: Can't register HCI device
02:42:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x3)

02:42:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000fffffffe0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2803f80010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1172.152087][T17531] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1172.168837][T17534] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1172.172779][T17531] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1172.184959][T17534] FAULT_INJECTION: forcing a failure.
[ 1172.184959][T17534] name failslab, interval 1, probability 0, space 0, times 0
[ 1172.205305][T17534] CPU: 1 PID: 17534 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1172.215679][T17534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1172.225800][T17534] Call Trace:
[ 1172.229306][T17534]  dump_stack+0x1d8/0x24e
[ 1172.233717][T17534]  ? devkmsg_release+0x11c/0x11c
[ 1172.238741][T17534]  ? mutex_unlock+0x19/0x40
[ 1172.243333][T17534]  ? show_regs_print_info+0x12/0x12
[ 1172.248507][T17534]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1172.254546][T17534]  should_fail+0x6f6/0x860
[ 1172.259067][T17534]  ? setup_fault_attr+0x3d0/0x3d0
[ 1172.264081][T17534]  ? _raw_spin_lock+0xa3/0x1b0
[ 1172.268822][T17534]  ? __kernfs_new_node+0xdb/0x6d0
[ 1172.273823][T17534]  should_failslab+0x5/0x20
[ 1172.278310][T17534]  kmem_cache_alloc+0x36/0x290
[ 1172.283152][T17534]  __kernfs_new_node+0xdb/0x6d0
[ 1172.288173][T17534]  ? mutex_lock+0xa6/0x110
[ 1172.292655][T17534]  ? kernfs_new_node+0x160/0x160
[ 1172.297651][T17534]  ? mutex_lock+0xa6/0x110
[ 1172.302135][T17534]  ? kernfs_activate+0x3fc/0x420
[ 1172.307338][T17534]  kernfs_new_node+0x95/0x160
[ 1172.311999][T17534]  __kernfs_create_file+0x45/0x260
[ 1172.317290][T17534]  sysfs_add_file_mode_ns+0x293/0x340
[ 1172.322647][T17534]  sysfs_merge_group+0x204/0x440
[ 1172.327570][T17534]  ? sysfs_remove_groups+0xb0/0xb0
[ 1172.332846][T17534]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1172.338360][T17534]  ? bus_add_device+0x92/0x3f0
[ 1172.343733][T17534]  dpm_sysfs_add+0xbd/0x260
[ 1172.348453][T17534]  device_add+0xde7/0x18a0
[ 1172.354084][T17534]  ? virtual_device_parent+0x50/0x50
[ 1172.359453][T17534]  ? h4_open+0x4f/0x140
[ 1172.363599][T17534]  hci_register_dev+0x32e/0x710
[ 1172.368430][T17534]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1172.373792][T17534]  ? hci_uart_tty_write+0x10/0x10
[ 1172.378820][T17534]  tty_ioctl+0xf68/0x1710
[ 1172.383212][T17534]  ? tty_do_resize+0x170/0x170
[ 1172.388044][T17534]  ? avc_ss_reset+0x3a0/0x3a0
[ 1172.392696][T17534]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1172.399960][T17534]  ? refcount_inc_checked+0x50/0x50
[ 1172.406505][T17534]  ? memcg_check_events+0x5c/0x5b0
[ 1172.411597][T17534]  ? proc_fail_nth_write+0x1d5/0x240
[ 1172.416854][T17534]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1172.422136][T17534]  ? __lru_cache_add+0x1c4/0x210
[ 1172.427052][T17534]  ? memset+0x1f/0x40
[ 1172.431005][T17534]  ? fsnotify+0x1332/0x13f0
[ 1172.435477][T17534]  ? tty_do_resize+0x170/0x170
[ 1172.440306][T17534]  do_vfs_ioctl+0x76a/0x1720
[ 1172.444866][T17534]  ? selinux_file_ioctl+0x72f/0x990
[ 1172.450408][T17534]  ? ioctl_preallocate+0x250/0x250
[ 1172.455500][T17534]  ? __fget+0x37b/0x3c0
[ 1172.459623][T17534]  ? vfs_write+0x422/0x4e0
[ 1172.464010][T17534]  ? fget_many+0x20/0x20
[ 1172.468313][T17534]  ? debug_smp_processor_id+0x20/0x20
[ 1172.473672][T17534]  ? security_file_ioctl+0x9d/0xb0
[ 1172.478754][T17534]  __x64_sys_ioctl+0xd4/0x110
[ 1172.483404][T17534]  do_syscall_64+0xcb/0x1e0
[ 1172.487897][T17534]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1172.493772][T17534] RIP: 0033:0x4665d9
[ 1172.497635][T17534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1172.517315][T17534] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1172.525786][T17534] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1172.533729][T17534] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1172.541671][T17534] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
02:42:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000013001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:44 executing program 1 (fault-call:2 fault-nth:28):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1172.550185][T17534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1172.558485][T17534] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1172.568265][T17534] Bluetooth: Can't register HCI device
02:42:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000007fffffff0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:44 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

02:42:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000014001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:44 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x689, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000ffffffff0000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1172.608944][T17545] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1172.622166][T17545] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1172.645854][T17552] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:42:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800fa0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1172.679706][T17552] FAULT_INJECTION: forcing a failure.
[ 1172.679706][T17552] name failslab, interval 1, probability 0, space 0, times 0
[ 1172.697421][T17561] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1172.719440][T17552] CPU: 0 PID: 17552 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
02:42:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000020001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800fc0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000020000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1172.720409][T17561] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1172.730068][T17552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1172.730072][T17552] Call Trace:
[ 1172.730095][T17552]  dump_stack+0x1d8/0x24e
[ 1172.730106][T17552]  ? devkmsg_release+0x11c/0x11c
[ 1172.730115][T17552]  ? mutex_unlock+0x19/0x40
[ 1172.730124][T17552]  ? show_regs_print_info+0x12/0x12
[ 1172.730132][T17552]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1172.730144][T17552]  should_fail+0x6f6/0x860
[ 1172.730155][T17552]  ? setup_fault_attr+0x3d0/0x3d0
[ 1172.730163][T17552]  ? _raw_spin_lock+0xa3/0x1b0
[ 1172.730173][T17552]  ? __kernfs_new_node+0xdb/0x6d0
[ 1172.730192][T17552]  should_failslab+0x5/0x20
[ 1172.801805][T17552]  kmem_cache_alloc+0x36/0x290
[ 1172.806584][T17552]  __kernfs_new_node+0xdb/0x6d0
[ 1172.811445][T17552]  ? mutex_lock+0xa6/0x110
[ 1172.815898][T17552]  ? kernfs_new_node+0x160/0x160
[ 1172.818316][T17574] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
02:42:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000040001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000030000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1172.820918][T17552]  ? mutex_lock+0xa6/0x110
[ 1172.820932][T17552]  ? kernfs_activate+0x3fc/0x420
[ 1172.820947][T17552]  kernfs_new_node+0x95/0x160
[ 1172.843069][T17552]  __kernfs_create_file+0x45/0x260
[ 1172.848182][T17552]  sysfs_add_file_mode_ns+0x293/0x340
[ 1172.853596][T17552]  sysfs_merge_group+0x204/0x440
[ 1172.858535][T17552]  ? sysfs_remove_groups+0xb0/0xb0
[ 1172.863644][T17552]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1172.869188][T17552]  ? bus_add_device+0x92/0x3f0
[ 1172.874001][T17552]  dpm_sysfs_add+0xbd/0x260
[ 1172.878507][T17552]  device_add+0xde7/0x18a0
[ 1172.880463][T17580] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1172.882960][T17552]  ? virtual_device_parent+0x50/0x50
[ 1172.882970][T17552]  ? h4_open+0x4f/0x140
[ 1172.882979][T17552]  hci_register_dev+0x32e/0x710
[ 1172.882989][T17552]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1172.882998][T17552]  ? hci_uart_tty_write+0x10/0x10
[ 1172.883007][T17552]  tty_ioctl+0xf68/0x1710
[ 1172.883025][T17552]  ? tty_do_resize+0x170/0x170
[ 1172.926467][T17552]  ? avc_ss_reset+0x3a0/0x3a0
[ 1172.931150][T17552]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1172.937306][T17552]  ? refcount_inc_checked+0x50/0x50
[ 1172.942516][T17552]  ? memcg_check_events+0x5c/0x5b0
[ 1172.947627][T17552]  ? proc_fail_nth_write+0x1d5/0x240
[ 1172.952907][T17552]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1172.958112][T17552]  ? __lru_cache_add+0x1c4/0x210
[ 1172.963287][T17552]  ? memset+0x1f/0x40
[ 1172.967268][T17552]  ? fsnotify+0x1332/0x13f0
[ 1172.971983][T17552]  ? tty_do_resize+0x170/0x170
[ 1172.976745][T17552]  do_vfs_ioctl+0x76a/0x1720
[ 1172.981321][T17552]  ? selinux_file_ioctl+0x72f/0x990
[ 1172.986568][T17552]  ? ioctl_preallocate+0x250/0x250
[ 1172.991705][T17552]  ? __fget+0x37b/0x3c0
[ 1172.995909][T17552]  ? vfs_write+0x422/0x4e0
[ 1173.000547][T17552]  ? fget_many+0x20/0x20
[ 1173.005244][T17552]  ? debug_smp_processor_id+0x20/0x20
[ 1173.010661][T17552]  ? security_file_ioctl+0x9d/0xb0
[ 1173.015765][T17552]  __x64_sys_ioctl+0xd4/0x110
[ 1173.020532][T17552]  do_syscall_64+0xcb/0x1e0
[ 1173.025158][T17552]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1173.031034][T17552] RIP: 0033:0x4665d9
[ 1173.034905][T17552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1173.054702][T17552] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1173.063185][T17552] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1173.071347][T17552] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
02:42:44 executing program 1 (fault-call:2 fault-nth:29):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800fd0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1173.079510][T17552] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1173.087471][T17552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1173.095432][T17552] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1173.103755][T17552] Bluetooth: Can't register HCI device
[ 1173.141964][T17592] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1173.150810][T17592] FAULT_INJECTION: forcing a failure.
[ 1173.150810][T17592] name failslab, interval 1, probability 0, space 0, times 0
[ 1173.164168][T17592] CPU: 1 PID: 17592 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1173.174534][T17592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1173.184840][T17592] Call Trace:
[ 1173.188280][T17592]  dump_stack+0x1d8/0x24e
[ 1173.192601][T17592]  ? devkmsg_release+0x11c/0x11c
[ 1173.198164][T17592]  ? mutex_unlock+0x19/0x40
[ 1173.202775][T17592]  ? show_regs_print_info+0x12/0x12
[ 1173.208181][T17592]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1173.214368][T17592]  should_fail+0x6f6/0x860
[ 1173.218789][T17592]  ? setup_fault_attr+0x3d0/0x3d0
[ 1173.224011][T17592]  ? _raw_spin_lock+0xa3/0x1b0
[ 1173.228769][T17592]  ? __kernfs_new_node+0xdb/0x6d0
[ 1173.233800][T17592]  should_failslab+0x5/0x20
[ 1173.238304][T17592]  kmem_cache_alloc+0x36/0x290
[ 1173.243096][T17592]  __kernfs_new_node+0xdb/0x6d0
[ 1173.247968][T17592]  ? mutex_lock+0xa6/0x110
[ 1173.252567][T17592]  ? kernfs_new_node+0x160/0x160
[ 1173.257493][T17592]  ? mutex_lock+0xa6/0x110
[ 1173.262025][T17592]  ? kernfs_activate+0x3fc/0x420
[ 1173.266969][T17592]  kernfs_new_node+0x95/0x160
[ 1173.271795][T17592]  __kernfs_create_file+0x45/0x260
[ 1173.276916][T17592]  sysfs_add_file_mode_ns+0x293/0x340
[ 1173.282736][T17592]  sysfs_merge_group+0x204/0x440
[ 1173.287995][T17592]  ? sysfs_remove_groups+0xb0/0xb0
[ 1173.293085][T17592]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1173.298609][T17592]  ? bus_add_device+0x92/0x3f0
[ 1173.303633][T17592]  dpm_sysfs_add+0xbd/0x260
[ 1173.308128][T17592]  device_add+0xde7/0x18a0
[ 1173.312527][T17592]  ? virtual_device_parent+0x50/0x50
[ 1173.317927][T17592]  ? h4_open+0x4f/0x140
[ 1173.322067][T17592]  hci_register_dev+0x32e/0x710
[ 1173.326907][T17592]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1173.332174][T17592]  ? hci_uart_tty_write+0x10/0x10
[ 1173.337175][T17592]  tty_ioctl+0xf68/0x1710
[ 1173.341497][T17592]  ? tty_do_resize+0x170/0x170
[ 1173.346443][T17592]  ? avc_ss_reset+0x3a0/0x3a0
[ 1173.351282][T17592]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1173.357432][T17592]  ? refcount_inc_checked+0x50/0x50
[ 1173.362674][T17592]  ? memcg_check_events+0x5c/0x5b0
[ 1173.368218][T17592]  ? proc_fail_nth_write+0x1d5/0x240
[ 1173.373666][T17592]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1173.379135][T17592]  ? __lru_cache_add+0x1c4/0x210
[ 1173.384246][T17592]  ? memset+0x1f/0x40
[ 1173.388558][T17592]  ? fsnotify+0x1332/0x13f0
[ 1173.393047][T17592]  ? tty_do_resize+0x170/0x170
[ 1173.397800][T17592]  do_vfs_ioctl+0x76a/0x1720
[ 1173.402379][T17592]  ? selinux_file_ioctl+0x72f/0x990
[ 1173.407671][T17592]  ? ioctl_preallocate+0x250/0x250
[ 1173.412764][T17592]  ? __fget+0x37b/0x3c0
[ 1173.417091][T17592]  ? vfs_write+0x422/0x4e0
[ 1173.421839][T17592]  ? fget_many+0x20/0x20
[ 1173.426406][T17592]  ? debug_smp_processor_id+0x20/0x20
[ 1173.432499][T17592]  ? security_file_ioctl+0x9d/0xb0
[ 1173.438268][T17592]  __x64_sys_ioctl+0xd4/0x110
[ 1173.442950][T17592]  do_syscall_64+0xcb/0x1e0
[ 1173.447572][T17592]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1173.453679][T17592] RIP: 0033:0x4665d9
[ 1173.457867][T17592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1173.479164][T17592] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1173.488072][T17592] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1173.496753][T17592] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1173.505584][T17592] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1173.513890][T17592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1173.522593][T17592] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1173.536223][T17592] Bluetooth: Can't register HCI device
[ 1174.722619][ T3302] Bluetooth: hci1: command 0x1003 tx timeout
[ 1174.728686][T12658] Bluetooth: hci1: sending frame failed (-49)
[ 1176.802514][ T3302] Bluetooth: hci1: command 0x1001 tx timeout
[ 1176.808720][T12658] Bluetooth: hci1: sending frame failed (-49)
[ 1178.882470][ T3302] Bluetooth: hci1: command 0x1009 tx timeout
02:42:54 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x5)

02:42:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000004001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800fe0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:54 executing program 1 (fault-call:2 fault-nth:30):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:42:54 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x68a, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000005001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000050000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1182.985106][T17602] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1182.986004][T17603] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1182.998413][T17602] FAULT_INJECTION: forcing a failure.
[ 1182.998413][T17602] name failslab, interval 1, probability 0, space 0, times 0
[ 1183.015333][T17607] net_ratelimit: 20 callbacks suppressed
02:42:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800ff0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1183.015341][T17607] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1183.017035][T17602] CPU: 1 PID: 17602 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1183.047821][T17602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1183.059073][T17602] Call Trace:
[ 1183.062350][T17602]  dump_stack+0x1d8/0x24e
[ 1183.066927][T17602]  ? devkmsg_release+0x11c/0x11c
[ 1183.074564][T17602]  ? mutex_unlock+0x19/0x40
[ 1183.079448][T17602]  ? show_regs_print_info+0x12/0x12
[ 1183.084643][T17602]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1183.090799][T17602]  should_fail+0x6f6/0x860
[ 1183.095194][T17602]  ? setup_fault_attr+0x3d0/0x3d0
[ 1183.101944][T17602]  ? _raw_spin_lock+0xa3/0x1b0
[ 1183.106838][T17602]  ? __kernfs_new_node+0xdb/0x6d0
[ 1183.112022][T17602]  should_failslab+0x5/0x20
[ 1183.116596][T17602]  kmem_cache_alloc+0x36/0x290
[ 1183.122161][T17602]  __kernfs_new_node+0xdb/0x6d0
[ 1183.128776][T17602]  ? mutex_lock+0xa6/0x110
[ 1183.133448][T17602]  ? kernfs_new_node+0x160/0x160
[ 1183.138779][T17602]  ? mutex_lock+0xa6/0x110
[ 1183.143179][T17602]  ? kernfs_activate+0x3fc/0x420
[ 1183.148358][T17602]  kernfs_new_node+0x95/0x160
[ 1183.153041][T17602]  __kernfs_create_file+0x45/0x260
[ 1183.158315][T17602]  sysfs_add_file_mode_ns+0x293/0x340
[ 1183.164740][T17602]  sysfs_merge_group+0x204/0x440
[ 1183.169656][T17602]  ? sysfs_remove_groups+0xb0/0xb0
[ 1183.174860][T17602]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1183.180398][T17602]  ? bus_add_device+0x92/0x3f0
[ 1183.185157][T17602]  dpm_sysfs_add+0xbd/0x260
[ 1183.192374][T17602]  device_add+0xde7/0x18a0
[ 1183.196884][T17602]  ? virtual_device_parent+0x50/0x50
[ 1183.202349][T17602]  ? h4_open+0x4f/0x140
[ 1183.206692][T17602]  hci_register_dev+0x32e/0x710
[ 1183.211741][T17602]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1183.218077][T17602]  ? hci_uart_tty_write+0x10/0x10
[ 1183.223168][T17602]  tty_ioctl+0xf68/0x1710
[ 1183.227485][T17602]  ? tty_do_resize+0x170/0x170
[ 1183.232240][T17602]  ? avc_ss_reset+0x3a0/0x3a0
[ 1183.236950][T17602]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1183.243437][T17602]  ? refcount_inc_checked+0x50/0x50
[ 1183.248634][T17602]  ? memcg_check_events+0x5c/0x5b0
[ 1183.253748][T17602]  ? proc_fail_nth_write+0x1d5/0x240
[ 1183.259114][T17602]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1183.265418][T17602]  ? __lru_cache_add+0x1c4/0x210
[ 1183.271264][T17602]  ? memset+0x1f/0x40
[ 1183.275228][T17602]  ? fsnotify+0x1332/0x13f0
[ 1183.279833][T17602]  ? tty_do_resize+0x170/0x170
[ 1183.284604][T17602]  do_vfs_ioctl+0x76a/0x1720
[ 1183.289269][T17602]  ? selinux_file_ioctl+0x72f/0x990
[ 1183.294515][T17602]  ? ioctl_preallocate+0x250/0x250
[ 1183.301008][T17602]  ? __fget+0x37b/0x3c0
[ 1183.305333][T17602]  ? vfs_write+0x422/0x4e0
[ 1183.309760][T17602]  ? fget_many+0x20/0x20
[ 1183.314193][T17602]  ? debug_smp_processor_id+0x20/0x20
[ 1183.319832][T17602]  ? security_file_ioctl+0x9d/0xb0
[ 1183.327236][T17602]  __x64_sys_ioctl+0xd4/0x110
[ 1183.332704][T17602]  do_syscall_64+0xcb/0x1e0
[ 1183.337279][T17602]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1183.343558][T17602] RIP: 0033:0x4665d9
[ 1183.347432][T17602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1183.368401][T17602] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1183.376804][T17602] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
02:42:55 executing program 1 (fault-call:2 fault-nth:31):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

[ 1183.385015][T17602] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1183.394851][T17602] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1183.403177][T17602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1183.411483][T17602] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1183.421948][T17602] Bluetooth: Can't register HCI device
02:42:55 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x6)

02:42:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000060000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1183.462640][T17619] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1183.481807][T17620] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
02:42:55 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000006001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:42:55 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800000040000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:42:55 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x7)

[ 1183.522724][T17629] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1183.522935][T17626] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1183.562573][T17626] FAULT_INJECTION: forcing a failure.
02:42:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000070000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:55 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000009001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1183.562573][T17626] name failslab, interval 1, probability 0, space 0, times 0
[ 1183.579412][T17634] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1183.583273][T17626] CPU: 0 PID: 17626 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1183.600025][T17626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1183.610249][T17626] Call Trace:
[ 1183.610397][T17638] selinux_nlmsg_perm: 6 callbacks suppressed
[ 1183.610406][T17638] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=17638 comm=syz-executor.2
[ 1183.613534][T17626]  dump_stack+0x1d8/0x24e
[ 1183.613544][T17626]  ? devkmsg_release+0x11c/0x11c
[ 1183.613552][T17626]  ? show_regs_print_info+0x12/0x12
[ 1183.613564][T17626]  should_fail+0x6f6/0x860
[ 1183.613573][T17626]  ? setup_fault_attr+0x3d0/0x3d0
[ 1183.613582][T17626]  ? kzalloc+0x1d/0x30
[ 1183.613598][T17626]  should_failslab+0x5/0x20
[ 1183.668391][T17626]  __kmalloc+0x5f/0x2f0
[ 1183.672547][T17626]  ? kobject_uevent_env+0x252/0x1000
[ 1183.677833][T17626]  kzalloc+0x1d/0x30
[ 1183.681586][T17644] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1183.681730][T17626]  kobject_get_path+0xb3/0x190
[ 1183.704086][T17626]  kobject_uevent_env+0x269/0x1000
[ 1183.709462][T17626]  device_add+0xf42/0x18a0
[ 1183.710780][T17645] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1183.713874][T17626]  ? virtual_device_parent+0x50/0x50
[ 1183.713884][T17626]  ? h4_open+0x4f/0x140
[ 1183.713894][T17626]  hci_register_dev+0x32e/0x710
[ 1183.713904][T17626]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1183.713912][T17626]  ? hci_uart_tty_write+0x10/0x10
[ 1183.713927][T17626]  tty_ioctl+0xf68/0x1710
[ 1183.752085][T17626]  ? tty_do_resize+0x170/0x170
[ 1183.756952][T17626]  ? avc_ss_reset+0x3a0/0x3a0
[ 1183.761612][T17626]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1183.767745][T17626]  ? refcount_inc_checked+0x50/0x50
[ 1183.773819][T17626]  ? memcg_check_events+0x5c/0x5b0
[ 1183.779188][T17626]  ? proc_fail_nth_write+0x1d5/0x240
[ 1183.784451][T17626]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1183.789624][T17626]  ? __lru_cache_add+0x1c4/0x210
[ 1183.794686][T17626]  ? memset+0x1f/0x40
[ 1183.798740][T17626]  ? fsnotify+0x1332/0x13f0
[ 1183.805699][T17626]  ? tty_do_resize+0x170/0x170
[ 1183.810791][T17626]  do_vfs_ioctl+0x76a/0x1720
[ 1183.815465][T17626]  ? selinux_file_ioctl+0x72f/0x990
[ 1183.820675][T17626]  ? ioctl_preallocate+0x250/0x250
[ 1183.825890][T17626]  ? __fget+0x37b/0x3c0
[ 1183.831147][T17626]  ? vfs_write+0x422/0x4e0
[ 1183.836112][T17626]  ? fget_many+0x20/0x20
[ 1183.840726][T17626]  ? debug_smp_processor_id+0x20/0x20
[ 1183.846096][T17626]  ? security_file_ioctl+0x9d/0xb0
[ 1183.851504][T17626]  __x64_sys_ioctl+0xd4/0x110
[ 1183.856251][T17626]  do_syscall_64+0xcb/0x1e0
[ 1183.860847][T17626]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1183.868581][T17626] RIP: 0033:0x4665d9
[ 1183.872988][T17626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1183.893440][T17626] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1183.904071][T17626] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1183.912025][T17626] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
02:42:55 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x68b, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:42:55 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x8)

02:42:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000080000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:42:55 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2820000250000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1183.919986][T17626] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1183.928258][T17626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1183.937954][T17626] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1183.975476][T17651] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1186.001872][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1186.007946][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1188.081814][ T3302] Bluetooth: hci0: command 0x1001 tx timeout
[ 1188.088024][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1190.161666][ T3302] Bluetooth: hci0: command 0x1009 tx timeout
02:43:06 executing program 1 (fault-call:2 fault-nth:32):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:43:06 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000000000000a001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:06 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x9)

02:43:06 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800000660000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:43:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000090000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:06 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x68c, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:43:06 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000000000000b001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:06 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800000e60000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:43:06 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xa)

[ 1194.508041][T17670] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1194.520506][T17673] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1194.545359][T17675] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:43:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000a0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:06 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000010001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1194.560798][T17679] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1194.569787][T17675] FAULT_INJECTION: forcing a failure.
[ 1194.569787][T17675] name failslab, interval 1, probability 0, space 0, times 0
[ 1194.596020][T17675] CPU: 0 PID: 17675 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
02:43:06 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xb)

[ 1194.606457][T17675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1194.615657][T17688] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1194.616500][T17675] Call Trace:
[ 1194.616519][T17675]  dump_stack+0x1d8/0x24e
[ 1194.616533][T17675]  ? devkmsg_release+0x11c/0x11c
[ 1194.616542][T17675]  ? show_regs_print_info+0x12/0x12
[ 1194.616565][T17675]  should_fail+0x6f6/0x860
[ 1194.645957][T17692] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1194.649527][T17675]  ? setup_fault_attr+0x3d0/0x3d0
[ 1194.649539][T17675]  ? alloc_uevent_skb+0x73/0x220
[ 1194.649550][T17675]  should_failslab+0x5/0x20
[ 1194.649559][T17675]  __kmalloc_track_caller+0x5d/0x2e0
[ 1194.649567][T17675]  ? kmem_cache_alloc+0x115/0x290
[ 1194.649580][T17675]  ? alloc_uevent_skb+0x73/0x220
[ 1194.654392][T17692] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1194.662102][T17675]  __alloc_skb+0xaf/0x4d0
[ 1194.662114][T17675]  alloc_uevent_skb+0x73/0x220
[ 1194.662123][T17675]  kobject_uevent_env+0xaee/0x1000
[ 1194.662133][T17675]  device_add+0xf42/0x18a0
[ 1194.662144][T17675]  ? virtual_device_parent+0x50/0x50
[ 1194.662152][T17675]  ? h4_open+0x4f/0x140
[ 1194.662166][T17675]  hci_register_dev+0x32e/0x710
[ 1194.734274][T17675]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1194.739283][T17675]  ? hci_uart_tty_write+0x10/0x10
[ 1194.744378][T17675]  tty_ioctl+0xf68/0x1710
[ 1194.748748][T17675]  ? tty_do_resize+0x170/0x170
[ 1194.753495][T17675]  ? avc_ss_reset+0x3a0/0x3a0
[ 1194.758164][T17675]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1194.764305][T17675]  ? refcount_inc_checked+0x50/0x50
[ 1194.769493][T17675]  ? memcg_check_events+0x5c/0x5b0
[ 1194.774580][T17675]  ? proc_fail_nth_write+0x1d5/0x240
[ 1194.779852][T17675]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1194.785129][T17675]  ? __lru_cache_add+0x1c4/0x210
[ 1194.790141][T17675]  ? memset+0x1f/0x40
[ 1194.794106][T17675]  ? fsnotify+0x1332/0x13f0
[ 1194.799290][T17675]  ? tty_do_resize+0x170/0x170
[ 1194.804132][T17675]  do_vfs_ioctl+0x76a/0x1720
[ 1194.808715][T17675]  ? selinux_file_ioctl+0x72f/0x990
[ 1194.813898][T17675]  ? ioctl_preallocate+0x250/0x250
[ 1194.819079][T17675]  ? __fget+0x37b/0x3c0
[ 1194.823297][T17675]  ? vfs_write+0x422/0x4e0
[ 1194.827694][T17675]  ? fget_many+0x20/0x20
[ 1194.831910][T17675]  ? debug_smp_processor_id+0x20/0x20
[ 1194.837282][T17675]  ? security_file_ioctl+0x9d/0xb0
[ 1194.842398][T17675]  __x64_sys_ioctl+0xd4/0x110
[ 1194.847077][T17675]  do_syscall_64+0xcb/0x1e0
[ 1194.851571][T17675]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1194.857437][T17675] RIP: 0033:0x4665d9
[ 1194.861305][T17675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1194.880967][T17675] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1194.889369][T17675] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1194.897337][T17675] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1194.905377][T17675] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1194.913336][T17675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1194.921288][T17675] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1194.932093][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1196.961150][T16033] Bluetooth: hci0: command 0x1003 tx timeout
[ 1196.967680][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1199.041079][T16033] Bluetooth: hci0: command 0x1001 tx timeout
[ 1199.047229][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1201.120922][T16033] Bluetooth: hci0: command 0x1009 tx timeout
02:43:17 executing program 1 (fault-call:2 fault-nth:33):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:43:17 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000b0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:17 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000011001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:17 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000006b000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:43:17 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xc)

02:43:17 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x68d, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

[ 1205.382512][T17707] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1205.400480][T17704] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1205.408369][T17712] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1205.413217][T17704] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1205.419650][T17712] FAULT_INJECTION: forcing a failure.
02:43:17 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000c0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:17 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000012001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1205.419650][T17712] name failslab, interval 1, probability 0, space 0, times 0
[ 1205.426650][T17706] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=107 sclass=netlink_route_socket pid=17706 comm=syz-executor.2
[ 1205.444135][T17712] CPU: 1 PID: 17712 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1205.464423][T17712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1205.474745][T17712] Call Trace:
[ 1205.478551][T17712]  dump_stack+0x1d8/0x24e
[ 1205.483237][T17712]  ? devkmsg_release+0x11c/0x11c
[ 1205.488339][T17712]  ? show_regs_print_info+0x12/0x12
[ 1205.493786][T17712]  should_fail+0x6f6/0x860
[ 1205.498476][T17712]  ? setup_fault_attr+0x3d0/0x3d0
[ 1205.503654][T17712]  ? alloc_uevent_skb+0x73/0x220
[ 1205.508904][T17712]  should_failslab+0x5/0x20
[ 1205.513492][T17712]  __kmalloc_track_caller+0x5d/0x2e0
[ 1205.518758][T17712]  ? kmem_cache_alloc+0x115/0x290
[ 1205.523766][T17712]  ? mutex_lock+0xa6/0x110
[ 1205.528168][T17712]  ? alloc_uevent_skb+0x73/0x220
[ 1205.533618][T17712]  __alloc_skb+0xaf/0x4d0
[ 1205.537947][T17712]  alloc_uevent_skb+0x73/0x220
[ 1205.542713][T17712]  kobject_uevent_env+0xaee/0x1000
[ 1205.547908][T17712]  device_add+0xf42/0x18a0
[ 1205.552491][T17712]  ? virtual_device_parent+0x50/0x50
[ 1205.557852][T17712]  ? h4_open+0x4f/0x140
[ 1205.562010][T17712]  hci_register_dev+0x32e/0x710
[ 1205.566948][T17712]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1205.572317][T17712]  ? hci_uart_tty_write+0x10/0x10
[ 1205.577517][T17712]  tty_ioctl+0xf68/0x1710
[ 1205.581843][T17712]  ? tty_do_resize+0x170/0x170
[ 1205.587162][T17712]  ? avc_ss_reset+0x3a0/0x3a0
[ 1205.592055][T17712]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1205.598285][T17712]  ? refcount_inc_checked+0x50/0x50
[ 1205.603466][T17712]  ? memcg_check_events+0x5c/0x5b0
[ 1205.608711][T17712]  ? proc_fail_nth_write+0x1d5/0x240
[ 1205.614458][T17712]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1205.619638][T17712]  ? __lru_cache_add+0x1c4/0x210
[ 1205.624656][T17712]  ? memset+0x1f/0x40
[ 1205.628614][T17712]  ? fsnotify+0x1332/0x13f0
[ 1205.633162][T17712]  ? tty_do_resize+0x170/0x170
[ 1205.638016][T17712]  do_vfs_ioctl+0x76a/0x1720
[ 1205.642846][T17712]  ? selinux_file_ioctl+0x72f/0x990
[ 1205.648206][T17712]  ? ioctl_preallocate+0x250/0x250
[ 1205.654021][T17712]  ? __fget+0x37b/0x3c0
[ 1205.658436][T17712]  ? vfs_write+0x422/0x4e0
[ 1205.663392][T17712]  ? fget_many+0x20/0x20
[ 1205.668139][T17712]  ? debug_smp_processor_id+0x20/0x20
[ 1205.673965][T17712]  ? security_file_ioctl+0x9d/0xb0
[ 1205.679546][T17712]  __x64_sys_ioctl+0xd4/0x110
[ 1205.684547][T17712]  do_syscall_64+0xcb/0x1e0
[ 1205.689288][T17712]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1205.695195][T17712] RIP: 0033:0x4665d9
[ 1205.699070][T17712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1205.719731][T17712] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:43:17 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800000dec000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:43:17 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xd)

[ 1205.728207][T17712] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1205.736284][T17712] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1205.744250][T17712] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1205.752444][T17712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1205.760408][T17712] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1205.780109][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
02:43:17 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000013001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:17 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000d0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1205.806896][T17724] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1205.815819][T17724] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1205.827324][T17723] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1205.861730][T17730] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1205.871500][T17730] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1205.896314][T17733] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1207.840447][ T3678] Bluetooth: hci0: command 0x1003 tx timeout
[ 1207.846689][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1209.920346][T16033] Bluetooth: hci0: command 0x1001 tx timeout
[ 1209.926659][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1212.000142][T16033] Bluetooth: hci0: command 0x1009 tx timeout
02:43:28 executing program 1 (fault-call:2 fault-nth:34):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:43:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xe)

02:43:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800080000000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:43:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000e0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:28 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x68e, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:43:28 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000014001b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x10)

02:43:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000100000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:28 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008021b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:28 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800000008000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1216.271110][T17742] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1216.288078][T17744] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[ 1216.299621][T17744] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1216.299745][T17750] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:43:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x11)

[ 1216.332904][T17757] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1216.335150][T17750] FAULT_INJECTION: forcing a failure.
[ 1216.335150][T17750] name failslab, interval 1, probability 0, space 0, times 0
[ 1216.371840][T17762] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
02:43:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000110000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1216.378581][T17750] CPU: 0 PID: 17750 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1216.392186][T17750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1216.402605][T17750] Call Trace:
[ 1216.405894][T17750]  dump_stack+0x1d8/0x24e
[ 1216.410306][T17750]  ? devkmsg_release+0x11c/0x11c
[ 1216.412998][T17767] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1216.415414][T17750]  ? vsnprintf+0x1cb4/0x1d60
[ 1216.415428][T17750]  ? show_regs_print_info+0x12/0x12
[ 1216.415440][T17750]  should_fail+0x6f6/0x860
[ 1216.415450][T17750]  ? setup_fault_attr+0x3d0/0x3d0
[ 1216.415458][T17750]  ? add_uevent_var+0x1c2/0x360
[ 1216.415471][T17750]  ? call_usermodehelper_setup+0x91/0x200
[ 1216.415481][T17750]  should_failslab+0x5/0x20
[ 1216.415498][T17750]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1216.473108][T17750]  call_usermodehelper_setup+0x91/0x200
[ 1216.478738][T17750]  ? add_uevent_var+0x360/0x360
[ 1216.483577][T17768] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=17768 comm=syz-executor.2
[ 1216.485830][T17750]  kobject_uevent_env+0xdd6/0x1000
[ 1216.485850][T17750]  device_add+0xf42/0x18a0
[ 1216.508846][T17750]  ? virtual_device_parent+0x50/0x50
[ 1216.515004][T17750]  ? h4_open+0x4f/0x140
[ 1216.519771][T17750]  hci_register_dev+0x32e/0x710
[ 1216.524757][T17750]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1216.530094][T17750]  ? hci_uart_tty_write+0x10/0x10
[ 1216.535450][T17750]  tty_ioctl+0xf68/0x1710
[ 1216.540039][T17750]  ? tty_do_resize+0x170/0x170
[ 1216.545719][T17750]  ? avc_ss_reset+0x3a0/0x3a0
[ 1216.550385][T17750]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1216.556533][T17750]  ? refcount_inc_checked+0x50/0x50
[ 1216.561887][T17750]  ? memcg_check_events+0x5c/0x5b0
[ 1216.567355][T17750]  ? proc_fail_nth_write+0x1d5/0x240
[ 1216.572920][T17750]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1216.578612][T17750]  ? __lru_cache_add+0x1c4/0x210
[ 1216.583526][T17750]  ? memset+0x1f/0x40
[ 1216.587606][T17750]  ? fsnotify+0x1332/0x13f0
[ 1216.592287][T17750]  ? tty_do_resize+0x170/0x170
[ 1216.597874][T17750]  do_vfs_ioctl+0x76a/0x1720
[ 1216.603388][T17750]  ? selinux_file_ioctl+0x72f/0x990
[ 1216.609979][T17750]  ? ioctl_preallocate+0x250/0x250
[ 1216.615081][T17750]  ? __fget+0x37b/0x3c0
[ 1216.619209][T17750]  ? vfs_write+0x422/0x4e0
[ 1216.623613][T17750]  ? fget_many+0x20/0x20
[ 1216.628008][T17750]  ? debug_smp_processor_id+0x20/0x20
[ 1216.633367][T17750]  ? security_file_ioctl+0x9d/0xb0
[ 1216.638449][T17750]  __x64_sys_ioctl+0xd4/0x110
[ 1216.643602][T17750]  do_syscall_64+0xcb/0x1e0
[ 1216.648882][T17750]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1216.654753][T17750] RIP: 0033:0x4665d9
[ 1216.658646][T17750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1216.679080][T17750] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1216.687994][T17750] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1216.696036][T17750] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1216.704244][T17750] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1216.713496][T17750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1216.721468][T17750] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1216.731766][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1218.799985][ T3678] Bluetooth: hci0: command 0x1003 tx timeout
[ 1218.806242][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1220.879663][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1220.885852][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1222.959501][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
02:43:38 executing program 1 (fault-call:2 fault-nth:35):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:43:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008031b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000120000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800020010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:43:38 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x12)

02:43:38 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x68f, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:43:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800030010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:43:38 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x25)

02:43:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000250000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:39 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008041b0000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1227.146781][T17780] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1227.163591][T17782] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1227.165212][T17791] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1227.197044][T17791] FAULT_INJECTION: forcing a failure.
[ 1227.197044][T17791] name failslab, interval 1, probability 0, space 0, times 0
[ 1227.223049][T17791] CPU: 0 PID: 17791 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1227.229651][T17798] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1227.233415][T17791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1227.233419][T17791] Call Trace:
[ 1227.233441][T17791]  dump_stack+0x1d8/0x24e
[ 1227.233451][T17791]  ? devkmsg_release+0x11c/0x11c
[ 1227.233468][T17791]  ? vsnprintf+0x1cb4/0x1d60
[ 1227.275758][T17791]  ? show_regs_print_info+0x12/0x12
[ 1227.280960][T17791]  should_fail+0x6f6/0x860
[ 1227.281209][T17804] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
02:43:39 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x48)

02:43:39 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000480000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1227.285454][T17791]  ? setup_fault_attr+0x3d0/0x3d0
[ 1227.285464][T17791]  ? add_uevent_var+0x1c2/0x360
[ 1227.285475][T17791]  ? call_usermodehelper_setup+0x91/0x200
[ 1227.285485][T17791]  should_failslab+0x5/0x20
[ 1227.285495][T17791]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1227.285504][T17791]  call_usermodehelper_setup+0x91/0x200
[ 1227.285517][T17791]  ? add_uevent_var+0x360/0x360
[ 1227.331213][T17791]  kobject_uevent_env+0xdd6/0x1000
[ 1227.336327][T17791]  device_add+0xf42/0x18a0
[ 1227.340746][T17791]  ? virtual_device_parent+0x50/0x50
[ 1227.346032][T17791]  ? h4_open+0x4f/0x140
[ 1227.350195][T17791]  hci_register_dev+0x32e/0x710
[ 1227.354494][T17809] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1227.355041][T17791]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1227.355050][T17791]  ? hci_uart_tty_write+0x10/0x10
[ 1227.355060][T17791]  tty_ioctl+0xf68/0x1710
[ 1227.355070][T17791]  ? tty_do_resize+0x170/0x170
[ 1227.355079][T17791]  ? avc_ss_reset+0x3a0/0x3a0
[ 1227.355094][T17791]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1227.400209][T17791]  ? refcount_inc_checked+0x50/0x50
[ 1227.405519][T17791]  ? memcg_check_events+0x5c/0x5b0
[ 1227.410642][T17791]  ? proc_fail_nth_write+0x1d5/0x240
[ 1227.415919][T17791]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1227.421240][T17791]  ? __lru_cache_add+0x1c4/0x210
[ 1227.426449][T17791]  ? memset+0x1f/0x40
[ 1227.430556][T17791]  ? fsnotify+0x1332/0x13f0
[ 1227.435190][T17791]  ? tty_do_resize+0x170/0x170
[ 1227.440051][T17791]  do_vfs_ioctl+0x76a/0x1720
[ 1227.444939][T17791]  ? selinux_file_ioctl+0x72f/0x990
[ 1227.450793][T17791]  ? ioctl_preallocate+0x250/0x250
[ 1227.455970][T17791]  ? __fget+0x37b/0x3c0
[ 1227.460131][T17791]  ? vfs_write+0x422/0x4e0
[ 1227.465024][T17791]  ? fget_many+0x20/0x20
[ 1227.469349][T17791]  ? debug_smp_processor_id+0x20/0x20
[ 1227.474703][T17791]  ? security_file_ioctl+0x9d/0xb0
[ 1227.479788][T17791]  __x64_sys_ioctl+0xd4/0x110
[ 1227.484441][T17791]  do_syscall_64+0xcb/0x1e0
[ 1227.488921][T17791]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1227.494824][T17791] RIP: 0033:0x4665d9
[ 1227.498711][T17791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1227.518600][T17791] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1227.526986][T17791] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1227.534992][T17791] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1227.543122][T17791] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1227.551356][T17791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1227.559467][T17791] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1227.568567][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1229.599027][ T3678] Bluetooth: hci0: command 0x1003 tx timeout
[ 1229.605666][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1231.678926][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1231.685070][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1233.758753][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
02:43:49 executing program 1 (fault-call:2 fault-nth:36):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:43:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4c)

02:43:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000000000000800330000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800040010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:43:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000004c0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:43:49 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x690, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:43:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="06000000000000000800330000000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:43:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800050010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1238.028817][T17823] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1238.044724][T17824] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1238.053863][T17823] FAULT_INJECTION: forcing a failure.
[ 1238.053863][T17823] name failslab, interval 1, probability 0, space 0, times 0
02:43:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x60)

02:43:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000600000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1238.087732][T17823] CPU: 0 PID: 17823 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1238.097988][T17823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1238.109806][T17823] Call Trace:
[ 1238.113114][T17823]  dump_stack+0x1d8/0x24e
[ 1238.117450][T17823]  ? devkmsg_release+0x11c/0x11c
[ 1238.122386][T17823]  ? show_regs_print_info+0x12/0x12
02:43:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x68)

02:43:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000680000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1238.127123][T17839] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1238.127582][T17823]  should_fail+0x6f6/0x860
[ 1238.127592][T17823]  ? setup_fault_attr+0x3d0/0x3d0
[ 1238.127610][T17823]  ? kobject_set_name_vargs+0x5d/0x110
[ 1238.158689][T17823]  should_failslab+0x5/0x20
[ 1238.163489][T17823]  __kmalloc_track_caller+0x5d/0x2e0
[ 1238.168790][T17823]  kvasprintf+0xd6/0x180
[ 1238.174987][T17823]  ? asan.module_ctor+0x10/0x10
[ 1238.179844][T17823]  ? kvasprintf_const+0x4d/0x170
[ 1238.184964][T17823]  kobject_set_name_vargs+0x5d/0x110
[ 1238.190250][T17823]  dev_set_name+0xd1/0x120
[ 1238.194665][T17823]  ? memset+0x1f/0x40
[ 1238.198744][T17823]  ? rfkill_register+0x53/0x720
[ 1238.206054][T17823]  ? get_device+0x30/0x30
[ 1238.210384][T17823]  ? mutex_lock+0xa6/0x110
[ 1238.214805][T17823]  ? device_initialize+0x1d3/0x3e0
[ 1238.219916][T17823]  rfkill_register+0xb8/0x720
[ 1238.224593][T17823]  hci_register_dev+0x398/0x710
[ 1238.229441][T17823]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1238.235189][T17823]  ? hci_uart_tty_write+0x10/0x10
[ 1238.237759][T17849] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1238.240365][T17823]  tty_ioctl+0xf68/0x1710
[ 1238.240375][T17823]  ? tty_do_resize+0x170/0x170
[ 1238.240385][T17823]  ? avc_ss_reset+0x3a0/0x3a0
[ 1238.240392][T17823]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1238.240408][T17823]  ? refcount_inc_checked+0x50/0x50
[ 1238.284161][T17823]  ? memcg_check_events+0x5c/0x5b0
[ 1238.289365][T17823]  ? proc_fail_nth_write+0x1d5/0x240
[ 1238.294655][T17823]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1238.299847][T17823]  ? __lru_cache_add+0x1c4/0x210
[ 1238.305025][T17823]  ? memset+0x1f/0x40
[ 1238.310958][T17823]  ? fsnotify+0x1332/0x13f0
[ 1238.315441][T17823]  ? tty_do_resize+0x170/0x170
[ 1238.320182][T17823]  do_vfs_ioctl+0x76a/0x1720
[ 1238.324765][T17823]  ? selinux_file_ioctl+0x72f/0x990
[ 1238.330145][T17823]  ? ioctl_preallocate+0x250/0x250
[ 1238.335693][T17823]  ? __fget+0x37b/0x3c0
[ 1238.341790][T17823]  ? vfs_write+0x422/0x4e0
[ 1238.346467][T17823]  ? fget_many+0x20/0x20
[ 1238.350695][T17823]  ? debug_smp_processor_id+0x20/0x20
[ 1238.356132][T17823]  ? security_file_ioctl+0x9d/0xb0
[ 1238.361246][T17823]  __x64_sys_ioctl+0xd4/0x110
[ 1238.365999][T17823]  do_syscall_64+0xcb/0x1e0
[ 1238.370695][T17823]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1238.378064][T17823] RIP: 0033:0x4665d9
[ 1238.381978][T17823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1238.401738][T17823] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1238.412390][T17823] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1238.420342][T17823] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1238.428391][T17823] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1238.437584][T17823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1238.446834][T17823] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1238.456733][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1240.478237][ T3302] Bluetooth: hci0: command 0x1003 tx timeout
[ 1240.484582][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1242.558180][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1242.564369][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1244.638026][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
02:44:00 executing program 1 (fault-call:2 fault-nth:37):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:44:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0200000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800060010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x6c)

02:44:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000006c0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:00 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x691, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:44:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800070010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0300000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000740000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x74)

[ 1248.900421][T17862] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1248.940161][T17867] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1248.961264][T17867] FAULT_INJECTION: forcing a failure.
[ 1248.961264][T17867] name failslab, interval 1, probability 0, space 0, times 0
[ 1248.977112][T17867] CPU: 0 PID: 17867 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1248.987369][T17867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1248.997416][T17867] Call Trace:
[ 1249.000704][T17867]  dump_stack+0x1d8/0x24e
[ 1249.004454][T17881] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1249.005117][T17867]  ? devkmsg_release+0x11c/0x11c
[ 1249.005130][T17867]  ? show_regs_print_info+0x12/0x12
[ 1249.005149][T17867]  should_fail+0x6f6/0x860
[ 1249.034734][T17867]  ? setup_fault_attr+0x3d0/0x3d0
[ 1249.039933][T17867]  ? kobject_set_name_vargs+0x5d/0x110
[ 1249.045388][T17867]  should_failslab+0x5/0x20
[ 1249.049889][T17867]  __kmalloc_track_caller+0x5d/0x2e0
[ 1249.055170][T17867]  kvasprintf+0xd6/0x180
02:44:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000007a0000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0400000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1249.059408][T17867]  ? asan.module_ctor+0x10/0x10
[ 1249.064255][T17867]  ? kvasprintf_const+0x4d/0x170
[ 1249.069279][T17867]  kobject_set_name_vargs+0x5d/0x110
[ 1249.074567][T17867]  dev_set_name+0xd1/0x120
[ 1249.078981][T17867]  ? memset+0x1f/0x40
[ 1249.083107][T17867]  ? rfkill_register+0x53/0x720
[ 1249.083298][T17887] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1249.087954][T17867]  ? get_device+0x30/0x30
[ 1249.087964][T17867]  ? mutex_lock+0xa6/0x110
[ 1249.087972][T17867]  ? device_initialize+0x1d3/0x3e0
[ 1249.087982][T17867]  rfkill_register+0xb8/0x720
[ 1249.087993][T17867]  hci_register_dev+0x398/0x710
[ 1249.088005][T17867]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1249.088020][T17867]  ? hci_uart_tty_write+0x10/0x10
[ 1249.138143][T17867]  tty_ioctl+0xf68/0x1710
[ 1249.142563][T17867]  ? tty_do_resize+0x170/0x170
[ 1249.147312][T17867]  ? avc_ss_reset+0x3a0/0x3a0
[ 1249.152051][T17867]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1249.158177][T17867]  ? refcount_inc_checked+0x50/0x50
[ 1249.163345][T17867]  ? memcg_check_events+0x5c/0x5b0
[ 1249.168443][T17867]  ? proc_fail_nth_write+0x1d5/0x240
[ 1249.173703][T17867]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1249.178910][T17867]  ? __lru_cache_add+0x1c4/0x210
[ 1249.184013][T17867]  ? memset+0x1f/0x40
[ 1249.187991][T17867]  ? fsnotify+0x1332/0x13f0
[ 1249.192474][T17867]  ? tty_do_resize+0x170/0x170
[ 1249.197226][T17867]  do_vfs_ioctl+0x76a/0x1720
[ 1249.201819][T17867]  ? selinux_file_ioctl+0x72f/0x990
[ 1249.206999][T17867]  ? ioctl_preallocate+0x250/0x250
[ 1249.212102][T17867]  ? __fget+0x37b/0x3c0
[ 1249.216238][T17867]  ? vfs_write+0x422/0x4e0
[ 1249.220809][T17867]  ? fget_many+0x20/0x20
[ 1249.225030][T17867]  ? debug_smp_processor_id+0x20/0x20
[ 1249.230387][T17867]  ? security_file_ioctl+0x9d/0xb0
[ 1249.235574][T17867]  __x64_sys_ioctl+0xd4/0x110
[ 1249.240223][T17867]  do_syscall_64+0xcb/0x1e0
[ 1249.245385][T17867]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1249.251265][T17867] RIP: 0033:0x4665d9
[ 1249.257101][T17867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1249.277158][T17867] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1249.285743][T17867] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1249.293869][T17867] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1249.301907][T17867] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1249.310112][T17867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1249.318248][T17867] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1251.357593][ T3677] Bluetooth: hci0: command 0x1003 tx timeout
[ 1251.364533][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1253.437485][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1253.445599][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1255.517338][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
02:44:11 executing program 1 (fault-call:2 fault-nth:38):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:44:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0601000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x7a)

02:44:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000006b0100000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800080010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:11 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x692, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:44:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0003000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x300)

02:44:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1259.779773][T17898] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:44:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800100010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0106000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1259.847320][T17908] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1259.869011][T17917] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1259.875701][T17908] FAULT_INJECTION: forcing a failure.
[ 1259.875701][T17908] name failslab, interval 1, probability 0, space 0, times 0
[ 1259.906278][T17908] CPU: 0 PID: 17908 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1259.916544][T17908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1259.928528][T17908] Call Trace:
[ 1259.931914][T17908]  dump_stack+0x1d8/0x24e
[ 1259.936336][T17908]  ? devkmsg_release+0x11c/0x11c
[ 1259.941271][T17908]  ? show_regs_print_info+0x12/0x12
[ 1259.946462][T17908]  ? ptr_to_hashval+0x60/0x60
[ 1259.952375][T17908]  ? __kmalloc_track_caller+0x13a/0x2e0
[ 1259.957913][T17908]  should_fail+0x6f6/0x860
[ 1259.962688][T17908]  ? setup_fault_attr+0x3d0/0x3d0
[ 1259.967708][T17908]  ? refcount_add_checked+0x50/0x50
[ 1259.972903][T17908]  ? device_add+0x121/0x18a0
[ 1259.977504][T17908]  should_failslab+0x5/0x20
[ 1259.982826][T17908]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1259.991329][T17908]  device_add+0x121/0x18a0
[ 1259.995734][T17908]  ? dev_set_name+0xd1/0x120
[ 1260.000510][T17908]  ? memset+0x1f/0x40
[ 1260.004555][T17908]  ? get_device+0x30/0x30
[ 1260.010206][T17908]  ? mutex_lock+0xa6/0x110
[ 1260.014633][T17908]  ? virtual_device_parent+0x50/0x50
[ 1260.020116][T17908]  ? device_initialize+0x1d3/0x3e0
[ 1260.025324][T17908]  rfkill_register+0x180/0x720
[ 1260.030139][T17908]  hci_register_dev+0x398/0x710
[ 1260.036350][T17908]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1260.041571][T17908]  ? hci_uart_tty_write+0x10/0x10
[ 1260.046836][T17908]  tty_ioctl+0xf68/0x1710
[ 1260.051331][T17908]  ? tty_do_resize+0x170/0x170
[ 1260.056653][T17908]  ? avc_ss_reset+0x3a0/0x3a0
[ 1260.061331][T17908]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1260.069212][T17908]  ? refcount_inc_checked+0x50/0x50
[ 1260.074411][T17908]  ? memcg_check_events+0x5c/0x5b0
[ 1260.079514][T17908]  ? proc_fail_nth_write+0x1d5/0x240
[ 1260.085062][T17908]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1260.091008][T17908]  ? __lru_cache_add+0x1c4/0x210
[ 1260.095928][T17908]  ? memset+0x1f/0x40
[ 1260.100070][T17908]  ? fsnotify+0x1332/0x13f0
[ 1260.104639][T17908]  ? tty_do_resize+0x170/0x170
[ 1260.109401][T17908]  do_vfs_ioctl+0x76a/0x1720
[ 1260.114437][T17908]  ? selinux_file_ioctl+0x72f/0x990
[ 1260.120474][T17908]  ? ioctl_preallocate+0x250/0x250
[ 1260.125855][T17908]  ? __fget+0x37b/0x3c0
[ 1260.130148][T17908]  ? vfs_write+0x422/0x4e0
[ 1260.134721][T17908]  ? fget_many+0x20/0x20
[ 1260.138950][T17908]  ? debug_smp_processor_id+0x20/0x20
[ 1260.144321][T17908]  ? security_file_ioctl+0x9d/0xb0
[ 1260.149420][T17908]  __x64_sys_ioctl+0xd4/0x110
[ 1260.155390][T17908]  do_syscall_64+0xcb/0x1e0
[ 1260.160421][T17908]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1260.166307][T17908] RIP: 0033:0x4665d9
[ 1260.170174][T17908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1260.191575][T17908] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1260.202559][T17908] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1260.210727][T17908] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1260.218703][T17908] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1260.227106][T17908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1260.235230][T17908] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1260.244511][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1262.316886][T16033] Bluetooth: hci0: command 0x1003 tx timeout
[ 1262.322924][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1264.396770][T16033] Bluetooth: hci0: command 0x1001 tx timeout
[ 1264.402904][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1266.476633][T16033] Bluetooth: hci0: command 0x1009 tx timeout
02:44:22 executing program 1 (fault-call:2 fault-nth:39):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:44:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x500)

02:44:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000500000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0040000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800160010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:22 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x693, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:44:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x600)

02:44:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0081000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1270.661186][T17935] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:44:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000600000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800170010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1270.702163][T17941] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1270.713302][T17941] FAULT_INJECTION: forcing a failure.
[ 1270.713302][T17941] name failslab, interval 1, probability 0, space 0, times 0
02:44:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0080030000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x700)

[ 1270.739624][T17952] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1270.743502][T17941] CPU: 0 PID: 17941 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1270.766870][T17941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1270.777187][T17941] Call Trace:
[ 1270.780490][T17941]  dump_stack+0x1d8/0x24e
[ 1270.784814][T17941]  ? devkmsg_release+0x11c/0x11c
[ 1270.789789][T17941]  ? stack_trace_save+0x1f0/0x1f0
[ 1270.794827][T17941]  ? show_regs_print_info+0x12/0x12
[ 1270.800809][T17941]  ? check_preemption_disabled+0x9e/0x330
[ 1270.806527][T17941]  ? __rcu_read_lock+0x50/0x50
[ 1270.811462][T17941]  ? __unwind_start+0x72f/0x8e0
[ 1270.816308][T17941]  should_fail+0x6f6/0x860
[ 1270.821145][T17941]  ? setup_fault_attr+0x3d0/0x3d0
[ 1270.827181][T17941]  ? stack_trace_save+0x1f0/0x1f0
[ 1270.832198][T17941]  ? __kernel_text_address+0x93/0x100
[ 1270.837561][T17941]  ? __kernfs_new_node+0x99/0x6d0
[ 1270.842936][T17941]  should_failslab+0x5/0x20
[ 1270.847627][T17941]  __kmalloc_track_caller+0x5d/0x2e0
[ 1270.852917][T17941]  kstrdup_const+0x51/0x90
[ 1270.858150][T17941]  __kernfs_new_node+0x99/0x6d0
[ 1270.862983][T17941]  ? __kasan_kmalloc+0x137/0x1e0
[ 1270.867913][T17941]  ? kernfs_new_node+0x160/0x160
[ 1270.873169][T17941]  ? number+0xea3/0x1300
[ 1270.877389][T17941]  ? __kasan_kmalloc+0x1a3/0x1e0
[ 1270.882343][T17941]  kernfs_create_dir_ns+0x90/0x220
[ 1270.888551][T17941]  sysfs_create_dir_ns+0x181/0x390
[ 1270.894054][T17941]  ? sysfs_warn_dup+0xa0/0xa0
[ 1270.901988][T17941]  kobject_add_internal+0x595/0xbd0
[ 1270.908272][T17941]  kobject_add+0x14c/0x210
[ 1270.913049][T17941]  ? refcount_inc_not_zero_checked+0x18d/0x280
[ 1270.919544][T17941]  ? kobject_init+0x1d0/0x1d0
[ 1270.924473][T17941]  ? get_device_parent+0x11a/0x430
[ 1270.930558][T17941]  device_add+0x46a/0x18a0
[ 1270.935004][T17941]  ? get_device+0x30/0x30
[ 1270.939688][T17941]  ? mutex_lock+0xa6/0x110
[ 1270.944741][T17941]  ? virtual_device_parent+0x50/0x50
[ 1270.950809][T17941]  ? device_initialize+0x1d3/0x3e0
[ 1270.956093][T17941]  rfkill_register+0x180/0x720
[ 1270.961043][T17941]  hci_register_dev+0x398/0x710
[ 1270.967446][T17941]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1270.972542][T17941]  ? hci_uart_tty_write+0x10/0x10
[ 1270.977721][T17941]  tty_ioctl+0xf68/0x1710
[ 1270.982152][T17941]  ? tty_do_resize+0x170/0x170
[ 1270.987194][T17941]  ? avc_ss_reset+0x3a0/0x3a0
[ 1270.992138][T17941]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1270.999636][T17941]  ? refcount_inc_checked+0x50/0x50
[ 1271.004839][T17941]  ? memcg_check_events+0x5c/0x5b0
[ 1271.010155][T17941]  ? proc_fail_nth_write+0x1d5/0x240
[ 1271.015515][T17941]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1271.020704][T17941]  ? __lru_cache_add+0x1c4/0x210
[ 1271.025887][T17941]  ? memset+0x1f/0x40
[ 1271.030848][T17941]  ? fsnotify+0x1332/0x13f0
[ 1271.035370][T17941]  ? tty_do_resize+0x170/0x170
[ 1271.040121][T17941]  do_vfs_ioctl+0x76a/0x1720
[ 1271.044712][T17941]  ? selinux_file_ioctl+0x72f/0x990
[ 1271.049989][T17941]  ? ioctl_preallocate+0x250/0x250
[ 1271.055087][T17941]  ? __fget+0x37b/0x3c0
[ 1271.060678][T17941]  ? vfs_write+0x422/0x4e0
[ 1271.065206][T17941]  ? fget_many+0x20/0x20
[ 1271.069423][T17941]  ? debug_smp_processor_id+0x20/0x20
[ 1271.074882][T17941]  ? security_file_ioctl+0x9d/0xb0
[ 1271.079968][T17941]  __x64_sys_ioctl+0xd4/0x110
[ 1271.084748][T17941]  do_syscall_64+0xcb/0x1e0
[ 1271.091158][T17941]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1271.098347][T17941] RIP: 0033:0x4665d9
[ 1271.102399][T17941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1271.123689][T17941] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1271.133800][T17941] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1271.141933][T17941] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1271.149876][T17941] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1271.158324][T17941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1271.166919][T17941] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1271.175767][T17941] kobject_add_internal failed for rfkill79 (error: -12 parent: hci0)
[ 1271.185341][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1273.196102][ T3677] Bluetooth: hci0: command 0x1003 tx timeout
[ 1273.203213][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1275.275990][ T3302] Bluetooth: hci0: command 0x1001 tx timeout
[ 1275.283285][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1277.355867][ T3302] Bluetooth: hci0: command 0x1009 tx timeout
02:44:33 executing program 1 (fault-call:2 fault-nth:40):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:44:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000700000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:33 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x900)

02:44:33 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800180010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:33 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0003800000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:33 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x694, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:44:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000900000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:33 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000100180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:33 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28003a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1281.536744][T17968] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1281.566745][T17974] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1281.576929][T17974] FAULT_INJECTION: forcing a failure.
02:44:33 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xa00)

[ 1281.576929][T17974] name failslab, interval 1, probability 0, space 0, times 0
[ 1281.590452][T17974] CPU: 1 PID: 17974 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1281.601014][T17974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1281.612313][T17974] Call Trace:
[ 1281.615586][T17974]  dump_stack+0x1d8/0x24e
[ 1281.620019][T17974]  ? devkmsg_release+0x11c/0x11c
[ 1281.625091][T17974]  ? show_regs_print_info+0x12/0x12
[ 1281.630266][T17974]  ? _raw_spin_lock+0xa3/0x1b0
[ 1281.635263][T17974]  should_fail+0x6f6/0x860
[ 1281.640123][T17974]  ? setup_fault_attr+0x3d0/0x3d0
[ 1281.645405][T17974]  ? mutex_lock+0xa6/0x110
[ 1281.649892][T17974]  ? mutex_trylock+0xb0/0xb0
[ 1281.654458][T17974]  ? __kernfs_new_node+0xdb/0x6d0
[ 1281.659681][T17974]  should_failslab+0x5/0x20
[ 1281.664172][T17974]  kmem_cache_alloc+0x36/0x290
[ 1281.668924][T17974]  __kernfs_new_node+0xdb/0x6d0
[ 1281.673757][T17974]  ? mutex_unlock+0x19/0x40
[ 1281.678321][T17974]  ? kernfs_new_node+0x160/0x160
[ 1281.683263][T17974]  ? kernfs_create_dir_ns+0x1df/0x220
[ 1281.688612][T17974]  ? sysfs_create_dir_ns+0x181/0x390
[ 1281.694022][T17974]  ? sysfs_create_dir_ns+0x1c7/0x390
[ 1281.699586][T17974]  ? sysfs_warn_dup+0xa0/0xa0
[ 1281.704252][T17974]  kernfs_new_node+0x95/0x160
[ 1281.709185][T17974]  __kernfs_create_file+0x45/0x260
[ 1281.714273][T17974]  sysfs_add_file_mode_ns+0x293/0x340
[ 1281.719627][T17974]  sysfs_create_file_ns+0x18c/0x2b0
[ 1281.724817][T17974]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1281.730437][T17974]  ? device_create_file+0xe2/0x1a0
[ 1281.735527][T17974]  device_add+0x64c/0x18a0
[ 1281.739976][T17974]  ? get_device+0x30/0x30
[ 1281.744406][T17974]  ? mutex_lock+0xa6/0x110
[ 1281.748806][T17974]  ? virtual_device_parent+0x50/0x50
[ 1281.754079][T17974]  ? device_initialize+0x1d3/0x3e0
[ 1281.759192][T17974]  rfkill_register+0x180/0x720
[ 1281.764134][T17974]  hci_register_dev+0x398/0x710
[ 1281.769292][T17974]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1281.774312][T17974]  ? hci_uart_tty_write+0x10/0x10
[ 1281.779345][T17974]  tty_ioctl+0xf68/0x1710
[ 1281.783650][T17974]  ? tty_do_resize+0x170/0x170
[ 1281.788395][T17974]  ? avc_ss_reset+0x3a0/0x3a0
[ 1281.793212][T17974]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1281.799841][T17974]  ? refcount_inc_checked+0x50/0x50
[ 1281.805169][T17974]  ? memcg_check_events+0x5c/0x5b0
[ 1281.810454][T17974]  ? proc_fail_nth_write+0x1d5/0x240
[ 1281.815822][T17974]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1281.821009][T17974]  ? __lru_cache_add+0x1c4/0x210
[ 1281.825923][T17974]  ? memset+0x1f/0x40
[ 1281.829901][T17974]  ? fsnotify+0x1332/0x13f0
[ 1281.834381][T17974]  ? tty_do_resize+0x170/0x170
[ 1281.839127][T17974]  do_vfs_ioctl+0x76a/0x1720
[ 1281.843856][T17974]  ? selinux_file_ioctl+0x72f/0x990
[ 1281.849129][T17974]  ? ioctl_preallocate+0x250/0x250
[ 1281.854319][T17974]  ? __fget+0x37b/0x3c0
[ 1281.858475][T17974]  ? vfs_write+0x422/0x4e0
[ 1281.862864][T17974]  ? fget_many+0x20/0x20
[ 1281.867079][T17974]  ? debug_smp_processor_id+0x20/0x20
[ 1281.872425][T17974]  ? security_file_ioctl+0x9d/0xb0
[ 1281.877561][T17974]  __x64_sys_ioctl+0xd4/0x110
[ 1281.882228][T17974]  do_syscall_64+0xcb/0x1e0
[ 1281.886717][T17974]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1281.892603][T17974] RIP: 0033:0x4665d9
[ 1281.896471][T17974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1281.916591][T17974] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1281.924978][T17974] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1281.932944][T17974] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1281.940902][T17974] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1281.948845][T17974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1281.956792][T17974] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1281.972124][T12658] Bluetooth: hci0: sending frame failed (-49)
02:44:33 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xb00)

02:44:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1282.008113][T17989] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1282.075007][T18001] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1283.995389][ T3678] Bluetooth: hci0: command 0x1003 tx timeout
[ 1284.001804][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1286.075291][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1286.081937][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1288.155127][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
02:44:44 executing program 1 (fault-call:2 fault-nth:41):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:44:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000200180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:44 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x695, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:44:44 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xc00)

02:44:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000b00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:44 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xd00)

02:44:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000300180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1292.421754][T18013] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:44:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000c00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:44 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004e0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000400180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1292.469960][T18018] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1292.492051][T18018] FAULT_INJECTION: forcing a failure.
[ 1292.492051][T18018] name failslab, interval 1, probability 0, space 0, times 0
[ 1292.525319][T18018] CPU: 1 PID: 18018 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1292.535569][T18018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1292.537229][T18032] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1292.545940][T18018] Call Trace:
[ 1292.545965][T18018]  dump_stack+0x1d8/0x24e
[ 1292.545976][T18018]  ? devkmsg_release+0x11c/0x11c
[ 1292.545987][T18018]  ? show_regs_print_info+0x12/0x12
[ 1292.545995][T18018]  ? _raw_spin_lock+0xa3/0x1b0
[ 1292.546010][T18018]  should_fail+0x6f6/0x860
[ 1292.546057][T18018]  ? setup_fault_attr+0x3d0/0x3d0
[ 1292.595763][T18018]  ? mutex_lock+0xa6/0x110
[ 1292.600164][T18018]  ? mutex_trylock+0xb0/0xb0
[ 1292.604737][T18018]  ? __kernfs_new_node+0xdb/0x6d0
[ 1292.611979][T18018]  should_failslab+0x5/0x20
[ 1292.616600][T18018]  kmem_cache_alloc+0x36/0x290
[ 1292.621348][T18018]  __kernfs_new_node+0xdb/0x6d0
[ 1292.626183][T18018]  ? kernfs_add_one+0x49e/0x5c0
[ 1292.631124][T18018]  ? kernfs_new_node+0x160/0x160
[ 1292.636040][T18018]  ? __kernfs_create_file+0x1f1/0x260
[ 1292.641917][T18018]  ? sysfs_add_file_mode_ns+0x293/0x340
[ 1292.648262][T18018]  ? sysfs_add_file_mode_ns+0x2b4/0x340
[ 1292.653796][T18018]  kernfs_new_node+0x95/0x160
[ 1292.658456][T18018]  kernfs_create_link+0x9c/0x1f0
[ 1292.663496][T18018]  sysfs_do_create_link_sd+0x85/0x100
[ 1292.669142][T18018]  device_add+0x74b/0x18a0
[ 1292.675829][T18018]  ? get_device+0x30/0x30
[ 1292.680780][T18018]  ? mutex_lock+0xa6/0x110
[ 1292.685178][T18018]  ? virtual_device_parent+0x50/0x50
[ 1292.690874][T18018]  ? device_initialize+0x1d3/0x3e0
[ 1292.696237][T18018]  rfkill_register+0x180/0x720
[ 1292.701575][T18018]  hci_register_dev+0x398/0x710
[ 1292.708400][T18018]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1292.713425][T18018]  ? hci_uart_tty_write+0x10/0x10
[ 1292.718717][T18018]  tty_ioctl+0xf68/0x1710
[ 1292.723020][T18018]  ? tty_do_resize+0x170/0x170
[ 1292.727857][T18018]  ? avc_ss_reset+0x3a0/0x3a0
[ 1292.732785][T18018]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1292.740502][T18018]  ? refcount_inc_checked+0x50/0x50
[ 1292.745709][T18018]  ? proc_fail_nth_write+0x1d5/0x240
[ 1292.750990][T18018]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1292.756534][T18018]  ? __lru_cache_add+0x1c4/0x210
[ 1292.761980][T18018]  ? memset+0x1f/0x40
[ 1292.765946][T18018]  ? fsnotify+0x1332/0x13f0
[ 1292.770566][T18018]  ? tty_do_resize+0x170/0x170
[ 1292.775427][T18018]  do_vfs_ioctl+0x76a/0x1720
[ 1292.780009][T18018]  ? selinux_file_ioctl+0x72f/0x990
[ 1292.785190][T18018]  ? ioctl_preallocate+0x250/0x250
[ 1292.790277][T18018]  ? __fget+0x37b/0x3c0
[ 1292.795035][T18018]  ? vfs_write+0x422/0x4e0
[ 1292.799631][T18018]  ? fget_many+0x20/0x20
[ 1292.804060][T18018]  ? debug_smp_processor_id+0x20/0x20
[ 1292.809416][T18018]  ? security_file_ioctl+0x9d/0xb0
[ 1292.814506][T18018]  __x64_sys_ioctl+0xd4/0x110
[ 1292.819168][T18018]  do_syscall_64+0xcb/0x1e0
[ 1292.825299][T18018]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1292.831204][T18018] RIP: 0033:0x4665d9
[ 1292.835081][T18018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1292.854888][T18018] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1292.864316][T18018] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1292.872774][T18018] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1292.880899][T18018] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1292.891942][T18018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1292.900277][T18018] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1294.954678][T16033] Bluetooth: hci0: command 0x1003 tx timeout
[ 1294.960802][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1297.034567][T16033] Bluetooth: hci0: command 0x1001 tx timeout
[ 1297.040709][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1299.114434][T16033] Bluetooth: hci0: command 0x1009 tx timeout
02:44:55 executing program 1 (fault-call:2 fault-nth:42):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:44:55 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xe00)

02:44:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000d00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:44:55 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800580010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:55 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000010600180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:55 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x696, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:44:55 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000004000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:44:55 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28005a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:44:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000e00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1303.302848][T18049] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1303.329602][T18056] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1303.346623][T18056] FAULT_INJECTION: forcing a failure.
02:44:55 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x1100)

02:44:55 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000008100180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1303.346623][T18056] name failslab, interval 1, probability 0, space 0, times 0
[ 1303.364496][T18056] CPU: 1 PID: 18056 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1303.374745][T18056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1303.384778][T18056] Call Trace:
[ 1303.388060][T18056]  dump_stack+0x1d8/0x24e
[ 1303.392385][T18056]  ? devkmsg_release+0x11c/0x11c
[ 1303.397296][T18056]  ? mutex_unlock+0x19/0x40
[ 1303.401899][T18056]  ? show_regs_print_info+0x12/0x12
[ 1303.407083][T18056]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1303.413129][T18056]  should_fail+0x6f6/0x860
[ 1303.417612][T18056]  ? setup_fault_attr+0x3d0/0x3d0
[ 1303.422639][T18056]  ? _raw_spin_lock+0xa3/0x1b0
[ 1303.427467][T18056]  ? __kernfs_new_node+0xdb/0x6d0
[ 1303.432480][T18056]  should_failslab+0x5/0x20
[ 1303.436953][T18056]  kmem_cache_alloc+0x36/0x290
[ 1303.441687][T18056]  __kernfs_new_node+0xdb/0x6d0
[ 1303.446522][T18056]  ? mutex_lock+0xa6/0x110
[ 1303.450951][T18056]  ? kernfs_new_node+0x160/0x160
[ 1303.455869][T18056]  ? kernfs_activate+0x3fc/0x420
[ 1303.460795][T18056]  kernfs_new_node+0x95/0x160
[ 1303.465459][T18056]  kernfs_create_link+0x9c/0x1f0
[ 1303.470383][T18056]  sysfs_do_create_link_sd+0x85/0x100
[ 1303.475725][T18056]  device_add+0x873/0x18a0
[ 1303.480115][T18056]  ? get_device+0x30/0x30
[ 1303.484417][T18056]  ? mutex_lock+0xa6/0x110
[ 1303.488961][T18056]  ? virtual_device_parent+0x50/0x50
[ 1303.494237][T18056]  ? device_initialize+0x1d3/0x3e0
[ 1303.499324][T18056]  rfkill_register+0x180/0x720
[ 1303.504247][T18056]  hci_register_dev+0x398/0x710
[ 1303.509097][T18056]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1303.514349][T18056]  ? hci_uart_tty_write+0x10/0x10
[ 1303.519437][T18056]  tty_ioctl+0xf68/0x1710
[ 1303.523772][T18056]  ? tty_do_resize+0x170/0x170
[ 1303.528594][T18056]  ? avc_ss_reset+0x3a0/0x3a0
[ 1303.533239][T18056]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1303.539373][T18056]  ? refcount_inc_checked+0x50/0x50
[ 1303.544899][T18056]  ? memcg_check_events+0x5c/0x5b0
[ 1303.550075][T18056]  ? proc_fail_nth_write+0x1d5/0x240
[ 1303.555337][T18056]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1303.560513][T18056]  ? __lru_cache_add+0x1c4/0x210
[ 1303.565560][T18056]  ? memset+0x1f/0x40
[ 1303.569557][T18056]  ? fsnotify+0x1332/0x13f0
[ 1303.574130][T18056]  ? tty_do_resize+0x170/0x170
[ 1303.578954][T18056]  do_vfs_ioctl+0x76a/0x1720
[ 1303.583519][T18056]  ? selinux_file_ioctl+0x72f/0x990
[ 1303.588947][T18056]  ? ioctl_preallocate+0x250/0x250
[ 1303.594033][T18056]  ? __fget+0x37b/0x3c0
[ 1303.598659][T18056]  ? vfs_write+0x422/0x4e0
[ 1303.603168][T18056]  ? fget_many+0x20/0x20
[ 1303.607392][T18056]  ? debug_smp_processor_id+0x20/0x20
[ 1303.612756][T18056]  ? security_file_ioctl+0x9d/0xb0
[ 1303.617835][T18056]  __x64_sys_ioctl+0xd4/0x110
[ 1303.622598][T18056]  do_syscall_64+0xcb/0x1e0
[ 1303.627124][T18056]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1303.632989][T18056] RIP: 0033:0x4665d9
[ 1303.637239][T18056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1303.657519][T18056] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1303.665912][T18056] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1303.674482][T18056] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1303.682557][T18056] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1303.690519][T18056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1303.698471][T18056] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1303.713495][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
02:44:55 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001bffffff8100180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1303.742194][T18070] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1305.753922][T16033] Bluetooth: hci0: command 0x1003 tx timeout
[ 1305.759971][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1307.833871][T16033] Bluetooth: hci0: command 0x1001 tx timeout
[ 1307.840380][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1309.913688][T16033] Bluetooth: hci0: command 0x1009 tx timeout
02:45:05 executing program 1 (fault-call:2 fault-nth:43):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:45:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28005c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000001100000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:45:05 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x1200)

02:45:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001bffffff9e00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:05 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x697, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:45:06 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x1f00)

02:45:06 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001bffffffea00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000001200000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1314.179083][T18086] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1314.210403][T18092] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1314.219886][T18092] FAULT_INJECTION: forcing a failure.
02:45:06 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800600010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1314.219886][T18092] name failslab, interval 1, probability 0, space 0, times 0
[ 1314.235460][T18092] CPU: 0 PID: 18092 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1314.245704][T18092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1314.256015][T18092] Call Trace:
[ 1314.259688][T18092]  dump_stack+0x1d8/0x24e
[ 1314.264281][T18092]  ? devkmsg_release+0x11c/0x11c
[ 1314.269976][T18092]  ? mutex_unlock+0x19/0x40
02:45:06 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28006c0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:06 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x2000)

[ 1314.274924][T18092]  ? show_regs_print_info+0x12/0x12
[ 1314.280123][T18092]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1314.286280][T18092]  should_fail+0x6f6/0x860
[ 1314.292080][T18092]  ? setup_fault_attr+0x3d0/0x3d0
[ 1314.297477][T18092]  ? _raw_spin_lock+0xa3/0x1b0
[ 1314.302241][T18092]  ? __kernfs_new_node+0xdb/0x6d0
[ 1314.307272][T18092]  should_failslab+0x5/0x20
[ 1314.312043][T18092]  kmem_cache_alloc+0x36/0x290
[ 1314.317008][T18092]  __kernfs_new_node+0xdb/0x6d0
[ 1314.321867][T18092]  ? mutex_lock+0xa6/0x110
[ 1314.322794][T18107] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1314.326287][T18092]  ? kernfs_new_node+0x160/0x160
[ 1314.326298][T18092]  ? kernfs_activate+0x3fc/0x420
[ 1314.326307][T18092]  kernfs_new_node+0x95/0x160
[ 1314.326318][T18092]  kernfs_create_link+0x9c/0x1f0
[ 1314.326326][T18092]  sysfs_do_create_link_sd+0x85/0x100
[ 1314.326335][T18092]  device_add+0x873/0x18a0
[ 1314.326352][T18092]  ? get_device+0x30/0x30
[ 1314.380127][T18092]  ? mutex_lock+0xa6/0x110
[ 1314.384543][T18092]  ? virtual_device_parent+0x50/0x50
[ 1314.389827][T18092]  ? device_initialize+0x1d3/0x3e0
[ 1314.395199][T18092]  rfkill_register+0x180/0x720
[ 1314.400172][T18092]  hci_register_dev+0x398/0x710
[ 1314.405821][T18092]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1314.411368][T18092]  ? hci_uart_tty_write+0x10/0x10
[ 1314.416562][T18092]  tty_ioctl+0xf68/0x1710
[ 1314.420888][T18092]  ? tty_do_resize+0x170/0x170
[ 1314.425922][T18092]  ? avc_ss_reset+0x3a0/0x3a0
[ 1314.430600][T18092]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1314.438464][T18092]  ? refcount_inc_checked+0x50/0x50
[ 1314.444786][T18092]  ? memcg_check_events+0x5c/0x5b0
[ 1314.449977][T18092]  ? proc_fail_nth_write+0x1d5/0x240
[ 1314.455720][T18092]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1314.461193][T18092]  ? __lru_cache_add+0x1c4/0x210
[ 1314.466896][T18092]  ? memset+0x1f/0x40
[ 1314.470949][T18092]  ? fsnotify+0x1332/0x13f0
[ 1314.475521][T18092]  ? tty_do_resize+0x170/0x170
[ 1314.480272][T18092]  do_vfs_ioctl+0x76a/0x1720
[ 1314.485071][T18092]  ? selinux_file_ioctl+0x72f/0x990
[ 1314.490333][T18092]  ? ioctl_preallocate+0x250/0x250
[ 1314.495497][T18092]  ? __fget+0x37b/0x3c0
[ 1314.499641][T18092]  ? vfs_write+0x422/0x4e0
[ 1314.505766][T18092]  ? fget_many+0x20/0x20
[ 1314.510726][T18092]  ? debug_smp_processor_id+0x20/0x20
[ 1314.516088][T18092]  ? security_file_ioctl+0x9d/0xb0
[ 1314.521448][T18092]  __x64_sys_ioctl+0xd4/0x110
[ 1314.526112][T18092]  do_syscall_64+0xcb/0x1e0
[ 1314.531243][T18092]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1314.537121][T18092] RIP: 0033:0x4665d9
[ 1314.541729][T18092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1314.562414][T18092] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1314.572590][T18092] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1314.580736][T18092] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1314.589107][T18092] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1314.597280][T18092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1314.606623][T18092] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1314.616001][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1316.633180][ T3302] Bluetooth: hci0: command 0x1003 tx timeout
[ 1316.639454][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1318.713115][ T3302] Bluetooth: hci0: command 0x1001 tx timeout
[ 1318.719550][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1320.792919][ T3302] Bluetooth: hci0: command 0x1009 tx timeout
02:45:16 executing program 1 (fault-call:2 fault-nth:44):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:45:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001bffffffef00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000002000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:45:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28007a0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:16 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x2500)

02:45:16 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x698, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:45:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800880010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001bfffffff000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:16 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x3f00)

[ 1325.067211][T18132] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1325.080796][T18134] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1325.091373][T18134] FAULT_INJECTION: forcing a failure.
[ 1325.091373][T18134] name failslab, interval 1, probability 0, space 0, times 0
02:45:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000002500000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:45:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800920010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001bfffffffe00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1325.120060][T18134] CPU: 0 PID: 18134 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1325.130312][T18134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1325.140543][T18134] Call Trace:
[ 1325.144843][T18134]  dump_stack+0x1d8/0x24e
[ 1325.149182][T18134]  ? devkmsg_release+0x11c/0x11c
[ 1325.154123][T18134]  ? show_regs_print_info+0x12/0x12
[ 1325.159317][T18134]  ? mutex_unlock+0x19/0x40
[ 1325.163813][T18134]  ? kernfs_xattr_get+0x81/0x90
[ 1325.168664][T18134]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1325.174728][T18134]  should_fail+0x6f6/0x860
[ 1325.179148][T18134]  ? setup_fault_attr+0x3d0/0x3d0
[ 1325.184174][T18134]  ? __kernfs_new_node+0x99/0x6d0
[ 1325.189197][T18134]  should_failslab+0x5/0x20
[ 1325.193696][T18134]  __kmalloc_track_caller+0x5d/0x2e0
[ 1325.199028][T18134]  kstrdup_const+0x51/0x90
[ 1325.203445][T18134]  __kernfs_new_node+0x99/0x6d0
[ 1325.208298][T18134]  ? mutex_lock+0xa6/0x110
[ 1325.212711][T18134]  ? kernfs_new_node+0x160/0x160
[ 1325.217659][T18134]  ? kernfs_activate+0x3fc/0x420
[ 1325.222885][T18134]  kernfs_new_node+0x95/0x160
[ 1325.227656][T18134]  kernfs_create_link+0x9c/0x1f0
[ 1325.232677][T18134]  sysfs_do_create_link_sd+0x85/0x100
[ 1325.238045][T18134]  device_add+0x989/0x18a0
[ 1325.242556][T18134]  ? get_device+0x30/0x30
[ 1325.246870][T18134]  ? mutex_lock+0xa6/0x110
[ 1325.251288][T18134]  ? virtual_device_parent+0x50/0x50
[ 1325.256960][T18134]  ? device_initialize+0x1d3/0x3e0
[ 1325.262047][T18134]  rfkill_register+0x180/0x720
[ 1325.266789][T18134]  hci_register_dev+0x398/0x710
[ 1325.271637][T18134]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1325.276732][T18134]  ? hci_uart_tty_write+0x10/0x10
[ 1325.281899][T18134]  tty_ioctl+0xf68/0x1710
[ 1325.286210][T18134]  ? tty_do_resize+0x170/0x170
[ 1325.291081][T18134]  ? avc_ss_reset+0x3a0/0x3a0
[ 1325.295794][T18134]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1325.302019][T18134]  ? refcount_inc_checked+0x50/0x50
[ 1325.307624][T18134]  ? memcg_check_events+0x5c/0x5b0
[ 1325.312805][T18134]  ? proc_fail_nth_write+0x1d5/0x240
[ 1325.318423][T18134]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1325.323592][T18134]  ? __lru_cache_add+0x1c4/0x210
[ 1325.328520][T18134]  ? memset+0x1f/0x40
[ 1325.332818][T18134]  ? fsnotify+0x1332/0x13f0
[ 1325.337299][T18134]  ? tty_do_resize+0x170/0x170
[ 1325.342293][T18134]  do_vfs_ioctl+0x76a/0x1720
[ 1325.347327][T18134]  ? selinux_file_ioctl+0x72f/0x990
[ 1325.352525][T18134]  ? ioctl_preallocate+0x250/0x250
[ 1325.357614][T18134]  ? __fget+0x37b/0x3c0
[ 1325.361740][T18134]  ? vfs_write+0x422/0x4e0
[ 1325.366313][T18134]  ? fget_many+0x20/0x20
[ 1325.370531][T18134]  ? debug_smp_processor_id+0x20/0x20
[ 1325.375876][T18134]  ? security_file_ioctl+0x9d/0xb0
[ 1325.381257][T18134]  __x64_sys_ioctl+0xd4/0x110
[ 1325.386032][T18134]  do_syscall_64+0xcb/0x1e0
[ 1325.390601][T18134]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1325.396474][T18134] RIP: 0033:0x4665d9
[ 1325.400464][T18134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1325.420046][T18134] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1325.428528][T18134] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1325.436562][T18134] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1325.444508][T18134] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1325.452452][T18134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1325.460398][T18134] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1325.469625][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1327.512452][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1327.518727][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1329.592385][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1329.598553][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1331.672245][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:45:27 executing program 1 (fault-call:2 fault-nth:45):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:45:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800a20010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000004000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:45:27 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x699, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:45:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4000)

02:45:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b7fffffff00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800aa0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4800)

02:45:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b81ffffff00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000004800000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1335.949589][T18169] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1335.969169][T18171] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1335.984194][T18171] FAULT_INJECTION: forcing a failure.
[ 1335.984194][T18171] name failslab, interval 1, probability 0, space 0, times 0
[ 1336.004125][T18171] CPU: 0 PID: 18171 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1336.014409][T18171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1336.024460][T18171] Call Trace:
[ 1336.028014][T18171]  dump_stack+0x1d8/0x24e
[ 1336.032448][T18171]  ? devkmsg_release+0x11c/0x11c
[ 1336.037505][T18171]  ? show_regs_print_info+0x12/0x12
[ 1336.042883][T18171]  should_fail+0x6f6/0x860
[ 1336.047653][T18171]  ? setup_fault_attr+0x3d0/0x3d0
02:45:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4c00)

02:45:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800b00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1336.052943][T18171]  ? __kernfs_new_node+0xdb/0x6d0
[ 1336.058080][T18171]  should_failslab+0x5/0x20
[ 1336.062736][T18171]  kmem_cache_alloc+0x36/0x290
[ 1336.067679][T18171]  ? memcpy+0x38/0x50
[ 1336.071654][T18171]  __kernfs_new_node+0xdb/0x6d0
[ 1336.076500][T18171]  ? mutex_lock+0xa6/0x110
[ 1336.081087][T18171]  ? kernfs_new_node+0x160/0x160
[ 1336.086177][T18171]  ? kernfs_activate+0x3fc/0x420
[ 1336.091753][T18171]  kernfs_new_node+0x95/0x160
[ 1336.096439][T18171]  kernfs_create_link+0x9c/0x1f0
[ 1336.101382][T18171]  sysfs_do_create_link_sd+0x85/0x100
[ 1336.102462][T18191] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1336.107009][T18171]  device_add+0x989/0x18a0
[ 1336.107021][T18171]  ? get_device+0x30/0x30
[ 1336.107039][T18171]  ? mutex_lock+0xa6/0x110
[ 1336.135963][T18171]  ? virtual_device_parent+0x50/0x50
[ 1336.141247][T18171]  ? device_initialize+0x1d3/0x3e0
[ 1336.146471][T18171]  rfkill_register+0x180/0x720
[ 1336.151409][T18171]  hci_register_dev+0x398/0x710
[ 1336.156260][T18171]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1336.161374][T18171]  ? hci_uart_tty_write+0x10/0x10
[ 1336.166494][T18171]  tty_ioctl+0xf68/0x1710
[ 1336.170906][T18171]  ? tty_do_resize+0x170/0x170
[ 1336.175866][T18171]  ? avc_ss_reset+0x3a0/0x3a0
[ 1336.180520][T18171]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1336.186753][T18171]  ? refcount_inc_checked+0x50/0x50
[ 1336.191933][T18171]  ? memcg_check_events+0x5c/0x5b0
[ 1336.197120][T18171]  ? proc_fail_nth_write+0x1d5/0x240
[ 1336.202406][T18171]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1336.207724][T18171]  ? __lru_cache_add+0x1c4/0x210
[ 1336.212681][T18171]  ? memset+0x1f/0x40
[ 1336.216735][T18171]  ? fsnotify+0x1332/0x13f0
[ 1336.221431][T18171]  ? tty_do_resize+0x170/0x170
[ 1336.226187][T18171]  do_vfs_ioctl+0x76a/0x1720
[ 1336.230856][T18171]  ? selinux_file_ioctl+0x72f/0x990
[ 1336.236030][T18171]  ? ioctl_preallocate+0x250/0x250
[ 1336.241212][T18171]  ? __fget+0x37b/0x3c0
[ 1336.245616][T18171]  ? vfs_write+0x422/0x4e0
[ 1336.250273][T18171]  ? fget_many+0x20/0x20
[ 1336.254523][T18171]  ? debug_smp_processor_id+0x20/0x20
[ 1336.260019][T18171]  ? security_file_ioctl+0x9d/0xb0
[ 1336.265479][T18171]  __x64_sys_ioctl+0xd4/0x110
[ 1336.270237][T18171]  do_syscall_64+0xcb/0x1e0
[ 1336.274913][T18171]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1336.280884][T18171] RIP: 0033:0x4665d9
[ 1336.284767][T18171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1336.304523][T18171] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1336.312908][T18171] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1336.321734][T18171] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1336.329782][T18171] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1336.337947][T18171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1336.346247][T18171] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1336.354926][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1338.391797][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1338.398271][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1340.471665][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1340.477748][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1342.551576][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:45:38 executing program 1 (fault-call:2 fault-nth:46):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:45:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b9effffff00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:38 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x6000)

02:45:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000004c00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:45:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800b40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:38 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x69a, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:45:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001beaffffff00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:38 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x6800)

[ 1346.819299][T18209] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1346.832200][T18214] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1346.852437][T18214] FAULT_INJECTION: forcing a failure.
[ 1346.852437][T18214] name failslab, interval 1, probability 0, space 0, times 0
02:45:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000006000000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:45:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800be0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1346.872259][T18214] CPU: 0 PID: 18214 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1346.882949][T18214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1346.894414][T18214] Call Trace:
[ 1346.898626][T18214]  dump_stack+0x1d8/0x24e
[ 1346.902958][T18214]  ? devkmsg_release+0x11c/0x11c
[ 1346.907897][T18214]  ? mutex_unlock+0x19/0x40
[ 1346.912402][T18214]  ? show_regs_print_info+0x12/0x12
[ 1346.917214][T18223] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1346.917802][T18214]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1346.940807][T18214]  should_fail+0x6f6/0x860
[ 1346.945315][T18214]  ? setup_fault_attr+0x3d0/0x3d0
[ 1346.950342][T18214]  ? _raw_spin_lock+0xa3/0x1b0
[ 1346.955192][T18214]  ? __kernfs_new_node+0xdb/0x6d0
[ 1346.960313][T18214]  should_failslab+0x5/0x20
[ 1346.965310][T18214]  kmem_cache_alloc+0x36/0x290
02:45:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800c00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001befffffff00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1346.972073][T18214]  __kernfs_new_node+0xdb/0x6d0
[ 1346.977017][T18214]  ? mutex_lock+0xa6/0x110
[ 1346.981430][T18214]  ? kernfs_new_node+0x160/0x160
[ 1346.986364][T18214]  ? kernfs_activate+0x3fc/0x420
[ 1346.991297][T18214]  kernfs_new_node+0x95/0x160
[ 1346.996008][T18214]  __kernfs_create_file+0x45/0x260
[ 1347.002598][T18214]  sysfs_add_file_mode_ns+0x293/0x340
[ 1347.008732][T18214]  internal_create_group+0x560/0xf10
[ 1347.014460][T18214]  ? sysfs_create_group+0x20/0x20
[ 1347.019843][T18214]  sysfs_create_groups+0x5d/0x130
[ 1347.025359][T18214]  device_add+0xa51/0x18a0
[ 1347.030036][T18214]  ? get_device+0x30/0x30
[ 1347.034725][T18214]  ? mutex_lock+0xa6/0x110
[ 1347.039413][T18214]  ? virtual_device_parent+0x50/0x50
[ 1347.045058][T18214]  ? device_initialize+0x1d3/0x3e0
[ 1347.052236][T18214]  rfkill_register+0x180/0x720
[ 1347.057434][T18214]  hci_register_dev+0x398/0x710
[ 1347.062845][T18214]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1347.068341][T18214]  ? hci_uart_tty_write+0x10/0x10
[ 1347.073427][T18214]  tty_ioctl+0xf68/0x1710
[ 1347.077891][T18214]  ? tty_do_resize+0x170/0x170
[ 1347.082673][T18214]  ? avc_ss_reset+0x3a0/0x3a0
[ 1347.088972][T18214]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1347.095138][T18214]  ? refcount_inc_checked+0x50/0x50
[ 1347.100415][T18214]  ? memcg_check_events+0x5c/0x5b0
[ 1347.105589][T18214]  ? proc_fail_nth_write+0x1d5/0x240
[ 1347.110859][T18214]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1347.118221][T18214]  ? __lru_cache_add+0x1c4/0x210
[ 1347.124126][T18214]  ? memset+0x1f/0x40
[ 1347.128098][T18214]  ? fsnotify+0x1332/0x13f0
[ 1347.132582][T18214]  ? tty_do_resize+0x170/0x170
[ 1347.137535][T18214]  do_vfs_ioctl+0x76a/0x1720
[ 1347.142105][T18214]  ? selinux_file_ioctl+0x72f/0x990
[ 1347.148352][T18214]  ? ioctl_preallocate+0x250/0x250
[ 1347.155599][T18214]  ? __fget+0x37b/0x3c0
[ 1347.159998][T18214]  ? vfs_write+0x422/0x4e0
[ 1347.164575][T18214]  ? fget_many+0x20/0x20
[ 1347.169505][T18214]  ? debug_smp_processor_id+0x20/0x20
[ 1347.174885][T18214]  ? security_file_ioctl+0x9d/0xb0
[ 1347.180551][T18214]  __x64_sys_ioctl+0xd4/0x110
[ 1347.186330][T18214]  do_syscall_64+0xcb/0x1e0
[ 1347.190823][T18214]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1347.196956][T18214] RIP: 0033:0x4665d9
[ 1347.201511][T18214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1347.224466][T18214] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1347.233335][T18214] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1347.241547][T18214] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1347.252698][T18214] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1347.263004][T18214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1347.270981][T18214] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1347.283716][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1349.351251][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1349.359783][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1351.430947][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1351.438516][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1353.510805][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:45:49 executing program 1 (fault-call:2 fault-nth:47):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:45:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000006800000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:45:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x6c00)

02:45:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800c40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:45:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001bf0ffffff00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:45:49 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x69b, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:45:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x7400)

02:45:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001bfeffffff00180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1357.699676][T18248] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1357.709028][T18250] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1357.714640][T18248] FAULT_INJECTION: forcing a failure.
[ 1357.714640][T18248] name failslab, interval 1, probability 0, space 0, times 0
02:45:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000016b00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:45:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0002000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1357.752515][T18248] CPU: 0 PID: 18248 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1357.762975][T18248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1357.773498][T18248] Call Trace:
[ 1357.776793][T18248]  dump_stack+0x1d8/0x24e
[ 1357.781391][T18248]  ? devkmsg_release+0x11c/0x11c
[ 1357.786328][T18248]  ? mutex_unlock+0x19/0x40
[ 1357.790836][T18248]  ? show_regs_print_info+0x12/0x12
[ 1357.796036][T18248]  ? selinux_kernfs_init_security+0x1b2/0x7e0
02:45:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x7a00)

02:45:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0003000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1357.802107][T18248]  should_fail+0x6f6/0x860
[ 1357.806527][T18248]  ? setup_fault_attr+0x3d0/0x3d0
[ 1357.811549][T18248]  ? _raw_spin_lock+0xa3/0x1b0
[ 1357.816311][T18248]  ? __kernfs_new_node+0xdb/0x6d0
[ 1357.821422][T18248]  should_failslab+0x5/0x20
[ 1357.825931][T18248]  kmem_cache_alloc+0x36/0x290
[ 1357.830997][T18248]  __kernfs_new_node+0xdb/0x6d0
[ 1357.836063][T18248]  ? mutex_lock+0xa6/0x110
[ 1357.840471][T18248]  ? kernfs_new_node+0x160/0x160
[ 1357.842197][T18264] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1357.845409][T18248]  ? kernfs_activate+0x3fc/0x420
[ 1357.845419][T18248]  kernfs_new_node+0x95/0x160
[ 1357.845435][T18248]  __kernfs_create_file+0x45/0x260
[ 1357.875986][T18248]  sysfs_add_file_mode_ns+0x293/0x340
[ 1357.881365][T18248]  internal_create_group+0x560/0xf10
[ 1357.886767][T18248]  ? sysfs_create_group+0x20/0x20
[ 1357.891796][T18248]  sysfs_create_groups+0x5d/0x130
[ 1357.896825][T18248]  device_add+0xa51/0x18a0
[ 1357.901250][T18248]  ? get_device+0x30/0x30
[ 1357.905582][T18248]  ? mutex_lock+0xa6/0x110
[ 1357.909994][T18248]  ? virtual_device_parent+0x50/0x50
[ 1357.915285][T18248]  ? device_initialize+0x1d3/0x3e0
[ 1357.920398][T18248]  rfkill_register+0x180/0x720
[ 1357.925240][T18248]  hci_register_dev+0x398/0x710
[ 1357.930270][T18248]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1357.936669][T18248]  ? hci_uart_tty_write+0x10/0x10
[ 1357.941760][T18248]  tty_ioctl+0xf68/0x1710
[ 1357.946083][T18248]  ? tty_do_resize+0x170/0x170
[ 1357.951199][T18248]  ? avc_ss_reset+0x3a0/0x3a0
[ 1357.956046][T18248]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1357.962193][T18248]  ? refcount_inc_checked+0x50/0x50
[ 1357.967605][T18248]  ? memcg_check_events+0x5c/0x5b0
[ 1357.972834][T18248]  ? proc_fail_nth_write+0x1d5/0x240
[ 1357.978251][T18248]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1357.983439][T18248]  ? __lru_cache_add+0x1c4/0x210
[ 1357.988365][T18248]  ? memset+0x1f/0x40
[ 1357.992329][T18248]  ? fsnotify+0x1332/0x13f0
[ 1357.997215][T18248]  ? tty_do_resize+0x170/0x170
[ 1358.002277][T18248]  do_vfs_ioctl+0x76a/0x1720
[ 1358.006892][T18248]  ? selinux_file_ioctl+0x72f/0x990
[ 1358.012206][T18248]  ? ioctl_preallocate+0x250/0x250
[ 1358.018069][T18248]  ? __fget+0x37b/0x3c0
[ 1358.022406][T18248]  ? vfs_write+0x422/0x4e0
[ 1358.026802][T18248]  ? fget_many+0x20/0x20
[ 1358.031021][T18248]  ? debug_smp_processor_id+0x20/0x20
[ 1358.036415][T18248]  ? security_file_ioctl+0x9d/0xb0
[ 1358.041508][T18248]  __x64_sys_ioctl+0xd4/0x110
[ 1358.046165][T18248]  do_syscall_64+0xcb/0x1e0
[ 1358.050646][T18248]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1358.056769][T18248] RIP: 0033:0x4665d9
[ 1358.061086][T18248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1358.081163][T18248] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1358.089668][T18248] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1358.097855][T18248] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1358.106076][T18248] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1358.114058][T18248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1358.122029][T18248] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1358.133163][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1360.150368][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1360.156547][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1362.230205][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1362.236258][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1364.310135][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
[ 1366.630366][    C1] ip6_tunnel: € xmit: Local address not yet configured!
02:46:00 executing program 1 (fault-call:2 fault-nth:48):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:46:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0004000000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x100000)

02:46:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800c60010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000006c00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:00 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x69c, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:46:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0006010000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800ca0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x1fffff)

02:46:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000007400000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1368.572284][T18283] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:46:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000030000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800cc0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1368.633052][T18294] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1368.647085][T18294] FAULT_INJECTION: forcing a failure.
[ 1368.647085][T18294] name failslab, interval 1, probability 0, space 0, times 0
[ 1368.675369][T18301] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1368.693846][T18294] CPU: 1 PID: 18294 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1368.704238][T18294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1368.714275][T18294] Call Trace:
[ 1368.717568][T18294]  dump_stack+0x1d8/0x24e
[ 1368.723888][T18294]  ? devkmsg_release+0x11c/0x11c
[ 1368.729033][T18294]  ? mutex_unlock+0x19/0x40
[ 1368.733531][T18294]  ? show_regs_print_info+0x12/0x12
[ 1368.738728][T18294]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1368.744999][T18294]  should_fail+0x6f6/0x860
[ 1368.749399][T18294]  ? setup_fault_attr+0x3d0/0x3d0
[ 1368.756843][T18294]  ? _raw_spin_lock+0xa3/0x1b0
[ 1368.761721][T18294]  ? __kernfs_new_node+0xdb/0x6d0
[ 1368.766737][T18294]  should_failslab+0x5/0x20
[ 1368.771229][T18294]  kmem_cache_alloc+0x36/0x290
[ 1368.776344][T18294]  __kernfs_new_node+0xdb/0x6d0
[ 1368.781178][T18294]  ? mutex_lock+0xa6/0x110
[ 1368.785667][T18294]  ? kernfs_new_node+0x160/0x160
[ 1368.790822][T18294]  ? kernfs_activate+0x3fc/0x420
[ 1368.795740][T18294]  kernfs_new_node+0x95/0x160
[ 1368.800396][T18294]  __kernfs_create_file+0x45/0x260
[ 1368.805487][T18294]  sysfs_add_file_mode_ns+0x293/0x340
[ 1368.812051][T18294]  internal_create_group+0x560/0xf10
[ 1368.817661][T18294]  ? sysfs_create_group+0x20/0x20
[ 1368.822657][T18294]  sysfs_create_groups+0x5d/0x130
[ 1368.827779][T18294]  device_add+0xa51/0x18a0
[ 1368.832279][T18294]  ? get_device+0x30/0x30
[ 1368.837123][T18294]  ? mutex_lock+0xa6/0x110
[ 1368.842669][T18294]  ? virtual_device_parent+0x50/0x50
[ 1368.849340][T18294]  ? device_initialize+0x1d3/0x3e0
[ 1368.854430][T18294]  rfkill_register+0x180/0x720
[ 1368.859199][T18294]  hci_register_dev+0x398/0x710
[ 1368.864382][T18294]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1368.869396][T18294]  ? hci_uart_tty_write+0x10/0x10
[ 1368.875573][T18294]  tty_ioctl+0xf68/0x1710
[ 1368.880201][T18294]  ? tty_do_resize+0x170/0x170
[ 1368.884947][T18294]  ? is_mmconf_reserved+0x420/0x420
[ 1368.890120][T18294]  ? avc_ss_reset+0x3a0/0x3a0
[ 1368.894787][T18294]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1368.901042][T18294]  ? preempt_schedule_notrace+0x190/0x190
[ 1368.908777][T18294]  ? proc_fail_nth_write+0x1d5/0x240
[ 1368.914158][T18294]  ? retint_kernel+0x1b/0x1b
[ 1368.918726][T18294]  ? fsnotify+0xf1/0x13f0
[ 1368.923215][T18294]  ? fsnotify+0x1332/0x13f0
[ 1368.927703][T18294]  ? tty_do_resize+0x170/0x170
[ 1368.932448][T18294]  do_vfs_ioctl+0x76a/0x1720
[ 1368.937017][T18294]  ? selinux_file_ioctl+0x72f/0x990
[ 1368.943006][T18294]  ? ioctl_preallocate+0x250/0x250
[ 1368.948967][T18294]  ? __fget+0x37b/0x3c0
[ 1368.953494][T18294]  ? debug_smp_processor_id+0x20/0x20
[ 1368.958935][T18294]  ? fget_many+0x20/0x20
[ 1368.963284][T18294]  ? __fpregs_load_activate+0x1d7/0x3c0
[ 1368.969178][T18294]  ? security_file_ioctl+0x9d/0xb0
[ 1368.975801][T18294]  __x64_sys_ioctl+0xd4/0x110
[ 1368.981145][T18294]  do_syscall_64+0xcb/0x1e0
[ 1368.985973][T18294]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1368.992194][T18294] RIP: 0033:0x4665d9
[ 1368.996346][T18294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1369.018244][T18294] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1369.027686][T18294] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1369.035900][T18294] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1369.044107][T18294] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1369.052814][T18294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1369.062416][T18294] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1369.079778][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1371.109566][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1371.115736][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1373.189496][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1373.195712][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1375.269360][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:46:11 executing program 1 (fault-call:2 fault-nth:49):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:46:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x1000000)

02:46:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000007a00000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0001060000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800d00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:11 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x69d, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:46:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x2000000)

02:46:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000400000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1379.447336][T18318] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1379.479330][T18327] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:46:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000008100000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800d20010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000810000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1379.493290][T18327] FAULT_INJECTION: forcing a failure.
[ 1379.493290][T18327] name failslab, interval 1, probability 0, space 0, times 0
02:46:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x3000000)

[ 1379.535054][T18338] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1379.546886][T18327] CPU: 1 PID: 18327 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1379.560745][T18327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1379.571054][T18327] Call Trace:
[ 1379.574354][T18327]  dump_stack+0x1d8/0x24e
[ 1379.578762][T18327]  ? devkmsg_release+0x11c/0x11c
[ 1379.583683][T18327]  ? mutex_unlock+0x19/0x40
[ 1379.588170][T18327]  ? show_regs_print_info+0x12/0x12
[ 1379.593600][T18327]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1379.599646][T18327]  should_fail+0x6f6/0x860
[ 1379.604038][T18327]  ? setup_fault_attr+0x3d0/0x3d0
[ 1379.609165][T18327]  ? _raw_spin_lock+0xa3/0x1b0
[ 1379.613910][T18327]  ? __kernfs_new_node+0xdb/0x6d0
[ 1379.618955][T18327]  should_failslab+0x5/0x20
[ 1379.623436][T18327]  kmem_cache_alloc+0x36/0x290
[ 1379.628521][T18327]  __kernfs_new_node+0xdb/0x6d0
[ 1379.633349][T18327]  ? mutex_lock+0xa6/0x110
[ 1379.637753][T18327]  ? kernfs_new_node+0x160/0x160
[ 1379.642668][T18327]  ? kernfs_activate+0x3fc/0x420
[ 1379.647667][T18327]  kernfs_new_node+0x95/0x160
[ 1379.652507][T18327]  __kernfs_create_file+0x45/0x260
[ 1379.657599][T18327]  sysfs_add_file_mode_ns+0x293/0x340
[ 1379.663241][T18327]  internal_create_group+0x560/0xf10
[ 1379.668504][T18327]  ? sysfs_create_group+0x20/0x20
[ 1379.673526][T18327]  sysfs_create_groups+0x5d/0x130
[ 1379.678529][T18327]  device_add+0xa51/0x18a0
[ 1379.682920][T18327]  ? get_device+0x30/0x30
[ 1379.687225][T18327]  ? mutex_lock+0xa6/0x110
[ 1379.691618][T18327]  ? virtual_device_parent+0x50/0x50
[ 1379.696879][T18327]  ? device_initialize+0x1d3/0x3e0
[ 1379.702051][T18327]  rfkill_register+0x180/0x720
[ 1379.707067][T18327]  hci_register_dev+0x398/0x710
[ 1379.711902][T18327]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1379.716905][T18327]  ? hci_uart_tty_write+0x10/0x10
[ 1379.721922][T18327]  tty_ioctl+0xf68/0x1710
[ 1379.726241][T18327]  ? tty_do_resize+0x170/0x170
[ 1379.731018][T18327]  ? avc_ss_reset+0x3a0/0x3a0
[ 1379.735700][T18327]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1379.741984][T18327]  ? refcount_inc_checked+0x50/0x50
[ 1379.747177][T18327]  ? memcg_check_events+0x5c/0x5b0
[ 1379.752722][T18327]  ? proc_fail_nth_write+0x1d5/0x240
[ 1379.757986][T18327]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1379.763158][T18327]  ? __lru_cache_add+0x1c4/0x210
[ 1379.768548][T18327]  ? memset+0x1f/0x40
[ 1379.772637][T18327]  ? fsnotify+0x1332/0x13f0
[ 1379.777120][T18327]  ? tty_do_resize+0x170/0x170
[ 1379.782489][T18327]  do_vfs_ioctl+0x76a/0x1720
[ 1379.787190][T18327]  ? selinux_file_ioctl+0x72f/0x990
[ 1379.792493][T18327]  ? ioctl_preallocate+0x250/0x250
[ 1379.798024][T18327]  ? __fget+0x37b/0x3c0
[ 1379.802181][T18327]  ? vfs_write+0x422/0x4e0
[ 1379.806583][T18327]  ? fget_many+0x20/0x20
[ 1379.810930][T18327]  ? debug_smp_processor_id+0x20/0x20
[ 1379.816622][T18327]  ? security_file_ioctl+0x9d/0xb0
[ 1379.821835][T18327]  __x64_sys_ioctl+0xd4/0x110
[ 1379.826503][T18327]  do_syscall_64+0xcb/0x1e0
[ 1379.831668][T18327]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1379.837553][T18327] RIP: 0033:0x4665d9
[ 1379.841633][T18327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1379.861224][T18327] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1379.869800][T18327] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1379.877745][T18327] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1379.885875][T18327] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1379.893885][T18327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1379.901848][T18327] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1379.918993][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1381.988877][ T3302] Bluetooth: hci0: command 0x1003 tx timeout
[ 1381.994924][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1384.068761][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1384.075227][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1386.148659][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:46:22 executing program 1 (fault-call:2 fault-nth:50):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:46:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000008003000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800d60010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000800300180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4000000)

02:46:22 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x69e, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:46:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000038000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000380000000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800da0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:22 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x5000000)

[ 1390.349553][T18362] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1390.353577][T18368] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1390.393639][T18368] FAULT_INJECTION: forcing a failure.
02:46:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000001180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1390.393639][T18368] name failslab, interval 1, probability 0, space 0, times 0
[ 1390.420690][T18376] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1390.428847][T18368] CPU: 1 PID: 18368 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
02:46:22 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800dc0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1390.448941][T18368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1390.459160][T18368] Call Trace:
[ 1390.462445][T18368]  dump_stack+0x1d8/0x24e
[ 1390.467841][T18368]  ? devkmsg_release+0x11c/0x11c
[ 1390.472857][T18368]  ? mutex_unlock+0x19/0x40
[ 1390.477612][T18368]  ? show_regs_print_info+0x12/0x12
[ 1390.482911][T18368]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1390.488953][T18368]  should_fail+0x6f6/0x860
[ 1390.493357][T18368]  ? setup_fault_attr+0x3d0/0x3d0
[ 1390.498367][T18368]  ? _raw_spin_lock+0xa3/0x1b0
[ 1390.503506][T18368]  ? __kernfs_new_node+0xdb/0x6d0
[ 1390.510620][T18368]  should_failslab+0x5/0x20
[ 1390.515199][T18368]  kmem_cache_alloc+0x36/0x290
[ 1390.520135][T18368]  __kernfs_new_node+0xdb/0x6d0
[ 1390.524970][T18368]  ? mutex_lock+0xa6/0x110
[ 1390.529897][T18368]  ? kernfs_new_node+0x160/0x160
[ 1390.534989][T18368]  ? kernfs_activate+0x3fc/0x420
[ 1390.539906][T18368]  kernfs_new_node+0x95/0x160
[ 1390.544659][T18368]  __kernfs_create_file+0x45/0x260
[ 1390.549754][T18368]  sysfs_add_file_mode_ns+0x293/0x340
[ 1390.556262][T18368]  internal_create_group+0x560/0xf10
[ 1390.561535][T18368]  ? sysfs_create_group+0x20/0x20
[ 1390.566533][T18368]  sysfs_create_groups+0x5d/0x130
[ 1390.571532][T18368]  device_add+0xa51/0x18a0
[ 1390.575932][T18368]  ? get_device+0x30/0x30
[ 1390.580250][T18368]  ? mutex_lock+0xa6/0x110
[ 1390.586543][T18368]  ? virtual_device_parent+0x50/0x50
[ 1390.591981][T18368]  ? device_initialize+0x1d3/0x3e0
[ 1390.597067][T18368]  rfkill_register+0x180/0x720
[ 1390.601817][T18368]  hci_register_dev+0x398/0x710
[ 1390.606646][T18368]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1390.611649][T18368]  ? hci_uart_tty_write+0x10/0x10
[ 1390.618856][T18368]  tty_ioctl+0xf68/0x1710
[ 1390.623195][T18368]  ? tty_do_resize+0x170/0x170
[ 1390.627935][T18368]  ? avc_ss_reset+0x3a0/0x3a0
[ 1390.632677][T18368]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1390.638805][T18368]  ? refcount_inc_checked+0x50/0x50
[ 1390.644002][T18368]  ? memcg_check_events+0x5c/0x5b0
[ 1390.650802][T18368]  ? proc_fail_nth_write+0x1d5/0x240
[ 1390.656065][T18368]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1390.661236][T18368]  ? __lru_cache_add+0x1c4/0x210
[ 1390.666498][T18368]  ? memset+0x1f/0x40
[ 1390.670537][T18368]  ? fsnotify+0x1332/0x13f0
[ 1390.675008][T18368]  ? tty_do_resize+0x170/0x170
[ 1390.679774][T18368]  do_vfs_ioctl+0x76a/0x1720
[ 1390.684490][T18368]  ? selinux_file_ioctl+0x72f/0x990
[ 1390.689868][T18368]  ? ioctl_preallocate+0x250/0x250
[ 1390.695656][T18368]  ? __fget+0x37b/0x3c0
[ 1390.699787][T18368]  ? vfs_write+0x422/0x4e0
[ 1390.704177][T18368]  ? fget_many+0x20/0x20
[ 1390.708392][T18368]  ? debug_smp_processor_id+0x20/0x20
[ 1390.713735][T18368]  ? security_file_ioctl+0x9d/0xb0
[ 1390.718820][T18368]  __x64_sys_ioctl+0xd4/0x110
[ 1390.724172][T18368]  do_syscall_64+0xcb/0x1e0
[ 1390.728743][T18368]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1390.734794][T18368] RIP: 0033:0x4665d9
[ 1390.738662][T18368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1390.758952][T18368] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1390.767427][T18368] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1390.775705][T18368] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1390.783658][T18368] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1390.791608][T18368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1390.799566][T18368] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1390.818161][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1392.868128][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1392.874699][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1394.948067][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1394.954200][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1397.027919][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:46:33 executing program 1 (fault-call:2 fault-nth:51):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:46:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000010000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:33 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x6000000)

02:46:33 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000002180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:33 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800de0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:33 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x69f, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:46:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000020000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:33 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000003180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:33 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800e40010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1401.215669][T18399] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1401.222117][T18402] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:46:33 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x7000000)

02:46:33 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000004180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1401.268204][T18402] FAULT_INJECTION: forcing a failure.
[ 1401.268204][T18402] name failslab, interval 1, probability 0, space 0, times 0
[ 1401.294089][T18402] CPU: 0 PID: 18402 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1401.304344][T18402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1401.314391][T18402] Call Trace:
[ 1401.317681][T18402]  dump_stack+0x1d8/0x24e
[ 1401.322014][T18402]  ? devkmsg_release+0x11c/0x11c
[ 1401.325163][T18412] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1401.326944][T18402]  ? mutex_unlock+0x19/0x40
[ 1401.326955][T18402]  ? show_regs_print_info+0x12/0x12
[ 1401.326966][T18402]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1401.326977][T18402]  should_fail+0x6f6/0x860
[ 1401.326987][T18402]  ? setup_fault_attr+0x3d0/0x3d0
02:46:33 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000106180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1401.326996][T18402]  ? _raw_spin_lock+0xa3/0x1b0
[ 1401.327005][T18402]  ? __kernfs_new_node+0xdb/0x6d0
[ 1401.327020][T18402]  should_failslab+0x5/0x20
[ 1401.381578][T18402]  kmem_cache_alloc+0x36/0x290
[ 1401.386347][T18402]  __kernfs_new_node+0xdb/0x6d0
[ 1401.391202][T18402]  ? mutex_lock+0xa6/0x110
[ 1401.395620][T18402]  ? kernfs_new_node+0x160/0x160
[ 1401.400650][T18402]  ? kernfs_activate+0x3fc/0x420
[ 1401.405579][T18402]  kernfs_new_node+0x95/0x160
[ 1401.410234][T18402]  __kernfs_create_file+0x45/0x260
[ 1401.415331][T18402]  sysfs_add_file_mode_ns+0x293/0x340
[ 1401.420684][T18402]  internal_create_group+0x560/0xf10
[ 1401.425942][T18402]  ? sysfs_create_group+0x20/0x20
[ 1401.430951][T18402]  sysfs_create_groups+0x5d/0x130
[ 1401.435955][T18402]  device_add+0xa51/0x18a0
[ 1401.440353][T18402]  ? get_device+0x30/0x30
[ 1401.444653][T18402]  ? mutex_lock+0xa6/0x110
[ 1401.449073][T18402]  ? virtual_device_parent+0x50/0x50
[ 1401.454684][T18402]  ? device_initialize+0x1d3/0x3e0
[ 1401.459967][T18402]  rfkill_register+0x180/0x720
[ 1401.464707][T18402]  hci_register_dev+0x398/0x710
[ 1401.469553][T18402]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1401.474561][T18402]  ? hci_uart_tty_write+0x10/0x10
[ 1401.479753][T18402]  tty_ioctl+0xf68/0x1710
[ 1401.484143][T18402]  ? tty_do_resize+0x170/0x170
[ 1401.488967][T18402]  ? avc_ss_reset+0x3a0/0x3a0
[ 1401.493619][T18402]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1401.499765][T18402]  ? refcount_inc_checked+0x50/0x50
[ 1401.504937][T18402]  ? memcg_check_events+0x5c/0x5b0
[ 1401.510095][T18402]  ? proc_fail_nth_write+0x1d5/0x240
[ 1401.515452][T18402]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1401.520722][T18402]  ? __lru_cache_add+0x1c4/0x210
[ 1401.526212][T18402]  ? memset+0x1f/0x40
[ 1401.530184][T18402]  ? fsnotify+0x1332/0x13f0
[ 1401.534758][T18402]  ? tty_do_resize+0x170/0x170
[ 1401.539908][T18402]  do_vfs_ioctl+0x76a/0x1720
[ 1401.544641][T18402]  ? selinux_file_ioctl+0x72f/0x990
[ 1401.549917][T18402]  ? ioctl_preallocate+0x250/0x250
[ 1401.555118][T18402]  ? __fget+0x37b/0x3c0
[ 1401.559274][T18402]  ? vfs_write+0x422/0x4e0
[ 1401.564610][T18402]  ? fget_many+0x20/0x20
[ 1401.568849][T18402]  ? debug_smp_processor_id+0x20/0x20
[ 1401.574237][T18402]  ? security_file_ioctl+0x9d/0xb0
[ 1401.579555][T18402]  __x64_sys_ioctl+0xd4/0x110
[ 1401.584537][T18402]  do_syscall_64+0xcb/0x1e0
[ 1401.589167][T18402]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1401.595048][T18402] RIP: 0033:0x4665d9
[ 1401.599045][T18402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1401.618887][T18402] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1401.627377][T18402] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1401.635773][T18402] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1401.644690][T18402] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1401.652974][T18402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1401.661161][T18402] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1401.671672][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1403.747415][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1403.753496][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1405.827340][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1405.838428][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1407.907201][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:46:43 executing program 1 (fault-call:2 fault-nth:52):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:46:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000030000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000040180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x8000000)

02:46:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800f00010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:43 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a0, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:46:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x9000000)

02:46:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000081180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1412.090301][T18432] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1412.112088][T18440] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1412.123621][T18440] FAULT_INJECTION: forcing a failure.
[ 1412.123621][T18440] name failslab, interval 1, probability 0, space 0, times 0
02:46:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800f30010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1412.138499][T18440] CPU: 1 PID: 18440 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1412.149000][T18440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1412.159475][T18440] Call Trace:
[ 1412.162747][T18440]  dump_stack+0x1d8/0x24e
[ 1412.167138][T18440]  ? devkmsg_release+0x11c/0x11c
[ 1412.172405][T18440]  ? show_regs_print_info+0x12/0x12
[ 1412.177665][T18440]  should_fail+0x6f6/0x860
[ 1412.182332][T18440]  ? setup_fault_attr+0x3d0/0x3d0
[ 1412.187347][T18440]  ? security_kernfs_init_security+0x9a/0xb0
[ 1412.193306][T18440]  ? __kernfs_new_node+0x50b/0x6d0
[ 1412.198411][T18440]  ? __kernfs_new_node+0xdb/0x6d0
[ 1412.203764][T18440]  should_failslab+0x5/0x20
[ 1412.208244][T18440]  kmem_cache_alloc+0x36/0x290
[ 1412.213088][T18440]  ? mutex_trylock+0xb0/0xb0
[ 1412.217670][T18440]  __kernfs_new_node+0xdb/0x6d0
[ 1412.222647][T18440]  ? kernfs_new_node+0x160/0x160
[ 1412.227826][T18440]  ? mutex_unlock+0x19/0x40
[ 1412.232588][T18440]  ? kernfs_add_one+0x49e/0x5c0
[ 1412.237589][T18440]  ? __kernfs_create_file+0x1f1/0x260
[ 1412.242967][T18440]  kernfs_new_node+0x95/0x160
[ 1412.247739][T18440]  __kernfs_create_file+0x45/0x260
[ 1412.252846][T18440]  sysfs_add_file_mode_ns+0x293/0x340
[ 1412.258283][T18440]  sysfs_create_file_ns+0x18c/0x2b0
[ 1412.263455][T18440]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1412.268975][T18440]  ? device_create_file+0xe2/0x1a0
[ 1412.274056][T18440]  device_add+0xc44/0x18a0
[ 1412.278459][T18440]  ? virtual_device_parent+0x50/0x50
[ 1412.283716][T18440]  ? device_initialize+0x1d3/0x3e0
[ 1412.288820][T18440]  rfkill_register+0x180/0x720
[ 1412.293646][T18440]  hci_register_dev+0x398/0x710
[ 1412.298492][T18440]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1412.303493][T18440]  ? hci_uart_tty_write+0x10/0x10
[ 1412.308678][T18440]  tty_ioctl+0xf68/0x1710
[ 1412.313036][T18440]  ? tty_do_resize+0x170/0x170
[ 1412.317784][T18440]  ? avc_ss_reset+0x3a0/0x3a0
[ 1412.322748][T18440]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1412.328875][T18440]  ? refcount_inc_checked+0x50/0x50
[ 1412.334049][T18440]  ? memcg_check_events+0x5c/0x5b0
[ 1412.339134][T18440]  ? proc_fail_nth_write+0x1d5/0x240
[ 1412.344403][T18440]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1412.349572][T18440]  ? __lru_cache_add+0x1c4/0x210
[ 1412.354490][T18440]  ? memset+0x1f/0x40
[ 1412.358465][T18440]  ? fsnotify+0x1332/0x13f0
[ 1412.362946][T18440]  ? tty_do_resize+0x170/0x170
[ 1412.367712][T18440]  do_vfs_ioctl+0x76a/0x1720
[ 1412.372288][T18440]  ? selinux_file_ioctl+0x72f/0x990
[ 1412.377490][T18440]  ? ioctl_preallocate+0x250/0x250
[ 1412.382615][T18440]  ? __fget+0x37b/0x3c0
[ 1412.387092][T18440]  ? vfs_write+0x422/0x4e0
[ 1412.391482][T18440]  ? fget_many+0x20/0x20
[ 1412.395699][T18440]  ? debug_smp_processor_id+0x20/0x20
[ 1412.401047][T18440]  ? security_file_ioctl+0x9d/0xb0
[ 1412.406136][T18440]  __x64_sys_ioctl+0xd4/0x110
[ 1412.410787][T18440]  do_syscall_64+0xcb/0x1e0
[ 1412.415261][T18440]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1412.421347][T18440] RIP: 0033:0x4665d9
[ 1412.425218][T18440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1412.445184][T18440] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1412.453662][T18440] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1412.461627][T18440] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1412.469640][T18440] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1412.477617][T18440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
02:46:44 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xa000000)

[ 1412.485568][T18440] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1412.500879][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
02:46:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00ffffff81180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1412.530294][T18454] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1414.546697][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1414.552844][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1416.626589][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1416.632637][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1418.706477][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:46:54 executing program 1 (fault-call:2 fault-nth:53):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:46:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800f60010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:46:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000050000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:46:54 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xb000000)

02:46:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00ffffff9e180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:54 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a1, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:46:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00ffffffea180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:46:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000060000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1422.966147][T18470] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:46:54 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xc000000)

02:46:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800fa0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1423.016430][T18479] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1423.031489][T18479] FAULT_INJECTION: forcing a failure.
[ 1423.031489][T18479] name failslab, interval 1, probability 0, space 0, times 0
[ 1423.050888][T18479] CPU: 0 PID: 18479 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1423.051163][T18488] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1423.062894][T18479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1423.062900][T18479] Call Trace:
[ 1423.062926][T18479]  dump_stack+0x1d8/0x24e
[ 1423.062942][T18479]  ? devkmsg_release+0x11c/0x11c
[ 1423.062951][T18479]  ? show_regs_print_info+0x12/0x12
[ 1423.062963][T18479]  should_fail+0x6f6/0x860
02:46:54 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xd000000)

02:46:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800fc0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1423.062972][T18479]  ? setup_fault_attr+0x3d0/0x3d0
[ 1423.062981][T18479]  ? security_kernfs_init_security+0x9a/0xb0
[ 1423.062991][T18479]  ? __kernfs_new_node+0x50b/0x6d0
[ 1423.063000][T18479]  ? __kernfs_new_node+0xdb/0x6d0
[ 1423.063009][T18479]  should_failslab+0x5/0x20
[ 1423.063017][T18479]  kmem_cache_alloc+0x36/0x290
[ 1423.063028][T18479]  ? mutex_trylock+0xb0/0xb0
[ 1423.063040][T18479]  __kernfs_new_node+0xdb/0x6d0
[ 1423.063053][T18479]  ? kernfs_new_node+0x160/0x160
[ 1423.063063][T18479]  ? mutex_unlock+0x19/0x40
[ 1423.063072][T18479]  ? kernfs_add_one+0x49e/0x5c0
[ 1423.063083][T18479]  ? __kernfs_create_file+0x1f1/0x260
[ 1423.063091][T18479]  kernfs_new_node+0x95/0x160
[ 1423.063108][T18479]  __kernfs_create_file+0x45/0x260
[ 1423.187356][T18479]  sysfs_add_file_mode_ns+0x293/0x340
[ 1423.192735][T18479]  sysfs_create_file_ns+0x18c/0x2b0
[ 1423.199641][T18479]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1423.205624][T18479]  ? device_create_file+0xe2/0x1a0
[ 1423.211018][T18479]  device_add+0xc44/0x18a0
[ 1423.215525][T18479]  ? virtual_device_parent+0x50/0x50
[ 1423.221981][T18479]  ? device_initialize+0x1d3/0x3e0
[ 1423.227310][T18479]  rfkill_register+0x180/0x720
[ 1423.233813][T18479]  hci_register_dev+0x398/0x710
[ 1423.239156][T18479]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1423.244431][T18479]  ? hci_uart_tty_write+0x10/0x10
[ 1423.249615][T18479]  tty_ioctl+0xf68/0x1710
[ 1423.254112][T18479]  ? tty_do_resize+0x170/0x170
[ 1423.258956][T18479]  ? avc_ss_reset+0x3a0/0x3a0
[ 1423.263613][T18479]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1423.272646][T18479]  ? refcount_inc_checked+0x50/0x50
[ 1423.277828][T18479]  ? memcg_check_events+0x5c/0x5b0
[ 1423.283092][T18479]  ? proc_fail_nth_write+0x1d5/0x240
[ 1423.288757][T18479]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1423.294482][T18479]  ? __lru_cache_add+0x1c4/0x210
[ 1423.299983][T18479]  ? memset+0x1f/0x40
[ 1423.305419][T18479]  ? fsnotify+0x1332/0x13f0
[ 1423.309903][T18479]  ? tty_do_resize+0x170/0x170
[ 1423.315448][T18479]  do_vfs_ioctl+0x76a/0x1720
[ 1423.320021][T18479]  ? selinux_file_ioctl+0x72f/0x990
[ 1423.325461][T18479]  ? ioctl_preallocate+0x250/0x250
[ 1423.330705][T18479]  ? __fget+0x37b/0x3c0
[ 1423.335036][T18479]  ? vfs_write+0x422/0x4e0
[ 1423.339444][T18479]  ? fget_many+0x20/0x20
[ 1423.343768][T18479]  ? debug_smp_processor_id+0x20/0x20
[ 1423.351791][T18479]  ? security_file_ioctl+0x9d/0xb0
[ 1423.357271][T18479]  __x64_sys_ioctl+0xd4/0x110
[ 1423.362132][T18479]  do_syscall_64+0xcb/0x1e0
[ 1423.366716][T18479]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1423.372785][T18479] RIP: 0033:0x4665d9
[ 1423.376673][T18479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1423.398901][T18479] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1423.407810][T18479] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1423.416711][T18479] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1423.427186][T18479] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1423.435151][T18479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1423.443261][T18479] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1425.506490][ T3302] Bluetooth: hci0: command 0x1003 tx timeout
[ 1425.513271][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1427.585856][ T3302] Bluetooth: hci0: command 0x1001 tx timeout
[ 1427.592895][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1429.665714][ T3302] Bluetooth: hci0: command 0x1009 tx timeout
02:47:05 executing program 1 (fault-call:2 fault-nth:54):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:47:05 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xe000000)

02:47:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800fd0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00ffffffef180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000070000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:47:05 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a2, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:47:05 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x10000000)

02:47:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800fe0010000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00fffffff0180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1433.858456][T18516] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1433.874258][T18519] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1433.896145][T18519] FAULT_INJECTION: forcing a failure.
[ 1433.896145][T18519] name failslab, interval 1, probability 0, space 0, times 0
02:47:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000080000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:47:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00fffffffe180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b007fffffff180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1433.928450][T18519] CPU: 0 PID: 18519 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1433.938793][T18519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1433.948939][T18519] Call Trace:
[ 1433.950848][T18534] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1433.952223][T18519]  dump_stack+0x1d8/0x24e
[ 1433.952240][T18519]  ? devkmsg_release+0x11c/0x11c
[ 1433.976694][T18519]  ? mutex_unlock+0x19/0x40
[ 1433.981303][T18519]  ? show_regs_print_info+0x12/0x12
[ 1433.986498][T18519]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1433.992737][T18519]  should_fail+0x6f6/0x860
[ 1433.997237][T18519]  ? setup_fault_attr+0x3d0/0x3d0
[ 1434.002368][T18519]  ? _raw_spin_lock+0xa3/0x1b0
[ 1434.007654][T18519]  ? __kernfs_new_node+0xdb/0x6d0
[ 1434.012675][T18519]  should_failslab+0x5/0x20
[ 1434.017177][T18519]  kmem_cache_alloc+0x36/0x290
[ 1434.021939][T18519]  __kernfs_new_node+0xdb/0x6d0
[ 1434.026780][T18519]  ? mutex_lock+0xa6/0x110
[ 1434.031167][T18519]  ? kernfs_new_node+0x160/0x160
[ 1434.036490][T18519]  ? kernfs_activate+0x3fc/0x420
[ 1434.041598][T18519]  kernfs_create_dir_ns+0x90/0x220
[ 1434.046840][T18519]  internal_create_group+0x294/0xf10
[ 1434.052205][T18519]  ? sysfs_create_group+0x20/0x20
[ 1434.057292][T18519]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1434.063010][T18519]  ? bus_add_device+0x92/0x3f0
[ 1434.067756][T18519]  dpm_sysfs_add+0x59/0x260
[ 1434.072429][T18519]  device_add+0xde7/0x18a0
[ 1434.076837][T18519]  ? virtual_device_parent+0x50/0x50
[ 1434.082194][T18519]  ? device_initialize+0x1d3/0x3e0
[ 1434.087391][T18519]  rfkill_register+0x180/0x720
[ 1434.092123][T18519]  hci_register_dev+0x398/0x710
[ 1434.096944][T18519]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1434.102080][T18519]  ? hci_uart_tty_write+0x10/0x10
[ 1434.107336][T18519]  tty_ioctl+0xf68/0x1710
[ 1434.112009][T18519]  ? tty_do_resize+0x170/0x170
[ 1434.116756][T18519]  ? avc_ss_reset+0x3a0/0x3a0
[ 1434.121615][T18519]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1434.128773][T18519]  ? refcount_inc_checked+0x50/0x50
[ 1434.134498][T18519]  ? memcg_check_events+0x5c/0x5b0
[ 1434.140146][T18519]  ? proc_fail_nth_write+0x1d5/0x240
[ 1434.145532][T18519]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1434.150707][T18519]  ? __lru_cache_add+0x1c4/0x210
[ 1434.155861][T18519]  ? memset+0x1f/0x40
[ 1434.160098][T18519]  ? fsnotify+0x1332/0x13f0
[ 1434.164577][T18519]  ? tty_do_resize+0x170/0x170
[ 1434.169597][T18519]  do_vfs_ioctl+0x76a/0x1720
[ 1434.174340][T18519]  ? selinux_file_ioctl+0x72f/0x990
[ 1434.179770][T18519]  ? ioctl_preallocate+0x250/0x250
[ 1434.185112][T18519]  ? __fget+0x37b/0x3c0
[ 1434.189521][T18519]  ? vfs_write+0x422/0x4e0
[ 1434.194184][T18519]  ? fget_many+0x20/0x20
[ 1434.198534][T18519]  ? debug_smp_processor_id+0x20/0x20
[ 1434.204140][T18519]  ? security_file_ioctl+0x9d/0xb0
[ 1434.209557][T18519]  __x64_sys_ioctl+0xd4/0x110
[ 1434.214612][T18519]  do_syscall_64+0xcb/0x1e0
[ 1434.219185][T18519]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1434.225703][T18519] RIP: 0033:0x4665d9
[ 1434.229657][T18519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1434.250039][T18519] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1434.259025][T18519] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1434.267338][T18519] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1434.275308][T18519] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1434.283286][T18519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1434.293334][T18519] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1434.306009][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1436.305204][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1436.311485][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1438.385149][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1438.391315][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1440.465030][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:47:16 executing program 1 (fault-call:2 fault-nth:55):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:47:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28001a0110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0081ffffff180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000090000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:47:16 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x11000000)

02:47:16 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a3, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:47:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28003a0110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:16 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x12000000)

02:47:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b009effffff180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800460110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1444.735581][T18555] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1444.756029][T18559] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1444.765487][T18559] FAULT_INJECTION: forcing a failure.
[ 1444.765487][T18559] name failslab, interval 1, probability 0, space 0, times 0
02:47:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000a0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1444.791775][T18559] CPU: 0 PID: 18559 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1444.802561][T18559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1444.815076][T18559] Call Trace:
[ 1444.818371][T18559]  dump_stack+0x1d8/0x24e
[ 1444.822967][T18559]  ? devkmsg_release+0x11c/0x11c
[ 1444.828742][T18559]  ? mutex_unlock+0x19/0x40
02:47:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800600110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1444.833421][T18559]  ? show_regs_print_info+0x12/0x12
[ 1444.843045][T18559]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1444.849469][T18559]  should_fail+0x6f6/0x860
[ 1444.849548][T18573] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1444.854498][T18559]  ? setup_fault_attr+0x3d0/0x3d0
[ 1444.854508][T18559]  ? _raw_spin_lock+0xa3/0x1b0
[ 1444.854518][T18559]  ? __kernfs_new_node+0xdb/0x6d0
[ 1444.854526][T18559]  should_failslab+0x5/0x20
[ 1444.854543][T18559]  kmem_cache_alloc+0x36/0x290
[ 1444.897811][T18559]  __kernfs_new_node+0xdb/0x6d0
[ 1444.902927][T18559]  ? mutex_lock+0xa6/0x110
[ 1444.907822][T18559]  ? kernfs_new_node+0x160/0x160
[ 1444.913025][T18559]  ? mutex_lock+0xa6/0x110
[ 1444.917878][T18559]  ? kernfs_activate+0x3fc/0x420
[ 1444.924392][T18559]  kernfs_new_node+0x95/0x160
[ 1444.929084][T18559]  __kernfs_create_file+0x45/0x260
[ 1444.934199][T18559]  sysfs_add_file_mode_ns+0x293/0x340
[ 1444.939664][T18559]  sysfs_merge_group+0x204/0x440
[ 1444.944604][T18559]  ? sysfs_remove_groups+0xb0/0xb0
[ 1444.949714][T18559]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1444.956281][T18559]  ? bus_add_device+0x92/0x3f0
[ 1444.961047][T18559]  dpm_sysfs_add+0xbd/0x260
[ 1444.965543][T18559]  device_add+0xde7/0x18a0
[ 1444.969957][T18559]  ? virtual_device_parent+0x50/0x50
[ 1444.975232][T18559]  ? device_initialize+0x1d3/0x3e0
[ 1444.980324][T18559]  rfkill_register+0x180/0x720
[ 1444.986267][T18559]  hci_register_dev+0x398/0x710
[ 1444.991174][T18559]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1444.996196][T18559]  ? hci_uart_tty_write+0x10/0x10
[ 1445.001213][T18559]  tty_ioctl+0xf68/0x1710
[ 1445.005519][T18559]  ? tty_do_resize+0x170/0x170
[ 1445.010258][T18559]  ? avc_ss_reset+0x3a0/0x3a0
[ 1445.015933][T18559]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1445.022098][T18559]  ? refcount_inc_checked+0x50/0x50
[ 1445.027303][T18559]  ? memcg_check_events+0x5c/0x5b0
[ 1445.032503][T18559]  ? proc_fail_nth_write+0x1d5/0x240
[ 1445.037903][T18559]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1445.043356][T18559]  ? __lru_cache_add+0x1c4/0x210
[ 1445.048475][T18559]  ? memset+0x1f/0x40
[ 1445.053334][T18559]  ? fsnotify+0x1332/0x13f0
[ 1445.057818][T18559]  ? tty_do_resize+0x170/0x170
[ 1445.062658][T18559]  do_vfs_ioctl+0x76a/0x1720
[ 1445.067255][T18559]  ? selinux_file_ioctl+0x72f/0x990
[ 1445.072533][T18559]  ? ioctl_preallocate+0x250/0x250
[ 1445.077634][T18559]  ? __fget+0x37b/0x3c0
[ 1445.081786][T18559]  ? vfs_write+0x422/0x4e0
[ 1445.086580][T18559]  ? fget_many+0x20/0x20
[ 1445.091786][T18559]  ? debug_smp_processor_id+0x20/0x20
[ 1445.097269][T18559]  ? security_file_ioctl+0x9d/0xb0
[ 1445.102356][T18559]  __x64_sys_ioctl+0xd4/0x110
[ 1445.107032][T18559]  do_syscall_64+0xcb/0x1e0
[ 1445.111525][T18559]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1445.117625][T18559] RIP: 0033:0x4665d9
[ 1445.121496][T18559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1445.142217][T18559] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1445.151132][T18559] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1445.159320][T18559] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1445.167479][T18559] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1445.175695][T18559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1445.183644][T18559] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1445.197812][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1447.264526][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1447.271055][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1449.344414][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1449.350502][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1451.424278][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:47:27 executing program 1 (fault-call:2 fault-nth:56):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:47:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000b0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:47:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x1f000000)

02:47:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00eaffffff180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800620110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:27 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a4, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:47:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28007d0110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x20000000)

02:47:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00efffffff180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1455.613307][T18596] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1455.622510][T18595] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1455.629891][T18596] FAULT_INJECTION: forcing a failure.
[ 1455.629891][T18596] name failslab, interval 1, probability 0, space 0, times 0
02:47:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000c0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:47:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00f0ffffff180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1455.661486][T18596] CPU: 0 PID: 18596 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1455.671739][T18596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1455.681897][T18596] Call Trace:
[ 1455.685189][T18596]  dump_stack+0x1d8/0x24e
[ 1455.689510][T18596]  ? devkmsg_release+0x11c/0x11c
[ 1455.694535][T18596]  ? mutex_unlock+0x19/0x40
[ 1455.699030][T18596]  ? show_regs_print_info+0x12/0x12
[ 1455.704222][T18596]  ? selinux_kernfs_init_security+0x1b2/0x7e0
02:47:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x25000000)

[ 1455.706688][T18609] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1455.710365][T18596]  should_fail+0x6f6/0x860
[ 1455.710375][T18596]  ? setup_fault_attr+0x3d0/0x3d0
[ 1455.710385][T18596]  ? _raw_spin_lock+0xa3/0x1b0
[ 1455.710395][T18596]  ? __kernfs_new_node+0xdb/0x6d0
[ 1455.710403][T18596]  should_failslab+0x5/0x20
[ 1455.710418][T18596]  kmem_cache_alloc+0x36/0x290
[ 1455.755026][T18596]  __kernfs_new_node+0xdb/0x6d0
[ 1455.760229][T18596]  ? mutex_lock+0xa6/0x110
[ 1455.764654][T18596]  ? kernfs_new_node+0x160/0x160
[ 1455.769581][T18596]  ? mutex_lock+0xa6/0x110
[ 1455.774089][T18596]  ? kernfs_activate+0x3fc/0x420
[ 1455.779018][T18596]  kernfs_new_node+0x95/0x160
[ 1455.783779][T18596]  __kernfs_create_file+0x45/0x260
[ 1455.788888][T18596]  sysfs_add_file_mode_ns+0x293/0x340
[ 1455.794341][T18596]  sysfs_merge_group+0x204/0x440
[ 1455.799274][T18596]  ? sysfs_remove_groups+0xb0/0xb0
[ 1455.804501][T18596]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1455.810108][T18596]  ? bus_add_device+0x92/0x3f0
[ 1455.815296][T18596]  dpm_sysfs_add+0xbd/0x260
[ 1455.819776][T18596]  device_add+0xde7/0x18a0
[ 1455.824423][T18596]  ? virtual_device_parent+0x50/0x50
[ 1455.829834][T18596]  ? device_initialize+0x1d3/0x3e0
[ 1455.834938][T18596]  rfkill_register+0x180/0x720
[ 1455.839686][T18596]  hci_register_dev+0x398/0x710
[ 1455.844512][T18596]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1455.849670][T18596]  ? hci_uart_tty_write+0x10/0x10
[ 1455.854672][T18596]  tty_ioctl+0xf68/0x1710
[ 1455.859148][T18596]  ? tty_do_resize+0x170/0x170
[ 1455.863880][T18596]  ? avc_ss_reset+0x3a0/0x3a0
[ 1455.868535][T18596]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1455.874970][T18596]  ? refcount_inc_checked+0x50/0x50
[ 1455.880157][T18596]  ? memcg_check_events+0x5c/0x5b0
[ 1455.885255][T18596]  ? proc_fail_nth_write+0x1d5/0x240
[ 1455.890686][T18596]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1455.895859][T18596]  ? __lru_cache_add+0x1c4/0x210
[ 1455.900774][T18596]  ? memset+0x1f/0x40
[ 1455.904740][T18596]  ? fsnotify+0x1332/0x13f0
[ 1455.909334][T18596]  ? tty_do_resize+0x170/0x170
[ 1455.914077][T18596]  do_vfs_ioctl+0x76a/0x1720
[ 1455.918787][T18596]  ? selinux_file_ioctl+0x72f/0x990
[ 1455.924185][T18596]  ? ioctl_preallocate+0x250/0x250
[ 1455.929282][T18596]  ? __fget+0x37b/0x3c0
[ 1455.933434][T18596]  ? vfs_write+0x422/0x4e0
[ 1455.937833][T18596]  ? fget_many+0x20/0x20
[ 1455.942443][T18596]  ? debug_smp_processor_id+0x20/0x20
[ 1455.947916][T18596]  ? security_file_ioctl+0x9d/0xb0
[ 1455.953334][T18596]  __x64_sys_ioctl+0xd4/0x110
[ 1455.958252][T18596]  do_syscall_64+0xcb/0x1e0
[ 1455.962772][T18596]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1455.969027][T18596] RIP: 0033:0x4665d9
[ 1455.972991][T18596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1455.994162][T18596] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1456.004448][T18596] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1456.012743][T18596] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1456.021959][T18596] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1456.030238][T18596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1456.038617][T18596] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1458.063807][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1458.070088][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1460.143692][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1460.150154][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1462.223557][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:47:38 executing program 1 (fault-call:2 fault-nth:57):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:47:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000d0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:47:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00feffffff180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:38 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x2d633ea5)

02:47:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28008c0110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:38 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a5, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:47:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000040016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:38 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x3f000000)

02:47:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000000e0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1466.485157][T18626] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1466.520344][T18633] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1466.530102][T18633] FAULT_INJECTION: forcing a failure.
02:47:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28008e0110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1466.530102][T18633] name failslab, interval 1, probability 0, space 0, times 0
[ 1466.543803][T18633] CPU: 0 PID: 18633 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1466.554053][T18633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1466.564100][T18633] Call Trace:
[ 1466.567401][T18633]  dump_stack+0x1d8/0x24e
[ 1466.571734][T18633]  ? devkmsg_release+0x11c/0x11c
[ 1466.576680][T18633]  ? mutex_unlock+0x19/0x40
[ 1466.581189][T18633]  ? show_regs_print_info+0x12/0x12
[ 1466.586385][T18633]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1466.586565][T18644] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1466.592443][T18633]  should_fail+0x6f6/0x860
[ 1466.592454][T18633]  ? setup_fault_attr+0x3d0/0x3d0
[ 1466.592463][T18633]  ? _raw_spin_lock+0xa3/0x1b0
[ 1466.592480][T18633]  ? __kernfs_new_node+0xdb/0x6d0
[ 1466.627068][T18633]  should_failslab+0x5/0x20
02:47:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000070016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000100000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1466.631573][T18633]  kmem_cache_alloc+0x36/0x290
[ 1466.636706][T18633]  __kernfs_new_node+0xdb/0x6d0
[ 1466.641565][T18633]  ? mutex_lock+0xa6/0x110
[ 1466.646068][T18633]  ? kernfs_new_node+0x160/0x160
[ 1466.651001][T18633]  ? mutex_lock+0xa6/0x110
[ 1466.655462][T18633]  ? kernfs_activate+0x3fc/0x420
[ 1466.660395][T18633]  kernfs_new_node+0x95/0x160
[ 1466.665114][T18633]  __kernfs_create_file+0x45/0x260
[ 1466.670230][T18633]  sysfs_add_file_mode_ns+0x293/0x340
[ 1466.675603][T18633]  sysfs_merge_group+0x204/0x440
[ 1466.680537][T18633]  ? sysfs_remove_groups+0xb0/0xb0
[ 1466.685646][T18633]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1466.691288][T18633]  ? bus_add_device+0x92/0x3f0
[ 1466.696051][T18633]  dpm_sysfs_add+0xbd/0x260
[ 1466.700822][T18633]  device_add+0xde7/0x18a0
[ 1466.705238][T18633]  ? virtual_device_parent+0x50/0x50
[ 1466.707486][T18655] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1466.710513][T18633]  ? device_initialize+0x1d3/0x3e0
[ 1466.710524][T18633]  rfkill_register+0x180/0x720
[ 1466.710535][T18633]  hci_register_dev+0x398/0x710
[ 1466.710546][T18633]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1466.710555][T18633]  ? hci_uart_tty_write+0x10/0x10
[ 1466.710564][T18633]  tty_ioctl+0xf68/0x1710
[ 1466.710581][T18633]  ? tty_do_resize+0x170/0x170
[ 1466.760223][T18633]  ? avc_ss_reset+0x3a0/0x3a0
[ 1466.764889][T18633]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1466.771172][T18633]  ? refcount_inc_checked+0x50/0x50
[ 1466.776452][T18633]  ? memcg_check_events+0x5c/0x5b0
[ 1466.781629][T18633]  ? proc_fail_nth_write+0x1d5/0x240
[ 1466.786912][T18633]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1466.792082][T18633]  ? __lru_cache_add+0x1c4/0x210
[ 1466.797078][T18633]  ? memset+0x1f/0x40
[ 1466.801035][T18633]  ? fsnotify+0x1332/0x13f0
[ 1466.805687][T18633]  ? tty_do_resize+0x170/0x170
[ 1466.810425][T18633]  do_vfs_ioctl+0x76a/0x1720
[ 1466.815085][T18633]  ? selinux_file_ioctl+0x72f/0x990
[ 1466.820261][T18633]  ? ioctl_preallocate+0x250/0x250
[ 1466.825491][T18633]  ? __fget+0x37b/0x3c0
[ 1466.829730][T18633]  ? vfs_write+0x422/0x4e0
[ 1466.834252][T18633]  ? fget_many+0x20/0x20
[ 1466.838604][T18633]  ? debug_smp_processor_id+0x20/0x20
[ 1466.844264][T18633]  ? security_file_ioctl+0x9d/0xb0
[ 1466.849351][T18633]  __x64_sys_ioctl+0xd4/0x110
[ 1466.854122][T18633]  do_syscall_64+0xcb/0x1e0
[ 1466.858605][T18633]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1466.864673][T18633] RIP: 0033:0x4665d9
[ 1466.868541][T18633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1466.888206][T18633] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1466.896776][T18633] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1466.904814][T18633] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1466.913192][T18633] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1466.921148][T18633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1466.929510][T18633] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1466.943444][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1468.943028][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1468.949352][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1471.022961][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1471.029285][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1473.102845][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
02:47:49 executing program 1 (fault-call:2 fault-nth:58):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:47:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000080016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800900110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x40000000)

02:47:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000110000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:47:49 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a6, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:47:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800c80110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:47:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000000d0016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000120000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1477.360978][T18665] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1477.383648][T18671] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1477.400117][T18673] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1477.418577][T18673] FAULT_INJECTION: forcing a failure.
[ 1477.418577][T18673] name failslab, interval 1, probability 0, space 0, times 0
[ 1477.434889][T18673] CPU: 0 PID: 18673 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1477.445136][T18673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1477.455542][T18673] Call Trace:
[ 1477.459570][T18673]  dump_stack+0x1d8/0x24e
[ 1477.464337][T18673]  ? devkmsg_release+0x11c/0x11c
[ 1477.469282][T18673]  ? mutex_unlock+0x19/0x40
[ 1477.473959][T18673]  ? show_regs_print_info+0x12/0x12
[ 1477.479710][T18673]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1477.485984][T18673]  should_fail+0x6f6/0x860
[ 1477.490852][T18673]  ? setup_fault_attr+0x3d0/0x3d0
[ 1477.496548][T18673]  ? _raw_spin_lock+0xa3/0x1b0
[ 1477.501720][T18673]  ? __kernfs_new_node+0xdb/0x6d0
[ 1477.507084][T18673]  should_failslab+0x5/0x20
[ 1477.512102][T18673]  kmem_cache_alloc+0x36/0x290
[ 1477.517029][T18673]  __kernfs_new_node+0xdb/0x6d0
[ 1477.521869][T18673]  ? mutex_lock+0xa6/0x110
[ 1477.526366][T18673]  ? kernfs_new_node+0x160/0x160
[ 1477.531292][T18673]  ? mutex_lock+0xa6/0x110
[ 1477.535683][T18673]  ? kernfs_activate+0x3fc/0x420
[ 1477.541365][T18673]  kernfs_new_node+0x95/0x160
[ 1477.547294][T18673]  __kernfs_create_file+0x45/0x260
[ 1477.552573][T18673]  sysfs_add_file_mode_ns+0x293/0x340
[ 1477.557932][T18673]  sysfs_merge_group+0x204/0x440
[ 1477.562867][T18673]  ? sysfs_remove_groups+0xb0/0xb0
[ 1477.567978][T18673]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1477.573853][T18673]  ? bus_add_device+0x92/0x3f0
[ 1477.578599][T18673]  dpm_sysfs_add+0xbd/0x260
[ 1477.583094][T18673]  device_add+0xde7/0x18a0
[ 1477.587487][T18673]  ? virtual_device_parent+0x50/0x50
[ 1477.592742][T18673]  ? device_initialize+0x1d3/0x3e0
[ 1477.597830][T18673]  rfkill_register+0x180/0x720
[ 1477.602839][T18673]  hci_register_dev+0x398/0x710
[ 1477.608192][T18673]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1477.613189][T18673]  ? hci_uart_tty_write+0x10/0x10
[ 1477.618795][T18673]  tty_ioctl+0xf68/0x1710
[ 1477.623283][T18673]  ? tty_do_resize+0x170/0x170
[ 1477.628018][T18673]  ? avc_ss_reset+0x3a0/0x3a0
[ 1477.632763][T18673]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1477.639685][T18673]  ? refcount_inc_checked+0x50/0x50
[ 1477.644863][T18673]  ? memcg_check_events+0x5c/0x5b0
[ 1477.649955][T18673]  ? proc_fail_nth_write+0x1d5/0x240
[ 1477.655212][T18673]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1477.660381][T18673]  ? __lru_cache_add+0x1c4/0x210
[ 1477.665533][T18673]  ? memset+0x1f/0x40
[ 1477.670314][T18673]  ? fsnotify+0x1332/0x13f0
[ 1477.674819][T18673]  ? tty_do_resize+0x170/0x170
[ 1477.679577][T18673]  do_vfs_ioctl+0x76a/0x1720
[ 1477.684144][T18673]  ? selinux_file_ioctl+0x72f/0x990
[ 1477.689405][T18673]  ? ioctl_preallocate+0x250/0x250
[ 1477.696075][T18673]  ? __fget+0x37b/0x3c0
[ 1477.700668][T18673]  ? vfs_write+0x422/0x4e0
[ 1477.705159][T18673]  ? fget_many+0x20/0x20
[ 1477.709385][T18673]  ? debug_smp_processor_id+0x20/0x20
[ 1477.714829][T18673]  ? security_file_ioctl+0x9d/0xb0
[ 1477.719954][T18673]  __x64_sys_ioctl+0xd4/0x110
[ 1477.726104][T18673]  do_syscall_64+0xcb/0x1e0
[ 1477.730620][T18673]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1477.736493][T18673] RIP: 0033:0x4665d9
[ 1477.740446][T18673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1477.760489][T18673] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:47:49 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x48000000)

[ 1477.768887][T18673] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1477.778892][T18673] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1477.786843][T18673] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1477.794918][T18673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1477.804849][T18673] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
02:47:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000020000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:47:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800e80110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1477.835711][T18682] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1477.867077][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1477.887799][T18692] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1479.902741][ T3677] Bluetooth: hci0: command 0x1003 tx timeout
[ 1479.908789][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1481.982277][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1481.988330][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1484.062130][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
02:48:00 executing program 1 (fault-call:2 fault-nth:59):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:48:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4c000000)

02:48:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000030000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000200000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800ea0110000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:00 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a7, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:48:00 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x60000000)

02:48:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000040000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800140210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000250000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1488.260986][T18715] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1488.276025][T18716] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1488.287364][T18716] FAULT_INJECTION: forcing a failure.
[ 1488.287364][T18716] name failslab, interval 1, probability 0, space 0, times 0
[ 1488.302944][T18716] CPU: 0 PID: 18716 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1488.313362][T18716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1488.323538][T18716] Call Trace:
[ 1488.326832][T18716]  dump_stack+0x1d8/0x24e
[ 1488.331164][T18716]  ? devkmsg_release+0x11c/0x11c
[ 1488.336104][T18716]  ? mutex_unlock+0x19/0x40
[ 1488.340607][T18716]  ? show_regs_print_info+0x12/0x12
[ 1488.346055][T18716]  ? selinux_kernfs_init_security+0x1b2/0x7e0
[ 1488.352190][T18716]  should_fail+0x6f6/0x860
[ 1488.353516][T18726] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1488.356709][T18716]  ? setup_fault_attr+0x3d0/0x3d0
[ 1488.356720][T18716]  ? _raw_spin_lock+0xa3/0x1b0
[ 1488.356730][T18716]  ? __kernfs_new_node+0xdb/0x6d0
[ 1488.356739][T18716]  should_failslab+0x5/0x20
[ 1488.356748][T18716]  kmem_cache_alloc+0x36/0x290
[ 1488.356758][T18716]  __kernfs_new_node+0xdb/0x6d0
[ 1488.356769][T18716]  ? mutex_lock+0xa6/0x110
[ 1488.356776][T18716]  ? kernfs_new_node+0x160/0x160
[ 1488.356783][T18716]  ? mutex_lock+0xa6/0x110
[ 1488.356799][T18716]  ? kernfs_activate+0x3fc/0x420
[ 1488.422300][T18732] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1488.422384][T18716]  kernfs_new_node+0x95/0x160
[ 1488.442287][T18716]  __kernfs_create_file+0x45/0x260
[ 1488.447514][T18716]  sysfs_add_file_mode_ns+0x293/0x340
[ 1488.452930][T18716]  sysfs_merge_group+0x204/0x440
02:48:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000060100180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000400000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1488.457904][T18716]  ? sysfs_remove_groups+0xb0/0xb0
[ 1488.463026][T18716]  ? sysfs_add_file_mode_ns+0x340/0x340
[ 1488.468661][T18716]  ? bus_add_device+0x92/0x3f0
[ 1488.473490][T18716]  dpm_sysfs_add+0xbd/0x260
[ 1488.478105][T18716]  device_add+0xde7/0x18a0
[ 1488.482522][T18716]  ? virtual_device_parent+0x50/0x50
[ 1488.487912][T18716]  ? device_initialize+0x1d3/0x3e0
[ 1488.493026][T18716]  rfkill_register+0x180/0x720
[ 1488.497792][T18716]  hci_register_dev+0x398/0x710
[ 1488.502726][T18716]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1488.507845][T18716]  ? hci_uart_tty_write+0x10/0x10
[ 1488.512858][T18716]  tty_ioctl+0xf68/0x1710
[ 1488.517268][T18716]  ? tty_do_resize+0x170/0x170
[ 1488.522021][T18716]  ? avc_ss_reset+0x3a0/0x3a0
[ 1488.526677][T18716]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1488.532803][T18716]  ? refcount_inc_checked+0x50/0x50
[ 1488.538110][T18716]  ? memcg_check_events+0x5c/0x5b0
[ 1488.543353][T18716]  ? proc_fail_nth_write+0x1d5/0x240
[ 1488.548617][T18716]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1488.553790][T18716]  ? __lru_cache_add+0x1c4/0x210
[ 1488.558713][T18716]  ? memset+0x1f/0x40
[ 1488.562666][T18716]  ? fsnotify+0x1332/0x13f0
[ 1488.567139][T18716]  ? tty_do_resize+0x170/0x170
[ 1488.572016][T18716]  do_vfs_ioctl+0x76a/0x1720
[ 1488.576793][T18716]  ? selinux_file_ioctl+0x72f/0x990
[ 1488.581983][T18716]  ? ioctl_preallocate+0x250/0x250
[ 1488.587082][T18716]  ? __fget+0x37b/0x3c0
[ 1488.591221][T18716]  ? vfs_write+0x422/0x4e0
[ 1488.595632][T18716]  ? fget_many+0x20/0x20
[ 1488.600121][T18716]  ? debug_smp_processor_id+0x20/0x20
[ 1488.605553][T18716]  ? security_file_ioctl+0x9d/0xb0
[ 1488.610791][T18716]  __x64_sys_ioctl+0xd4/0x110
[ 1488.615451][T18716]  do_syscall_64+0xcb/0x1e0
[ 1488.619960][T18716]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1488.626093][T18716] RIP: 0033:0x4665d9
[ 1488.629969][T18716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1488.649549][T18716] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1488.658029][T18716] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1488.666320][T18716] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1488.674814][T18716] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1488.683023][T18716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1488.691250][T18716] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1490.701586][ T3677] Bluetooth: hci0: command 0x1003 tx timeout
[ 1490.707736][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1492.781455][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1492.788237][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1494.861413][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
02:48:10 executing program 1 (fault-call:2 fault-nth:60):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:48:10 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800160210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000480000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:10 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x68000000)

02:48:10 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000300180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:10 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a8, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:48:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000004c0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1499.127745][T18744] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1499.142743][T18748] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1499.159157][T18748] FAULT_INJECTION: forcing a failure.
[ 1499.159157][T18748] name failslab, interval 1, probability 0, space 0, times 0
02:48:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000010600180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800360210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x6c000000)

[ 1499.175790][T18748] CPU: 0 PID: 18748 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1499.187428][T18748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1499.197746][T18748] Call Trace:
[ 1499.201035][T18748]  dump_stack+0x1d8/0x24e
[ 1499.205541][T18748]  ? devkmsg_release+0x11c/0x11c
[ 1499.210774][T18748]  ? show_regs_print_info+0x12/0x12
[ 1499.216241][T18748]  ? kernfs_add_one+0x49e/0x5c0
[ 1499.221193][T18748]  should_fail+0x6f6/0x860
02:48:11 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x74000000)

02:48:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000004000180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1499.225623][T18748]  ? setup_fault_attr+0x3d0/0x3d0
[ 1499.230653][T18748]  ? kernfs_put+0x46/0x4b0
[ 1499.235152][T18748]  ? sysfs_add_file_mode_ns+0x2b4/0x340
[ 1499.241476][T18748]  ? kobject_uevent_env+0x252/0x1000
[ 1499.246985][T18748]  should_failslab+0x5/0x20
[ 1499.251490][T18748]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1499.257130][T18748]  kobject_uevent_env+0x252/0x1000
[ 1499.262763][T18748]  device_add+0xf42/0x18a0
[ 1499.267286][T18748]  ? virtual_device_parent+0x50/0x50
[ 1499.273908][T18748]  ? device_initialize+0x1d3/0x3e0
[ 1499.279194][T18748]  rfkill_register+0x180/0x720
[ 1499.283807][T18764] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1499.284004][T18748]  hci_register_dev+0x398/0x710
[ 1499.304972][T18748]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1499.310129][T18748]  ? hci_uart_tty_write+0x10/0x10
[ 1499.315160][T18748]  tty_ioctl+0xf68/0x1710
[ 1499.319715][T18748]  ? tty_do_resize+0x170/0x170
[ 1499.326399][T18748]  ? avc_ss_reset+0x3a0/0x3a0
[ 1499.331361][T18748]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1499.337526][T18748]  ? refcount_inc_checked+0x50/0x50
[ 1499.342820][T18748]  ? memcg_check_events+0x5c/0x5b0
[ 1499.348330][T18748]  ? proc_fail_nth_write+0x1d5/0x240
[ 1499.355605][T18748]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1499.360907][T18748]  ? __lru_cache_add+0x1c4/0x210
[ 1499.365841][T18748]  ? memset+0x1f/0x40
[ 1499.369817][T18748]  ? fsnotify+0x1332/0x13f0
[ 1499.374293][T18748]  ? tty_do_resize+0x170/0x170
[ 1499.379031][T18748]  do_vfs_ioctl+0x76a/0x1720
[ 1499.385594][T18748]  ? selinux_file_ioctl+0x72f/0x990
[ 1499.390887][T18748]  ? ioctl_preallocate+0x250/0x250
[ 1499.395993][T18748]  ? __fget+0x37b/0x3c0
[ 1499.400229][T18748]  ? vfs_write+0x422/0x4e0
[ 1499.404626][T18748]  ? fget_many+0x20/0x20
[ 1499.409383][T18748]  ? debug_smp_processor_id+0x20/0x20
[ 1499.414744][T18748]  ? security_file_ioctl+0x9d/0xb0
[ 1499.421759][T18748]  __x64_sys_ioctl+0xd4/0x110
[ 1499.427050][T18748]  do_syscall_64+0xcb/0x1e0
[ 1499.431582][T18748]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1499.437450][T18748] RIP: 0033:0x4665d9
[ 1499.441637][T18748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1499.463560][T18748] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1499.472117][T18748] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1499.480948][T18748] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1499.490438][T18748] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1499.498393][T18748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1499.506583][T18748] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1499.517898][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1501.580973][ T3677] Bluetooth: hci0: command 0x1003 tx timeout
[ 1501.587286][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1503.660886][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1503.667227][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1505.740731][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
02:48:21 executing program 1 (fault-call:2 fault-nth:61):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:48:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x7a000000)

02:48:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000600000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000008100180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800480210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:21 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6a9, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:48:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000680000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004a0210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x97ffffff)

02:48:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000200180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1510.006200][T18781] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1510.031467][T18788] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1510.041526][T18788] FAULT_INJECTION: forcing a failure.
[ 1510.041526][T18788] name failslab, interval 1, probability 0, space 0, times 0
[ 1510.056128][T18788] CPU: 1 PID: 18788 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1510.066370][T18788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1510.076411][T18788] Call Trace:
[ 1510.079690][T18788]  dump_stack+0x1d8/0x24e
[ 1510.083993][T18788]  ? devkmsg_release+0x11c/0x11c
[ 1510.088986][T18788]  ? show_regs_print_info+0x12/0x12
[ 1510.094277][T18788]  should_fail+0x6f6/0x860
[ 1510.098690][T18788]  ? setup_fault_attr+0x3d0/0x3d0
[ 1510.103689][T18788]  ? kzalloc+0x1d/0x30
[ 1510.107742][T18788]  should_failslab+0x5/0x20
[ 1510.112530][T18788]  __kmalloc+0x5f/0x2f0
[ 1510.116685][T18788]  kzalloc+0x1d/0x30
[ 1510.120555][T18788]  kobject_get_path+0xb3/0x190
[ 1510.125409][T18788]  kobject_uevent_env+0x269/0x1000
[ 1510.130524][T18788]  device_add+0xf42/0x18a0
[ 1510.134914][T18788]  ? virtual_device_parent+0x50/0x50
[ 1510.140354][T18788]  ? device_initialize+0x1d3/0x3e0
[ 1510.145462][T18788]  rfkill_register+0x180/0x720
[ 1510.150347][T18788]  hci_register_dev+0x398/0x710
[ 1510.155279][T18788]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1510.160403][T18788]  ? hci_uart_tty_write+0x10/0x10
[ 1510.165405][T18788]  tty_ioctl+0xf68/0x1710
[ 1510.169706][T18788]  ? tty_do_resize+0x170/0x170
[ 1510.174455][T18788]  ? avc_ss_reset+0x3a0/0x3a0
[ 1510.179276][T18788]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1510.185412][T18788]  ? refcount_inc_checked+0x50/0x50
[ 1510.190581][T18788]  ? memcg_check_events+0x5c/0x5b0
[ 1510.195683][T18788]  ? proc_fail_nth_write+0x1d5/0x240
[ 1510.200944][T18788]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1510.206132][T18788]  ? __lru_cache_add+0x1c4/0x210
[ 1510.211044][T18788]  ? memset+0x1f/0x40
[ 1510.215028][T18788]  ? fsnotify+0x1332/0x13f0
[ 1510.219515][T18788]  ? tty_do_resize+0x170/0x170
[ 1510.224274][T18788]  do_vfs_ioctl+0x76a/0x1720
[ 1510.228841][T18788]  ? selinux_file_ioctl+0x72f/0x990
[ 1510.234114][T18788]  ? ioctl_preallocate+0x250/0x250
[ 1510.239324][T18788]  ? __fget+0x37b/0x3c0
[ 1510.243658][T18788]  ? vfs_write+0x422/0x4e0
[ 1510.248061][T18788]  ? fget_many+0x20/0x20
[ 1510.252284][T18788]  ? debug_smp_processor_id+0x20/0x20
[ 1510.257755][T18788]  ? security_file_ioctl+0x9d/0xb0
[ 1510.262845][T18788]  __x64_sys_ioctl+0xd4/0x110
[ 1510.267521][T18788]  do_syscall_64+0xcb/0x1e0
[ 1510.272009][T18788]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1510.277893][T18788] RIP: 0033:0x4665d9
[ 1510.281805][T18788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1510.301472][T18788] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1510.310060][T18788] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1510.318095][T18788] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1510.326126][T18788] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1510.334086][T18788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1510.342027][T18788] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1510.352734][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
02:48:22 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000300180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000016b0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1510.385815][T18797] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1510.434797][T18808] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1512.380156][ T3677] Bluetooth: hci0: command 0x1003 tx timeout
[ 1512.386240][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1514.460119][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1514.466296][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1516.539991][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
02:48:32 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xa53e632d)

02:48:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000006c0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28006e0210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:32 executing program 1 (fault-call:2 fault-nth:62):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:48:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000400180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:32 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6aa, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:48:32 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xfdfdffff)

02:48:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000740000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1520.881734][T18818] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:48:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000601180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800700210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:32 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xfdffffff)

[ 1520.925694][T18826] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1520.949259][T18826] FAULT_INJECTION: forcing a failure.
[ 1520.949259][T18826] name failslab, interval 1, probability 0, space 0, times 0
[ 1520.963699][T18826] CPU: 0 PID: 18826 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
02:48:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000000000007a0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1520.968608][T18837] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1520.974035][T18826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1520.974041][T18826] Call Trace:
[ 1520.974070][T18826]  dump_stack+0x1d8/0x24e
[ 1520.974084][T18826]  ? devkmsg_release+0x11c/0x11c
[ 1520.974094][T18826]  ? show_regs_print_info+0x12/0x12
[ 1520.974105][T18826]  should_fail+0x6f6/0x860
[ 1520.974114][T18826]  ? setup_fault_attr+0x3d0/0x3d0
[ 1520.974124][T18826]  ? alloc_uevent_skb+0x73/0x220
[ 1520.974134][T18826]  should_failslab+0x5/0x20
[ 1520.974144][T18826]  __kmalloc_track_caller+0x5d/0x2e0
[ 1520.974153][T18826]  ? kmem_cache_alloc+0x115/0x290
[ 1520.974164][T18826]  ? mutex_lock+0xa6/0x110
[ 1520.974172][T18826]  ? alloc_uevent_skb+0x73/0x220
[ 1520.974182][T18826]  __alloc_skb+0xaf/0x4d0
[ 1520.974191][T18826]  alloc_uevent_skb+0x73/0x220
[ 1520.974200][T18826]  kobject_uevent_env+0xaee/0x1000
[ 1520.974214][T18826]  device_add+0xf42/0x18a0
[ 1520.974225][T18826]  ? virtual_device_parent+0x50/0x50
[ 1520.974234][T18826]  ? device_initialize+0x1d3/0x3e0
[ 1520.974252][T18826]  rfkill_register+0x180/0x720
[ 1521.045736][T18844] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1521.048820][T18826]  hci_register_dev+0x398/0x710
[ 1521.048834][T18826]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1521.048843][T18826]  ? hci_uart_tty_write+0x10/0x10
[ 1521.048852][T18826]  tty_ioctl+0xf68/0x1710
[ 1521.048867][T18826]  ? tty_do_resize+0x170/0x170
[ 1521.135008][T18826]  ? avc_ss_reset+0x3a0/0x3a0
[ 1521.140919][T18826]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1521.147204][T18826]  ? refcount_inc_checked+0x50/0x50
[ 1521.152392][T18826]  ? memcg_check_events+0x5c/0x5b0
[ 1521.157583][T18826]  ? proc_fail_nth_write+0x1d5/0x240
[ 1521.162970][T18826]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1521.170486][T18826]  ? __lru_cache_add+0x1c4/0x210
[ 1521.175521][T18826]  ? memset+0x1f/0x40
[ 1521.179491][T18826]  ? fsnotify+0x1332/0x13f0
[ 1521.183973][T18826]  ? tty_do_resize+0x170/0x170
[ 1521.188816][T18826]  do_vfs_ioctl+0x76a/0x1720
[ 1521.195404][T18826]  ? selinux_file_ioctl+0x72f/0x990
[ 1521.200586][T18826]  ? ioctl_preallocate+0x250/0x250
[ 1521.205701][T18826]  ? __fget+0x37b/0x3c0
[ 1521.209855][T18826]  ? vfs_write+0x422/0x4e0
[ 1521.214265][T18826]  ? fget_many+0x20/0x20
[ 1521.218483][T18826]  ? debug_smp_processor_id+0x20/0x20
[ 1521.225302][T18826]  ? security_file_ioctl+0x9d/0xb0
[ 1521.230576][T18826]  __x64_sys_ioctl+0xd4/0x110
[ 1521.235559][T18826]  do_syscall_64+0xcb/0x1e0
[ 1521.240043][T18826]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1521.246196][T18826] RIP: 0033:0x4665d9
[ 1521.250638][T18826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1521.271725][T18826] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1521.280574][T18826] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1521.288652][T18826] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1521.297488][T18826] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1521.306854][T18826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1521.314825][T18826] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1521.324240][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1523.339493][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1523.346234][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1525.419345][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1525.425511][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1527.499208][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:48:43 executing program 1 (fault-call:2 fault-nth:63):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:48:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000003180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xffff1f00)

02:48:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800720210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000810000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:43 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6ab, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:48:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000106180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000ffffff810000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800780210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1531.766147][T18855] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1531.767360][T18859] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1531.799772][T18859] FAULT_INJECTION: forcing a failure.
[ 1531.799772][T18859] name failslab, interval 1, probability 0, space 0, times 0
[ 1531.833969][T18859] CPU: 1 PID: 18859 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1531.844361][T18859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1531.854433][T18859] Call Trace:
[ 1531.857733][T18859]  dump_stack+0x1d8/0x24e
[ 1531.862058][T18859]  ? devkmsg_release+0x11c/0x11c
[ 1531.866974][T18859]  ? show_regs_print_info+0x12/0x12
[ 1531.872164][T18859]  should_fail+0x6f6/0x860
[ 1531.876579][T18859]  ? setup_fault_attr+0x3d0/0x3d0
[ 1531.881688][T18859]  ? alloc_uevent_skb+0x73/0x220
[ 1531.888773][T18859]  should_failslab+0x5/0x20
[ 1531.893443][T18859]  __kmalloc_track_caller+0x5d/0x2e0
[ 1531.898703][T18859]  ? kmem_cache_alloc+0x115/0x290
[ 1531.904121][T18859]  ? mutex_lock+0xa6/0x110
[ 1531.908604][T18859]  ? alloc_uevent_skb+0x73/0x220
[ 1531.913616][T18859]  __alloc_skb+0xaf/0x4d0
[ 1531.918565][T18859]  alloc_uevent_skb+0x73/0x220
[ 1531.923397][T18859]  kobject_uevent_env+0xaee/0x1000
[ 1531.928657][T18859]  device_add+0xf42/0x18a0
[ 1531.934068][T18859]  ? virtual_device_parent+0x50/0x50
[ 1531.939340][T18859]  ? device_initialize+0x1d3/0x3e0
[ 1531.945094][T18859]  rfkill_register+0x180/0x720
[ 1531.950721][T18859]  hci_register_dev+0x398/0x710
[ 1531.955554][T18859]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1531.960651][T18859]  ? hci_uart_tty_write+0x10/0x10
[ 1531.965660][T18859]  tty_ioctl+0xf68/0x1710
[ 1531.970124][T18859]  ? tty_do_resize+0x170/0x170
[ 1531.975740][T18859]  ? avc_ss_reset+0x3a0/0x3a0
[ 1531.980494][T18859]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1531.986634][T18859]  ? refcount_inc_checked+0x50/0x50
[ 1531.991905][T18859]  ? memcg_check_events+0x5c/0x5b0
[ 1531.997262][T18859]  ? proc_fail_nth_write+0x1d5/0x240
[ 1532.002536][T18859]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1532.007715][T18859]  ? __lru_cache_add+0x1c4/0x210
[ 1532.014163][T18859]  ? memset+0x1f/0x40
[ 1532.018436][T18859]  ? fsnotify+0x1332/0x13f0
[ 1532.022925][T18859]  ? tty_do_resize+0x170/0x170
[ 1532.027674][T18859]  do_vfs_ioctl+0x76a/0x1720
[ 1532.032256][T18859]  ? selinux_file_ioctl+0x72f/0x990
[ 1532.037439][T18859]  ? ioctl_preallocate+0x250/0x250
[ 1532.042904][T18859]  ? __fget+0x37b/0x3c0
[ 1532.048505][T18859]  ? vfs_write+0x422/0x4e0
[ 1532.052920][T18859]  ? fget_many+0x20/0x20
[ 1532.057229][T18859]  ? debug_smp_processor_id+0x20/0x20
[ 1532.062850][T18859]  ? security_file_ioctl+0x9d/0xb0
[ 1532.068172][T18859]  __x64_sys_ioctl+0xd4/0x110
[ 1532.073997][T18859]  do_syscall_64+0xcb/0x1e0
[ 1532.078592][T18859]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1532.084587][T18859] RIP: 0033:0x4665d9
[ 1532.088894][T18859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1532.108962][T18859] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1532.117614][T18859] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1532.125653][T18859] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
02:48:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xfffffdfd)

02:48:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000040180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1532.133697][T18859] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1532.141643][T18859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1532.150686][T18859] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1532.165530][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
02:48:44 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xffffff7f)

[ 1532.196503][T18872] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1534.218718][ T3302] Bluetooth: hci0: command 0x1003 tx timeout
[ 1534.224866][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1536.298677][ T3302] Bluetooth: hci0: command 0x1001 tx timeout
[ 1536.304737][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1538.378489][ T3302] Bluetooth: hci0: command 0x1009 tx timeout
02:48:54 executing program 1 (fault-call:2 fault-nth:64):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:48:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000ffffff9e0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000081180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28007a0210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:48:54 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6ac, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:48:54 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xffffff97)

02:48:54 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000070016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:48:54 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0xfffffffd)

[ 1542.639168][T18891] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1542.673247][T18899] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:48:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000ffffffea0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:48:54 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28007c0210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1542.689033][T18899] FAULT_INJECTION: forcing a failure.
[ 1542.689033][T18899] name failslab, interval 1, probability 0, space 0, times 0
[ 1542.710789][T18899] CPU: 1 PID: 18899 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1542.721221][T18899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1542.731359][T18899] Call Trace:
[ 1542.734673][T18899]  dump_stack+0x1d8/0x24e
[ 1542.739539][T18899]  ? devkmsg_release+0x11c/0x11c
[ 1542.744562][T18899]  ? vsnprintf+0x1cb4/0x1d60
[ 1542.744576][T18906] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1542.749144][T18899]  ? show_regs_print_info+0x12/0x12
[ 1542.749157][T18899]  should_fail+0x6f6/0x860
[ 1542.749167][T18899]  ? setup_fault_attr+0x3d0/0x3d0
[ 1542.749175][T18899]  ? add_uevent_var+0x1c2/0x360
[ 1542.749193][T18899]  ? call_usermodehelper_setup+0x91/0x200
[ 1542.790468][T18899]  should_failslab+0x5/0x20
[ 1542.794950][T18899]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1542.800263][T18899]  call_usermodehelper_setup+0x91/0x200
[ 1542.805784][T18899]  ? add_uevent_var+0x360/0x360
[ 1542.810623][T18899]  kobject_uevent_env+0xdd6/0x1000
[ 1542.815761][T18899]  device_add+0xf42/0x18a0
[ 1542.820339][T18899]  ? virtual_device_parent+0x50/0x50
[ 1542.825637][T18899]  ? device_initialize+0x1d3/0x3e0
[ 1542.830742][T18899]  rfkill_register+0x180/0x720
[ 1542.835495][T18899]  hci_register_dev+0x398/0x710
[ 1542.840322][T18899]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1542.845412][T18899]  ? hci_uart_tty_write+0x10/0x10
[ 1542.850428][T18899]  tty_ioctl+0xf68/0x1710
[ 1542.854890][T18899]  ? tty_do_resize+0x170/0x170
[ 1542.859665][T18899]  ? avc_ss_reset+0x3a0/0x3a0
[ 1542.864391][T18899]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1542.870698][T18899]  ? refcount_inc_checked+0x50/0x50
[ 1542.876050][T18899]  ? memcg_check_events+0x5c/0x5b0
[ 1542.881596][T18899]  ? proc_fail_nth_write+0x1d5/0x240
[ 1542.886966][T18899]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1542.892776][T18899]  ? __lru_cache_add+0x1c4/0x210
[ 1542.897911][T18899]  ? memset+0x1f/0x40
[ 1542.901965][T18899]  ? fsnotify+0x1332/0x13f0
[ 1542.907028][T18899]  ? tty_do_resize+0x170/0x170
[ 1542.912141][T18899]  do_vfs_ioctl+0x76a/0x1720
[ 1542.916933][T18899]  ? selinux_file_ioctl+0x72f/0x990
[ 1542.922268][T18899]  ? ioctl_preallocate+0x250/0x250
[ 1542.927390][T18899]  ? __fget+0x37b/0x3c0
[ 1542.931545][T18899]  ? vfs_write+0x422/0x4e0
[ 1542.936027][T18899]  ? fget_many+0x20/0x20
[ 1542.940247][T18899]  ? debug_smp_processor_id+0x20/0x20
[ 1542.945592][T18899]  ? security_file_ioctl+0x9d/0xb0
[ 1542.950679][T18899]  __x64_sys_ioctl+0xd4/0x110
[ 1542.955334][T18899]  do_syscall_64+0xcb/0x1e0
[ 1542.959817][T18899]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1542.965685][T18899] RIP: 0033:0x4665d9
[ 1542.969569][T18899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
02:48:54 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x800000000)

02:48:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000ffffffef0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1542.989344][T18899] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1542.997801][T18899] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1543.005760][T18899] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1543.013842][T18899] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1543.021843][T18899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1543.030142][T18899] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1543.044159][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1543.079835][T12659] Bluetooth: hci1: sending frame failed (-49)
[ 1543.083708][T18920] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1545.098026][   T12] Bluetooth: hci1: command 0x1003 tx timeout
[ 1545.104084][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1545.110974][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1545.117205][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1547.177943][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1547.184024][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1547.190875][   T12] Bluetooth: hci1: command 0x1001 tx timeout
[ 1547.197007][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1549.257822][   T12] Bluetooth: hci1: command 0x1009 tx timeout
[ 1549.264688][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:49:05 executing program 1 (fault-call:2 fault-nth:65):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:49:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000000d0016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28009c0210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000fffffff00000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:49:05 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6ad, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:49:05 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x1000000000)

02:49:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000fffffffe0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1553.532431][T18933] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1553.537600][T18935] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1553.548611][T18932] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1553.554349][T18935] FAULT_INJECTION: forcing a failure.
[ 1553.554349][T18935] name failslab, interval 1, probability 0, space 0, times 0
02:49:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000002180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:05 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800b80210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1553.588236][  T386] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1553.605839][T18941] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1553.621939][T18935] CPU: 1 PID: 18935 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1553.636607][T18935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1553.646935][T18935] Call Trace:
[ 1553.651542][T18935]  dump_stack+0x1d8/0x24e
[ 1553.656183][T18935]  ? devkmsg_release+0x11c/0x11c
[ 1553.661333][T18935]  ? show_regs_print_info+0x12/0x12
[ 1553.670111][T18935]  ? finish_task_switch+0x1b9/0x550
[ 1553.675409][T18935]  should_fail+0x6f6/0x860
[ 1553.679814][T18935]  ? setup_fault_attr+0x3d0/0x3d0
[ 1553.685152][T18935]  ? is_mmconf_reserved+0x420/0x420
[ 1553.691078][T18935]  ? _raw_spin_unlock+0x5b/0x60
[ 1553.696134][T18935]  ? __alloc_skb+0x75/0x4d0
[ 1553.700860][T18935]  should_failslab+0x5/0x20
[ 1553.705532][T18935]  kmem_cache_alloc+0x36/0x290
[ 1553.711759][T18935]  ? preempt_schedule+0x16b/0x190
[ 1553.716959][T18935]  __alloc_skb+0x75/0x4d0
[ 1553.721534][T18935]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1553.726448][T18935]  create_monitor_event+0x58/0x8b0
[ 1553.731535][T18935]  ? _raw_write_trylock+0x1b0/0x1b0
[ 1553.740422][T18935]  hci_sock_dev_event+0x46/0x570
[ 1553.745478][T18935]  hci_register_dev+0x641/0x710
[ 1553.750813][T18935]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1553.756812][T18935]  ? hci_uart_tty_write+0x10/0x10
[ 1553.762093][T18935]  tty_ioctl+0xf68/0x1710
[ 1553.766874][T18935]  ? tty_do_resize+0x170/0x170
[ 1553.773380][T18935]  ? avc_ss_reset+0x3a0/0x3a0
[ 1553.778215][T18935]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1553.784436][T18935]  ? refcount_inc_checked+0x50/0x50
[ 1553.789729][T18935]  ? memcg_check_events+0x5c/0x5b0
[ 1553.795507][T18935]  ? proc_fail_nth_write+0x1d5/0x240
[ 1553.800777][T18935]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1553.806298][T18935]  ? __lru_cache_add+0x1c4/0x210
[ 1553.811209][T18935]  ? memset+0x1f/0x40
[ 1553.816013][T18935]  ? fsnotify+0x1332/0x13f0
[ 1553.821197][T18935]  ? tty_do_resize+0x170/0x170
[ 1553.826036][T18935]  do_vfs_ioctl+0x76a/0x1720
[ 1553.830608][T18935]  ? selinux_file_ioctl+0x72f/0x990
[ 1553.835976][T18935]  ? ioctl_preallocate+0x250/0x250
[ 1553.841121][T18935]  ? __fget+0x37b/0x3c0
[ 1553.845253][T18935]  ? vfs_write+0x422/0x4e0
[ 1553.851450][T18935]  ? fget_many+0x20/0x20
[ 1553.856248][T18935]  ? debug_smp_processor_id+0x20/0x20
[ 1553.861660][T18935]  ? security_file_ioctl+0x9d/0xb0
[ 1553.867638][T18935]  __x64_sys_ioctl+0xd4/0x110
[ 1553.872326][T18935]  do_syscall_64+0xcb/0x1e0
[ 1553.877002][T18935]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1553.884486][T18935] RIP: 0033:0x4665d9
[ 1553.888390][T18935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1553.908209][T18935] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1553.919804][T18935] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1553.927777][T18935] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
02:49:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000007fffffff0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1553.935753][T18935] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1553.944754][T18935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1553.954262][T18935] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1553.968413][T17631] Bluetooth: hci0: Frame reassembly failed (-84)
02:49:05 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000003180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:05 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6ae, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

[ 1553.993767][T18949] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1555.657303][   T12] Bluetooth: hci1: command 0x1003 tx timeout
[ 1555.663487][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1555.977322][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1555.983981][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1557.737203][   T12] Bluetooth: hci1: command 0x1001 tx timeout
[ 1557.743776][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1558.057153][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1558.063228][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1559.817085][   T12] Bluetooth: hci1: command 0x1009 tx timeout
[ 1560.137026][   T12] Bluetooth: hci0: command 0x1009 tx timeout
02:49:16 executing program 1 (fault-call:2 fault-nth:66):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:49:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800c40210000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000010000000081ffffff0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:49:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000004180016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:16 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6af, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:49:16 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x100000000000)

02:49:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800000310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000100001000000009effffff0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1564.404211][T18969] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1564.413956][T18973] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:49:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000040016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1564.447701][T18973] FAULT_INJECTION: forcing a failure.
[ 1564.447701][T18973] name failslab, interval 1, probability 0, space 0, times 0
[ 1564.468702][T18973] CPU: 0 PID: 18973 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1564.479213][T18973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1564.489262][T18973] Call Trace:
[ 1564.492184][T18981] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1564.492549][T18973]  dump_stack+0x1d8/0x24e
[ 1564.492561][T18973]  ? devkmsg_release+0x11c/0x11c
[ 1564.492570][T18973]  ? show_regs_print_info+0x12/0x12
[ 1564.492581][T18973]  should_fail+0x6f6/0x860
[ 1564.492596][T18973]  ? setup_fault_attr+0x3d0/0x3d0
[ 1564.531894][T18973]  ? create_monitor_event+0x58/0x8b0
[ 1564.537180][T18973]  should_failslab+0x5/0x20
[ 1564.541683][T18973]  __kmalloc_track_caller+0x5d/0x2e0
[ 1564.546963][T18973]  ? kmem_cache_alloc+0x115/0x290
[ 1564.551986][T18973]  ? create_monitor_event+0x58/0x8b0
[ 1564.557266][T18973]  __alloc_skb+0xaf/0x4d0
[ 1564.561593][T18973]  create_monitor_event+0x58/0x8b0
[ 1564.566707][T18973]  ? _raw_write_trylock+0x1b0/0x1b0
[ 1564.571905][T18973]  hci_sock_dev_event+0x46/0x570
[ 1564.576837][T18973]  hci_register_dev+0x641/0x710
[ 1564.576843][T18990] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:49:16 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800040310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000eaffffff0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:49:16 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000070016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1564.596781][T18973]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1564.601806][T18973]  ? hci_uart_tty_write+0x10/0x10
[ 1564.606915][T18973]  tty_ioctl+0xf68/0x1710
[ 1564.611246][T18973]  ? tty_do_resize+0x170/0x170
[ 1564.616143][T18973]  ? avc_ss_reset+0x3a0/0x3a0
[ 1564.620989][T18973]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1564.627406][T18973]  ? refcount_inc_checked+0x50/0x50
[ 1564.632606][T18973]  ? memcg_check_events+0x5c/0x5b0
[ 1564.637806][T18973]  ? proc_fail_nth_write+0x1d5/0x240
[ 1564.643179][T18973]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1564.648457][T18973]  ? __lru_cache_add+0x1c4/0x210
[ 1564.653385][T18973]  ? memset+0x1f/0x40
[ 1564.657455][T18973]  ? fsnotify+0x1332/0x13f0
[ 1564.661939][T18973]  ? tty_do_resize+0x170/0x170
[ 1564.666677][T18973]  do_vfs_ioctl+0x76a/0x1720
[ 1564.671253][T18973]  ? selinux_file_ioctl+0x72f/0x990
[ 1564.676636][T18973]  ? ioctl_preallocate+0x250/0x250
[ 1564.681733][T18973]  ? __fget+0x37b/0x3c0
[ 1564.686124][T18973]  ? vfs_write+0x422/0x4e0
[ 1564.690556][T18973]  ? fget_many+0x20/0x20
[ 1564.694878][T18973]  ? debug_smp_processor_id+0x20/0x20
[ 1564.700226][T18973]  ? security_file_ioctl+0x9d/0xb0
[ 1564.705313][T18973]  __x64_sys_ioctl+0xd4/0x110
[ 1564.710252][T18973]  do_syscall_64+0xcb/0x1e0
[ 1564.714846][T18973]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1564.721010][T18973] RIP: 0033:0x4665d9
[ 1564.724896][T18973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1564.744781][T18973] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1564.753254][T18973] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1564.761200][T18973] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1564.769162][T18973] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1564.777129][T18973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1564.785235][T18973] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1564.796766][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1566.856498][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1566.862750][   T88] Bluetooth: hci0: sending frame failed (-49)
[ 1568.936433][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1568.942485][   T88] Bluetooth: hci0: sending frame failed (-49)
[ 1571.016360][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
02:49:27 executing program 1 (fault-call:2 fault-nth:67):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:49:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000efffffff0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:49:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000080016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800060310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:27 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x1000000000000)

02:49:27 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b0, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

[ 1575.292421][T19006] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1575.301049][T19005] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1575.328750][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
02:49:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800080310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000f0ffffff0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:49:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000000d0016801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1575.334205][T19011] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1575.341086][T19013] FAULT_INJECTION: forcing a failure.
[ 1575.341086][T19013] name failslab, interval 1, probability 0, space 0, times 0
[ 1575.398948][T19013] CPU: 1 PID: 19013 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1575.409671][T19013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1575.420424][T19013] Call Trace:
[ 1575.425159][T19013]  dump_stack+0x1d8/0x24e
[ 1575.432142][T19013]  ? devkmsg_release+0x11c/0x11c
02:49:27 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000e0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1575.434244][T19022] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1575.437199][T19013]  ? show_regs_print_info+0x12/0x12
[ 1575.437211][T19013]  should_fail+0x6f6/0x860
[ 1575.437222][T19013]  ? setup_fault_attr+0x3d0/0x3d0
[ 1575.437232][T19013]  ? alloc_uevent_skb+0x73/0x220
[ 1575.437241][T19013]  should_failslab+0x5/0x20
[ 1575.437260][T19013]  __kmalloc_track_caller+0x5d/0x2e0
[ 1575.486011][T19013]  ? kmem_cache_alloc+0x115/0x290
[ 1575.491141][T19013]  ? mutex_lock+0xa6/0x110
[ 1575.496590][T19013]  ? alloc_uevent_skb+0x73/0x220
[ 1575.503751][T19013]  __alloc_skb+0xaf/0x4d0
[ 1575.508689][T19013]  alloc_uevent_skb+0x73/0x220
[ 1575.513683][T19013]  kobject_uevent_env+0xaee/0x1000
[ 1575.518795][T19013]  device_add+0xf42/0x18a0
[ 1575.523193][T19013]  ? virtual_device_parent+0x50/0x50
[ 1575.528586][T19013]  ? device_initialize+0x1d3/0x3e0
[ 1575.535695][T19013]  rfkill_register+0x180/0x720
[ 1575.540464][T19013]  hci_register_dev+0x398/0x710
[ 1575.545584][T19013]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1575.551558][T19013]  ? hci_uart_tty_write+0x10/0x10
[ 1575.556618][T19013]  tty_ioctl+0xf68/0x1710
[ 1575.561354][T19013]  ? tty_do_resize+0x170/0x170
[ 1575.567622][T19013]  ? avc_ss_reset+0x3a0/0x3a0
[ 1575.573871][T19013]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1575.580435][T19013]  ? refcount_inc_checked+0x50/0x50
[ 1575.585616][T19013]  ? memcg_check_events+0x5c/0x5b0
[ 1575.591044][T19013]  ? proc_fail_nth_write+0x1d5/0x240
[ 1575.596719][T19013]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1575.602216][T19013]  ? __lru_cache_add+0x1c4/0x210
[ 1575.608893][T19013]  ? memset+0x1f/0x40
[ 1575.612871][T19013]  ? fsnotify+0x1332/0x13f0
[ 1575.617588][T19013]  ? tty_do_resize+0x170/0x170
[ 1575.622537][T19013]  do_vfs_ioctl+0x76a/0x1720
[ 1575.627218][T19013]  ? selinux_file_ioctl+0x72f/0x990
[ 1575.632571][T19013]  ? ioctl_preallocate+0x250/0x250
[ 1575.637997][T19013]  ? __fget+0x37b/0x3c0
[ 1575.642831][T19013]  ? vfs_write+0x422/0x4e0
[ 1575.647420][T19013]  ? fget_many+0x20/0x20
[ 1575.651731][T19013]  ? debug_smp_processor_id+0x20/0x20
[ 1575.657601][T19013]  ? security_file_ioctl+0x9d/0xb0
[ 1575.663415][T19013]  __x64_sys_ioctl+0xd4/0x110
[ 1575.668370][T19013]  do_syscall_64+0xcb/0x1e0
[ 1575.673390][T19013]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1575.684049][T19013] RIP: 0033:0x4665d9
[ 1575.689075][T19013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1575.708774][T19013] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1575.720389][T19013] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1575.728978][T19013] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1575.737222][T19013] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
02:49:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000feffffff0000000000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1575.745526][T19013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1575.755949][T19013] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1575.779374][  T386] Bluetooth: hci1: Frame reassembly failed (-84)
02:49:27 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180216801400016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1575.799119][T19025] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1575.821413][T19029] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1575.847188][T19032] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1577.335872][ T3300] Bluetooth: hci0: command 0x1003 tx timeout
[ 1577.341929][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1577.816161][ T3300] Bluetooth: hci1: command 0x1003 tx timeout
[ 1577.822309][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1579.415840][ T3300] Bluetooth: hci0: command 0x1001 tx timeout
[ 1579.421929][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1579.895733][ T3300] Bluetooth: hci1: command 0x1001 tx timeout
[ 1579.901919][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1581.495633][ T3300] Bluetooth: hci0: command 0x1009 tx timeout
[ 1581.975559][ T3300] Bluetooth: hci1: command 0x1009 tx timeout
02:49:37 executing program 1 (fault-call:2 fault-nth:68):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:49:37 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28001a0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:37 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000003800000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:49:37 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b1, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:49:37 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180316801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:37 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x100000000000000)

02:49:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800200310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1586.162893][T19046] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1586.174398][T19048] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1586.178245][T19046] FAULT_INJECTION: forcing a failure.
[ 1586.178245][T19046] name failslab, interval 1, probability 0, space 0, times 0
[ 1586.192869][T19051] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1586.203783][T19046] CPU: 1 PID: 19046 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1586.221901][T19046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1586.232084][T19046] Call Trace:
[ 1586.235464][T19046]  dump_stack+0x1d8/0x24e
[ 1586.239789][T19046]  ? devkmsg_release+0x11c/0x11c
[ 1586.244715][T19046]  ? show_regs_print_info+0x12/0x12
[ 1586.250059][T19046]  should_fail+0x6f6/0x860
[ 1586.254464][T19046]  ? setup_fault_attr+0x3d0/0x3d0
[ 1586.259496][T19046]  ? create_monitor_event+0x58/0x8b0
[ 1586.265000][T19046]  should_failslab+0x5/0x20
[ 1586.269493][T19046]  __kmalloc_track_caller+0x5d/0x2e0
[ 1586.274769][T19046]  ? kmem_cache_alloc+0x115/0x290
[ 1586.279885][T19046]  ? preempt_schedule+0x16b/0x190
[ 1586.284898][T19046]  ? create_monitor_event+0x58/0x8b0
[ 1586.290167][T19046]  __alloc_skb+0xaf/0x4d0
[ 1586.294476][T19046]  create_monitor_event+0x58/0x8b0
[ 1586.299581][T19046]  ? _raw_write_trylock+0x1b0/0x1b0
[ 1586.304944][T19046]  hci_sock_dev_event+0x46/0x570
[ 1586.309950][T19046]  hci_register_dev+0x641/0x710
[ 1586.314799][T19046]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1586.319910][T19046]  ? hci_uart_tty_write+0x10/0x10
[ 1586.324914][T19046]  tty_ioctl+0xf68/0x1710
[ 1586.329217][T19046]  ? tty_do_resize+0x170/0x170
[ 1586.333959][T19046]  ? avc_ss_reset+0x3a0/0x3a0
[ 1586.338615][T19046]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1586.344841][T19046]  ? refcount_inc_checked+0x50/0x50
[ 1586.350040][T19046]  ? memcg_check_events+0x5c/0x5b0
[ 1586.355363][T19046]  ? proc_fail_nth_write+0x1d5/0x240
[ 1586.360650][T19046]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1586.365823][T19046]  ? __lru_cache_add+0x1c4/0x210
[ 1586.370740][T19046]  ? memset+0x1f/0x40
[ 1586.374713][T19046]  ? fsnotify+0x1332/0x13f0
[ 1586.379214][T19046]  ? tty_do_resize+0x170/0x170
[ 1586.383957][T19046]  do_vfs_ioctl+0x76a/0x1720
[ 1586.388534][T19046]  ? selinux_file_ioctl+0x72f/0x990
[ 1586.393710][T19046]  ? ioctl_preallocate+0x250/0x250
[ 1586.398882][T19046]  ? __fget+0x37b/0x3c0
[ 1586.403021][T19046]  ? vfs_write+0x422/0x4e0
[ 1586.407663][T19046]  ? fget_many+0x20/0x20
[ 1586.411926][T19046]  ? debug_smp_processor_id+0x20/0x20
[ 1586.417286][T19046]  ? security_file_ioctl+0x9d/0xb0
[ 1586.422387][T19046]  __x64_sys_ioctl+0xd4/0x110
[ 1586.427045][T19046]  do_syscall_64+0xcb/0x1e0
[ 1586.431544][T19046]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1586.437415][T19046] RIP: 0033:0x4665d9
[ 1586.441316][T19046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
02:49:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180416801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000100", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1586.461513][T19046] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1586.469985][T19046] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1586.477952][T19046] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1586.485990][T19046] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1586.493943][T19046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1586.502240][T19046] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
02:49:38 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800220310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1586.514218][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1586.541204][T19060] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
02:49:38 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180033801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:38 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000200", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1586.551496][T19061] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1586.584688][T19067] netlink: 'syz-executor.0': attribute type 51 has an invalid length.
[ 1586.616553][T19070] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1588.215165][ T3678] Bluetooth: hci1: command 0x1003 tx timeout
[ 1588.221718][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1588.535114][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1588.541572][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1590.295048][   T12] Bluetooth: hci1: command 0x1001 tx timeout
[ 1590.301929][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1590.615514][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1590.621689][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1592.374973][ T3678] Bluetooth: hci1: command 0x1009 tx timeout
[ 1592.694868][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
02:49:48 executing program 1 (fault-call:2 fault-nth:69):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:49:48 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180033801400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:48 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800280310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:48 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b2, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:49:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000300", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:49:48 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x200000000000000)

02:49:48 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28002c0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1597.047732][T19083] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1597.054345][T19086] netlink: 'syz-executor.0': attribute type 51 has an invalid length.
[ 1597.071062][  T150] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1597.074339][T19087] FAULT_INJECTION: forcing a failure.
[ 1597.074339][T19087] name failslab, interval 1, probability 0, space 0, times 0
02:49:48 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016541400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1597.084065][T19089] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1597.120266][T19087] CPU: 1 PID: 19087 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1597.130613][T19087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1597.141456][T19087] Call Trace:
[ 1597.144838][T19087]  dump_stack+0x1d8/0x24e
[ 1597.152504][T19087]  ? devkmsg_release+0x11c/0x11c
[ 1597.157506][T19087]  ? vsnprintf+0x1cb4/0x1d60
[ 1597.162080][T19087]  ? show_regs_print_info+0x12/0x12
[ 1597.167608][T19087]  should_fail+0x6f6/0x860
[ 1597.173689][T19087]  ? setup_fault_attr+0x3d0/0x3d0
[ 1597.179901][T19087]  ? add_uevent_var+0x1c2/0x360
[ 1597.185386][T19087]  ? call_usermodehelper_setup+0x91/0x200
[ 1597.191340][T19087]  should_failslab+0x5/0x20
[ 1597.196085][T19087]  kmem_cache_alloc_trace+0x39/0x2b0
[ 1597.201341][T19087]  call_usermodehelper_setup+0x91/0x200
[ 1597.206960][T19087]  ? add_uevent_var+0x360/0x360
[ 1597.211783][T19087]  kobject_uevent_env+0xdd6/0x1000
[ 1597.216868][T19087]  device_add+0xf42/0x18a0
[ 1597.222350][T19087]  ? virtual_device_parent+0x50/0x50
[ 1597.227901][T19087]  ? device_initialize+0x1d3/0x3e0
[ 1597.233738][T19087]  rfkill_register+0x180/0x720
[ 1597.238544][T19087]  hci_register_dev+0x398/0x710
[ 1597.243549][T19087]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1597.248605][T19087]  ? hci_uart_tty_write+0x10/0x10
[ 1597.255603][T19087]  tty_ioctl+0xf68/0x1710
[ 1597.260028][T19087]  ? tty_do_resize+0x170/0x170
[ 1597.264775][T19087]  ? avc_ss_reset+0x3a0/0x3a0
[ 1597.269559][T19087]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1597.276074][T19087]  ? refcount_inc_checked+0x50/0x50
[ 1597.283798][T19087]  ? memcg_check_events+0x5c/0x5b0
[ 1597.289005][T19087]  ? proc_fail_nth_write+0x1d5/0x240
[ 1597.294268][T19087]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1597.299438][T19087]  ? __lru_cache_add+0x1c4/0x210
[ 1597.304347][T19087]  ? memset+0x1f/0x40
[ 1597.309469][T19087]  ? fsnotify+0x1332/0x13f0
[ 1597.313969][T19087]  ? tty_do_resize+0x170/0x170
[ 1597.318724][T19087]  do_vfs_ioctl+0x76a/0x1720
[ 1597.323497][T19087]  ? selinux_file_ioctl+0x72f/0x990
[ 1597.328995][T19087]  ? ioctl_preallocate+0x250/0x250
[ 1597.334939][T19087]  ? __fget+0x37b/0x3c0
[ 1597.339080][T19087]  ? vfs_write+0x422/0x4e0
[ 1597.343649][T19087]  ? fget_many+0x20/0x20
[ 1597.348164][T19087]  ? debug_smp_processor_id+0x20/0x20
[ 1597.354239][T19087]  ? security_file_ioctl+0x9d/0xb0
[ 1597.361268][T19087]  __x64_sys_ioctl+0xd4/0x110
[ 1597.366010][T19087]  do_syscall_64+0xcb/0x1e0
[ 1597.370490][T19087]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1597.376367][T19087] RIP: 0033:0x4665d9
[ 1597.380359][T19087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1597.402028][T19087] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1597.411029][T19087] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1597.419980][T19087] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1597.428735][T19087] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1597.436960][T19087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
02:49:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28002e0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1597.445840][T19087] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1597.459796][  T150] Bluetooth: hci1: Frame reassembly failed (-84)
02:49:49 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016800400016291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:49 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800300310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1597.496290][T19103] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1597.525382][T19107] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1599.094386][ T3302] Bluetooth: hci0: command 0x1003 tx timeout
[ 1599.100610][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1599.494375][ T3677] Bluetooth: hci1: command 0x1003 tx timeout
[ 1599.500456][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1601.174293][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1601.180583][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1601.574317][ T3678] Bluetooth: hci1: command 0x1001 tx timeout
[ 1601.580639][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1603.254175][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
[ 1603.654178][ T3678] Bluetooth: hci1: command 0x1009 tx timeout
02:49:59 executing program 1 (fault-call:2 fault-nth:70):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:49:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000500", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:49:59 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801403006291"], 0x40}, 0x1, 0x700}, 0x0)

02:49:59 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800320310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:59 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b3, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:49:59 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x300000000000000)

02:49:59 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800340310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:49:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000600", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1607.920687][T19121] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1607.948760][T19130] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1607.961617][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1607.965221][T19129] FAULT_INJECTION: forcing a failure.
[ 1607.965221][T19129] name failslab, interval 1, probability 0, space 0, times 0
[ 1607.996553][T19129] CPU: 1 PID: 19129 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1608.007635][T19129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1608.018280][T19129] Call Trace:
[ 1608.021590][T19129]  dump_stack+0x1d8/0x24e
[ 1608.026045][T19129]  ? devkmsg_release+0x11c/0x11c
[ 1608.030979][T19129]  ? show_regs_print_info+0x12/0x12
[ 1608.036559][T19129]  ? check_preempt_wakeup+0x2cb/0x6f0
[ 1608.042306][T19129]  should_fail+0x6f6/0x860
[ 1608.046729][T19129]  ? setup_fault_attr+0x3d0/0x3d0
[ 1608.052024][T19129]  ? refcount_inc_checked+0x50/0x50
[ 1608.057217][T19129]  ? __alloc_skb+0x75/0x4d0
[ 1608.061990][T19129]  should_failslab+0x5/0x20
[ 1608.066503][T19129]  kmem_cache_alloc+0x36/0x290
[ 1608.071667][T19129]  __alloc_skb+0x75/0x4d0
[ 1608.076034][T19129]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1608.081144][T19129]  create_monitor_event+0x58/0x8b0
[ 1608.086614][T19129]  ? _raw_write_trylock+0x1b0/0x1b0
[ 1608.092203][T19129]  hci_sock_dev_event+0x46/0x570
[ 1608.097249][T19129]  hci_register_dev+0x641/0x710
[ 1608.102113][T19129]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1608.107237][T19129]  ? hci_uart_tty_write+0x10/0x10
[ 1608.112417][T19129]  tty_ioctl+0xf68/0x1710
[ 1608.116970][T19129]  ? tty_do_resize+0x170/0x170
[ 1608.121949][T19129]  ? avc_ss_reset+0x3a0/0x3a0
[ 1608.126700][T19129]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1608.133623][T19129]  ? refcount_inc_checked+0x50/0x50
[ 1608.138802][T19129]  ? memcg_check_events+0x5c/0x5b0
[ 1608.144109][T19129]  ? proc_fail_nth_write+0x1d5/0x240
[ 1608.149792][T19129]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1608.155271][T19129]  ? __lru_cache_add+0x1c4/0x210
[ 1608.161461][T19129]  ? memset+0x1f/0x40
[ 1608.166125][T19129]  ? fsnotify+0x1332/0x13f0
[ 1608.173198][T19129]  ? tty_do_resize+0x170/0x170
[ 1608.179751][T19129]  do_vfs_ioctl+0x76a/0x1720
[ 1608.184645][T19129]  ? selinux_file_ioctl+0x72f/0x990
[ 1608.190526][T19129]  ? ioctl_preallocate+0x250/0x250
[ 1608.196261][T19129]  ? __fget+0x37b/0x3c0
[ 1608.203881][T19129]  ? vfs_write+0x422/0x4e0
[ 1608.208387][T19129]  ? fget_many+0x20/0x20
[ 1608.214072][T19129]  ? debug_smp_processor_id+0x20/0x20
[ 1608.220100][T19129]  ? security_file_ioctl+0x9d/0xb0
[ 1608.225552][T19129]  __x64_sys_ioctl+0xd4/0x110
[ 1608.230937][T19129]  do_syscall_64+0xcb/0x1e0
[ 1608.236086][T19129]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1608.247118][T19129] RIP: 0033:0x4665d9
[ 1608.253898][T19129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1608.274712][T19129] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1608.286432][T19129] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1608.295253][T19129] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1608.303761][T19129] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
02:50:00 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800380310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801404006291"], 0x40}, 0x1, 0x700}, 0x0)

02:50:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:50:00 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801402016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1608.312733][T19129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1608.324397][T19129] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1608.336549][  T386] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1608.354707][T19138] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1608.410564][T19147] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1609.973684][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1609.982039][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1610.373700][ T3678] Bluetooth: hci1: command 0x1003 tx timeout
[ 1610.380986][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1612.053579][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1612.061437][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1612.453531][ T3678] Bluetooth: hci1: command 0x1001 tx timeout
[ 1612.460226][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1614.133470][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
[ 1614.533451][ T3678] Bluetooth: hci1: command 0x1009 tx timeout
02:50:10 executing program 1 (fault-call:2 fault-nth:71):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:50:10 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28003a0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000800", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:50:10 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801403016291"], 0x40}, 0x1, 0x700}, 0x0)

02:50:10 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b4, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:50:10 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x400000000000000)

02:50:10 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28003e0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1618.803248][T19162] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1618.817425][T19166] FAULT_INJECTION: forcing a failure.
[ 1618.817425][T19166] name failslab, interval 1, probability 0, space 0, times 0
[ 1618.825608][T19167] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
02:50:10 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801404016291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1618.843414][T19166] CPU: 1 PID: 19166 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1618.858469][T19166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1618.868956][T19166] Call Trace:
[ 1618.872252][T19166]  dump_stack+0x1d8/0x24e
[ 1618.876586][T19166]  ? devkmsg_release+0x11c/0x11c
[ 1618.882086][T19166]  ? show_regs_print_info+0x12/0x12
[ 1618.887820][T19166]  should_fail+0x6f6/0x860
[ 1618.892245][T19166]  ? setup_fault_attr+0x3d0/0x3d0
[ 1618.897416][T19166]  ? create_monitor_event+0x58/0x8b0
[ 1618.902789][T19166]  should_failslab+0x5/0x20
[ 1618.907506][T19166]  __kmalloc_track_caller+0x5d/0x2e0
[ 1618.912782][T19166]  ? kmem_cache_alloc+0x115/0x290
[ 1618.917796][T19166]  ? create_monitor_event+0x58/0x8b0
[ 1618.923184][T19166]  __alloc_skb+0xaf/0x4d0
[ 1618.927495][T19166]  create_monitor_event+0x58/0x8b0
[ 1618.932715][T19166]  ? _raw_write_trylock+0x1b0/0x1b0
[ 1618.937910][T19166]  hci_sock_dev_event+0x46/0x570
[ 1618.943195][T19166]  hci_register_dev+0x641/0x710
[ 1618.948033][T19166]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1618.953052][T19166]  ? hci_uart_tty_write+0x10/0x10
[ 1618.958165][T19166]  tty_ioctl+0xf68/0x1710
[ 1618.962524][T19166]  ? tty_do_resize+0x170/0x170
[ 1618.967262][T19166]  ? avc_ss_reset+0x3a0/0x3a0
[ 1618.971915][T19166]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1618.978140][T19166]  ? refcount_inc_checked+0x50/0x50
[ 1618.983332][T19166]  ? memcg_check_events+0x5c/0x5b0
[ 1618.988484][T19166]  ? proc_fail_nth_write+0x1d5/0x240
[ 1618.993750][T19166]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1618.999031][T19166]  ? __lru_cache_add+0x1c4/0x210
[ 1619.004116][T19166]  ? memset+0x1f/0x40
[ 1619.008302][T19166]  ? fsnotify+0x1332/0x13f0
[ 1619.013416][T19166]  ? tty_do_resize+0x170/0x170
[ 1619.018553][T19166]  do_vfs_ioctl+0x76a/0x1720
[ 1619.023256][T19166]  ? selinux_file_ioctl+0x72f/0x990
[ 1619.029108][T19166]  ? ioctl_preallocate+0x250/0x250
[ 1619.034480][T19166]  ? __fget+0x37b/0x3c0
[ 1619.038842][T19166]  ? vfs_write+0x422/0x4e0
[ 1619.043322][T19166]  ? fget_many+0x20/0x20
[ 1619.047546][T19166]  ? debug_smp_processor_id+0x20/0x20
[ 1619.053119][T19166]  ? security_file_ioctl+0x9d/0xb0
[ 1619.058211][T19166]  __x64_sys_ioctl+0xd4/0x110
[ 1619.062876][T19166]  do_syscall_64+0xcb/0x1e0
[ 1619.067384][T19166]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1619.073343][T19166] RIP: 0033:0x4665d9
[ 1619.077389][T19166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
02:50:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000900", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1619.098003][T19166] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1619.106482][T19166] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1619.114530][T19166] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1619.122748][T19166] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1619.130999][T19166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1619.138954][T19166] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
02:50:11 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400036291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1619.151002][  T150] Bluetooth: hci1: Frame reassembly failed (-84)
02:50:11 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800400310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000a00", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1619.188191][T19180] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1619.232747][T19188] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1619.251220][T19184] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1620.932978][ T3302] Bluetooth: hci0: command 0x1003 tx timeout
[ 1620.939640][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1621.172975][ T3678] Bluetooth: hci1: command 0x1003 tx timeout
[ 1621.179217][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1623.012871][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1623.019199][T18918] Bluetooth: hci0: sending frame failed (-49)
[ 1623.252845][ T3678] Bluetooth: hci1: command 0x1001 tx timeout
[ 1623.259062][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1625.092828][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
[ 1625.332698][ T3678] Bluetooth: hci1: command 0x1009 tx timeout
02:50:21 executing program 1 (fault-call:2 fault-nth:72):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:50:21 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b5, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:50:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004a0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000b00", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:50:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400406291"], 0x40}, 0x1, 0x700}, 0x0)

02:50:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x500000000000000)

02:50:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28004e0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400036291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1629.681477][T19202] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1629.703179][T19205] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1629.708623][T19206] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:50:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000c00", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1629.733240][T19207] FAULT_INJECTION: forcing a failure.
[ 1629.733240][T19207] name failslab, interval 1, probability 0, space 0, times 0
[ 1629.747642][T19207] CPU: 0 PID: 19207 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1629.758599][T19207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1629.769450][T19207] Call Trace:
[ 1629.773013][T19207]  dump_stack+0x1d8/0x24e
[ 1629.778630][T19207]  ? devkmsg_release+0x11c/0x11c
02:50:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000d00", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1629.783568][T19207]  ? show_regs_print_info+0x12/0x12
[ 1629.788373][T19216] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1629.788854][T19207]  should_fail+0x6f6/0x860
[ 1629.810084][T19207]  ? setup_fault_attr+0x3d0/0x3d0
[ 1629.815717][T19207]  ? skb_clone+0x1b2/0x360
[ 1629.820238][T19207]  should_failslab+0x5/0x20
[ 1629.826186][T19207]  kmem_cache_alloc+0x36/0x290
02:50:21 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800540310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

[ 1629.831131][T19207]  skb_clone+0x1b2/0x360
[ 1629.835637][T19207]  __hci_send_to_channel+0xec/0x1e0
[ 1629.840836][T19207]  hci_sock_dev_event+0x70/0x570
[ 1629.845781][T19207]  hci_register_dev+0x641/0x710
[ 1629.850810][T19207]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1629.854734][T19225] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1629.855850][T19207]  ? hci_uart_tty_write+0x10/0x10
[ 1629.855861][T19207]  tty_ioctl+0xf68/0x1710
02:50:21 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400046291"], 0x40}, 0x1, 0x700}, 0x0)

[ 1629.855870][T19207]  ? tty_do_resize+0x170/0x170
[ 1629.855879][T19207]  ? avc_ss_reset+0x3a0/0x3a0
[ 1629.855888][T19207]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1629.855902][T19207]  ? refcount_inc_checked+0x50/0x50
[ 1629.891916][T19224] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1629.898857][T19207]  ? memcg_check_events+0x5c/0x5b0
[ 1629.898874][T19207]  ? proc_fail_nth_write+0x1d5/0x240
[ 1629.898883][T19207]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1629.898892][T19207]  ? __lru_cache_add+0x1c4/0x210
[ 1629.898898][T19207]  ? memset+0x1f/0x40
[ 1629.898907][T19207]  ? fsnotify+0x1332/0x13f0
[ 1629.898915][T19207]  ? tty_do_resize+0x170/0x170
[ 1629.898924][T19207]  do_vfs_ioctl+0x76a/0x1720
[ 1629.898935][T19207]  ? selinux_file_ioctl+0x72f/0x990
[ 1629.898943][T19207]  ? ioctl_preallocate+0x250/0x250
[ 1629.898953][T19207]  ? __fget+0x37b/0x3c0
[ 1629.898960][T19207]  ? vfs_write+0x422/0x4e0
[ 1629.898969][T19207]  ? fget_many+0x20/0x20
[ 1629.898984][T19207]  ? debug_smp_processor_id+0x20/0x20
[ 1629.959580][T19231] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1629.963031][T19207]  ? security_file_ioctl+0x9d/0xb0
[ 1629.963043][T19207]  __x64_sys_ioctl+0xd4/0x110
[ 1629.963054][T19207]  do_syscall_64+0xcb/0x1e0
[ 1629.963064][T19207]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1629.963073][T19207] RIP: 0033:0x4665d9
[ 1629.963082][T19207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1629.963085][T19207] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1629.963093][T19207] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1629.963098][T19207] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1629.963102][T19207] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1629.963106][T19207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1629.963110][T19207] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1629.972349][  T150] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1631.972200][   T12] Bluetooth: hci1: command 0x1003 tx timeout
[ 1631.979764][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1631.979832][T18918] Bluetooth: hci1: sending frame failed (-49)
[ 1631.986204][T12659] Bluetooth: hci0: sending frame failed (-49)
[ 1634.052147][ T3302] Bluetooth: hci0: command 0x1001 tx timeout
[ 1634.052152][T16033] Bluetooth: hci1: command 0x1001 tx timeout
[ 1634.064562][T12659] Bluetooth: hci1: sending frame failed (-49)
[ 1634.070911][T12659] Bluetooth: hci0: sending frame failed (-49)
[ 1636.131987][ T3302] Bluetooth: hci0: command 0x1009 tx timeout
[ 1636.138396][ T3302] Bluetooth: hci1: command 0x1009 tx timeout
02:50:32 executing program 1 (fault-call:2 fault-nth:73):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:50:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000000e00", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:50:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400086291"], 0x40}, 0x1, 0x700}, 0x0)

02:50:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28005c0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:32 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b6, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:50:32 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x600000000000000)

02:50:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0x2}, 0x1, 0x700}, 0x0)

[ 1640.562820][T19244] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1640.564973][T19243] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1640.576401][T19245] FAULT_INJECTION: forcing a failure.
[ 1640.576401][T19245] name failslab, interval 1, probability 0, space 0, times 0
[ 1640.597870][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1640.610139][T19248] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1640.620786][T19245] CPU: 1 PID: 19245 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1640.635570][T19245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1640.645623][T19245] Call Trace:
[ 1640.648914][T19245]  dump_stack+0x1d8/0x24e
[ 1640.653251][T19245]  ? devkmsg_release+0x11c/0x11c
[ 1640.658210][T19245]  ? show_regs_print_info+0x12/0x12
[ 1640.663520][T19245]  should_fail+0x6f6/0x860
[ 1640.667977][T19245]  ? setup_fault_attr+0x3d0/0x3d0
[ 1640.673026][T19245]  ? __alloc_skb+0x75/0x4d0
[ 1640.677511][T19245]  should_failslab+0x5/0x20
[ 1640.682008][T19245]  kmem_cache_alloc+0x36/0x290
[ 1640.686952][T19245]  ? kmem_cache_free+0xb8/0x5f0
[ 1640.691787][T19245]  __alloc_skb+0x75/0x4d0
[ 1640.696270][T19245]  hci_sock_dev_event+0xe4/0x570
[ 1640.701183][T19245]  hci_register_dev+0x641/0x710
[ 1640.706193][T19245]  hci_uart_tty_ioctl+0x89e/0xa10
[ 1640.711209][T19245]  ? hci_uart_tty_write+0x10/0x10
[ 1640.716302][T19245]  tty_ioctl+0xf68/0x1710
[ 1640.720703][T19245]  ? tty_do_resize+0x170/0x170
[ 1640.725525][T19245]  ? avc_ss_reset+0x3a0/0x3a0
[ 1640.730207][T19245]  ? refcount_sub_and_test_checked+0x1b6/0x290
[ 1640.736347][T19245]  ? refcount_inc_checked+0x50/0x50
[ 1640.741542][T19245]  ? memcg_check_events+0x5c/0x5b0
[ 1640.746632][T19245]  ? proc_fail_nth_write+0x1d5/0x240
[ 1640.752011][T19245]  ? proc_fail_nth_read+0x1c0/0x1c0
[ 1640.757446][T19245]  ? __lru_cache_add+0x1c4/0x210
[ 1640.762383][T19245]  ? memset+0x1f/0x40
[ 1640.766450][T19245]  ? fsnotify+0x1332/0x13f0
[ 1640.771002][T19245]  ? tty_do_resize+0x170/0x170
[ 1640.775843][T19245]  do_vfs_ioctl+0x76a/0x1720
[ 1640.780469][T19245]  ? selinux_file_ioctl+0x72f/0x990
[ 1640.785654][T19245]  ? ioctl_preallocate+0x250/0x250
[ 1640.791179][T19245]  ? __fget+0x37b/0x3c0
[ 1640.795331][T19245]  ? vfs_write+0x422/0x4e0
[ 1640.799874][T19245]  ? fget_many+0x20/0x20
[ 1640.804099][T19245]  ? debug_smp_processor_id+0x20/0x20
[ 1640.809653][T19245]  ? security_file_ioctl+0x9d/0xb0
[ 1640.814845][T19245]  __x64_sys_ioctl+0xd4/0x110
[ 1640.819502][T19245]  do_syscall_64+0xcb/0x1e0
[ 1640.823997][T19245]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1640.830026][T19245] RIP: 0033:0x4665d9
[ 1640.834036][T19245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1640.853822][T19245] RSP: 002b:00007f28289b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:50:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0x3}, 0x1, 0x700}, 0x0)

02:50:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800600310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000001000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1640.862227][T19245] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1640.870213][T19245] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1640.878275][T19245] RBP: 00007f28289b11d0 R08: 0000000000000000 R09: 0000000000000000
[ 1640.886547][T19245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1640.894648][T19245] R13: 00007ffe4f1b46cf R14: 00007f28289b1300 R15: 0000000000022000
[ 1640.907477][  T386] Bluetooth: hci1: Frame reassembly failed (-84)
02:50:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28006c0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000001100", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1640.939613][T19260] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1640.991908][T19269] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1642.611502][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1642.617806][T12659] Bluetooth: hci0: sending frame failed (-49)
[ 1642.931451][ T3678] Bluetooth: hci1: command 0x1003 tx timeout
[ 1642.937729][T12659] Bluetooth: hci1: sending frame failed (-49)
[ 1644.691400][ T3677] Bluetooth: hci0: command 0x1001 tx timeout
[ 1644.697555][T12659] Bluetooth: hci0: sending frame failed (-49)
[ 1645.011413][ T3677] Bluetooth: hci1: command 0x1001 tx timeout
[ 1645.017560][T12659] Bluetooth: hci1: sending frame failed (-49)
[ 1646.771255][ T3677] Bluetooth: hci0: command 0x1009 tx timeout
[ 1647.091275][ T3677] Bluetooth: hci1: command 0x1009 tx timeout
02:50:43 executing program 1 (fault-call:2 fault-nth:74):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:50:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0x4}, 0x1, 0x700}, 0x0)

02:50:43 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b7, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:50:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000001200", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:50:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28006e0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:43 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x700000000000000)

02:50:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0x5}, 0x1, 0x700}, 0x0)

02:50:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800840310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000002000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1651.447702][T19286] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1651.449184][T19288] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1651.485809][  T150] Bluetooth: hci1: Frame reassembly failed (-84)
02:50:43 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0x6}, 0x1, 0x700}, 0x0)

02:50:43 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800920310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000002500", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1651.502375][  T386] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1651.524762][T19298] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1651.593798][T19310] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1653.490796][ T3300] Bluetooth: hci1: command 0x1003 tx timeout
[ 1653.498354][T12659] Bluetooth: hci1: sending frame failed (-49)
[ 1653.570770][ T3678] Bluetooth: hci0: command 0x1003 tx timeout
[ 1653.577995][T12659] Bluetooth: hci0: sending frame failed (-49)
[ 1655.570748][ T3678] Bluetooth: hci1: command 0x1001 tx timeout
[ 1655.577108][T12659] Bluetooth: hci1: sending frame failed (-49)
[ 1655.650677][ T3678] Bluetooth: hci0: command 0x1001 tx timeout
[ 1655.658533][T12659] Bluetooth: hci0: sending frame failed (-49)
[ 1657.650644][ T3678] Bluetooth: hci1: command 0x1009 tx timeout
[ 1657.730571][ T3678] Bluetooth: hci0: command 0x1009 tx timeout
02:50:53 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

02:50:53 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0x7}, 0x1, 0x700}, 0x0)

02:50:53 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b8, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:50:53 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="28009e0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000004000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:50:53 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x800000000000000)

02:50:53 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800a40310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:53 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0x8}, 0x1, 0x700}, 0x0)

02:50:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000004800", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:50:53 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800ac0310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:50:53 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0x9}, 0x1, 0x700}, 0x0)

[ 1661.702202][T19330] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1661.703551][T19328] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1661.711831][T19295] Bluetooth: hci0: Frame reassembly failed (-84)
02:50:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000004c00", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1661.784109][T19339] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1661.843251][T19348] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1663.730084][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1663.736238][T12659] Bluetooth: hci0: sending frame failed (-49)
[ 1663.810134][T16033] Bluetooth: hci1: command 0x1003 tx timeout
[ 1663.816181][T12659] Bluetooth: hci1: sending frame failed (-49)
[ 1665.810020][T16033] Bluetooth: hci0: command 0x1001 tx timeout
[ 1665.816227][T12659] Bluetooth: hci0: sending frame failed (-49)
[ 1665.890006][T16033] Bluetooth: hci1: command 0x1001 tx timeout
[ 1665.896497][T12659] Bluetooth: hci1: sending frame failed (-49)
[ 1667.889893][T16033] Bluetooth: hci0: command 0x1009 tx timeout
[ 1667.969912][T16033] Bluetooth: hci1: command 0x1009 tx timeout
[ 1671.889864][T19323] BUG: scheduling while atomic: syz-executor.1/19323/0x00000002
[ 1671.897521][T19323] Modules linked in:
[ 1671.901647][T19323] Preemption disabled at:
[ 1671.901661][T19323] [<0000000000000000>] 0x0
[ 1671.912382][T19323] CPU: 1 PID: 19323 Comm: syz-executor.1 Not tainted 5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1671.923529][T19323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1671.933841][T19323] Call Trace:
[ 1671.937438][T19323]  dump_stack+0x1d8/0x24e
[ 1671.942546][T19323]  ? devkmsg_release+0x11c/0x11c
[ 1671.951239][T19323]  ? show_regs_print_info+0x12/0x12
[ 1671.956465][T19323]  ? check_preemption_disabled+0x9e/0x330
[ 1671.962209][T19323]  ? debug_smp_processor_id+0x20/0x20
[ 1671.967686][T19323]  ? slab_free_freelist_hook+0x7b/0x150
[ 1671.973309][T19323]  ? kmem_cache_free+0xb8/0x5f0
[ 1671.978448][T19323]  __schedule_bug+0x1af/0x240
[ 1671.983589][T19323]  ? __migrate_task+0x160/0x160
[ 1671.988754][T19323]  ? _raw_spin_lock_irqsave+0xf8/0x210
[ 1671.995133][T19323]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1672.003356][T19323]  ? check_preemption_disabled+0x9e/0x330
[ 1672.010070][T19323]  __schedule+0xa42/0x1170
[ 1672.014592][T19323]  ? __pv_queued_spin_unlock_slowpath+0x290/0x290
[ 1672.021160][T19323]  ? __kthread_should_park+0xa5/0xe0
[ 1672.026428][T19323]  ? is_mmconf_reserved+0x420/0x420
[ 1672.032562][T19323]  ? __local_bh_enable_ip+0x70/0x70
[ 1672.041114][T19323]  schedule+0x13b/0x1d0
[ 1672.045435][T19323]  lock_sock_nested+0x1ed/0x310
[ 1672.050438][T19323]  ? slab_free_freelist_hook+0x7b/0x150
[ 1672.055994][T19323]  ? sock_def_destruct+0x10/0x10
[ 1672.061275][T19323]  ? init_wait_entry+0xd0/0xd0
[ 1672.066640][T19323]  ? hci_send_to_sock+0x709/0x720
[ 1672.071767][T19323]  ? hci_sock_dev_event+0x274/0x570
[ 1672.079324][T19323]  hci_sock_dev_event+0x2da/0x570
[ 1672.084709][T19323]  hci_unregister_dev+0x2a5/0x13f0
[ 1672.089821][T19323]  ? rcu_sync_exit+0xc6/0x1a0
[ 1672.094629][T19323]  hci_uart_tty_close+0x1a2/0x220
[ 1672.099712][T19323]  ? hci_uart_tty_open+0x2d0/0x2d0
[ 1672.104857][T19323]  tty_ldisc_release+0x272/0x600
[ 1672.111131][T19323]  tty_release_struct+0x27/0xd0
[ 1672.116597][T19323]  tty_release+0xdd7/0x10a0
[ 1672.121532][T19323]  ? tty_release_struct+0xd0/0xd0
[ 1672.126537][T19323]  __fput+0x27d/0x6c0
[ 1672.130610][T19323]  task_work_run+0x186/0x1b0
[ 1672.136779][T19323]  prepare_exit_to_usermode+0x2b0/0x310
[ 1672.142396][T19323]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1672.150229][T19323] RIP: 0033:0x4193eb
[ 1672.154104][T19323] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
[ 1672.174915][T19323] RSP: 002b:00007ffe4f1b4730 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1672.183840][T19323] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004193eb
[ 1672.192034][T19323] RDX: 00000000005701c0 RSI: 0000000000000003 RDI: 0000000000000003
[ 1672.202314][T19323] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007f282a9b2228
[ 1672.210885][T19323] R10: 0000000000000120 R11: 0000000000000293 R12: 0000000000195c63
[ 1672.218862][T19323] R13: 00000000000003e8 R14: 000000000056bf80 R15: 0000000000195c5b
[ 1672.228056][T19323] ------------[ cut here ]------------
[ 1672.233759][T19323] DEBUG_LOCKS_WARN_ON(val > preempt_count())
[ 1672.233805][T19323] WARNING: CPU: 1 PID: 19323 at kernel/sched/core.c:4019 preempt_count_sub+0x9c/0x160
[ 1672.252762][T19323] Modules linked in:
[ 1672.256749][T19323] CPU: 1 PID: 19323 Comm: syz-executor.1 Tainted: G        W         5.4.125-syzkaller-00002-g18f5581af79d #0
[ 1672.268507][T19323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1672.280009][T19323] RIP: 0010:preempt_count_sub+0x9c/0x160
[ 1672.288183][T19323] Code: 42 8a 04 30 84 c0 0f 85 89 00 00 00 83 3d df ae 00 05 00 75 d3 48 c7 c7 80 cb aa 84 48 c7 c6 20 cc aa 84 31 c0 e8 54 33 f6 ff <0f> 0b eb ba e8 2b fe de 00 85 c0 74 b1 48 c7 c0 d4 45 47 86 48 c1
[ 1672.309715][T19323] RSP: 0018:ffff8881e0ad7c48 EFLAGS: 00010246
[ 1672.316039][T19323] RAX: 2cb16cd339d66b00 RBX: 0000000000000001 RCX: ffff8881f5e7af40
[ 1672.327509][T19323] RDX: 0000000000000000 RSI: 0000000000007cbb RDI: 0000000000000001
[ 1672.336305][T19323] RBP: 0000000000000001 R08: ffffffff814e8e0f R09: fffffbfff0dcd2da
[ 1672.344696][T19323] R10: fffffbfff0dcd2da R11: 0000000000000000 R12: ffff8881f20fb000
[ 1672.353678][T19323] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88818fe50000
[ 1672.365337][T19323] FS:  000000000344d400(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 1672.374459][T19323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1672.381240][T19323] CR2: 00000000017c63bc CR3: 000000019af46000 CR4: 00000000001406e0
[ 1672.392033][T19323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1672.406587][T19323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1672.414889][T19323] Call Trace:
[ 1672.418553][T19323]  _raw_read_unlock+0x21/0x40
[ 1672.423487][T19323]  hci_unregister_dev+0x2a5/0x13f0
[ 1672.429074][T19323]  ? rcu_sync_exit+0xc6/0x1a0
[ 1672.437083][T19323]  hci_uart_tty_close+0x1a2/0x220
[ 1672.442650][T19323]  ? hci_uart_tty_open+0x2d0/0x2d0
[ 1672.447797][T19323]  tty_ldisc_release+0x272/0x600
[ 1672.455131][T19323]  tty_release_struct+0x27/0xd0
[ 1672.459962][T19323]  tty_release+0xdd7/0x10a0
[ 1672.465750][T19323]  ? tty_release_struct+0xd0/0xd0
[ 1672.470833][T19323]  __fput+0x27d/0x6c0
[ 1672.474846][T19323]  task_work_run+0x186/0x1b0
[ 1672.479802][T19323]  prepare_exit_to_usermode+0x2b0/0x310
[ 1672.485654][T19323]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1672.492148][T19323] RIP: 0033:0x4193eb
[ 1672.496149][T19323] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
[ 1672.519643][T19323] RSP: 002b:00007ffe4f1b4730 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1672.528063][T19323] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004193eb
02:51:04 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800b00310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:51:04 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x900000000000000)

02:51:04 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0xa}, 0x1, 0x700}, 0x0)

02:51:04 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x2, 0x0)

02:51:04 executing program 3:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x46802)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000940)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QUw!j\x91\x0eW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1\xb04A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf\x8b\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xab\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eZ\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\a\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\xe1\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1+#z\xef*\xce\x99\xbe\xb9\x90\xbc\xb9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xa9\xc8\xb1r0Z\x98\x87^\xc8C[\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xe3[\x04\x8c\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-\x0f\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04bA\xed\xfci\xc6\xd4/{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\xf81\xad\xee\xf5\xa4\x05#\x7f\xa8\x1f\x1f\xb6\xeb\x86\xc2\xea\x18\x14\xc4\xc0\xab\xe8\xf28\xf3\xe6}-\xc2Q\xa1\x93\x95\t\xd1\xa3\xf8\x10\x12\x8b#Cf\r\xda\xf4\x89\xe0\xdf\xafW\bz6\xea\x97\xa1\xbej4/\x01\x11\x13\x84\xa0O<\x1f2\xae5\xa7\xa3\xac\xeb\x10\x19\xf2\x19\x01\xb2;\xcb_\xfc\xd1dk\xc1%\xce\xfb\x05\x98\xfb\x8f6\xf2o\n`\xb1*\x95\xb2q\xa6\xa4q{\xf6F`\xf8_\xc1\xfdE\'', 0x0)
r3 = open(0x0, 0x109000, 0x8a)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1})
io_setup(0x2, &(0x7f0000000400)=<r4=>0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, 0x0)
r5 = syz_io_uring_setup(0x2de5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, &(0x7f0000000140))
io_uring_enter(r5, 0x302, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
io_submit(r4, 0x1b, &(0x7f0000000540)=[&(0x7f00000000c0)={0xffffff7f, 0x79000000, 0x0, 0x6b9, 0x0, r0, &(0x7f0000000000), 0x1a31e3fd987a7d49}])

02:51:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000006000", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1672.536862][T19323] RDX: 00000000005701c0 RSI: 0000000000000003 RDI: 0000000000000003
[ 1672.548307][T19323] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007f282a9b2228
[ 1672.556530][T19323] R10: 0000000000000120 R11: 0000000000000293 R12: 0000000000195c63
[ 1672.564669][T19323] R13: 00000000000003e8 R14: 000000000056bf80 R15: 0000000000195c5b
[ 1672.581400][T19323] ---[ end trace 64bc5ef6b683ff47 ]---
02:51:04 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0xb}, 0x1, 0x700}, 0x0)

02:51:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000006800", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

[ 1672.622994][T19358] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1672.628257][T19363] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
02:51:04 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x4b47, 0x0)

02:51:04 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20004}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800b20310000108029000"/20, @ANYRES32=0x0, @ANYBLOB="05023a650000000008001b"], 0x28}}, 0x0)

02:51:04 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0xc}, 0x1, 0x700}, 0x0)

02:51:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100000000000000000000016b00", @ANYRES32=0x0, @ANYBLOB="060000000000000008001b00000000001800168014"], 0x40}, 0x1, 0x700}, 0x0)

02:51:04 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$TUNSETLINK(r1, 0x8912, 0x400308)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="060000000000000008001b0000000000180016801400016291"], 0xf}, 0x1, 0x700}, 0x0)

02:51:04 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r0, 0x4b49, 0x0)

[ 1672.677047][T19295] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1672.701819][T19374] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1672.775550][T19386] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1674.689406][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[ 1674.695575][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1676.769341][   T12] Bluetooth: hci0: command 0x1001 tx timeout
[ 1676.776468][T12658] Bluetooth: hci0: sending frame failed (-49)
[ 1678.849189][   T12] Bluetooth: hci0: command 0x1009 tx timeout