EDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x360}}, 0x8810) [ 293.146826][ T9323] new mount options do not match the existing superblock, will be ignored [ 293.156929][ T22] audit: type=1326 audit(1631031276.222:8525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9324 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 293.159383][ T9323] new mount options do not match the existing superblock, will be ignored 16:14:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 293.168598][ T22] audit: type=1326 audit(1631031276.232:8526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9321 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 293.284866][ T9320] selection: kmalloc() failed 16:14:36 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000500)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2800000010000108000000000054000000000000", @ANYRES32=0x0, @ANYBLOB="000000a0ebfaf00008001b"], 0x28}}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x4}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='./file0\x00') socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000e80)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r2, 0x8912, 0x400308) getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080), 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000580), 0xc, &(0x7f0000000780)={&(0x7f00000006c0)=@ipv6_newroute={0xac, 0x18, 0x800, 0x70bd2d, 0x25dfdbfb, {0xa, 0x14, 0x10, 0x6, 0x0, 0x4, 0xc8, 0x5}, [@RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWT_BPF_IN={0xc, 0x1, 0x0, 0x1, @LWT_BPF_PROG_NAME={0x5, 0x2, '\x00'}}}, @RTA_ENCAP={0x20, 0x16, 0x0, 0x1, @SEG6_LOCAL_SRH={0x1c, 0x2, {0x2d, 0x2, 0x4, 0x1, 0x80, 0x0, 0x1, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}}, @RTA_METRICS={0x29, 0x8, 0x0, 0x1, "bfd6aca2f399157744c2913a686c2dd1737be763380df5ffa808ab749a3e73008eb6cc9274"}, @RTA_PRIORITY={0x8}, @RTA_MULTIPATH={0xc, 0x9, {0x0, 0x2, 0x9}}, @RTA_MARK={0x8}, @RTA_PRIORITY={0x8}, @RTA_PREF={0x5, 0x14, 0xb7}, @RTA_UID={0x8, 0x19, 0xffffffffffffffff}]}, 0xac}, 0x1, 0x0, 0x0, 0x90}, 0x40) mount$overlay(0x0, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840), 0x200010, &(0x7f0000000880)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@index_off}, {@index_off}, {@index_off}, {@metacopy_on}, {@xino_auto}], [{@subj_type}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x80000001}}, {@permit_directio}]}) setxattr$security_evm(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000300)=@v2={0x3, 0x0, 0x4}, 0x9, 0x0) mmap(&(0x7f00004a6000/0x4000)=nil, 0x4000, 0x0, 0x8010, 0xffffffffffffffff, 0x818b6000) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) rt_sigqueueinfo(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x0, 0x0, 0xc9e2}) [ 293.487886][ T9338] selection: kmalloc() failed 16:14:36 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000500)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2800000010000108000000000054000000000000", @ANYRES32=0x0, @ANYBLOB="000000a0ebfaf00008001b"], 0x28}}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x4}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='./file0\x00') socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000e80)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r2, 0x8912, 0x400308) getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080), 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000580), 0xc, &(0x7f0000000780)={&(0x7f00000006c0)=@ipv6_newroute={0xac, 0x18, 0x800, 0x70bd2d, 0x25dfdbfb, {0xa, 0x14, 0x10, 0x6, 0x0, 0x4, 0xc8, 0x5}, [@RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWT_BPF_IN={0xc, 0x1, 0x0, 0x1, @LWT_BPF_PROG_NAME={0x5, 0x2, '\x00'}}}, @RTA_ENCAP={0x20, 0x16, 0x0, 0x1, @SEG6_LOCAL_SRH={0x1c, 0x2, {0x2d, 0x2, 0x4, 0x1, 0x80, 0x0, 0x1, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}}, @RTA_METRICS={0x29, 0x8, 0x0, 0x1, "bfd6aca2f399157744c2913a686c2dd1737be763380df5ffa808ab749a3e73008eb6cc9274"}, @RTA_PRIORITY={0x8}, @RTA_MULTIPATH={0xc, 0x9, {0x0, 0x2, 0x9}}, @RTA_MARK={0x8}, @RTA_PRIORITY={0x8}, @RTA_PREF={0x5, 0x14, 0xb7}, @RTA_UID={0x8, 0x19, 0xffffffffffffffff}]}, 0xac}, 0x1, 0x0, 0x0, 0x90}, 0x40) mount$overlay(0x0, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840), 0x200010, &(0x7f0000000880)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@index_off}, {@index_off}, {@index_off}, {@metacopy_on}, {@xino_auto}], [{@subj_type}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x80000001}}, {@permit_directio}]}) setxattr$security_evm(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000300)=@v2={0x3, 0x0, 0x4}, 0x9, 0x0) mmap(&(0x7f00004a6000/0x4000)=nil, 0x4000, 0x0, 0x8010, 0xffffffffffffffff, 0x818b6000) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) rt_sigqueueinfo(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x0, 0x0, 0xc9e2}) [ 293.597119][ T9352] overlayfs: unrecognized mount option "subj_type=" or missing value [ 293.599222][ T9345] selection: kmalloc() failed [ 293.599948][ T9352] device bridge_slave_0 left promiscuous mode [ 293.600333][ T9352] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.603162][ T9352] device bridge_slave_1 left promiscuous mode [ 293.603700][ T9352] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.607852][ T9352] device team_slave_1 left promiscuous mode [ 293.608231][ T9352] bridge0: port 3(team_slave_1) entered disabled state 16:14:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x4}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000140)=[{{&(0x7f0000000300)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000380)=""/200, 0xc8}, {&(0x7f0000000880)=""/229, 0xe5}, {&(0x7f0000000480)=""/103, 0x67}, {&(0x7f0000000980)=""/197, 0xc5}, {&(0x7f00000005c0)=""/131, 0x83}, {&(0x7f0000000a80)=""/148, 0x94}, {&(0x7f0000000b40)=""/194, 0xc2}], 0x7, &(0x7f0000001040)=ANY=[@ANYBLOB="28000000000000000000000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000332ed8cf77baa42aea7e04b079d23b0452a36529875b7295cf24fe815889d5619f1f982e139c73e899", @ANYRES32, @ANYRES32, @ANYRESHEX=r0, @ANYRES32, @ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002bac4a1", @ANYRES32=0x0, @ANYRES16=r0, @ANYRES32=0x0, @ANYBLOB="0008000018000000010000000100000000000000", @ANYRES32, @ANYRES32, @ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRESDEC], 0x100}}], 0x1, 0x2040, &(0x7f0000000d40)) sched_setattr(r2, &(0x7f0000000d80)={0x38, 0x3, 0x45, 0x8, 0x8, 0x81, 0x8, 0xff, 0x2, 0x7}, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) recvmmsg(r4, &(0x7f0000000800)=[{{&(0x7f00000001c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000080)=[{0x0}], 0x1}}, {{&(0x7f0000000540)=@in={0x2, 0x0, @broadcast}, 0x80, 0x0, 0x0, &(0x7f0000000740)=""/142, 0x8e}}], 0x2, 0x2100, &(0x7f0000000240)={0x77359400}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000500)='./bus\x00', 0x0) ftruncate(r5, 0x1000) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f00000000c0)='./bus\x00', 0x0) 16:14:36 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000500)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2800000010000108000000000054000000000000", @ANYRES32=0x0, @ANYBLOB="000000a0ebfaf00008001b"], 0x28}}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x4}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='./file0\x00') socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000e80)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r2, 0x8912, 0x400308) getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080), 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000580), 0xc, &(0x7f0000000780)={&(0x7f00000006c0)=@ipv6_newroute={0xac, 0x18, 0x800, 0x70bd2d, 0x25dfdbfb, {0xa, 0x14, 0x10, 0x6, 0x0, 0x4, 0xc8, 0x5}, [@RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWT_BPF_IN={0xc, 0x1, 0x0, 0x1, @LWT_BPF_PROG_NAME={0x5, 0x2, '\x00'}}}, @RTA_ENCAP={0x20, 0x16, 0x0, 0x1, @SEG6_LOCAL_SRH={0x1c, 0x2, {0x2d, 0x2, 0x4, 0x1, 0x80, 0x0, 0x1, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}}, @RTA_METRICS={0x29, 0x8, 0x0, 0x1, "bfd6aca2f399157744c2913a686c2dd1737be763380df5ffa808ab749a3e73008eb6cc9274"}, @RTA_PRIORITY={0x8}, @RTA_MULTIPATH={0xc, 0x9, {0x0, 0x2, 0x9}}, @RTA_MARK={0x8}, @RTA_PRIORITY={0x8}, @RTA_PREF={0x5, 0x14, 0xb7}, @RTA_UID={0x8, 0x19, 0xffffffffffffffff}]}, 0xac}, 0x1, 0x0, 0x0, 0x90}, 0x40) mount$overlay(0x0, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840), 0x200010, &(0x7f0000000880)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@index_off}, {@index_off}, {@index_off}, {@metacopy_on}, {@xino_auto}], [{@subj_type}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x80000001}}, {@permit_directio}]}) setxattr$security_evm(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000300)=@v2={0x3, 0x0, 0x4}, 0x9, 0x0) mmap(&(0x7f00004a6000/0x4000)=nil, 0x4000, 0x0, 0x8010, 0xffffffffffffffff, 0x818b6000) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) rt_sigqueueinfo(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x0, 0x0, 0xc9e2}) 16:14:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:37 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000500)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2800000010000108000000000054000000000000", @ANYRES32=0x0, @ANYBLOB="000000a0ebfaf00008001b"], 0x28}}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x4}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='./file0\x00') socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000e80)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r2, 0x8912, 0x400308) getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080), 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000580), 0xc, &(0x7f0000000780)={&(0x7f00000006c0)=@ipv6_newroute={0xac, 0x18, 0x800, 0x70bd2d, 0x25dfdbfb, {0xa, 0x14, 0x10, 0x6, 0x0, 0x4, 0xc8, 0x5}, [@RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWT_BPF_IN={0xc, 0x1, 0x0, 0x1, @LWT_BPF_PROG_NAME={0x5, 0x2, '\x00'}}}, @RTA_ENCAP={0x20, 0x16, 0x0, 0x1, @SEG6_LOCAL_SRH={0x1c, 0x2, {0x2d, 0x2, 0x4, 0x1, 0x80, 0x0, 0x1, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}}, @RTA_METRICS={0x29, 0x8, 0x0, 0x1, "bfd6aca2f399157744c2913a686c2dd1737be763380df5ffa808ab749a3e73008eb6cc9274"}, @RTA_PRIORITY={0x8}, @RTA_MULTIPATH={0xc, 0x9, {0x0, 0x2, 0x9}}, @RTA_MARK={0x8}, @RTA_PRIORITY={0x8}, @RTA_PREF={0x5, 0x14, 0xb7}, @RTA_UID={0x8, 0x19, 0xffffffffffffffff}]}, 0xac}, 0x1, 0x0, 0x0, 0x90}, 0x40) mount$overlay(0x0, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840), 0x200010, &(0x7f0000000880)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@index_off}, {@index_off}, {@index_off}, {@metacopy_on}, {@xino_auto}], [{@subj_type}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fsmagic={'fsmagic', 0x3d, 0x80000001}}, {@permit_directio}]}) setxattr$security_evm(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000300)=@v2={0x3, 0x0, 0x4}, 0x9, 0x0) mmap(&(0x7f00004a6000/0x4000)=nil, 0x4000, 0x0, 0x8010, 0xffffffffffffffff, 0x818b6000) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) rt_sigqueueinfo(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x0, 0x0, 0xc9e2}) 16:14:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 293.873898][ T9349] selection: kmalloc() failed [ 294.291219][ T22] audit: type=1326 audit(1631031277.353:8527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9364 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 294.342367][ T22] audit: type=1326 audit(1631031277.383:8528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9365 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 294.463233][ T9372] selection: kmalloc() failed 16:14:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:37 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000300)=""/165, 0xa5}], 0x2, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendto$inet6(r1, &(0x7f00000001c0)="04", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000080), 0x21e, 0x40010002, 0x0) r2 = socket$key(0xf, 0x3, 0x2) getsockopt$IP_SET_OP_GET_FNAME(r2, 0x1, 0x53, &(0x7f0000000000)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f0000000040)=0x2c) 16:14:37 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r3, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x26) recvfrom$inet6(r3, &(0x7f0000000000)=""/45, 0x44, 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/meminfo\x00', 0x0, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x5}) writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="480500001400", 0x6}], 0x1) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x200000000e228, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x42, 0x3, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000080)={0x7b, 0x1, 0xd, 0x1f}, 0xc) 16:14:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x4}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000140)=[{{&(0x7f0000000300)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000380)=""/200, 0xc8}, {&(0x7f0000000880)=""/229, 0xe5}, {&(0x7f0000000480)=""/103, 0x67}, {&(0x7f0000000980)=""/197, 0xc5}, {&(0x7f00000005c0)=""/131, 0x83}, {&(0x7f0000000a80)=""/148, 0x94}, {&(0x7f0000000b40)=""/194, 0xc2}], 0x7, &(0x7f0000001040)=ANY=[@ANYBLOB="28000000000000000000000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000332ed8cf77baa42aea7e04b079d23b0452a36529875b7295cf24fe815889d5619f1f982e139c73e899", @ANYRES32, @ANYRES32, @ANYRESHEX=r0, @ANYRES32, @ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002bac4a1", @ANYRES32=0x0, @ANYRES16=r0, @ANYRES32=0x0, @ANYBLOB="0008000018000000010000000100000000000000", @ANYRES32, @ANYRES32, @ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRESDEC], 0x100}}], 0x1, 0x2040, &(0x7f0000000d40)) sched_setattr(r2, &(0x7f0000000d80)={0x38, 0x3, 0x45, 0x8, 0x8, 0x81, 0x8, 0xff, 0x2, 0x7}, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) recvmmsg(r4, &(0x7f0000000800)=[{{&(0x7f00000001c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000080)=[{0x0}], 0x1}}, {{&(0x7f0000000540)=@in={0x2, 0x0, @broadcast}, 0x80, 0x0, 0x0, &(0x7f0000000740)=""/142, 0x8e}}], 0x2, 0x2100, &(0x7f0000000240)={0x77359400}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000500)='./bus\x00', 0x0) ftruncate(r5, 0x1000) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f00000000c0)='./bus\x00', 0x0) 16:14:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000003500)={[{@utf8no}, {@uni_xlateno}], [{@dont_hash}]}) 16:14:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 294.900977][ T9382] netlink: 1272 bytes leftover after parsing attributes in process `syz-executor.0'. [ 294.944272][ T9373] selection: kmalloc() failed [ 294.955040][ T392] tipc: Left network mode [ 294.965276][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7188 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 294.965464][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 294.969112][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7941 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 294.969397][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4111 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 294.976724][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 294.978184][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 294.980897][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 294.981308][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 16:14:38 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 294.981576][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 294.981871][ T9382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9382 comm=syz-executor.0 [ 295.104870][ T9387] FAT-fs (loop0): Unrecognized mount option "dont_hash" or missing value [ 295.177259][ T9387] FAT-fs (loop0): Unrecognized mount option "dont_hash" or missing value 16:14:38 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x8, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000004be6966366b1adca6425c3721e0a0000000000009500800000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x18) fremovexattr(r1, &(0x7f0000000580)=@known='user.incfs.size\x00') fsetxattr$security_selinux(r1, &(0x7f0000000140), &(0x7f00000002c0)='system_u:object_r:pinentry_exec_t:s0\x00', 0x25, 0x2) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket$inet6(0xa, 0x803, 0x2) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, r4}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in=@local}}, 0xe8) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c29184ff7f0000cef809606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45ef4adf634be763289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cd8e5c39d325ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b6c4a00000000ff435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0adb02d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4a00fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768ee58969ced595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30fa94ef241875f3b4b6ab7929a57affe7d7fa29822aea69a660e717a04becff09000000724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7dfa2e5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca378e676c3e08c1ed43ca8d3d10994c0b58645ac518a75fde7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d34b5457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464b635197351a5ef0a0fb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f83100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa370ac891e10096e7e60fc3541a2c905a1a95e9571bf38ae19ff000000caee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5944912d6c98cd1a9fbe1e7d58c08acaf30235b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cbe7df000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc13c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e89fc745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb4a541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83186c1526af6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af930cd6db49a47613808bad959719c0000000000378a921c7f7f8433c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205aa00b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569ed7aa287378c697f6cafa86966d7ba19e720413268e4770132618df552c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f9360984b5c2d4523497e4d64f95f0a093564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf596218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5002512bcbf9b24accfecb0f477db103463af2847e6ade5b9e065ec0d0ba58fedae5f08818fea475b169469f9efd131925d98c34b3cb26fe26796dd43b87e1cdee39f5cf21d2e80a64ac97e71cafc29bfb78db090dd12225efeda2e93bf7f6ba7865e9c375a780929dfa5a7036f5858e2a4ff8e8d1e8c9cceed07c6312b734c72510d335acc94f76e7078ce4066f1e0ac9429f8013683301277a11e25b248b61180cb6207a0e26757f3f1bfc6c27f3720d1fb74afb17f3b5239bc2243853d5234afb05ed6024e94dee34666c5b5522b54cb433efa54b4e9022533e7c89bdee957dfa9ded9f16fdcd1b681e4c72f32fa3334313e334cc140daec7dcb22f463457a1a5ac230bbded86258206046f556589f5627ab2751eb34d940519f009412098398ad822a8509d2d32da656ac5935e4c7f9503ce4daf13300dfd611528049310544d3e8613926fbe2647e258932592c9123f1c74023144442d09ef90c64950176c666da6b658108ac54beb2379aa70501c42bd9c4e4f426ab5ff2a33767b408ed19e399c33b52abc4ac24da0d4cf07d93029583591c33f0f80513c541581977f2e9735e1edb66fdbbe22eb4b0b670ba74fdee2f1a3cf85777af5d8267acaa9d83c23a4b40d0f53dce003c03c5959e405fc4f2c05d3394f014a39caabbeff7c7cadbdc57def7f5f758aa46b6e2fddc779770d7e395c4ac2a136a30e7c0a301dffc5565d7244fb29cd302c36e76221a3c4e21559216c078f06b0b04fb236ea14f9998776a0ae88dfeccc9ad64d2fe3cfdeb9684b7b7e5c00f7323f8214ed0189539e0e3e34c8e542c82ddbd6a75c1adbedef4d5d69b246a5a36ab802b0161908e748ed9891678c228413bf51b18a25bf776b9d1f1fedf97cf5e7de4455ea359e5796bd60cc415066fc271a2bdb7db13e72d1a99b375f96c4b5aef874037faf6a1d1aacf46a57346d000000000000000040c1051e444ea35432e022889fde59f038db4f83ffa3191116c7ba9434a7f758890f27b3acb915a7e5db2149e18c51b6db3edfdeb2ac8fe038f7987c5b38f206084bc5e8243f73e152980c414558a1f9dd35691d7f51f182393a434ba11112d7b3bf20fb62dc263b68149d8c22eb700f1e3b6ada85d949ddba3afae71082931899d138a2865685cb0d7e231838d00d1f1f104ab37b2929017a1d08f60b2cee3a49ea82b54244bec41e289ae1d7d578eed068912e2e72ffb0ccdacb8f459162b1338f91f247a2520e08c880463af6733fb1eecf800b7d074b435f1eaf608f34ddc421dc910fc282cf71114e97e5e4ab11c12c81502fb679666626e0cabdd23e7e29b4070cc18c24cf77fd9cae782eb7956e80abbc7da288a8be5869230fae230de433ef97c499e4f5ed5636b0bd0000000086c970de845572766c4e1d09154cd322f1a8c8ebe5a9492e7d1486d702018c"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_exit\x00', r5}, 0x10) ftruncate(r5, 0x7) connect$packet(r0, &(0x7f0000000000)={0x11, 0x16, r4, 0x1, 0x3, 0x6, @remote}, 0x14) 16:14:38 executing program 0: ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000140)={{0x0, 0x80000001, 0x5, 0x80000000, 0x5, 0x6, 0x5, 0x6, 0x8, 0x7, 0x2, 0x7, 0x4, 0x1, 0x7}, 0x20, [0x0, 0x0, 0x0, 0x0]}) r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000200000006000000000008000080000020000000d6f4655fd6f4655f0100ffff53ef010001000000d5f4655f000000000000000001000000000000000b0000000001000008000000d24201", 0x10, 0x400}, {&(0x7f00000002c0)="000000000000000000000000441356bbe0d347458781d90fbb6137b4010040ba9a48cdd8b8e18b9f11b1e8dfa1d6d8ae3fc5d4106d287c10f9e8ba9291a6fae183e04ccb07be8aa921ec042a55570c4ca9397905d65d516df70d810104000083b65873c660152a8fe475791e4805b89e29fcd66eef29cc11a984a991d1adb9d5de8f2603915b2fc1d17e0e4d4051936845a72e2afad8c3", 0x97, 0x4e0}], 0x1, &(0x7f0000014d00)) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000380)={0x14, 0x4, {0x7db, @struct={0xfff, 0xa3}, 0x0, 0x0, 0x2, 0x6, 0x45b4, 0x8, 0x11, @usage=0x1af20000, 0x9, 0x80, [0x92af, 0x800, 0x2, 0x101, 0x27d4, 0x4]}, {0x5, @usage=0x4, 0x0, 0x1, 0xde8e, 0xffffffff7fffffff, 0xb78, 0x7, 0x1, @usage=0x1, 0x5, 0x9, [0xffffffff, 0x6f47c00b, 0x0, 0x7ff, 0x80, 0x100000000]}, {0x3b8b, @struct={0xba, 0x2}, 0x0, 0x3, 0x8, 0xff76, 0x2, 0x20, 0xc0, @usage=0x6, 0x3, 0x9, [0x21591ce3, 0x7fffffff, 0x9f7, 0x1c1, 0x8, 0x1e28]}, {0x6, 0x2, 0xfffffffffffffffc}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000780)={0x0, 0x800000000, 0x2}) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000b80)={0x0, 0x2, {0x7d4, @struct={0x3ff, 0x7f}, r1, 0x101, 0xfffffffffffffffe, 0xfff, 0xb56b, 0x1, 0x488, @usage=0x7ff, 0x401, 0x6, [0x20, 0x5bf, 0x3, 0xfff, 0x0, 0x7]}, {0x100000001, @struct={0x4, 0x7}, 0x0, 0xfffffffffffff571, 0x2329, 0x7f, 0x7f, 0xfffffffffffffffd, 0x3, @struct={0x10001, 0x1ab}, 0x6, 0x2, [0x3, 0x7, 0x83, 0x8, 0xff, 0x7529]}, {0x9, @struct={0x80, 0x5}, r2, 0x0, 0xcd1a, 0x9, 0xfffffffffffff000, 0xffff, 0x0, @usage=0x7ff, 0x800, 0xffff87e3, [0x7, 0xfffffffffffffffd, 0x1000, 0x20, 0x1ff, 0xffffffffffffffff]}, {0x10001, 0xfffffffffffffff8, 0x101}}) [ 295.325639][ T22] kauditd_printk_skb: 1 callbacks suppressed 16:14:39 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000006c40)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r2 = dup3(r1, r0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000004f80)={&(0x7f0000003b80)=@abs, 0x6e, &(0x7f0000004e80)=[{&(0x7f0000003c00)=""/243, 0xf3}, {&(0x7f0000003d00)=""/112, 0x70}, {&(0x7f0000003d80)=""/118, 0x76}, {&(0x7f0000003e00)=""/4096, 0x1000}, {&(0x7f0000004e00)=""/65, 0x41}], 0x5, &(0x7f0000004f00)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}], 0x70}, 0x40000000) mount$bpf(0x0, &(0x7f0000000140)='./file0/../file1\x00', &(0x7f0000000200), 0x2, &(0x7f0000004fc0)={[{@mode={'mode', 0x3d, 0x100}}, {@mode={'mode', 0x3d, 0xffff}}], [{@uid_lt={'uid<', r4}}, {@dont_measure}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '\\-*{['}}, {@dont_hash}]}) writev(r3, &(0x7f0000000740)=[{&(0x7f0000000240)="b004c8fbcff1af8fc8891c20315a5278236ea4cdac569e9156244099431afaa7c898b7be0d4d43f0bd6e4f87b2000d47b5d48b83307082954becf002653fc2a8cc721c83d04e52bb0209d37ed0ad4a0a8e8558725c0f637f00e06328e88a6a417ecf05ba59b725c9031d043e05f76f2a16666ae128f6f4e8b8cd29e698f10e69a1a946877295889fc0350f2c59aae9a3b421f128675321c70e5ca3f5e22e40e2d0c59a472b9bd2f0681f2e533bca7100f4d4530effb70c51ef5283b24faddb5e1d8ecbda018d993f708fd080f38c53b63328009c552272b27d10a06ca694fd032f6cedb3d8afbd34c50ed6d8c67b5bf4ea17", 0xf2}, {&(0x7f0000000340)="e7998ee5da37ba2858ac9e4a8e457e074f088e3f6b8a2ad5", 0x18}, {&(0x7f0000000380)="d7b0cae486913dd55fca268d739df1257845365d75a27b2211babb840277dbd18c2e420723e72d552836076c9ba29f00ee311c417ff6dddf14609b380172032d8bd3d515cb934b51c20ae71cd1086e75067bddfde1edd45049bed6480570abdf1cb83b5f03", 0x65}, {&(0x7f0000000400)="d525ea8bdbe2bce832eddec6557d564cec6de610d9f20931893bcb7cdc0967da5c3b6dfac80224f8821f01bfebef5296e175aa", 0x33}, {&(0x7f0000000440)="4176bc7cf0d15a66bf0e5028258f7087e9c98fb17cf4b27660d262605b7c8500e8fa96600a1ed5ef2515ef9654e2032ea3a795bca9445b22e5ba4a169d0daf5a0ad581f254559a39df152403b288e998b1c8e996", 0x54}, {&(0x7f00000004c0)="392e5de2d51b15dc13beed3f1aee870a6c972ef16a51cbd89d0c", 0x1a}, {&(0x7f0000000500)="38c3e663eeac688513f2fd18509bc6d7fafa15e7ad07d8b3491a202a7a72120fa36ddfb070eb2d097f92b54bfab121bca95c02c1f80a8dd1b54efdd764b33154cfa4077a2213dade2b1877248092e3aa4889537f7f2b748a571a63ff187477d37648ac47220da124ac9d8be82a71bcbe700e36d713a239dc6f4b509b9bd5a3a6be9bca2fc46ae32fb93ea8120db27dda915dce4f6e5376449d92def696bf46c13649888030c32b54662a87e0b1ff30fa92a4eaa75f199f8b46f46e936a89a4dce87cb35d8fe54bffc2ae8dedd158c887e410987ce9f317ee0b7f3cef3cda9b1c3a7ff06d2a47355257ee525b98", 0xed}, {&(0x7f0000000600)="a5d348268b1db065886ac3b771dc7c0bf5ef14a3ac08bec1ea44582c533f7f098a8de559166bbd08f1ba87fb1b7f07b48ad2aad21b7316af8c10967c1e", 0x3d}, {&(0x7f0000000640)="10bb55793e55c664c3a8ea61e94440663ab0ab0a50377517fb8a2f283c3c63fc385535445082de016b9eb66949f8d71a08bd2ccfa290e52f0e59923ed1a5a2badb9a30da9c4b44a99148402be918a2d800f00513b72702d41570be53c826a878bc892e16808674ca4c8b461687132e5bd7724ba39fb8114d8da20289d5b27881213a7cd9b305e816df410d43c8e4ed0ec0e72241f34b86869b20e677c5f3c46f59c5851b38eb21b9f98bb1b2e55377ca46d0ffeb13cb69c14197d47d66f8568bed94e5b07b7a6f5ae2c7763c24285719315749a9f8ed7d0ce20e6aabb2073c8629cbdf39b89c9e12a4ee73fc", 0xec}], 0x9) r5 = getuid() syz_mount_image$fuse(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x10000c0, &(0x7f0000000140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1800}}, {@max_read={'max_read', 0x3d, 0x8}}], [{@measure}, {@fowner_lt={'fowner<', r5}}]}}) pipe(&(0x7f0000000800)={0xffffffffffffffff}) write$P9_RVERSION(r6, &(0x7f0000000840)={0x15, 0x65, 0xffff, 0x9, 0x8, '9P2000.u'}, 0x15) [ 295.325647][ T22] audit: type=1326 audit(1631031278.393:8530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9398 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 295.773536][ T9378] selection: kmalloc() failed [ 296.155840][ T9415] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 296.417204][ T9422] fuse: Bad value for 'fd' [ 296.445050][ T9422] fuse: Bad value for 'fd' [ 296.527527][ T9397] selection: kmalloc() failed [ 296.763313][ T9403] selection: kmalloc() failed [ 297.799730][ T9431] cgroup1: Unknown subsys name 'perf_event' [ 297.805889][ T9431] cgroup1: Unknown subsys name 'net_cls' [ 297.844870][ T9431] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.852206][ T9431] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.860451][ T9431] device bridge_slave_0 entered promiscuous mode [ 297.867664][ T9431] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.875035][ T9431] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.882783][ T9431] device bridge_slave_1 entered promiscuous mode [ 297.922221][ T9431] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.929261][ T9431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.936539][ T9431] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.943541][ T9431] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.964484][ T3281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 297.972258][ T3281] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.980869][ T3281] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.994621][ T392] device team_slave_1 left promiscuous mode [ 298.000575][ T392] bridge0: port 3(team_slave_1) entered disabled state [ 298.008212][ T392] device bridge_slave_1 left promiscuous mode [ 298.014723][ T392] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.021963][ T392] device bridge_slave_0 left promiscuous mode [ 298.028341][ T392] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.228652][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 298.236860][ T3432] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.243869][ T3432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 298.251903][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 298.260329][ T3432] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.267382][ T3432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 298.284093][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 298.292081][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 298.300375][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 298.309104][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 298.317440][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 298.325783][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 298.344034][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 298.351893][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 298.359829][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 298.368014][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 298.377884][ T7011] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 298.386423][ T7011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 298.399047][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 298.407782][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 298.435507][ T9436] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.442655][ T9436] bridge0: port 1(bridge_slave_0) entered disabled state 16:14:41 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001200)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000f3ffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fefdff0000850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465c3a1f66868c59f7cfeb91569b3fdb36be399259916ffc9bf0bd09f07fb2ea80e5cf8dcf819b5c0c00190000000090af27db5b56024db96b4673b4e8d5467e3554508535766c80114604ea403ff065fd3052aae80677eeba68562eaeaea5fecf3f000000274233106e2baf69b1c66c01e4099f366b89ab63ece92b2704550a4d1dd5c50b7420b48a93fe94c756108afcd0b2eb785632e0a85f02a5a6474ae549070000000000000094fba0ed5020e6477cc921fee1f6d8ad6a80d0947cd6d4a561ced23b0b4a902be6af7ec2d1ba0000000000000000000000000000000000aaf25343063e6581f9e6de14ad72e5ad84309fc4c927ec6cd20cef7ed95157abb19700f0077e9d0080000000000000941e35e1577c10e509c9b134515d3d2369f516a49eeeb1a662c849eb709df5c6ba73cccdfa3c58bc5204339b2b487f0eeed581cb202994c41d322717c338033213c18a34ee0ca2cf61efb4b3797a642735d6d482ba98d252f36c54333aab1aa736369393239820f1557b0b2962c2f7ccb0a5a13c714e0b1a5bc3f9caff3283076cda3d0b1a2905cf7bd04f1de44bc4053dad807970727fb819afa14aaddd51995edcf53b907228fa9e83433eedb4ac88d0285594ffb0d14e71d5c57f33702f22b22417bfb38d04c85a1ceec8bcaffbe800a0410000000000000000000000e0c23e343e783a8c094300000000000100009ae0492e2b408e4921163a65b59048c8baa01aa6196bddd61a4133bce4f372c215997d5415235e4fe70ecf660f24483ec6bc83733db1933a071ad3316c6efb0d360d5266b5859f8f1c71e90ea001a25f7f2ef5f875c418d059a7097d62d54926a1b781e9c91cfe7dc1bb3fe21693f9a914f704467550e20eb8532af24cb8b542c0b275c53805ab71639d582e1947fd6e163d5258926c134e56e5ddb5da740767b95b1a5499edf309e100000000000000344beaa4e7c96de0f448895f58c506e30bffaed0e280591d28e12e80c02381f34492c0f4b248a2909e4800006c03d31f8cdaef929bc68933e0e3051b30e5f1ae98d77422c5308e51cd721a5897bf26e457451534547ce8a3eda671778368415c7501787159c9b59f698e92db7f5bba8d0f0f92fc567fae40447d0f3ce215d989a0a74d630700006f7faf2558ac8e30e659adea85e35eff601b3716ba916a68f84dfd63429e41c7f2bd957a61b0c60739f383cf969c8e0cdc097c2c987a5e40be4706bad515b5b3b0d10000363bae8097a3c0d380f7ff6772956f610aa126833a4fc7c8f30e66d6a5a4f776fb925b0570a577173d25420e6cb2b969a3cfa528a129d7dc2053448ac19973b1b098844b13910785bafb94fc61b014b47383c50c7390230c559778a82d345d6a77e0ce45915f46983a6867e946fa5dd24c36a4e7fd4e6d841a06462d7eae0f23a60fc323b19bcf96b90fecfe879076"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x27, 0x303, &(0x7f0000000040)="b90103600e00f000009e0ff008001fffffe10e194000632177fbac141441e0002001be3e7d2a182fff", 0x0, 0x104, 0xa000000, 0x0, 0xfeb9, &(0x7f0000000640)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7", &(0x7f0000000100)}, 0x28) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r1, 0x8912, 0x400308) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000380)={{{@in=@local, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4}, 0x0, @in6=@initdev}}, &(0x7f00000001c0)=0xe8) r4 = geteuid() setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000480)={{{@in=@loopback, @in=@empty, 0x4e21, 0x400, 0x4e21, 0x400, 0x2, 0xa0, 0x0, 0x3b, r3, r4}, {0xc6, 0x200, 0x80000000, 0x101, 0x4, 0x9, 0x40, 0x8}, {0x80000001, 0x0, 0x44, 0x7a89}, 0x80000000, 0x0, 0x1, 0x0, 0x7, 0x3}, {{@in=@private=0xa010100, 0x4d6, 0x6c}, 0xa, @in=@private=0xa010101, 0x34ff, 0x1, 0x2, 0x5, 0x7, 0x6, 0x81}}, 0xe8) 16:14:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x4}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000140)=[{{&(0x7f0000000300)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000380)=""/200, 0xc8}, {&(0x7f0000000880)=""/229, 0xe5}, {&(0x7f0000000480)=""/103, 0x67}, {&(0x7f0000000980)=""/197, 0xc5}, {&(0x7f00000005c0)=""/131, 0x83}, {&(0x7f0000000a80)=""/148, 0x94}, {&(0x7f0000000b40)=""/194, 0xc2}], 0x7, &(0x7f0000001040)=ANY=[@ANYBLOB="28000000000000000000000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000332ed8cf77baa42aea7e04b079d23b0452a36529875b7295cf24fe815889d5619f1f982e139c73e899", @ANYRES32, @ANYRES32, @ANYRESHEX=r0, @ANYRES32, @ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002bac4a1", @ANYRES32=0x0, @ANYRES16=r0, @ANYRES32=0x0, @ANYBLOB="0008000018000000010000000100000000000000", @ANYRES32, @ANYRES32, @ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRESDEC], 0x100}}], 0x1, 0x2040, &(0x7f0000000d40)) sched_setattr(r2, &(0x7f0000000d80)={0x38, 0x3, 0x45, 0x8, 0x8, 0x81, 0x8, 0xff, 0x2, 0x7}, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) recvmmsg(r4, &(0x7f0000000800)=[{{&(0x7f00000001c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000080)=[{0x0}], 0x1}}, {{&(0x7f0000000540)=@in={0x2, 0x0, @broadcast}, 0x80, 0x0, 0x0, &(0x7f0000000740)=""/142, 0x8e}}], 0x2, 0x2100, &(0x7f0000000240)={0x77359400}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = creat(&(0x7f0000000500)='./bus\x00', 0x0) ftruncate(r5, 0x1000) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f00000000c0)='./bus\x00', 0x0) 16:14:41 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:41 executing program 2: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = dup(r0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = dup3(r0, r5, 0x80000) syz_kvm_setup_cpu$x86(r6, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="660f38816b02f20f070f01c4660fdbf0ba4200b006ee2e0f01cb260f019bafb70fae83512b3e0fc71af20f2c8b0010", 0x2f}], 0x1, 0x9, &(0x7f0000000240)=[@cr4={0x1, 0x440}], 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c29184ff7f0000cef809606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45ef4adf634be763289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cd8e5c39d325ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b6c4a00000000ff435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0adb02d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4a00fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768ee58969ced595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30fa94ef241875f3b4b6ab7929a57affe7d7fa29822aea69a660e717a04becff09000000724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7dfa2e5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca378e676c3e08c1ed43ca8d3d10994c0b58645ac518a75fde7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d34b5457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464b635197351a5ef0a0fb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f83100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa370ac891e10096e7e60fc3541a2c905a1a95e9571bf38ae19ff000000caee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5944912d6c98cd1a9fbe1e7d58c08acaf30235b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cbe7df000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc13c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e89fc745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb4a541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83186c1526af6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af930cd6db49a47613808bad959719c0000000000378a921c7f7f8433c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205aa00b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569ed7aa287378c697f6cafa86966d7ba19e720413268e4770132618df552c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f9360984b5c2d4523497e4d64f95f0a093564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf596218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5002512bcbf9b24accfecb0f477db103463af2847e6ade5b9e065ec0d0ba58fedae5f08818fea475b169469f9efd131925d98c34b3cb26fe26796dd43b87e1cdee39f5cf21d2e80a64ac97e71cafc29bfb78db090dd12225efeda2e93bf7f6ba7865e9c375a780929dfa5a7036f5858e2a4ff8e8d1e8c9cceed07c6312b734c72510d335acc94f76e7078ce4066f1e0ac9429f8013683301277a11e25b248b61180cb6207a0e26757f3f1bfc6c27f3720d1fb74afb17f3b5239bc2243853d5234afb05ed6024e94dee34666c5b5522b54cb433efa54b4e9022533e7c89bdee957dfa9ded9f16fdcd1b681e4c72f32fa3334313e334cc140daec7dcb22f463457a1a5ac230bbded86258206046f556589f5627ab2751eb34d940519f009412098398ad822a8509d2d32da656ac5935e4c7f9503ce4daf13300dfd611528049310544d3e8613926fbe2647e258932592c9123f1c74023144442d09ef90c64950176c666da6b658108ac54beb2379aa70501c42bd9c4e4f426ab5ff2a33767b408ed19e399c33b52abc4ac24da0d4cf07d93029583591c33f0f80513c541581977f2e9735e1edb66fdbbe22eb4b0b670ba74fdee2f1a3cf85777af5d8267acaa9d83c23a4b40d0f53dce003c03c5959e405fc4f2c05d3394f014a39caabbeff7c7cadbdc57def7f5f758aa46b6e2fddc779770d7e395c4ac2a136a30e7c0a301dffc5565d7244fb29cd302c36e76221a3c4e21559216c078f06b0b04fb236ea14f9998776a0ae88dfeccc9ad64d2fe3cfdeb9684b7b7e5c00f7323f8214ed0189539e0e3e34c8e542c82ddbd6a75c1adbedef4d5d69b246a5a36ab802b0161908e748ed9891678c228413bf51b18a25bf776b9d1f1fedf97cf5e7de4455ea359e5796bd60cc415066fc271a2bdb7db13e72d1a99b375f96c4b5aef874037faf6a1d1aacf46a57346d000000000000000040c1051e444ea35432e022889fde59f038db4f83ffa3191116c7ba9434a7f758890f27b3acb915a7e5db2149e18c51b6db3edfdeb2ac8fe038f7987c5b38f206084bc5e8243f73e152980c414558a1f9dd35691d7f51f182393a434ba11112d7b3bf20fb62dc263b68149d8c22eb700f1e3b6ada85d949ddba3afae71082931899d138a2865685cb0d7e231838d00d1f1f104ab37b2929017a1d08f60b2cee3a49ea82b54244bec41e289ae1d7d578eed068912e2e72ffb0ccdacb8f459162b1338f91f247a2520e08c880463af6733fb1eecf800b7d074b435f1eaf608f34ddc421dc910fc282cf71114e97e5e4ab11c12c81502fb679666626e0cabdd23e7e29b4070cc18c24cf77fd9cae782eb7956e80abbc7da288a8be5869230fae230de433ef97c499e4f5ed5636b0bd0000000086c970de845572766c4e1d09154cd322f1a8c8ebe5a9492e7d1486d702018c"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_exit\x00', r7}, 0x10) poll(&(0x7f0000000000)=[{r5, 0x5000}, {r2, 0x40}, {r7, 0x80}], 0x3, 0x2) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 16:14:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 298.482167][ T9436] overlayfs: unrecognized mount option "subj_type=" or missing value [ 298.495310][ T9436] device bridge_slave_0 left promiscuous mode [ 298.501816][ T9436] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.511026][ T9436] device bridge_slave_1 left promiscuous mode [ 298.517977][ T9436] bridge0: port 2(bridge_slave_1) entered disabled state 16:14:41 executing program 0: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffeffffffff, 0xffffffffffffffff, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000004140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r0, &(0x7f000000c3c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xffffffff}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f0000006380)="f7709f77945ec10b4eecea480cce6641402373da5e6d7f24014f7acee96be0135b59ce90b463223252169e036a4daf3dae250a1e6de526211d43d9512ae526730f553268794994fd54868ec480d09862b687b463a8fc5058903593b9bb4d50879635cbf67a9e7d1110fa0e8ef89dbd2abdae33183737b8c0b907f5cc74ad6ab0383f8240e091417d2816317f40abb64224f616136f93d932f2223ef42fa3c3155d53075d3eb1db73beb32bc364e3fc246d3dcaca2dc91a634815412bae915cdb1a6da7884559403b545235541ddac97d7b1ea8135539ebcfac1edfa2fee8cf78bb46da7644a8f9e42ae06ca7a188b83fa537b0962a10411b67fc4d7dfe9e95cce2aef82e75f4680b8ff9976b6569523b72a86bd3a8c96f30e85812fe33a610c2be0a3c1063e2ee864c6e8bbf331f2768accfea78700a7321e4af2db46fd162457e439369da2217992b77502b9b958df27bc086369963793854d7f8b00c537de3216898b8f2c1dd925049eef1ab57bb6f63b2d88850b49b3c54d71f545afafa16bd2d06ae501344987623890fdf9ac04b179d2131070a34cf143697b6642bf5da67437aaf5e78e7e6be85e44ad7b265d78d2baf92ee5ccb0a452eb32fb3fdd1a41abf3a68086acd20458af55c086f77c30bbbce4c19542f92ab1e68393ffa58b140586b49761aacdf6aeb7682561f01e0869f503c4a161fd405046d3e6523bd4071c09b7516e4e784f4d11706f1c2eb170e735e563c43317a5a9afad28511163cdb63660beb699f7b8a7eaf57d48517974ffa766fe8deab0cfb11562b9c281bce2493d08c40a259e0325c52124e303064c6fbae2826355e531543863030fef484621a381a945b6ec7253e20047e7294bd069442f72672e6dfe1ca17d75d8c6b16c931438cec72e6ee53f3db89a10a38a93cc84c7393773461db5074b4f5060dd0a04a069a7a9b078856a3fa1786fc8dab621ba622acafd0781b523ea097283afb0c59222a316c6ddc0554bcaccc70288e524ed7719fc02a86283b57690a7320af028efbaedd5bd158a9dc9ea8e4f53c7da7566cdbdd4f4d9f01a9dfa6251a355e338efc8eee258add8731c7d22161482b7e3c8bc83f30482f9935fcc5974d9d0685b5fba3b07d7f85cc8fef18ac4e8e915b8476bb44d7384c996921ae40a4fdd2dd2a70ba17e1c2d6ec67b8f7b45568c105d52afa9c82bdc1dc7fd951b1e4fc1212bf29231d8e41ed4dacafec9a823a672dceeee0e4048b5620373c53ab8f3553c842a5a6d914f8334d6d8a4af785f418e6b4aab3965f94ca9d80a74a5a034fb6edd0322696aa1060d82c7b104983f8889026819ffdf3d45c604e53066b03dfae13fad499e3894120c10944eaf752989daee4e172decca9c2b324a817a7c787e6bc59fc2884e358a1a9b14b3704cabe374d23c002b8112be68f409302d3dad0a4c02105cb54c4350c24e6f3b7588bf1c28ae321eaebb930cf0c3b607acff20663eab8a593320c518eba8f9205350f11a9c1530115f7e00f2aa335c92e1305ffcfeac7cdecd6f1b6a33710ec77ce428484712d66bad137b6c8da5aa51d1b7196d981a14a40df8406b292f385cb149cfc0a86701566674e089b88487f34fdb0bf16ca94d9da4a837f15d5cf8f11d9c226844d3eb18d848420f344a3992772125319abb641ea56f03fc626f092f67a8b6716b29cf8585cf5fe25a35f5dab0e3e075ba3c84116fb6cbbf99a8153d179ffc1e64356f1fa0bca6823ebd8e1a176636962cff271cee5c5bafcb68fad4921e070c4ae08cd8fa0b94534f11e66403d129a5e8253bd3a9dc09a8189895819ff618532bf6743b17a243d515e63868bdf9287fd1bad0d525759953624c8e82debf88159b2c22945535d9379c911f89c7856be1438bd02df70c939b80741ddad245082a72556a2ab3c2390b84c17b6119103a0b8126dbc55e05b153ef9a12cc67f649c14160c698a7127b39fe88fb91d19b2a381c08114c6e3e6d3d42b77602c838c421a9a414f1eb182d0197ff67dcfb5d79404afbdf9c96f475a0d5afc9a4d7cdad458eed6b1de6c13b11c46004243db779e7ad6dbbf15e69ee34bd2524cf72e49a5352992a9251a86c3dc30d7d5fe61ae538928e8fdca0e04fdb5917523d8266b7b4f1679a5082e798f587c5ed9084c70965e94e12f643ab0191e606c2eb0c3359a2b8504f3bb2e721cfbcfdd90c31cde10992c9400273bbc45fe5ba34d7ede773036e2fd1fec1f001c495accdf8ff572de3eb2aeebad29acfe3d2b1448fd67368d0c37f8bfbbf09bafc8f99a44b187f4f443c82b21f66f722fb59f40ce0f9d83c52b9b3358a80e102b21795a1cfcb986c787ccbb9f9c96c2b66d2f7a94ef2c2a5b65d5c2970ba6f3107609f4a67432835c2ce1682d260f6826072a6b6d4b113a5b06311677ca01260f3567ff1ab6be13b455f93916906273c5430fcccb57e0d78224ebec422763ee3a6b94528749a7ee5f70c9036cf3a99a9c98abc0e8aec18733a0c7da76814f2ff741582a9d96eb798426065764fcf86e40b6490f545494b48749fa8d398c5938d6bc7dbe183deecb913ef4c61aef27ea6bb77c23af09c3dec453f01d8e0cf1a3df30d73d44c4e147d9ff2853cb05b1d9fcd2d80815016f65368c477f3e8b676ee1ef5b9154850f02951060f5335d7b8b1c395151b443130d27b4aa0cdd9c1badc38e1825cbaea22480e1d8a986b001a4464fea618707f43bdf7949f500f3f9293b7f7f28170d45eb3e9422d7a107d5dfab18b8e7a2cbc4b42a818384136a49a021721fe07dff4fb2f26e74ee6b5725166409d794c69a1a5b27cb6263c387b81612add3c9e9e509845843a6ffb2250d37c365e3f57f0ad6e908fab119211e7679b41c8e298f9e85558be25ec0a4e6c9aa3d523ef3771971bfd272fcb736d10fa98a87b78c532fcc322f5e24baa21f2a3c84a90ec9b546869400bad19dec3575ebc69c8e512210b81667ed3cede89d10ee5871a6fb166b2f5c96f079cd5bf97f41327930b210627106c4cb6d77e3793b808c425b8a4118bbaa2d1a1454b162cf9886ec17e215d12223a65348ab33185861ab1f3166a4a925d25a63def895a5b01deea11bcaf17c79d27a922834a32aa0f8676793c7257e44d3f7768de19292a385a7a4b3fc992abfb9f8f3ada57b83dc7955c0b2edef1a8214dd8ea2cc9679685137dd63f3918020e2e2f38602005a4a6e84422867b9160f65e92e053d0b58191eadcd5a8a69b18e3216ea63df3f31869c81de88fc75a1d9e15cbdf8d68ba50cd8dfa55259aa362c2615ccab13489844d5ed995383e334074f561a4a67e1060e64a818fc96135d34e604cabe3d9195cf1283725c7700e397ecb72fc8b36f38cd0830b19b439101e4b3839c48ddc95367bff87b888407a517f94fbe58a7033db1123c0a0074c730e34ce821e12f43d84d3b4f0310c6ecd8afe7779671d7b825bb3892825c762b86f0ffd182b6aafd477fadf0c7a931cb61e2b05fc11267bf0a9882e7c2f8e84d3480d9e4576cc03f0e1dbfbef9f66840ad37e76da3ff8a419730a0076de67e9b913f03f5b637287d981eafa1223feafb86bcff5b2ce987f6fa8386ee036a3f75fe014ef90b05a744e038c43766b5fd552e66b9b4996f774988d2a70fa0bf05fbc453cc4fd0ab642db1bc71e1b63919f3c49254f177306f9b00af5782c0633d68ecb85f93fc1afd8dee3dd1ca8b0d7ba0ea463de0b6e3e05c080f832e129cec16853923cf15f06d9a38e20a5a6fa5125d03c1b72680547eafd9fdf246af08dcb4d4d746577478fbc72d7a36bb4bd3b5ba4dc5e407babfcd64b8c413d7dd5433d6a4ee17d5b4835a74c81414a9397d73e15ae387f04a5012a37c88b226207aba933d68a67bcd38f5e0fb8b24c4434c3a0109deaef4f9ab1d230ea6a4acd6db0c3962d0de3bb64e33a29af8dcbf39d48a27c1649a66d4aecdce2db60c50bcec31677559369184608db197f2ebed81ca8fbeb9d2f8c486ec9839e765df69ea634f2815e75eac613febfa26012767c28eae207ed9315bf19c42de9602f44f45a9cb9913a67548787a30c9e56f3399ab281c537751a28d98392655a60ceb9f2515772d2f1d5d2843952312e2a59061b60f128def6795e0c8eb7b12a710c1afacc84f498a29d683d1949c17f3aeeb8b9a32eb10bb242d61a2db5902d592224fb8e1e713ef33caaec6f8516333ca4886345555166e91a6469d67f39241d144c6457c0f74c60e662439281a660b3c802eafa5825fab36b764d4753b33920dc72ec4b7136be556c7d0d528eef67049f5a7bd9cc7e4e94a4874ad8d06595ed38a5f1cafff1018c1351d1d7eab144edba6d4f9eeb7924a25b9f7a3eb20984919d9ade66a18c33f92b65031472ca657a724d86053a3fc60fc5502acec81822bc609954e402a406081cfe7931a1adbfc45a3168e30a451561302a131ff702b4d6c5d3603ea9d1b54c64aad93407e078d6b435154236ba594e8d2f798bbdface489b43120bc0bd7e1bcb6658c2c192ccf18f278e9c5bb14dbdf1a4eb3412f9dc64a31abefd79bd7c91bb7297c9f694840a75cae5d3482d15a2d148092a6545972b7f95a23206bda509260bb370a012b744c2bb46b57da12367d35e778b7d7f463fd8230368b5a5636f28e2cddd03c69adc9c913027a726130c95d818fa38ca7ba8421d3fcf0736cd3001ffcf80701cf6d737cc3dd8f905af39fb2806d2f22289d0001c74eb482f4faf0a1863099cc1b236edd1cfa206b21a2ed86affb4e6a3a4dfb54fab46c8c06cd3e370b50e08e1b7a08864269d867eba5fae8a49560e9479209966002c09719ab8ca58702bfb0071d3859df0193a956ed4d8ad19a2c79656c6dd42eb5a44b808df394333683b605ad0cf176bfcfdc89b01317a802cf0ab02fc3673822b55fcfba512792c9e40a150cfae4dcd40b2b12296ba95063a2f50f552b4682c4d461b1efb7555816b5b836ff0319af6935ae5b41e67329a7b21da93c36fcd87cbba1653c0d00077b14cfcba24f891d62219c157b6354300837d211fbcf1881f5e98d6195fb782479e106c072020b56285107e2fd7947bc64ec9a43a0b239c140ec0456685ac3eba988952e641d2eb16cd0132d2bb25576fc6bcd5e29eb9da2d40e8b50776abe5cd7ea45da8442a311977c51755015b3e4995739edef0567a3f169e980addb1705224175372339de904eb952e13f648449722258fa21f7e53f4a1956e8e9a39dbb18c6d2d10d9146358158a0ab7ce3f54120b705e1ccb7a13fb7e9103d0b80faaac31cab07f6d2d9f668c707b5e3bdf259923a1057816a31e8c771267fd974193d90e1a9837a987d9ba52f7af599c1aeed13f6619cc0b334396b750c9017f84cff56c0dfecc12faee59e37cf7d44575bb448abb19616d4fa79f4fdf96631328dd0d0717f12b9587d76b577bbe78eaa7b0acace3b79776b5d2e77942c57745e347ec766170e90cc66a5191bff3ad49d423ba2817cf92be74e653cc6274a20bade324638d57a27f2fea01d4670bc1ad5ec4d006492ff5fa616a0010be824766f12acec9b26a7606cc8453382c3dd1f5f5c85354569123824002c44d0ae4cd2e1ebb4e33e3d7b69fe14e05fb53af9d66f53990a830120cd618cfaa10e5f6deab4ef4522afd380ea52f90b181fd5b538f424900aac643d118c33dbb6ffe0b2428844f51943412d8fda4a327b71c814cd6345b3690a4716f04fc7323ff1af08e82ef5e571c9fb0fa9b22af40948febda32ea14ecf61700eb02967d09bfd078ace6cea259952c0be90fab1ce841f1022d2da82f173c580d43effdb424b1729aa9fe40292c082043a7c901bc76426ef6e3de788db31e50f54458ca4e360bb803b48d5a4be50724c1f48b504b086d9dca3ae74eae76a1849d14a4074f389aba805b793f9662f072405026afc3ef108ede69dbd2c769886dfc75a9a2e093137d92b38e34a050eca73cd3067d56dfd58fedaff2857e720b09d676607a1e8eeeb06b26494cc2b844f5e856271732477f384af839e98889d5c9cc28651f6eb74029f839150f947d180e48776ef1c829509e12016c6d1b717713e6325751a944cd259b1b86b1f5e793cdb55a73784498be09c2cebdd70159c77abc7c64af2e2de1a860a3e9dd8646b7a6866e1891fcf97a2b3ea47c0c57c5fa9a94129c2e27940ab9fe996eb1813d21d48fb6dbc9b8071c50dc26b4ed21588211fc5edb1ca873c70b606678ae7de9c10d2d083f372421a3038c592a38aec69020862f4432ef9ae7f400ed53b44bb58e92b022ac8b62a6b459337af339dc3346a809b715f9974d21e606244d23cf4dcb0956f93c14047243172adc97a1fed868bc49fb57ecc123425a21e94dd5b9d1ff52bc45965a7be2f5ea8218750e2cc8f174fbd2c7811742f5f17fa1f954b8423c403fd2e4e96296e37e0bfe2edd52e8c3b921dac771c61524455b401017ab5f655eca76139557a4a87cc30210b052ae17a5ca8b634322657ea4d87e0da2392c470f8951ac0560a01b4d0befe632ee311d0b87af31465d6cf7854f5738cb5debfa1d7381c74f45eea08c06d4ddc9e811d1a33394a35efdb7121cdf5f1603343df8431c87718a5d4cf3b2e593508d8b63f0d1e82f9ebc40d4022ba06327cc8233f29c0995da512b318bfa212e9582cb880d9bd6a02050a014294ef321bb2c65e4638a4fd2c8c27fd9ac28c9e49cdae6dd9eb05dafb38a4a003a56dba826e386f5fd3ab0d54b92f53ec11c850927fc4c5b669c67505ce59306ad86460b480b711d4b31c512829b7037d1c45b5b84c0be40a038b5e975c57c860476318a22df2e4f90009c38481e519b9511e54dc59e89a6593bc53ae03224466513930c5ed3689793f00be192a58a919db9ad1267962c0ee60327ee710accb0da037610ef8aaff63f6582f691096fbdfb1996abc4443cd4ffe04fcad3608413044b978d86d3a18bdf86fdb70cf7e7bbb0e4db9d36176d0ba8a4cf81369fa84ee55466df70e6d4431a873000c19bb5caff30c01c7f7f928cde86bea5c401e525fb8a938fd016bffd5c9d52b279e867bc64f575b80eec74e7f66fe92aef613636e50c8f32831ab4b7eabbc89ce6d7bbfd03b6b005e0c5ba27268369f5083b2ded32c1f9e8cd73a1daee26cf03dbbf9c476fd0f14935244eb7b544f8db1c19d8a21de7e8a88f540e8949f721f20d7a47cfad3f52d93c11a796fbe9fbe415194193e5c70b33237f70790905816b856c252a30e72c081a8bac6a1c9fd2c372b9f870831d6ba6671fd8684f25e60cc7e3a1a02ed5f1a4fe426373bf61404a68571e93f35659b6c37f939233ca6663603b053c8fc74da84dd971b9319a1260fa2f5d66609962e93f7f33a40b22066b86a74fb38bf1444d025f27f14e922661471ef8ad503e97f8e7dd6b9c9a420885e519e085a1f26f7149b82881908021f601679f79c944549bcb431a7d2b12f75aa54cae39f9caafefc01e7eb589d2eb574937abbe18b419d7d27309acb330293456337cb9d753e08f7b890bbf76c4d6ef548bc3b5965302bc65ab08a2420527c1ad8be374cae7cc858376219d39a7a6d58c478a721678e789bcc317a4d1acbf47870a4802a07ac0332f7fdad7156065de511862c2a076e264138b98e7abd1a2555ef2e1ca44ee68f06725508891051f6bd24479a616606024841c8203744b999868b9f2b3b5e8a42f454d25fcddf8f5569594716a4022c3ac8ba67115b93d8bb50684b0fb100dabca7f6b7e29b723007776435829c6f21223d7a2556766d198c76ab6cce3b6e6da5c4d14a26b7cda1cebe6792ce4c1498fe644fb4408189e472efde923506ea4d18aa3284ec311fa942dfa5d8b939e509a10c69461993cc9d3ace2fef29afee8d0894764ffd82371d5ed363b5968447ad3c0962b86584cc97740d7bc3838ab1c1b0198ea830f122b200722d3c2c8815a2a5f90382e1c58f2348dbd38449e28c67ed85f66ea3e383b91c782a4e77ad4aa538db6d15ab90dd464318ded6fd293a1b0279852335e3c94bcce6f37950fb23d96f84465aeaa8fc2f71ce61a1416e579399c363bb37ded602fbea1ba5de87ab12bc7aeb5c62f026f648ab2babea2517c3ade2828109da58c010e6efef544088ba412ea57d3cd4fad3fd85b17e386ffc8a700664b2604c8a71c011e894ac03a109d9ddbe0b6d625d33d7d16fba5bcbc1ee1cdcfc6a475a23aff414e5b4f83e9d18e10f9e6dc49e518561ad53a110794d2ad9c7fee95a03b632b2acbebac42c996e1b856b2f18a2a3bf7cb0726c10b6aa3ec2d78bebd26e86ecf78b87736017cffa7d654b357be120985c553d11dbc932139ea6e1efdb7ef34598db568e66d42429e414b5903ad6e616ff7faff6ecedec529cf16b280c18dd4c3c8cd5192f625965e15c29104855364565a4a52ac5ff78eb31a6e7602e84226a87364708c2a9fdcf2f66f5dd0951aacb7b6c8f9bd0e534ae44b47799cdb8f683db5a3258d6f1943e04e59b11fbc6f57d16ff150c94a22717c1b483ad064c25f09022cc4ce09e76fed2b2ce84e9a50623f84cb013d00b8ee3fd2eaf1ed84df2b29d3119865f5df8fbb6d7440ec6da33deff5c60f466f91959c0d7c7800937cf59fdc6e2d53e809a6f6754ed545fc71c42a95d198df6329a3f32ecd091e7e643727ee34241b9244ea9a2118ccc6d5b52f8dbd61dbc7a4b65e8a4b0e937669a8a6377022df74ac0d2d42008edfa83a71c2e14c8cb7f3e54612cbe5b64b31371f445ea6235467b339b285bffaad0acd9af5159b84f58a3e0230a7e6f055a016a0737b893e0d1b2dba11de53529c825bea86a455bba90eb4f10ea5425d498c18c0bc643a5bb07491a8b6d89b1c92329aaff3a9cb9302f81100d97b78a09d1f5c512c26409796608b77c969c070f6e55037c97bef2c30ebb373110c2356e0663c0a7010d13f18f9b7b1d4a5de88b110efe433a5dc9dd03ac7621a6de39584de91e9b43c5ef4cb435eeb45b8865540355030acddeaf451a453a0b0a76cb064ea1e939dc5491f2c591973c741cf1f73ef4451a1b43ed9d9e0c7b126b869e7cd326900a470dc08a15fb176346f7431dadd6b820ec10cba33d7097ebac9c1ff147fe39d9cedad2828facd8c37cb22a8b7d55b63170f55ccf45fc25715d00e7eb7c3f32c5a7dce02bb07073daa170caa4813b2102648cf6a5bc9ae5ef3fc4c6240447190340469cea21650f79f5ff0ab60e6fa8a30a45f29ca7f4356c275ef4dad63b07f73cc672d26091db75eff3e19b51272b0b786609333f6580a3ad3c83673df3776d04cd05fa86b7b8066076b71377580d8b226d9daec174cf2a62ffd48259ca04821e949021b3f540b5268c794a5314de9cb143dafce0575c06750f0c125b507bf39bf0abfc25b9bc39ddbc4450f0f3a70c312905a5c2d11f7b39a3cb0fd08be6f8b74c5d74fdfb0477c942caac42ae596e0aa36db5f10e1571231ebfc327e5a6111eb2f2a0e1be0b0752018973500f1b7c832cf36078c24717f66983bb72649829af53389e89694bce146f8cb358d7922ba07dfa9da6fbd65b7f5159010b1bc6847967b9eeef7c6db90f48b1c1a7ab63481809111b2876c73c375064bdca8064ee8d6d7b3817db8f5dc82709c586afea5850f415ca7641b5e6f45ff93b9dbc2f62c40c47dbe61a069d88e3664c8dfc9be2b35f8896e6d5c8a35b864b50d50364d3cec828a4f7dcff3cb314c9f7ab03c93e1fd8c5bfa2c303d76cb0954b401927a000babc400497d3f3a37c1f7a685ecc12b28db4b9b75debccfb132a4bb3b19ba91a441a94403eef6ad8222edd1dcecf215580296020731cab55029a189561499d34faef21eadfc370f98872c2192aef73f0cdf80de61cc9157d1e08d7153a49f7d1151fb9f110febc34e760c1afb87eb36c9df1d6aa047cb655b3ec5fdae8e2d93861070f98bd5f1c53c26f07d7c43cb295440af75e87671a552e39f9bfe1853222eb8ba0c8013944ee61dbe21281b1d4e3ea3dc0353d4ded5db0128504b97491353120c63bea1c5656be047a77bebe93efbab10375cb0946624e076a93a6ffdc284f4aa9fcf54ebda3653d5abf7da76f19c165d0982d48279ba8ee9f33b2fb060491aa26517e39f2cb4d4ce7726b249f070aeefca6843a813026e45c6ddfccd1e0b8883a7170644c43b227a2a3c03cbd17b8f3dc0910685169ada487a72251eeb6e6a1dd5661294337cf4cee2d74fdfbe00ff6d07847e63880059bcd12951e8b649cca1dc6a355a7d2c26ef8cabd467b21d6bbe28b108b385ffff7304d96b03500c912efd2af7c45f81f5f2f0e3357ec7da616f81ead2f823a128696ec7dd65a6587e5ecb56a8fba1bdea28909da5e085e164b046310182fad711d4e46abaa61281c88c729810c615ce9636b5c96e4150e2fcec6c111469ba8b0c010963d4338fba8a8a080e384198e1410af15f7ee18e5396b721fc331860e072207da236b35dd94fa7dab288a114ea46e754f1d0b4bfa1a5b216706652e52c489e9a3a1cee8ab4fe5d416ac22c2649673715909c27f31684f6e103913bfd28e02fca507940b86405cebb8084d1c6532a5508b716070c67ba544a1593895f4cc1a8d075415feb69d50fb674c3a89b59f80032cdfa8d1181856817bb16f50bafd0e21aa656661bf3b6bfc207a7a645a8edc15ff1cb706b6292a3263ef5ad1479338f59058d08ce76dc801d8e11e280badd5a0c0dcf1c6285d95cc087e7f0dd823b6b7c353d22f1e7ed03c1461cc4c170e33cd06c45f17fe1af233cca638611449493d533f701d77163f6784202d995e17b797d4d2f0d87d05a00728e8fdda47c70ecf919a2a110371da3474580720e8eae934888cf84f1f1a5530baf815e7c16129732ec4af417c1be0970b845dbced563f00a86135bda35c525aa020f285116b00071858e6eacf7b124b635ff7b62410e8c27a4c76adcdec10f5180130e8c554d2d8038677650171a2f6c3da4c04e340b48df92cf41d08a499f680a2cd6ab099fcede2f8b1888aa052c7f2dffdb203e19fb1e2e6237e19b218740c89cce311ff168437500a6eec570780938c3291a19482656a8d53b19bde3d4148bf1a9f2ea67ae835df675662f27b5b6f5e2652d0471c81740acef306d9605b4ca09a2c4c0f3f8063b6fa5fe01109c5e348eb318074785771ab2cedc48d0f5e15b3a368ace5aea415aa2d566063f25571b7a218b9e95117aaf0a389284e763e448c88b49205392fe032ed206ca8e27fb1c65a72d125cc860913dabe714be1a2a85120066cad66d53dec9a30664bfdd33e25398199211b15fe0770cb243bee320e95e506be4617c3e5e6825342c769bc1da3127f8d34c922f60ed2727f5d9209fc28099ec86c29572fc7159f6ced79b0a2a2653100230a55f7a578e2f1d90f6301069ed04106de45b976f2aabe769ed17d59a53116b74fa2f598c0d1e9919ca8d9cc21265ebc218ab9808b094eebd9a48d8349cf3faeaaa7c8ddb07f6eb874f70cdfafe050de69c6e7da6c8d2f71d581d6c604f4bb29243e9d1bbcb0890b436cb43d1a33c4b96a08af4137135a8c8fe74034dcaf1581856f800771", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(r2, &(0x7f0000008380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2000a3a0) setgid(0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006380)="7472a8f56052403a2fe9cc6e9674085b0b80a45a7f2ddc912a31ab45b3ee8875984469fc4dd43cbee604e3c513cf1418502b2b6ef0d1506be31d6be445e16b88ee2b04f32abc2c7e4e024ac3cbb5125bd7186974e29aae305bef0743d83b5bf035948c3bdc50bb5fad214d525aaa9e8fd604ee4c780f1e435819adb7a898ab0691a37e049420a9e942ce6633d39962aa767cefbcd4634c1a461b3b11dcf492fd26189f0bf48b5456c89374f725bb49b5b8697300e41697143b506685c1eb85224069c0fa6ddbac3528a639d8012bbb4c3ed920a9d01c95e86fe3d16212f99eb3fe38b0fe141a395d86bd3cbe94bb4c13b6ac703fb2f627d83751d978b852d053f5e91471ba78f4b002eaccd14dc04ff3af84f8c61a5f13f1ae6f666fde3c082105f90f822f5a701ac29eeef671c32ee53172729080e895199db01f314ac57af3adef76025e7a99845da1874a9179694e6ac88a5cd871feaf086063244e42b6eb5f58a196099c5ecc3f044ad54dbe23b2e6d46c8c3b11dd2f2628ed5d3a9920bc6a6eb4d97b49398987b2af95b42e7cfeb62ac3b18e048ea200021fa14043a03775a6e4f9e5440ee24b55e05618d485cb4a9eb5b0ea75ed16ef91f1fb5e2db314cff2c5dd7b6734b87d87d0664774db37c43328923331783d3d071bceee65e3657c4d3bb1a276cfb3e95e3d3434104759c2f73aec4fda2994572215f72e64472947939c77017c1020a6d3febf090d44e6a0a506708e4b15a4bb7649ecb0cce381c84e2102003aa740e9ad7a83fd24f0a96fd90761acdd2c01183591f9c9c4a75d92c2d0f36c013d5eb9da4ee689d2ac6b4bc1f31885cbd6b0325b669e3d7dc0dec012beeaaf18ab2e98d4cffa98579ec26b03b220c4e62d88feeb4afec3d634bbf750d1b96177d0c4340aed002c4fb270e796dda4aacbb51ca6f397f57620b76a2aba1eee6dbb83dca44ac5ea57529f774fde1bc793947469d25399b99174c4ba5fd6d99101a6d49b383de34ca6fdbd8918bd3f3eec99aa8cd12a3f78fef27b6cda4238bdb2dc1bbb0ca33bef68510f5ae16b0a0f15ee9016ce25701928c60e6d7262032e78a331f227cc1a3ab378190092ba94808e99914b700d59bfab8e2f8450609f734c3a803d4af44f4a176c19225ae8f8f11f95231723bb108d7c9cd7eee220d71c7be53bb2bf54f425b415d75e09020282e994d974b0935307385a25a1555f33ae90797cd99afe2cb35f8c706f63b8d9d94ac2095a9efe44ae36a178a3bb7b85e27a3400ef27ece2bbc1f1bb662d69e051a2f6906e74543c37c6a7425f605d993b1f445012bd2e3d286ee06e2233b417f65f6c6a8b3d086f142d0d3efed0f0752463f260b46d1c28e778b526ab8fcc6214a3dfd6fbc3259a1ee5c7b928f8cc97ba882523323f80bff3a77af132979ef3c6c2417f1cbe2b457b3308888501c664f05323d1dc6caf7c88edae91580b2713eea366ba218419c87968668ce9f358970fe8c2510ed34073a03486c5f4b879f3d3a5c478be4466c23eaffbd1957095999a68ef490d7560ef449ec4f69ae61c0c26f6a57993d5d54c2389fc3f1ff2a57a03fff9b48047ae535c147d41c6465bcfc2f9a51d374fe3eadd80430e38be84bbd914f102f307188241d2274be77cc3dd32bfa6361925b8e5ac80694e4d29fe5c4c52df554a48c33ac60a72138e2153761e06f5f5826e24cd7ba52fbe2e34f19fc60e0b9a03600d02086bcbcfaa028310390b917b5ea0b81aecbdac701efb6086c48b74a30b06b126c76d9838a0bed67042853d41ca25d67536135fe51becb58c6182451e246784169ccdd380d8631c8df884c88ca32f05690dfcb269f12ee5b915957801f25e68656e7625f0a4a7329784a9924f223812b97192aff39f36f136a5afc18084617f552a8fbf56b3007aa5af89f9051832e67a180bac3268fcea4b85ca2898a15fef10009ba3fdd2d98625089c9044258da06dfeeb44029126e6cf1cfd7ae3672c9e2e024999656821b675da6f370826ae17a6ffdda9152d0754df5818fb59f66e19dd9ac157c758502b8146e02c5305dd9bca7320301468ed5502069783ce8f819bd72c08159f21e70ecaea8918653802a4bc39aae46f8b2588658b6e0c81a24b8273dcde78139e88dbb128ba1ce2185f43e9ed6eb0f798fe57119087d650fff863ffe416828118d004abebcdedd15c2cd69843aa0cd250c8d941f1eae47dfac057ece2c2235df8bd91fa5df56b74c518f8864b36304ee9713fec20a9cdc48ea3f80660ec83e18a3d2ab8f9e72edd3eafa7fb883317455779656af9d25bd572c8af6f67c69d043e8f10d9efeb85491dba27687866278cf02b71960ecbee9e18650041a184b038bb0a1ab975e0753827cdeedcdefe1b2ed5febb51dec9b9447e879e5c44c3d343fb49147bd6fe918e2ecbba3c66970177b9fdca2f803f95ac9bb330f8dff062f65bc4bd17fbacb5ba1e736c785770164e5da5a3e8dfdb8c0b6d5184e68e60f5cbeb4e02ba2531a525a65a312ef3462dc63c9ce428040810662bdb9a0af35f813e19ec747518857c59bf23c5dea413d5b1b6096fcabaf767f032692fdf040f7ab6d4d4d9134c8265431db3db44a98e33425958445586d199777b763fc0f3e36ed00cbfe281725deb97ea65192e1ac0d19fce3fca8b3a3e055344c2c543c95cb3f0a973075defc15fff057731bc6b1a2f8e332349266e67ec78a7852096df9e56cc3423c2f63fa01a10d72a1f72d35177506fac41c0693661f99aa723196c9e55cf2e50a46adbd7cfd1776401b667f1f53c40e6959946fe9733ee1ddcbad80a95d3514023d3cb1084ba3a3c212ee324f2f31d4293d914768f1de6bca26fc2f0d57f6f141b7d5816e4b2ba85f883c4387623d3402d5bd2208a9b93c038cbf04b0d8516671d2b09315c1543c7a50d2a2474ea2b6fee7a0d9b540cda5afaf2e7bab2f798c4d45954d25da0f3d7256989e87e05db5d3964825804088ea026b82222a1d1ca35096d10a2b3b1d6be5f2c2ea4db06cf64d1720848aeeb904d65fd459c41e96fd2ebb6582710617f1b5b09edd52e04b982b5f947d43e5ac05d64137f8f77274cc51ea61bdadcb191a00b6bcc0fed403d7310e29f0d65a9b4cf31805e5733028e99643aa79814a0a941a2ac4d84e3ac4993ba9d3d37ad419926d3697c04f633cc51bf8484cb48b4ee16865521ff9786fec3d6319eb9af9c203a7dc3b3935cadfe37fb09ba8aaeb7ebd599806dde1faa7d2b66fa47115b633a58e13c47977c726de8bb035a64afb8674efc9f63f2c3c782e1969e6a9eddf7c974bf85fe8c1bd0aee986e927c356728047d35262fd09109c3badb335e0ddcaf277bdb4c97fb46a54de185e96277daa62bfcf1afe4fe9de6eaf5d0e752008df8d70c8538cb0e2f5f243daeaf785a16d0e562c09111a4ef7f3df9da5adc01742cbaffa5f18678b02d89296017cad175c0d9ba10ea2b3d2d07f901ba577b5515728d060ff4f3ae0f9ff1ff582408ba5500fcdfe4c4030f6014258259e79adeb59636f846c0801748c2051f1a95f9c36b3b9cbe33f83ab922a5715772dec7144f0390eac66f378cccba9c1b916d2b9ca87c73fad51152be4cc5a40f8643f1b83485f0eef051ec3ad4dfa219541d117e2d3c83b0e482e3cd4bd5802820102f2979dd64409d5a9f8c51407a6b562afef581834eba2a2a9f080381242c29b60b6e03d2f22b69543387c7924b8b905ca1a93974feafb81ed40a287aa813aea7f21c3116a9a8bc0660cd400468bda663fd1364ca6327df378009a0e64e0bee8864c917cc8094814c4c412e7bcc838f1780a610a19f1188348966d676012f7185a80b5a6fd3454c43144849c0589fd2b472b66281687fc8fa32b41af5ed191fdcbef76359e74cb44e8811a66d32d0e7ec58a0f6b74be78724136052d0ed54a387e9df7f6101dde63cffbd3dfef75bc9308c823d590457a7976e0b8093eb9a3592338627e57f9bf0ba9482d7266be7b9ffd54bc2d8902ba3d890170f7e1b5bfd2787f597cfa9ca58a4d2470a00e178607cd4aa685b35d992ad5407fc3d7ded7541c5e8c7852b1af5636069e7f700d4b7c250e6ecb13c9a2247462e3faa48ab20117267dcdf03127431969b20f706585944f2eda2b5f673aefb229d357e2dd2a45051dc900c065b87c8093d049f7eacae5abdcbf11c39b5cab11cdd4ae22697c6ed256d55382d7a6e202fc00c14578708e3fd82b1866cc4e52131a23f24b6397734c500bf398dfdb883f862034f238bb89836c5d858bcb7edc5f37790d4571d3bc3eddcddb1a6f1e91dacc39dec0a5d7c6e695fa0492b22c8117a1cc52700a1a344859204ba6f145cab456dab829343ce4e4c888714c5545003ca04970cb8b5df44de8ad1f9c0e6ec33efd8e9048d35f1e6faf321347dddc2836e04ec7b686457278123be09460c48da2a10c288590f4a90de7e553b8ff03c4811bd2f8bf68728b98a957cdd903cec1e721b0de1c3acc8418f9f94609fe79557fed270a11f2678787e7ccb06f693ce3e8773ddbfd9740d9345d35fdec6308616c01cce28cb9862a9c8b1aef347a319fe38e47f967dc6f468965ed253e7e599322a584ab438063efaf03e996b3f28cb45ee81a697e26cad745839db12616d35489da948414b12041d615e9258ed4df42a1711e35d67e624bc7a0e8e6cc33f26627473399f0b8bd31469b3cf738e6765dc69b3ed2db6e36625faf8136d3a281e8f5f5063889bb3107d45bfe27e6179a2e8256061d9dda09237f5c5322dd1481aff9442b9d66920cddbc66a543312641ab2409bf3e3d721a4d3b9ce8cb260fda3a6d5bab4be128ea18e270663d4d780bac0daf8e38b73a0870df54d6e1cf944058c357189293dc0d45047276f3e2ae89c77af08e352298fa35d22e6d800e08931124673b15b9d5eb5c38c0d688af9bba3f670b803df0d836ab390a572eb8d79fa501c689eb841add866c0633de5665c273fdd5b4f411c814b21e892e49fdede13ede3240fc46a86bcff40f845e17de9254e75a248b6fdf96cb1e9627adc1ea7ff1107620419f52ec34a19df46bbe7316f562280979126146fd0972b4a2c387388977e98e8a3573e183b36ba21a16af2bc06e1529f9704545b57431e08af264f3f965fb644b8f719748014c376e91fba55b7c3322eb423d58f273b66b37f55da7584df05c2f4957a662a65be78ebd6bd98e914813d47f1d0dcee16ae2b2929278484c571f59c3142f55588d7372ef3d577e5551e86065f3fa7cf43785bdd1bed7bfa7c9b744bc670b73470d0e01e1d29536b3318fc0a5ae7ff9441e148e88b3603c5a3a0440a66363cf5590d83031869886c7b2a5a625509ef680664d3ddcd0bb426124e0c6e778509c9aeb3a9eb23ad1cab61c0d3d948682a02d2a0d70c22040ff55b43db045f50a335738855b27f28a6380576f871d0f99759a8fc232ea1707399ae7d44cfa7551f500f3086795503c977292520db0004b2707501cc931e903b59b039a3eaa91861bca5d576f5ed1a6956b83313ac9f1bc5ee8e93304a18362cda2b0cd13a4ff6f9f8eafaea41d6bba6ef48cc2379e7fba06112892bb313e54ce8397819d90b125e12adf92c8c92dc0fa9f5375bd34cd37aeb2acaf518770ed51c281ee4ff371d1b6e39a7ab6e3136afbc96608f4b6d6b4460f2fd93510bb0c03915e7c71e98fc76169aa5b620694606debe872bc7aafd343242b71a7c571de5bdee04438823296a369f6592fec65973632ef5a025ee1ae23ca076b48a7464cf531f231c7127fe3ba6103b2bc0c7c5fa80bd6f12d887ca1443eae663d32c6978b2a0943f4a2fb95067cce6d1898ac8a040e4fdce5140f27707f2f3c0655778f1ac9b28f98b51ccf40368bae34a8c43deb0fbf8e091e405da4b1f10a185adec3b70b8bc4d18db6265efbdd55f178b779c5f6ab29df74eafc78124252722b56f532578216f8ab80036d71b443a86a5cffc3e3ad90f2e2d56699130b69842cbd2626f6039e042ecb1539fbea1a404d2dcc6984e56d308c4c63446d4ed170148b6bb8eb2596514c5c395ba1f7bd97a0e9499d4ca532fc8ff75ea9cc4b5deef47edcadc40b4235d0aa052cd1979e61e51cf034acc641a92c7caf8bdaeeb42beec3253effe93316696a54f531d8094c1b3d7cff26c1b3d775917827d876913a706db8bae20f169891ec4bf6d416df98c4ca4d5e3dcfaf684540f2166cc90b4ae953eeeb29ee15c35e65abc25bb9cdee4126414637d6f0231f38bdfc6a43fc7054e8c4939f4c6fd4ff2874b4dc374d320ae442430f7b13e2e0262cc1eebe0f40087ff014accaf82354c6e0fc6b1aaae7c268ed68c5a990c7f8f6a70abd8d7e74926e129ac67deb3a8369f131f66a7ac856d35292a9273e68f6ea2afe222eefbcc4affa6f1951f8112ffcecf2f41bf3efdbcef96044ae5d34d106634b8434b2eed5f5b8cd35cd43c2adb4d989885e13271bb5797b003ac876030859b7d880e925d2d26db3b69b16341bfd33922554a5983e59bfeea507deeaed1eb064250a0e190728400e5ea3339d673df3e2d234d897cfd0daa4a354cb914765306f2246bea40aa3262b3e8208329bdbe35b0dc6f9f8b0808a20da83f074a50c8875c9c60274358d1c7338689d02a202f21f001d0008edb491cf69917af850a16cb26243747ff8a1706c4c526fb5dd762ca8905bd6a7ec9384ff6389af0c327c36602ba820ff5f5283b61a544246e4c837dd966cc22639cf59215955870a7be00da3230182d5a6198a5d1d6ef9cb1e1c4925db781f67733d75f11b43306dfb2c75fe35478e1f46d10151e35ba608b5d474d4ffc7dc1d4bd5b89b7ac5bf2598144eec94f2e23fe442db6f7f9f3ef742194154a2f2c136529e3bf29823cba2807f42a1e1f7c4b923a911ab143b592a472679525be3a2ae0351c58db4919fc394c6e6bf2d2f22cd16ab7d9fafe58a9c3c4c910107c0a8a3c0fad7d3f2802c35af4a66bd4ac1f1e7bcd5bf8a0a0e9a5adefa01b94dd2131db1b18d4234ec3f13941b2acb9591587075a56e73df80290ce49c9741c841db384a4500ae3cfcbbb4f6d08c99729ba6bffbdb7faded794d0d72dd3e911af9976126a099ba8d0a77617ea1c5a12092dd160ffd63f86ec92a8632ef94eada70338cb9e85c9ad83050d9f24ade37e3ebb828e6645221bb13678533dc29e018df2e50873339c6fb73239fff5cdf31627d3c6e8b5d6f7e1966ff428e894644570fbb391337d48597bd0734e26c18648391ae85e64d0d55439134fb9f6c7136bcd4e7a0881d0a565971702a31aa71fd860ed277a3bc1efa5af7534d776e4f6f1d40573e8290267ed9785c8da595046982f0e57a762eae8e6e08b44732e2dd8b12ef5a2f407bc46491e8f988788f5e27c45cec1b45f2c0ebe66789a65188fdfc006d292741504911c7ab117171150bb98886e6e5db71713f30452f5690d92b9a606b94564086fc5a30deedf219fa5307581c6dccef4213d1222b0d1a6471c0c5be209bcacaa0cccc8ae8c17a279fa1f72d4ef02b2e2955a9ec48e62e501ff36e93ba93a5bc6a63b5ab6b209a01693c558939df8da30aea541a3eb907673639759e24a4753ee47fc9d4a0707b239c2c6945d9e462529e95f2f4918926512b92f4dda3f922c35b3e299874ff3027146ba67d4af42d72896eedb1007a25ffa57e71c5632b1d4d5c5798c0191dec62c65be46200803b805effa61d186f9ea7e7eaa65c44273819b22047b13aab35c67583be83d7a97dd95226d99feb1340aff2e1ba0a660af06c0b7f747c862b1e6d37472a2c223a40d2bff0f9f752474dbe0216137a3029a7e0b34464bf5c7adea0f697765c5153502bff100768cb38cced1bb4a1da6c3a1f7d7d8548be623fa2358e3d56561791116f3913ab4cb4f4a617bfe0693909873b712fd792a6a7fddcfedcb8650a397a8f813b18512ff87892783ffb564e209b052e3cc4775f91a037a92cd85a087c3bb473a1dded93fe27a36ab88607da78669e4baf386e22446a7b702f6276df95cce087167dfa3cfff9320c51f58386ac9b7b60ac506a60d59f7a82ded7e1ef02d1b77bbcdb71ffbf5cac75a80ab2f31d39937355e49763244c510bbf4c6e380ac90e86270764d9e5354ba238ab40936a77319be4a8804a101544ea20f068c8dcdeaeac8a06da6bd0d3a38cbca7656b8361bdd0f93dca7153e0ede3c26b99045faba0d58e41b26d74a3adc17e82aa66b68194ccf063a2ef6153b15b4c4279fdc78780123d696bb04709902a338b3dc4803ed261b94adb565e2566bb237969f01fee63ace36e07d7d5fe8db62a7718d19e8fbb157d95482f1ceb928ccb475373bcec8a48420ee7a26dac04a96af2977ba34605543f6e68d654794f420bafb456caa495c7a05925b60873ba9a649ef530733b884beacb28655c99fa9c49a67ebd663a3f854b006ba819dc07b0bc5475059477109cfb86af126f3b8048a211508cd8808c310847d828ec4a9e7c9db32911312d8d6ac5509fd8d8165d5f0ddf298b8797e9bb0ad15a81c43614e96992b5cbf3fa2b0b0423c7f388bd3569e7a00966ecbfe11bd09f5ae2e1f287d4ce68c8dd2c98c552f6d6f3ed19a96a22453c06810f335be6f2c9038d03a202a33d064ddf08b7f48c91b1e6f1db6576c7725eb760ffc0109252b2412d9eace368d236f3991ac6cf16f0472e6451b39e844ea1d36a25efbbba2584fe1468e8d8ae416c22bfaddb6a07cd8acc49e10fe192e6c049ae0db4b63e68ebbb1ccbfb900e2375e8bedd0515c49f33ffcdb3e5719753caa82eab02bcc3633bfa21deee113a97a0f49e586c697b4ac260fd4851853489165cf14048ebb27ae919ad3913a538cfa9ecc9f376cb3c6a766a1c9367bbcedf1393bfdd11b4a3e7bf8c9ed20a23ae549166d62703f8960c74312f203fb8f3c14a82b79dab75e8e6752287503432dd739a9427a07f3237ff67037f2f32fd46203ca1d2a73a1eec595aafd822644ba3cd85d070f941cf3f8f731414a2488c2393a5ce29beb6647e926b1db6c57ef1326ed7c93bc1bc910acf1c24950d8b8fa6d46b3b5345ba9c5e58a3b5a208fe741c07f80789ecb9bbab1ec77460671a4424f1ba69e9472eeda771393a1452723a151e2484c9ece0166f8944421a4231b6b3888c6608ad40b1f933a60ad4cb419b9c0f6c9c47be66183959ac6b170c707bdc82ea13b08be2b4ab8a3165cda94cfbef2620920038469c2b21e2bf6e268855b1e88300b66d883e6c958f2d73904e02206cd44306fa655c9e6f1025e938cda66c54d34ecc1066894396771c4b0c28ef74473750162fad47716f958792c2d17dd5efc4266da72cb13b7fd790efcacdaf9afa494dd20035a4e43df83387ef80c35983f7115808e2fcd911e9f4d94ab731f6b64970c223eac268a25a5fa674fae7d9d3783db6fba3d861aa29ff058895605e0f9c4967ec0a0c92344b90ce4c7320b9590d7916bd489fae75215478026abd812a3e9971a03bba7f59572b157ac83aad73d584848afd726922cb71e0c6269a89ea7b2680ce7c57a241610b5c8869c5e93de2d6c13679203dbe58c0d300e41ebc49a4aac18cf5ea8235577a47dd8bdfe1b06fce9fb5ee840516ddfe8b6ab7977927d042ddbc834cdd9f955ce15802e555ea1503ef09b629bfda6a3103d74a083d0d4871a63979e2d306f774649d915c788ba429905e1a60c15a8943c1a567094c7fdb8d19e472691bb2e9f42357869b8ead8d092be3b4d98ca3ca970691122f18eae9cd395b0078094d4219151802aaf34038010e6d99d2a8dec5e1b0daa6d85b73689fde362edad8c8ada82e3885dc819ab06ff1a20af765ede324b3329816ee3f2a7d72588c882e218a35f7c08f8e5126f967582804b94deb770ef0936bfaa8853d1146411b07418546607f6c56cc6ef525cf6b3a6bdaaf46f604135afd86cce1456bc37af1253f0533b828ee44080f76b28df1ef7a9d5bbc6f6bcdb918a0fd053539ba80cc5e0e4958f741bd206a1f058dd9ef1d6e7d8084a96a2722f39ef5c1865cc15521f0836b46823d7452278a2820f9fc89ed256d056cc51eb1988183981da461d6fb4581a319f7694afb18f1d07f92fba222deffabdf5c847159a60763f19403913f53489dc8b3d0d3387f83eb39b6dea0e5440f806a8e253e0876f22a904f30bbb40a423d6557a381577cc81f99d5460be7695ab0599c73fce720d6cbe8826f2646ee345e216a1333f6f299e65183865555669918166380aef285449b97bb8b42ea6d5ca74b1d82eb7b45ce21c3f30ce9197cb16b854ce815cdb4db0b3e8cbb7546fe0efbd6c551867bb7e0da5b5b290b1a9f9a605aabbb93abc6334e10232e2caaf9f6b2e785e595f3c513d389b9c3b8f23581d9ba39be6757aa549b2c0da86b7511bee18f06f391e7dddcd79847933b765fafdb2c1a8222920e702fd2e285f274705ac480b3a2a9907931f267bd5a505b005c5ea2a56120e1743fc2125d4f7fefff7e9407c0b58657ae911d67e09dbabbff2eb3cfcc8b1adb768ccc5ce0ef5882b84a07f5ce2bb79b8002965321ad4b1c7564cb8127fd0a8ba4fca4adb3bab874031b43a57cf3f99776ce64d4136624ffd392fff527fc26620edc83b38adf86ce5eb4db322c7b8259e5c67d9ca5282515924b2188fbf729c4d6b836c0a1293bc4f2455e14b4846ef14e4f8c7a302ec66cacebf11f8af8ea9d6af70b58ceb4b69348c12496526b4b21fded2cb6684b33e6f7e56ec0d71951909c4a50e5cffadfbf34bac83a3aa61433c59f796b974713462457b5e6a361f018b4be21435bc28460b564e2945508c72ba28522bdc3d2ff8fd02cca304d6dbb498d7f672c223d26af6a49b556e362828b017acd9b017bbdfc6f8428ff2fe2a9254c7017792936bfab3e6b74350c40dd41669eadc55969dd7df0bdb6cc137fc4381e191f3bb4f8a9919e197ec3ea71f8237c747b37a955dc9773aefba02aee4d9f9fdac0f8d7a5a57848705bb3c5fb34a5e6fa1539912ac4cadedf1e6a576a84f94b0f57cccd61dd2f57d0b0792b7d4fa58cf6520c07ac11a41ea29ffb87b06b8fc719380eea5675b5a10a0d5c33beefdc3750488fde24091c2c61d88816015dd0669984e841ab36a0429e308b43c394965ebd0d44f2b9145c719f4014225073c90fd0de06260c8e11541f2e7a372adda8f98e1a7d6c67dc24fb16bf8e50e8b48e5ef09546ebf07cf98683144f16e260805c610920efda305b304304ef144bb92ddf9da6da436df0ceba50132ef2c0c9860224095f0c64ad1e5a1a978fb82fd3ecb19571904b4bde4dd7b53d6a6fbc103e6a1181dd950554a9eefdbc24240b536d633f86d8862844dc1508b6bb55b146fc30bc41a1969160a5a6fb3f283ee0d6aa32b357f528e9ad7d15e5d4ed950f0504fbe2627879197d53942251d8763608f4a131a306c6c02014c062471bef8048e15d2ced4c740e554847a00035585921fdb8ba04d36e64f267d108930404995a4397e335291067c1c9eb63272c836c876a4f957eae6d2d7e07a2d0b4f4989141c1199c4b0e35ec793afd463fb87221c7479f05", 0x2000, &(0x7f0000000a40)={&(0x7f0000000040)={0x50, 0x0, 0x7fffffff, {0x7, 0x21, 0x7, 0x0, 0x200, 0x7cd, 0xfffffff7, 0x4}}, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x8001}}, 0x0, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x10000}}, &(0x7f00000001c0)={0x18, 0x0, 0x1000, {0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x90, 0x0, 0x3, {0x0, 0x0, 0x4, 0x0, 0xfffffffb, 0x75, {0x1, 0x2, 0xfffffffffffffffe, 0x0, 0x3, 0x4, 0x41, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x4}}}, 0x0, &(0x7f0000000680)={0x1f0, 0x0, 0x0, [{{0x6, 0x2, 0xa9, 0x0, 0xfffffffe, 0x6, {0x0, 0x0, 0x65, 0x0, 0xa7, 0x8, 0x5, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x4f6020d2}}, {0x0, 0x400, 0x8, 0x0, 'rootmode'}}, {{0x6, 0x3, 0x0, 0x0, 0x8000, 0x1ff, {0x3, 0x0, 0x8, 0x81, 0x9, 0x0, 0x0, 0xe8d, 0x0, 0x0, 0xffffff95, 0xee00, 0x0, 0x1, 0x80000000}}, {0x0, 0x0, 0x7, 0x1ff, '/@](-{@'}}, {{0x0, 0x2, 0x0, 0x2, 0x0, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x2, 0x6, 0x10001, 0x80000000, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x5}}, {0x0, 0xffffffffffffff85, 0x1, 0x4, '-'}}]}, &(0x7f0000000940)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0xfffffffffffffff8, 0x800, 0x5, {0x0, 0x2, 0x0, 0x0, 0x80, 0x9, 0x0, 0x4, 0x7, 0x2000, 0x5e, 0x0, 0x0, 0x0, 0x101}}}}, &(0x7f0000000a00)={0x20, 0x0, 0x0, {0x5, 0x4, 0xffffffff}}}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000008c0)) syz_fuse_handle_req(r0, &(0x7f000000e400)="4535c593c77a7ce02e7f8f9da86ccd5c5e560a3e194fcc531dfe7e766d07a017fa95b3f8459c24bd6730083d8b75662ebdb0237142b7b07434d4a9a33aeb3e8833025245712fb7baa75878728ed15d6b183e69dbd7d78f7eaec5d68354c5a3bd6aff8fd1090b4f6013f2a8b6b40c7a9f06644dccf8c8b24ece2668044391b4d2ed7c81aee44d19c79b0d99425e0792a60c1f6b06dc4326c9bbae4faf0a9a1d638fa75f5fcc4452295bac40daec9ee0650c254ad88c38a02d0cd333e6f82b287c7f21d40c4fb5cecad953688617e035437b5fcb126dac484e6183247c484936ba4a99180306b47811345a765daa640d531fa911a1ad069e24293256af468333f4cd481395ca12ffd9ee04b21f228627f78ca963fcc4f5440f1404f87dba373c3c7443c85a81d2f8d056e6ea9ae1fba1f04b8fb8782891385512aa1cb41429c81eddcc519a7b753b7c9ffe9c934d59e2b7993ce19ed10266c608e6afc0d71e4358a6c7234770a899da3e48cd249ce3b9b91c5bfcf3297aee9fe02a201a73c0266ef0ba3999582413ad154ed00c18a371d0bc6a6395d8fd1a6a47a00e5ab7bde43cd1b4924be3dd0f3217f580d7932b165a1e3dbc5eba1da88818ea2857dd7fe880e4badf464aab64d813b560f19517093817812ba2212b27460b890d059bb14c0f43f22add0ceb89608af65f5fe6fd4afb9c9528935006ece105ac04e973434fbe08a70bc4f2483ef956c02900139e593885717a354ea1ebdb64829b5b61047577239576dff80cc5b98098bc121b3ae953d7f9ffbca7c5e0980417eb3051df3b50651c95d835349da5ce5214f0e1ac09b98428fb242c91f50bcb224951f5e33127ed5ecfa9184ee294469784572da47ba2afb1053c963cfbb7d8bdbe3a2c3dfbb34ecf54428f4e3856d0e967ac90daefe41e132b7b5008984881bff20af7572ba4d30fafd4c48fb7c1c2bf129c2b1428fd7b3b906922725cbef7ee79d49d37e9805aae0fc66a097dbb7ac0a1dc64571fefe43186d80efcf932ff7cbaa3834ae9f6b5993010ef3af3c354a5cc6c0d2d57582eaff8062033b5450fd9a66afa0460d9a3fbf4f5d8a230478e4587f18854a85be4527f97fc93764bcd8aa6222b3b1bd9595a7dcaea1d6bc52fcd09b33b9647f0d6efa8e48c405b273da514055b52f433edf0fd05701fd714f27a7496955e325bf976be43dfd359c7d725025b7414a1d70198bdc5372b6be30f7e426bd71ddabed1515b939f5c5ef7983e143e8f69e1efe6770b860e8f0d519dc357a035cd2e464307487cd4c7a34a01ec9d7bd558f8ccb170ada7f08b8438471d523f64d90fc5e0b5ad81d72a56c0a87180e9bb6f6dcfc49e830011bb4d9b07c41216b756f006db56a2384058a95ee59adb149d8bc50faa1dcbdefc22a90f81cf88d347f51aa561182e080d09a53a6362ff8329f26a280dc1fadce43065cc3a8fb13a96105e7f176059af13802b4831b69d647071d48c16c399ca42606b89012d7c3c393474335a85fd9ef61263774f3cd3a46488a68ae301ccb4cf16a0e51d9d05fb03a54e90c815844e0c5c00dcc1f764e8dae51d3b02053ab08b1ecdaf87012515facd4d27487cce0c662307d066abd9a3704d94fe53483053a06416de8f5551307978bdb9e9e533b24cef27116989f4a87f711e9363d8df7db1726c729d15dd7e27df117df4ac95d939e697505a906e47229600fc24b05ec5d0babe9c582dc9ae8e36111c80cadb1a3d0d732658c6ff3e53b30a3fd53099318778ae79484c466cee8c6fe422d6981be7956a2bcf73da7f2a7299edb411edf298c5cb67fa75ff2b9851f0e5639d2a1d4f41ee5cbab4644e717f90b82e2626c3b9913ca609d39301bc8f60b8be9d9ca7c63c936a06bbd1ff86222b29cc8b96ecd9e9d5b81c1ba8e1d1bbe0d539dc07ede7855bb0bfc407ffff647ef18cbd0b5cf13ca48e2148e8ec3c8241018e829c374302699b3a2e23515115a6a781c646b929d1e8369d6f5e153ab73e6beefb2cbd93fb8b5384a45aac836dacaaa9e6eba3d12304198cdd208a07b2cc170a211cbe510a3944989f705193c9b61316b171cc05a4c9a6cf9cfc4664fd54d24d7f44fd212eb157db6d6b58187026f7938b51eaa94a5f10eab066350c81f94d461ead6df92ac3af66e5c71cc4e7582055cf7d89a76ccdb14821b23f583a387aa26192c51dee8674d97a5fba9b0620b484e69e3cd99cdcf521cdca1ba561856c0fd05f661c62f02140e4e7308d829e0bd6897c98c9704c143a8e8f18f4a1c88c42fa93a4f67e23381b1c9fd1d33ce3ee9634b8ec1e4c51964070fe9d105de49651e66c1edd1c85d545bead595d100f57c5274cdf97ae8c6bc9b66b5d85c648012d7f653dcb8d4837727013c29de042216dbbaffcd334e1a9f0899f5e52d1fe74c02d35f700d200c510f1c6fa6f24eecf1d45d1a8dd1fbac146bdb56a1fe1f0fe8fe4bed7f00c742f52a8406c93f9fca81a7ed3e462370d41ad2c9de5d1d5290fddc73e9ed9d05cc899df59e6a62a145c26259c5fdf659d60c54464effbd6644dcdeaa9b76f3ebc2841b769d5d559375c2b0126637fdb8adea1a328eef0ad22a17f5f00db494cc335bc200c1dcfafa05b9da802e6decbdc386e8750d5bdfc66c1e16ea5632e339b1b87150eba8b8e8e7d9d30ec2b6ac2e61ead1a473723c321478cc051082d0da90c4aa4bf701da11513bc78aa25af19c28ea9d8c069e8bec9cdf461ce131b2a1992269bb6f180b1f0148cc46b3e26a04565531b51e57d7eb67cfd75a997812ee4a06ef8889ec2d1c38b32cc8a2634a461210ef9de037cb0267c51b97c14aa47bbf4ef690e0780c58972c5d69de7a9d943129fb0be7b24d265eba4473b66e0ee8b91e508d921527d80d2f6c86b10c2deeae9a6b969619972421f7d42e4ee6919aa35003695f8b8b1e97aff3fb7ae5c39e58bc53efdced32a2c85db6fff48923033654b0dfc405e17a5b62dd14aaa26a95cade62255189ec8fde67a4a16fb11a27a431e36a415bd161dbc905ff84ccffbe5e43d3a5467f4c30931df30f50a1af036c0980dd4e23d4478a52d2afc2ba40903cbd915bf64d2a30e25e41bdec6889f3b037390094eeb87c99f5770fa9884683f5320b6b3ab92483d330e206861bd4ad96081f2ec2522616c4cb1b661c7e3d3c424116d9699fba66714719eea6743b97aa6e0bb523b138b07eba39e9814c236b284ab5ac794cdc8c7b7f12a136975f211b682b2725b5b67f3d2a653430f9bc1977c1a84662bf251f240002bc06be3c2a4fbda6db3d88587425f644feac10d24daf0f3b6a0b4daa8b0795fbd16a7bbd068373406ab91c8d0d34603ae53617fa071e092e9f2cd168727827e6b6f247a8271f68c3f09fc43b325240c16a9f661ae03408782259fec2163eba63a16688b8c24279ca7102ac12b203533059475e5a4cfd763c1fbc58f60e5f8052e064677683fbfebe5328f1472ffabcde602bd9164d8a98bc466c64a5248ab0efcd328cc2083c7692e703f3921c5db63fb4cd323a368877bc82a0fe943a8f80d02be8ed48ddf0fc8d1ddb43a11b9238d1cc49a800548237fa1253bfadd59fc4d72b2b43fdbc8d91f614c4745bddc537b5c683a0abb5764d1d498f0da12e3f1474feac53d7f620574a32228fcb5dc240d8a52f41044e3b2f4b8703088ac049419e1639508c819ca5a02bd217a631a754ffda5c081ffe308e8f381cf632dbb778d3f15344f0b3157e96b0a454b965a1d4be97b3102656b17b0f5a0a36f86d3a366f104130f0ce403761d7bde51d59c632a5ee972a27118ea659975e355edb0fba4324e26a6190a1be5600259dc341712c94fd82cefd41525e141fed15811597af6e4e2135f0ca8f6df2fd923dd680ed90a0749a324b104c102be9664034353a40b590566c35a6301944fab685461e9d6230a2e6398d758b9248835af5848369d3f6be24c3abb09bbb488ef11c3c47cb06c470a361c7e2fe98fd30cdf9083f0eb74e4be2584e31bd856bdf9ba52465e94a8a917ce9802a474730b3c1ecf64ca4ec3f7f195ae8aeac46e46f484bc9097a732b2f525cbba4dc42421968ae9411a0c9f63661ab292b565bb5b4edd36570061cbd04eb0f5e7874cdb4f96fd963ed75a490b545ff4a660458463ce262bb1e637f251b21238eafcd7b917d15587024ffc214106a4430ba94cf0102b3eb42833b4aaf894cec617fa9c05d72d19e104b7957e397353ae61caa165eb3d42857d3565909fda44c2624c2f7805cfc5454053b5132070d52f49d8a06812e85790237886aaa0cfeb0b9332c7c390153bc8395aef052950a5cbd896439e5718492257f40484412974b1126594801a4f3a640b6f8bad4070d656a0459918ff134601555f54e7c0b7e2c9ed6a97a181cde2fefb3f6c976638eb5b78116d4550bf77308887576a8892729bf6ae69659381ee61158de419e566340194946c267169dc47c6959568089d70d50af6863a534b28ef1a4848b1b6968c3057edfbf0fe7793b27363e4e49cff65a3d85854fef59457d22f45001955e6bbdb51b457da77384cb9a2779ef9c60187a32613913f71e08f6b6f9fc0f3bf2ce4d9f86fe307101c79af3b22027efa6b76b81a787a97058fadc958219c5695b3ea50a666c34df3e3209be2a47e14fc92124647333e3adef63e44401f1db9f9c6750515af1727c5eaf270df4c243ede554079e1fe78859d29705b7bd1eae9665488815a0845c4593e2ca373e57992f7e394885b614857ae63178a54fa6aaeed277b3c2deeffe64de92144e8d16276c5cad0c3b33136f67a0017c06626c7c34dd5cc2da5b262f255a544b3dec6fa2c241c82b3317e233f3250f96038b20a79272e2153f1e34d44330e9e6f4daef0f2c8842f8fd5cb60072d1c47f77dc226dcd532adef8d9cc79af27950e76ad778b20e7bb2762816d9797101218ed3ae17015fe0b419588cceec8e4e17e66cd16a91427022cc60454a329e0db3b787956b0ed3595f1c1860fdde652cbb5faf9013ed09a8ebd44d7e20da1f496b23ebdec5bf1aa1d61def94234f661caa6677f5c9164ec78d8dffb1b4ef55dfccf62875ca5db23104a144836364c3e0aeed90e1628ac3ab16ebcd89804a941f836df728f99a02cd13dd60fcca5b3f05f43a02dba50b7dd8320e6ef4b190fc88b15b9fd7d78cc76a95a959f7d08d0ec4226fb46baa08ecc186de933a327d418f09502269743a9cfa7223f9ca96225378514fbf8c99ca3109f80fbe8884ce11160d99afb946572ab4e0a7a04310b1c6a44ccf7fd42caf6e47cda49df7025a1ce1da66744ff15e18437d470a943c4ae24e49e8236917209fd0b6be10dfc62238b73d312fb5822127cfa079b95c3549aa31c0271a6c79080e38fc37756c5ef373bcffeba4b0aa69d4c5833d89a45897126b020d9b8ad88bc0a245fc3081d3942ff5881a0638e9894233a186fce3b9c50ccf8e07182af3c4c928e91e1abf1a69f370a9070e2c38f83daefbbd5291d7742eb5bb6611753df62d14135a119f36a8517e49355a20959fd1f2de48bd861b777aeef991a7c316b5e207e477a7d27d6db77e1f9e419f54115d7542e0e6d8fe8cbb6e337c369cfb6b1e3082ce84412145866a02a64a2a3b86f2ac4625fdbd6fd1b7325bf56b12300b21fb7794d8d6398bb1de65b3f6469779843a75735600ea58ff6194b92c6e7b157a9bf6afc52ed46f9adbae819a2ee33e4fc123a7a15e23fa30d6278be01fa74ba5565e76451a636265f1283de941494f3abb288ad43c07506cc3a469c21d62b8e5873bab53621dc99934f9d6bbb38c376c74bc9e89fe6d62e347dbf4eb71c92bfa64ff01cb461557d2bf86169d8438c71d2845027f189d8095afcf5998221a42a02983483c736bf6be99d8a644d7345897033103ee34ee9cc5fce4c12a2436e3675f7fddfa7275715646e521067120c9e6e7a929fa0a36404d666caf7fa42918bc7461106a672393ac3fdb2aa52f36fe38310ee3ca4e9c614b7aa40582f035b85f25bab419af4e6b5a698efacc429ef776b7a4d18ba864484fd34e191fa14f843b0a1908ad897d2be809b2b722a0a9170fedbeef7a5c5127e7ec2a6e0e33f8144747d0e230262c34103e70d6442677d1ff86feffb956cb2a07b2c1a81215f0b7970760c682d6972432472919b8b37b7bfc63ce464090acff17e21c1d3fd2d32b082233cc7d4f20a61a20780aaa6e92f1fa9bdeb95e018fc08893e7a182178c47ff1a60ba6fdd0b103d949a7409428cef0724670ced950b7d61c0a773311c62f4fadd006284c2c91e914d17ebf913ae791608e67bc0b3378140e54efd4cfa36e9f1d006c3e814732ab1f76d7bdcb89c67c6b832b3a141db524868a5ed9fe22564124c8c1f8201f7eedf95afff26178f07aa3d6d783b3527c85a54fa35bde3f781ff5b2e4ba309161bc76f718fb973b2adf97eebffe1ac16399a1b85e8541e0cc84892bb43319ca1d791ea93749849baebc08d6ccea09ff8e4676c33dbe8743199cc771ad6d5f3e17c096c66b8eeaa8f74f20c7bb7c66c2f9785c600568834c8f617f312947415ff47dbc664b64b231123ec2ccad52ba149517d41ab582a51ba3848591123d3c164f5b2b1d1d0e2cb66c60327a434f6762e78d4e2fe5c926bfb727742d0bb6e0b5ea4b15b966326bd54cf69b67b8960f225ac656d42025cc33fa8dd1609b1c2d60b0a41c7fceb8285c1541236d285dc859509d98150069ef7fa3d9149016e270d389aec200feac4d33abd67444f7b54709dbcebc456da235cfbf6672a1b67eab0a67e0f3f7501a7deacde68a8842856da496381331ff134e28b6f225a8f5666043fc27875452a178b1c45fa57768692cdfeec5236f01564ce021a107b42857dee0a524df566001d866ca8517048a67f3a3b3150578685593e2eca7f0c152841449817a0377e22f7324bd8e3d5e38df0c53de734053473ea4437586abc0efafb58d55a8fed17f07ea222babe4658cb799fec6ca87459e4e6d383fdce63ed260b8e9b60bffefbb7100ee6f7d54689114b1b0a7687cd79d636fae85cf29d83f9d981983fccdd78ec71eeb53a43bbcf68b35297939d28687f020eccc06e72f14263e796d39e74f559482ae70161f855ee03328a9a5a9393400727c8359a68a7d43d1d8e2f0a02af50edd1d512fe4da5dc1b2132e7635d3dc1fbddc89dae6f6c6c3dca05fb5aefaffba9d04a5127540e31984256872a1e62e50d3def2f918677f8878abcdd810236162df3d6ac587df37dbba5b764a6482b24e315086b0380bcecaf955603a0c1e73ff90bec28496b0bf7d4577d3232251fd24104fa946b9f191429929dcfd1c77acdbca52ff8e6d68bae99f33c3dc6c3c8ff65b03bef31d81d2ebe5b1bf5d80e2c488e7547760a491bb4923a252027bf5584ebd804fdebe8dafd264b63e53deb84c5f9471dd588bd72ae9a23d315807836a33d2c27fe9354dfa329174749456ff84b4b69d5cfe812a7e8b9915f6bb59dd088c5449c5e4431b3c4f962d63cf5f1f6bafd5bf632eb16f208c662c9f49d4c050c142c79b32908ff68b2262b73ae6048bf47bc31dbd481f448f2d3d3de7cabf54df3a40ddb9b28c3353ed0dc42a7390827b948fb5774e101cb692546a7a2d8dc597329ea3dd773e5dd2e6123c6a41c49d2038ff3711488a912c6f8f8d837bfb31b22847a0e82d8c171fb1419f6a77850375d5d49f5ebe125ace2277ff006c2ddde9bbfbf4073285c089da4468a332dc3e686d1588d5f7a7e9c68fa8d6c4c5f948687bd40c7821f715cf82b51c558a5e24cb637b1e8d3ce75cbc3633297eb725e6e09319f879197b76d06707e62039868b44560e6e545eb1f59421583f0bd9f53de1ecf66a332d639b37654f11f69b154e096ab3c72a4cd43ffe004d95d0a6fc82cb4e5b8e9cf6f10cb895fa296d2153977fbca67bd6ff870b2ba49bac89b16df4bcd137d9f4dc6c3572f89a6725272043e78daa66fd4f016c667c96a37d63b790f4e827d96bf1bb63fe9f85550a95229ca2b483ce88a7d4f00ff60488723e1de45afcb2da2e080f4e6dccbf353c7e6bb5deb6dd6a262910959b4529b44140a5d5e754d8ddb7c63d9ac369f0500f33cd80ad2726c17bd67a617ad5409edd35e52a6fb8f3d5c0d1b662d31bffd2e2d349f8d9173e689328e1646b3765d84eb78782350b0cb1c87ede39e5d6133045f653f1b143929865e1c46516143ae4425cb98ce65814f18bd6319deb55e0b5cffeae8e253664571ed4d8bccee9b7419dfbf353fb99ba9275a7fcb694a43ea16498e34c173d1ba41a6421eaaef5c75230f08b877a322c8fa114e9b9aca0293ff3893612ab4a3e265b2f5ae7de88ff45b0f23fac9821539eaa188b510293e056029cdf5776b45b469acb2237da2b3ecf29daf5e3df7a5fb65f189e502262ad3f7e76ca02501e0a60223d4c8e7bab0aa70ffbd34af01f94871ca26c6482a9095437e1d3116a670a401bd7d2e42d17c46a8d9d0964b34bcaf438ba244d479d11aad091c315536ef0051e4b62e2d262a9734eee14fc2120c816861f400125bcd6c05fc3bafd5819aa6b7feac99c6c6dd5139c63c44dbdad3799daebb25e3f6a7cee172e9b21f9fbe0eaf923cff82d842ca57bc93706f9f942ec8905ea983f73f60ccbec10bec766b837df6cf4b8ecd7cdbd588a7fd3ef313594cd85eb0241a6dbf78bb78bdfed789070ee631a8deb04ef2519f8b7280f91b46153ceba824d1daae5e0d63049175bf87ddb8e4879515029b10cff1f9aa5c232e84d8bc7eacdc4449be08d62659075e626a5d613c9f4ce0f36f0dc6b76e387e80f4c8e72cf8706022fde204fbad89a7681d62e1ed2e1195c86c7ef82d80982406641c73bd183b26cdf0fa029ac29470a539c0dba34434c2583e8ee762e0216491e0d1d99d0af91a7e5e1ba93e3b2fe8aee4fa6b4eb465f6128110599a25230e75221ad859cf65ccdd44759f47164d46eb370455d3d337ff94a140c490aeaedd1a1bcbf96a3141d670f88b5b2002e2851d6056a7a55dfa55c44c4536e55c9d42880b6ad96ea9ef00813a3bc8c311771d99b8691eaf1168c9b2e5445446227f27a1c57100105d3cbbabf13b876dc6e63f8c3363c7b796c046f38d1d42a3bd2c1fe6e25d834dd2d8ff19e49e03b26d7c1764d4c7f7676d09516759c6c14dc97bd05974b9f9fc07a1dfe02b036ff16c111be432ea7764158765bc3121dccd7ec3c39209a517f2166c17f5f139746f98c54d8db3163ff05fcb27196b9f5840916790d596c3a5dec96e08b93faa2f0c63c1c866b5b59ac157bba48a7d1c50594035785a790ac0b37845fb3a909f41704095c70f32a0491b2a4cab74b7140ceb7bd3fc8a76da49294ca552ad9ebe711ac69daf2effd2f927915cd80b5fd9db1d330f64ee7f5556ba002a665ac088f40c66f643fa86b7049f3586413947767fa49ee5f1ba48738f02a6b936aa24cef673e6e08ed634027082e9a006136784acf60c5a14071d920d4bafd62113b24f292f1a29b09ddcb2a8121a4eb3d5a28c9c42a681d6633d33771b82dbc9c923d183bf255283de3fa662d8ac5594317fb675efea885830211e939b36f036c3c995256e433d4ba14bed2dac07190827c5e2331fccbcf3d2667095eccda415e52142c6b247f0cafb33f800452aaa6277c706629e45e242bd2e9ce19232b8dda16c8118fde3e89d95bc5af7eec40d0d67b988ccc109659c2c2ca65d6156511a9c6eb9afce7feb79364a527d8d5e0ffd903c8620523b2a2f8f00d96f0420abda37260818174c1bbe49e8eaa30b1ff73ce86a1a22192f756c65155e11d304016486afe7be96f1e4d029bf9d46633aa64ed7ebe95ea422c3fba9a22d6ca2c4bf11ff9fc3a5afd99277755ec5386a45049a6d58e93485cc5db1bc08b62051011bcfed106a50aebac31b8ecd5be289844b8dae0d7717a63f4df4494f3fb6c0156801856c06243bd62a158c94e9d6295c7ce3c4e10c39e39b63242dfece3bff850632edc5c995a09be321c8995dd802f61e0b6eace2908f2d18493eb52df507e70a8a8d7a36f7cfaf61c774a7a601f61a97740fc3494f96c1a67ba73bd44d0e5adb03fea02df8658657f350436b97bd2d7d6a853cc6f9413610c110faf03046fc67c93d3b6c9284140391e4449a9ac7bfc43658537762584cc4753754a99d1c501a31cd87ac8a63aff7849f055e7a3b1fb0751b9bbbd23969ee6f470309c793088c53ec965c032542d1f2fb7b9c54fdfe9dca70d87ae1d8be3e81f6cab57f3995ac5e5bf54df69b7c0f5738730c5556d8435517648f0eee93ab7e63015c5d8942bbf6b27d04ebfe87cd24284bc0c29f601c7b680919fd3096eb31331ea13485007d8f96140a3b530c4b0101dfa7e0564e38dcd479620b3b2271475efb11795addbfe82f3f30a2b6e2b1f789e51705a15d7b3b0a44f026e2570891e9933a4237e6515b3ea5e8b893d40c47c695688154276202c8e1d34dc4227a2959c1d858646142638cc802784131000bf408fa365af05fdf90449d0ad86656c0c081262dcc7f9d66a3da6b744541ea5a32924c97622a5e82ea56546e94c84c24b14562c0d08d3a4ce3d44a8a5225e225b999809726a2051d9072b6af3f507161f2d4eba074a9d9d5f179f1922ef47c876ae16ec19f30d195c97518662510e8746c9785e059573cc904fe232500d364d43d0148bf972f9192e19cdca90ec18277c655b863865f721b1a2cafc8d7c30d6090f8570c7a8a9bebe77f499007b0be0709b700f9e2711e26ec3fca10c5ff3dff15bade9afea56b6ef6a657d6e203d6fa46c89cd71a095e00a810682bfc0c6d9426d269649eb4ca153c4bdecb53f7f9394694d067065b5a4fc8917674e8a84343c3b799db4f836db0106f5892a6597b3fc022fd011e657bec59c73c6cba392ecb6866831d4764f3ad29ec2a0236ebbc929507df5af23e2d5c22184eb9f5ebbb9d671cdd20ed4ef8bf88aace8bc062e6f31faacac7938e6c4358fc053ac342e156a68d6fb26039df312968db49def36ab4db137e8b11b9629f1c75007b161d958779cb11c0000acc5764c0d15c8fef42acd847c9dbc724837e293e9f01ece0b47df362aab5612329e3f4950d88861545042b467890a127e9f6e03475e40d1708f67b160c56d126c6368b7c4eb8a4717da101711867ddb99c1debfb92555daf27fe46078a3c383685c70ac10e99c1e73ea0b3c707ef641c436129478632d89ff8fa19ed7527b63f372fc92b9cb2965aefa23ed531f4b90f6c9cf040110e7458500424d7279f5f99a0853149ee1ec4c2cb175ea2a8bb0498bf325212a4bed742328227fd8834825541f63df66513dc6f15155e4075418130b284878b2310bdc16edbfb1ae025b8f26dfc87f506dea11a03a1d7ccba3b32fd9f820c94dd218ac94d9d4727aae1b5703b4df571e49544634146cddc8ce14e3a56b02cae4a24827214fc4658def07ecd4113f1dfeddf525e41a752de031f5f3af91b5ce5273c7c039cafe59a0717c173bcb26cf89b9bf5f58b748d01f666ad0defcb35aea14e8c0945bba34a31b0976f4b7db9c7a4a017e026ed54", 0x2000, &(0x7f0000000a00)={&(0x7f0000000180)={0x50, 0x0, 0x3, {0x7, 0x21, 0x7f, 0x0, 0x1ff, 0x7, 0x6, 0x40000000}}, 0x0, 0x0, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffe71}}, &(0x7f0000000340)={0x18, 0xfffffffffffffffe, 0x200}, 0x0, &(0x7f00000003c0)={0x60, 0x0, 0x6, {{0x2, 0x1f, 0x7, 0x80000001, 0xa30f, 0x0, 0x3}}}, 0x0, &(0x7f00000004c0)={0x17, 0x0, 0x2, {'user_id'}}, &(0x7f0000000500)={0x20, 0x0, 0xe9e, {0x0, 0x18}}, &(0x7f0000000600)={0x78, 0x0, 0x6, {0x8af, 0x7fffffff, 0x0, {0x4, 0x1, 0x9, 0x10001, 0x69, 0x4, 0xa7, 0x8, 0x7, 0x0, 0x3ff, 0xee00, 0x0, 0xb, 0xfffffffe}}}, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="3800000000000000ff03000000000000010000000000000000000a000000ffffffff2f6465762f6675736500"/53], &(0x7f0000000d80)={0x208, 0x0, 0x0, [{{0x3, 0x0, 0x5, 0x0, 0xfffffffb, 0x7, {0x2, 0x5, 0x200000000000000, 0x0, 0x9, 0xff, 0x0, 0x0, 0x0, 0x2000, 0x4}}, {0x5, 0xa41, 0x8, 0x0, 'group_id'}}, {{0x5, 0x0, 0x0, 0x7fff, 0x0, 0xff, {0x3, 0x8001, 0x5d, 0xfffffffffbfffff9, 0x0, 0xa1, 0x0, 0x0, 0x8001, 0x0, 0x1ff, 0x0, r4, 0x7, 0xfffffffa}}, {0x0, 0x0, 0xa, 0x80000001, '/dev/fuse\x00'}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x8, 0x0, 0x4, 0x0, 0x5, 0x0, 0x1ba1, 0x2, 0x0, 0x0, r3, 0x0, 0x200000, 0x10000}}, {0x0, 0x100, 0x12, 0x3f, '\xff\x0f\x00\x00\x00\x00\x00\x00\xf8\xff\x02\x00\x00\x00\xffse\x00'}}]}, &(0x7f0000000900)={0xa0, 0x0, 0x3ff, {{0x2, 0x1, 0x800, 0x0, 0x3, 0x0, {0x0, 0xcd, 0x7fffffff, 0x7, 0x7fff, 0x0, 0x0, 0x179, 0x0, 0x8000, 0x6d, 0x0, 0x0, 0xff}}, {0x0, 0x8}}}, &(0x7f00000009c0)={0x20, 0xfffffffffffffff5, 0x9, {0x4, 0x0, 0x3}}}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) read$FUSE(r5, &(0x7f0000010400)={0x2020}, 0x2020) 16:14:41 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6d) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000e00)=@raw={'raw\x00', 0x6e0, 0x3, 0x2b8, 0x2c0, 0x280, 0x280, 0x9000000, 0x280, 0x390, 0x350, 0x350, 0x390, 0x333, 0x7fffffe, 0x0, {[{{@ipv6={@remote, @mcast2, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0xa8, 0x118}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "6f9af9b36fb048abaa303de86137fe234fd9dcb8889ace36894592455cb2b59b1ea7fe91e59fb2978f6fc3ede666a84d0f6a748acdf95f03c3555c84f5009700"}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x318) 16:14:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000000)="9eda438838743bd4e9720bee57093515dc189a5ea685e9556c1c2c3cfc4df50d66d31a48aa312663b68d18c5826b5b55fb738208863dac0f10f423aee7a5d8ddc45ebdfeb7424bae859d7c37ecfc4b63914d5a56d91017dd22bc84f759a15969951aef9d5c88c96560896988fa18cd946cfcc3a0f1c993348377904eac32c980bdf7976ebca2b499cab63c4e841514277fc71d4620e29a92523402485de0e82896484c0ae497a4d686df23ca7b68c3fd5e624d3510d7f94838e54af877ca58a00c5a672bba11f5aa1ed1980dfef47b9973d0bf456ded5e72f1702b3dc5197fce39cba53a038d8dc0ec783ce70577107dc5e8b299e64a0b7f1191f0926bd25762370191710bab2f44e9069f55f8a3f87e4cb488a2fb3348c0bf3b3874291f83e4776b160ea73aafa3919c7c069c73c0052173a63158db8b65541d161f9c964926ad7f06bdd6cb6a32135b04e35701c2e13c49c1f75dc7a25d623378860692d172ec3f1e1f2d9dc77c015c13721efcb101c2390abb847e871132f472a37cc0163b39b1d575a5444e246a08a1afb1a696cabab29498a314429a3b9f44c43ba29f71fac1fbe0d01c3c16d22730932704bcfb0c1b7a432bc51dd3f5dd5afc3b342cbe6a6ff899039e28f9a51881b1d46fdcf31767cb6f5c5c69ab3c80615d77c4d1664fc4ec831b8cea2e752bbb7a9ce79df875b29f1e232751daf32a1a0c4ff8bd0688e2b8e2d668b8a77e20a9eb6ec2e2c23b94e507baeacbcfa31fb6e1ca3343668f43e3aa6d85e7c29bf0bb4dbdabddc92be7f4a6f5d21b19e6da17bfb6cc926e3847532fae29c7b62fb909130ec372d3c16cfe6aaf3ce2af0fe7610fde7aad61bc80d2f96b999c8ccf6d22cf903ca8ae8b879ec4a416f334982e9810c0140a18d4dc81b5edaae23e9f4abaf40ed71512aebbba5bb251545e188db789558a845a2877b14bdaeec3c738b7d730c0860531bf5517d4f0e8f95ed3571f8a35816d5116fcb8d7cbf42b7d5d5e65541508c898bb2e0fe96297d2ab7135662de39df099ebaed5871111f5346278cee5728cec512e6c0a0d65b51e3d627873195b84103341c2bc83b6c8fdd8ba17f5957413f61c69d618c9b9d0b1f08dc81921b6c662ee1da3bfa019b095e9a03c2db4d645ccb7364e895098cbf7d932c72d80663c7a1694d122f7348393079223c11d36c64a5856eae0397ab9a9d948204b74e56525a9d552dd0916de81cbb5af3c59b3d7f8f9154423ce2cb45a5bc808e24bef13212019a19545fe54ba84d01534358380192b8c7b0eda907810375bb66a578a58fec392b47991271c8367b91d710e8a176bc1a4e96f0e137d4c25fbb03eddc392f9f170dd744472b864fbbae7c93d86e682308b21b73c5652065d72cf02e1152b44024a90a3b52eb0bb3cb412e518d37a68aa4c7f46789c54ab30d3a73d0a8712fde612294cda2aa1ccf164930b9b1d17801d4fbb06e849d39bf2b5141330caa0d2618b616f1c67e1ca57080e79ed9092ba7a55e8121cfc825cd26a0199a479a7ab1b7b23d2a4dd82fa6d04ee41ca680435efc934f0451e865e8632ac2f1115f4cdd33b0fccb7a2326127faf20cba37c828613dba5a98f4e1ad25eb6b91078cf73d873df9ef91531476f64b83559ff7ccdc4c070d478b18196ea05fe8d4ea0216ee5273dfabbd04582f40f064c9781afd2cbf30901f28cd09cc934f1b2d50883778274177e3dba8af0a1b931d80ce1a6c4085780ea2195b65ecfd2953f78a5290fe560d0cd6a5e73890a5a82dc410b92a3ef2be05ec5607820fd4ca6b9c3aa258d59022fdcb21665f1ce4e8aad8fd918c43bd3c2afe3dc223ff9f48831d401c8b6996190793d1dd7551f8511b69283992398d8f9b4bd2b3398d3b8c6f3c5d8b802ca5282b702df2b7be4b38e70c3065f8da888631375afcc05ce578089c4f783776b286b7a60d1b5e189e2742a3240c1036a953d886885422eef01413c38099b64505fd5a73488acb4e611820674c58ae74d6c64a885d4beda9bd7903bcdc71e3711e2a057c0eab2100c321050ab14c6e453c53182577ad3178603cd9afde40a701120e9a36074fd582428c74e02781318e6c65450f8f020bd22475696fe13b8c59260e53a06d16eabd135e887a0a6bbc8ad21be7661df76fec5b13844f68b8eed1a7379713738beac9f23c7a26520e19797a910cde9fb285179526889b908b7eb49bb06f70f6271fba8712c1a4269ebcf4b7d043e924e3d2c4c753fd7e547d95841e335179836f76424e728810d7f32b78256ea30c79d9238a6588426e1f2d4c0b03d5605bd826ed24f0f11326b4cf958632b86e017aa80e142db1580c44f76d9c98196f3f6852ab2bfc6a01a3553a130c2d171957f5a45c3550fbbc990ef8742a98a86b280a57b9f198ff436bc01161ada50e6f23026c3254adf2321bff7e20aa54080bbb57d8d52c6a6df6107706a2e5bc6da68f17b474c0edd39401d765086e885cf7992405f856557915603cbe8894676e996bbadbb649a5e7498b91f9bd2f697dd9ebbe4d386050258b9f4c94781e61c660651c3f1e3ae51f8c035eca365bf1c23dcacbd6e225490d7e9c133525f5c9018d752b21b4897bf18b64b6a9936f538a0a8958fc934440aeeaad2b68ac844d76f0900a6c95bd0b353d85d4fb62eb88360112237fd8c636a80e3130b21d66ae8ec58a4b76cba0602f96da919f7e84fd37e3ec2379f58e389a39c78d2482e03c379e3c4649ad63a76e3707ecff07d2fcb0c9dfc524cab49e69a09c92e4f88714335cb57d3f6184d07bef9657280fb5c9fd2d8f940f7ac6c5407e3077aa2e4ba8e217e0ee19e302d6d90e3be05a86dade35d2e454e511afb5cf5936f1d11f2fa6be6ceaa817dbdc7a6aabf2fad8ff3efa8382a25099f0c5989d2ad56ae0f4968b2cfcfc67b4f1c161c75900b4848f59a3c0376dfcb7997bf28e9e85d6dd942a360516de38e1c1a038a796f9a77ff2b0c7e5e8f4932391a0e58e76dacc6f9764178a211dfde3e75d367d2911ff398126ffdf83cf2fbdf1ad5232bed9155f7a168638a572094a9e934d4969b358cf6e121d7fd2aeae2f499068b42c152f0e3403a230885d6f92f038ddaa23499f804ffb06abdbabb51f6c38c92fb1a6271a4b13d6d11125b8ec12efa5907dc65062797fb9cca15e2f254e76b182d3fcdb4e96ac4de36d6df7e7bba5c32f422286b1be3b79bffb6fd693761952d195a84ad9ceb07287a0fbefab9e0347b513c5f60233ccd4b52d90ec144a2f896d9dc7f279f8aa93038f3efa286e1c3006933a4d7183d952f8d28b141b28b2af355b5bd8198dfde1ffb8d09202aff0d16ca3fec194662892a49f829813970a4520f1228aa03d211a45bed3b2e05bf1f10b1a152761e7b6c6ddea863a3c02224256092c70ca70dc185c4c385dd98b09e2682661e1e66f71d9c4037048eb70e8a1cbe57de87ec43713abf5fdcf63b9c482f318e3bec37e878dadbae15a02d731e6c8574eb14c059d72f73be5174add786d06b585a28a06d349d8e434a491b34897b3c1ad786ec8280d7f57edd4fbc6aea5485d659b59d393e331cf91e6ed76f340fcf7cf460892fa7318fc42b883f61d888ad982a751accb613c66661fba5f3d6de751a6a9ef8a4700316aaad04e991aab7903f4ef012ec2a8c092234e74ef335daf360ae47bbd2bbc6ad8c1a4f81efe8bbd703cb55ef36b32b4e30cb5a3b165c02ba295d0e1c40ce6ff8f479a74f01275f113ebfa8ade37a59ce70e6ca2a6f48f1be085f61bf772e2c2da523a2cfe63e99c57bdb1ff23139d4fca49eff7547e9880eefd3f7511a677efa23b52098ba89037c48dfcda2e8c1cfb9f892161049e53f8cee55256279512aecab8c441600dae0fd957883273047cf5c66ba209f830aa2ce0cbe41ca08c0cef4aed7f4324009200661a7ce680e5a8df2d051c1d8b2f63d25d8d74d05c75c46c8f3f24d625539e63459650960498a54ec3b16225bbbf4d3930009df265839d72611f5332a904cdebada108236e4414a2909ad01ec44b9d7f75de4385ad7ca5152e890a0919b3639fd1bcbca3b737ebb8d9ae541b1271cf2166ba15830e66f3d3afd3b754a7f81ad4f0999704ae99c114907c5be4a4797f13b80564f234723a34dbe137dabfd7fa23562df679f54a6ab54def6d63deae9844f72fd73efd0413551f5c4b9ee826eb3b7faf92a59ea34a16723b4fea14d1c8815a4e2d39fc48d1dbce526a7c53f5a96d0ef6463a0cee73fd3505f5c764a264b83c4a21f80e8b61c82d24442d13da99d18dc1b2538e7a510f6093d9ef2bc5cc777d4f98411e93919eddfd69d6e20d227cb61c50f358ea227f4de941fb080c1cf6b1f6e25533768fe133dbfc3f9d29c603bed38aa3c5af5b81a706b0067b40b88f992610d04c7cc36b8f649697cd6a93fae51138161891ae75a7147780fc59af5a6e18c54f9d2a4fe7fa92314b399afba9a40d0cc24f70a2593acf8d179215e06b7a9a88224bafcb2cbf60caf5fe4ff38208a70793b5dc33cd572956260e1c86312d3ba9b3a4b2b44376f2e78c616a6c0880ac8dcbaa30b9f761d500fd03a8518dd0509157b184a2d95e0caf3ffc8ac2db6c54d80c71a1e5b9ea3bf51071e2118af204123daceeb04e4f6f31f32a4d3fbb76ee49440cabda2c121c1b99acab5b87cecc37c3f9066af34ab29d6598bbfd91047a2ac7ce3a8f3027ff5e6d743506f161087278896a98ed37122ba208b61cf54d3929555ab06b564cd5e4f46f4755a6cfa2ef2b30d29ea66f2749d4060d411fa9160c91b6f55cf071ac8222c6313df18759e2958cddfe3db4cbeb9cd39abcf5f0beaecae8437813995cb7ed0b87d42ca942ff7245ece204798d01361c5f008e0d82bdf76660515bc78f7f8f409ccf68614b2cb50f5af2615661326fd971bc57eeeade60ea906b8df1cb0dfafd318cd2c396309c329d0469ca192aa8f51d7c4227685440f073983255baf054b97b9d7be1d1470d7eabd5c09b2116b4e86b0567b7e97e088717a4fe3dbdd310a1c39136ea4d2c47492001f9885dba03bf97e7da376171d666441cdc2f999db137603d57df32b4260fa0165e82917bb1631ea314e7a7437e66fc68cef22cda8f456d6e583f6e3237e0bc79987a9103f7cf0918e26881f67ea582e1ff3a49177599d385bf6e42572a2547933aeddb826530e9adf30dd84c3a7fae5c4c26f6c6f3a9f0906decd314e2407825abef959c5416d18a92ff34e6c521a16e8a0a29937c77d4ee99b41d530a732acbe0bf5d274df9d496b47a9a624546bdcf9976cde12ec989cb2a70b33a7c8a3a77652023164695f9db30dfcf587f0cd4f73e385730bcbdd688f6dcb08ba0efbb9f579220afefa4acfea522e864fce9b1782ce9f14824d16e9d33a2609c23ba3c5a1af02549357a0dcc12e37819d778021762cf895abeac1125b744c8b8225a091e7be9ded9993cfa3ca9abb83e25c8f559009977a2ed9374a89619fae5ef6d164bb73d242004dc8428e44689b33ee3bbe88bb4962ab0a32a90e7aea044f08410752cb2d7aeaf3196648a3a99092665b478bb394b48f79b36db0efc7f50d6a5179c945f5298cfaac5e5dea715296f92abce7281d48a0c9c6b785a35ef5f1697c047ddb254fe9a8ab9f498b0c1ae09ffd01a3d8d427fee7e36c51e0e5c2fee2245fb8464626ab5c9857ebce91f7d22bf024d10c2d71021cd69268472de419e6cefd970ccc5858659be6496799aa7f100411766e712aff08b731460f14f9d7356db12cf8e1c6121968dc68b1d81c086b325ca4ce6fe1f476707e08fa913144b757c6be17cf93150db29544d207f09a896f33b7335d9339215da751e7af2c6bdd19db6f521af2c8a5998dc607f97026d07111488741134c1c86eba123273d1fd5ee4b471e86f9ae9478a04c7482076ab34a1eca5c64f89e5106eed44bceec019c67c12fb4db4fdac153f4ac3b63ffeb6d30de58ec039e2dd3c181e254cd94d0a2b0b44490384cc5915b54ee1db2b6d059879bf8126c9ca976d0f7862da07ecd350930a081810a7afd72b2ad3f65b96ae9c7f91227a2b5513a559f36b90fe01be9ae5ad3ca65e2c26f358fc26b858a3633fda7ae49a5fb705220a5819b3cca41b1ccc21d7c40f5fa9c422288efa5394e4312675899d704a2aab62b8363f58fd4bc12a8bea6ffc45b4414237bf5f019321206dbba439acb5ef26641f30fdac20f964354bce94e4c9d73e137f9806deefaf6f4acaa0e76ad4fef9f6cb7fc01bbabda9612c05adbe46afcf94819e8a4b4b49ff764784fa432d47fb6d4230900043d1b4521cd6839fe8c5df4d1899fdfb13880e207cac73f0a29020bdd563bd9c2f6bcd1ec523b3e03ebf6164fc65af001830c51396f9df2d346f83a59cfc82201cf1150ea57259d579fc2ed199b3fbe42d5188c84e4354610743e5b23a265246313c80b96d936969572e11316bc8926cb23115186f3b2387b82c3898fa41bf16a308da62d5a3eb3609af1943fddde08a4036eb2a41b7292caad9eb082614b02a1fa255bc7abd4d0e3b4ec1801e131e68c7aa9da1a0ff10f9de87dec8fad1ad8bfa99caa49e203a7b9c33e044d4544a537471e7a452468b821959bc488c6b8cbf81e90081a26de273ad1203cc06adb6af242ab19f96c1c66b58c37e2c9309704fba63af99a8d9c5efc651afb631fe9f546b938cc3b8e526c4159e5c9f7afb29fd1d55fabf09367ce2a63a35e7a2062d1c772ed981fd77157a847f687a177cf9886ce41df8cc509302b46bc1e2ba896b1c1656a1bbfdf4cd9ac39cf8510d1c823075f16550fd044aacc8d42a56f03718f7b18475cdc3999faeb25ab3dd8a807ee04d8e5d831d08b4e309dff50330685138797e10c6362636f53f22bfc1f3d5090a5d369282d9de36bb4e2505411ccc6ea395afa1567b15a2fb4be2adeea7126b1a8e80034105e0d98bdd78e796ce1cdc06a4ae666fc0baec5c52614340ed997673e26ec47c88846c000bb7c9075937cd44f5c041fdcc64986e5e1c0f488148f0ee6f842c44c0b72e82109270341bba6e9080b70fcf930d0f10be5a36798ef6051fed72727b72282ff164fc08319d74f1f57cde71b57cb397a9e753f87b97729bafba017a24cbfdee5dfe7fc296c112e93bb8fce560ca80a3afd8370baaa79ad783b51352b5440b144a47378c9ae22eda5794328e95bcca220fd07bb56915529b155c61858efe89ad36a79288e74c0e251addcfaf797432175a5562b46eff5e3aebeb74623e18beef85389383c604d8884431b07dc4bea0174aadc337ff41f558a63f16690feae47efa2a5d1318b7397e1e4ba398727d286791b71610e1d78d32800e7e113c12abf0f60b6ca4401ecd23b7aacd990633b2b017daf6bfef1b2361ece74b7dbcbb1a73d4bc1f9d2e5c9fb0b7980d25cc44d1b10c09ef5a6a05c84669294a5cadf0cd88ab449f9f0bcdd8c48590d416c5c1feaa494a2145949c2a3373df7c6014225f2745bbeb20ff294d22c0d96ca111e6926946207cab56a03162a49e68968e398f70690188ee3ca847ef421742d60b9a6ad029e8a3d607950b2bf8ad8ff297cb39acc94905635770436e134435e28205140331b5100d9f64469792fffac87bca0835cbc617446ff86a7b50418c305f32e658b32130e491e38709fd3697017ac8084cdf1ed81a28375aed092ab4e32ca88a933154dd3a9e99351acbada926b67b310c7070ac1a414a28c5abfe1f45476249a12f18ca2d981528d881ed3c5072e46a6eff3cdf37dcbc89c7f79c88a1f8d15d15beb66a0e4440c7b93e379c4e2bac1d5c8e85f1852887e2cfeb178fba1c67dc2adb0c87df8ca4444ca7f455509f492effb5001328b8cc696e2933207a2d78bbce8562ca34a248193c914406b161c8141479d891b0c6110ec1e25cad38299b489f2ec437017cadba67dcb58abd4933c95b3526f1d4747b8701a7d71e446e4b62e2941d4281faca0cf22914be5aad80f47100000000ceb24e82508fe55a92fb6db70d03d1c1ec09cfee31639341756a4630a0eaaecac7bfbddf9d30c42cbd45eb181d5bd341307ad26f496bb042e2b655c03ac3dcc587acbf50f79b5c239be9938b62d3251b199f8413b020605d5d0552cfd9c39c9132719d6d0a326b000e12fcb51bc274df79d11430060d05978cdd50583f1bca82c57dbee605e2d00fcb5414af13a596d35cb5ba62de6a28cbccc857d23547b1c7fd5ac8fbf6758d5b8451fa46d9acc00344dc2e565674b1dd3547eb8f8aa5fff99042f8d1d59e6ad2f53379211e6832fcb68f5777eb2db85b28f724f4e4ce6342cf55713ff7b0cb4f7f47dd12a6566b86709eaefae024373267ce72a89e7f3e42ab48edcccc96b5d0403fe93a927e5ccf470014f220b8257393226cd7b996f20e6a34f81206733a9fdce03b701943c1b560d3eab68c2c225cf7f7f2b56123be2bb173e9e5b37f4d3348f6b987764ad07c2acd44514ff264d7eda31e5e517a179414841ad4553d51c08f435e05f10aa82d74b97a9ba3a133e6c9175fdcd4f3dc9c16d3be1d5bbaf13240177081ac1d56681bfa988a93af09868afd608520c0bfd71d857a6661fdaf6f2e166987eb007449dd26334ae932c5003fefc0f983b9e49cbfcea325f2de16a9ae935caa46f5b3433957fb370971ed957f138f08a60fed5b84995e428e7ae7d5c22021ff016baef0e713a118344c016a99ad469313ba7f2452da0dd82e019f64aa229cf80a69b3e08ac5847f10d247179855546313232f23e055c2f74ecef14e0fdcc29a9bf0976fbb249bd5c7903183d2a53c70960a183630e7d4928daa7091a85ad987d2a4a5b8f6be6612fa72d9fbb33c67bb38eff19f2e784f94e0354cf6d35a5b2c62233c039de3734b38e97ec72bd673fef09fd56fec329818cc68cdf12cb52f7d37a8350c16e94208880bfcd3e895d7aa4489e3dd15db4a9026f0d2a46f1e89c35845dbd976a1992b87c15a0c7580e6424b8792a7bb7b933d7c5433d4133ba4dbbcf7995d6ed3feaa32f876a287feeb9cc6107778c1f83e0119d980b9e994c2a3ae3de24a103efb3cacb746b49d1ad85746b233ab4aaf0e988ec2a786bc93f32040d3bdc3008031634cdfded5ac95b2279e096243228296591e7ba53c4a127772cc4620e6b238ccad250629194533d0a669ff3366c52d64928693e0b0cbb0b8e2c6029089d4dfe2b4b6c5dcd85f1a02770611e65001e48a32a8b0431a3b9d77fa3a95be38a0436a704c05a8e0183f3214c25531a63796f679bf72885aa766468d42b2543542d7e82544efc5c5e81e6a91a0f5d4e68000cff687d63e45c9a11d4ef515050daa592c9a828ac7c0488e7cdb3d6fdaef5e9176ee68d981ea50d386d74df3b40660351736deb03bfceb721878cf9894b0302df15964242ab6b9f77f98ba1c7993735983d2b022600ab74a19e3636e1400d08ba45d3a5c2774cb06a1c358bbfc11d27efaf7ca53c2e7757c8c76da24707d91a4a5244262898d68083ff91c514d9b9b1ebaa0cb0b10254fda1b1e82b9a1a47f117b5b280ddbec1f6732d11117ef1a7a674699df87fe795d1243cb9c4527e364e2b711b6562a87fafc130ce0baf1701686639b05f0c8dc708f008b1e6ab89e8d623bb83f3d54b7bcdbdacd055ac4eccbd36bbe0af0f65a00e3d6dd985ae8851d176976cfb5816d1fc2a63d3546aecaa4e712ca6961d1f181315d553de6b53485faed0dcfcf819a1ba3badffe797377d3d1ddaed8e7a0acc0c3d277762262a139f94de49faca167b11bf04f2104a5ab9a73367a6461f7124c91a2c4229ef98e6ebde9aac283c7d029400d71293f488ba169b62c1e94689cf5b248ed4aea62b88d65bb764cfe27d5231a58486e7381df518f4ed81cb905108c54a5050a94ca0e94da20d3794bc5fab9127dc95b6404b1e27b4e28136fc27806f7be798444c33aca88ffd45b860eba0d5033839f5a092863954604f1952bd61dad23b11643fe14f3ade08116aa2c13eee701ccd13e506bd65a1060bf69579aea8c8143cd38c0891a3065f251eba0c20ab9c69ddf28e3bd6400cc203bac8de1882239ad4e1b97b0ae2f1abb7bac7c0d8ef82b97ebfb1f5577f06a3a1377b09ada4db87d342f20ab0eca4b9c206042471307511429cb57a578211f92d3647189861cad9145f5eb26ab696abe50a2a6c1b4af61040528aba4e79b586c348a430f5ea61c4be1032fa61d18581f05a07fb8707c8996e0fff1c3eda59b992687fa12483b9327e10224b20d42e8b3fc4670bf070ced602283273d6818acd1f6da567c44d3f5e1377065d43d87d889843ae48e7fa8ba1634815695b8c480ca271e6e833799c70da80fd79acc09b989667a2294de5da73f0363df9a33ad4dab8d27cf7bed0a06838672e3d07d52b6396e9b5576021d5e925abd533bf161c944795065fdd44e8462e3070c479f1c118276653488dd9b2f1a673f8cad3612ca1fab4388ec9c8f834a01a499adb7b3a9a977672f6d75b41bbdd7f91ceb7e7a88568d17bb432be9e4e96e115075bce197ef4754d2914c2c59e2d7f4c08f0dbe34d31f229428f211bf1d7e8f5c319ed4a8273cb6255eb318851ac4557b0278fac63107a54d407c42f300b843a12abd3b893b46c7efac2e388ab42b87aebe2543bd4c15f459bc50aad10ffe1c1196fb52c26e54bdaa7fbd52451f207ffb073ef4b3f71eedd7da40c89505019739e3fa733bcdc84ff4919e8fe2358129ef28291be1d6426b8bafe88463b1d3cd7273745381c7f65221898e6ad361e88b24c54ccc7ac9a830145b6dc096e2d71ef71ec4f03524cb870b724e08d223bdec2f6fdde6200217a13b5136004d455d66547f5a1793e0cad85677d49e5c558852107007c8136812cf021afaf6f7e8f59883371be46cda412dd9c6fcf187c31252ceb5758901d39cd5355ab386d9a7fe6ea46ebf277aaf809c3023211ea9aa189de4d422080ebb9fec50ffab6b95ba4ae5018accc497e79149ed6047ce561ccc10e9194cdccd5c9fb75175c8dbc9d0a916ad59288f010defbbb50d263041ab37aac0f93253bef6f898cd0825d99d27224f26181f9713b8979da64756c95e7505f25a2688960d6155c3613dcc31b6c337a6dbfc6b12cfde1db22b93bbd5e48534fb0bda8b212577a14dcf665c834b0bd24e5f624d2455fe048dbe930328d7cb632db3b0e244bb5d43390b420b15157a339487fc78976f867d3a361aafdd3f50a93c01882da7c220089a544381db22e2c86b228dc2be01820468460437588952a549d37498e529e62aa62bad1580546bcb1e9a6ed1870b7838d05d12f6e3a041e78b1bdb80894626f20889ccb3a468aa4fb24b9c87cbb28623ce59c6b3c6286db366d08004551a25fe4d8d194a2bb7c52e1c85a5fbe4cb15b171489da121bea1c469a6bb185d63213084e3a81ee54dc03a94dc5ecdda7bfaad1df613f51f56627c9d529f13e5c81b5ee4dd228949ca16b9a61d186211d153294470907557e5e14ae665013f285fe4d3766e7b3d8ce5e2a14692072d4d8f79354bcc8db8a2a36c8bcd00", 0x2000, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000002000), 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) memfd_create(&(0x7f0000000440)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3w\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00'}) pread64(0xffffffffffffffff, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000000}, 0x0, 0x0, 0x0, 0x0, 0x20000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000002180), 0x800, 0x30b040) syz_fuse_handle_req(r2, &(0x7f0000002240)="65bb1efc1bffdca077c984c59573aea8a81981c2bbce188137be8377743fe85dd23b48fc8fda28dc772f937afd10c315a792194650df97d87452d217460af22a6c07e8f8066f2948b2b78aebddddc63dfdd7850ab0e48f34f8e774fbe7b0d7df161db97894d61f99b0485e9d3d70584c7f481c213a98ea1f99aff9dde772260ffc0ba0482a0c8ee173ca954c3c8204b4ce12c6c6391aa732c3911ca0946352926cc35935a295cc53dc437a538d2c47876d7e8b7092de6448df6288cad9129ecf5c543814342c46685d8b57d29392f160b72775bf5ff98eea669a57a747689a6b0b753fdb7b5ec3c1c0d5bd04d728e58c99a11591825e3aeed2930f1870a90fbff43e31c21c3b35fd5b26a509f4cb5c8bdc3878ef3a2e40ed35be73ca399f7d50856c5dd475dbfc5e1dec755eda116379a6d462e6a00af696f4a002ecba8e363c4cd73a3c4277fd91f5218b2719feb900c2341b5c280d952245cecba4373c03654a0e24bf04257a42e272a223ddab4c9b6a2ea6d9c2ecb41fbd8a4c35a20c0164a8efad2c8043c091cc63433cb094a8389032c576e18eb4b80e84845df455cabc58bd242623c450bfd1eea15620271ffffaafe1e9406f02d9c0098b6b6894ed5bcf59604bcd1d929691d876399ea9f0b48b474c1320bca9eb819e8b49e7ff1d4ec59874cf5aa7356bbb06aefcaba87bd576c88c7ad37e61482e7f3aba934b6fc21ca219c0a7fbfa090d411c811cfcfab656142f5efc5477a117f7e8ec0a40726ee7f1070ce5b784b932a6ca6b786d99c3ebb5fb9306c1b65a664feaa6e74d46dfcb5ae73cf959e0979c24502ff31a6246d3599fb545cfd7863c437bdc611e8d1ebbe030365c05ad0cecca946118e5e5ab7fcbd0df8d1ca6b20065ea1763c6091fd7b32a36b3eac92c4e51044a466622a9f6c236fe0b171c35e49f7b8947a2bf1540792bcce50ad66670996f613aba92c893ddc8d40bb2f948a645e98806f707361db32776bf6009b2211fa7c9dbc0e06ca4ec7a9be4b83d2b468ab55eabc4b9edbf2c8f771fae9e1db517ebc8ccebb4eb618b5faee901d9f8fcd7a74360fe3ae898d0fe2e0f9fd13e8ca8d3c8e6dbd2dd41a813ab9e0c44d96b960cf593bbcc560a8f28638b43bdd42d6eca7c7ffca129965cb1660573a1eb54894e12d312d8a4382b9177f2ca8277302353c2cfccdadf81e0ec6a9b3348b22bab3cc1d903d95684041bbbf07bcc32ade14c70a7bda96a5733cf6b659cf2e2cb5f94ce0095366a18dc9f46bb8a7bc39e76c4c428c63fb0f33a9acb41aa81bdcd503ebfd97ca36e8131ff787508a911566fc6958700a381495cd654d97b2d1c353c3da69e3e20dcd6b79cccfa85f4dbbb4869c73453937264c48de962747fc63c6e5449d6dd25885b5218fbdfa4490a8f89c765f254fd492085a37105d367ada13a75df1d96a70ca885b282733ac0abe79e2ec76b80fd34977aba3e9d1179924818143b5cd437a136a2f3e0c931a3d6b1e2cfaa9e846f579e57a24920352e3f73b9b8b17c9c4b66c20b2c0b0d3bdf5cf20386f9ba4fe74f6dc5a664f55413b0f66bdee60d3f8ef7829aa19366953d55f3472d59bed3b9306ab4631810671de32a96ce57b0192c905c5e3fb522ea56258996ca0d3c995922201470a60771e5e112891cab126fa60b0adb77932521411de21e8031d93bc376c721e645484c8ee555d24b27b3151f5f627a93325987881ae6ca9d568c83ea9fa7a6972ae9a037f540a55fcc8d3e726a268ffa41d42ba1ce1741b99aaff8861b4b92502312fbd92da90a130f08b1693dc34c51887cdb3ad746109cb09ab05e3be97159bd346c8367f0d12734be72b61ae8bef07a9fa7c49bb1efe2f0fc3c40dc8eb03dd798075de96166407a6e57722f842dcec1f7bf53e4565e81849d3088acf221ba160de734db349946e6f7f438801f6cf3b604c792a059ca34c4c2df1cd0a096453fa0aa6fa8ecff3cc1148a2ac4bf9317ee5bce3c4a52f5124e535143c2ed0dc44529c4d6aaaed8a89e1f153e924eb18b62718ae91605664bec77ed4f27ecf64512c76dd46dc91fdf5a34b392487ae3ddd6c0147f3cc7a142f3e45c7f779332e6f8ce4c6a53797b999debc2ee037b47ed52b56464d66b046a8893cdee66a5c15b3beb55e96e1e550093175366084c4a0bc62bbb0d309d6f9f9b10ab33b39999a02a04aaf8701384b73aeeba8c35f2863d534329473faf59985b8852e51bde75a852ef1e6d000a0639b9cd21c59c2fa6ab1c7ce211ec7328cc33cf6ba193b4279ed3945f6cf41ecb3e9f1b453c3131a4a32d50ce921b7a6360b166f528cffadaab91c77d5adbb86d059099fa80527294770f714381208bbcaadb4684e2c81b62dc38248a0daf030aa78eeb9fb806ce1919d2810821c8ae34d162ee0764ab57f41581b6843ae081e34d582b06e5d1c28d8aaba805c3c8b4f6789d2dede4fdfcdefced3edef8a9d296f9f30c11eddcd5d3e709e32571f3e94488d53745e50e17ebedf5c49a46775f88b07df739d8f9411c54805d2d73cc8c9f87dacfdac92e29338f5313baa16203e99752b0300b952e2ccbf9b28cc4de3ab0da43bed85934dc8ab127f47b1f88e40e262599fbbc0caad9b67c7e90ec8541c4a1e9b1543c102e80cabe185610baf68738d4e538a964df06b01bafce36b305ba7bd84f798026a28b61d89ad43583eca1981f241d10108eea544a388b190bca9b5d02cdd9d60e03af6c0f16ce2de287cb371833b8b467f6e923d4f8776e630e858f44bf734baa27883027bab5e35561f41bc957278784174baa1a49492594aab5a80f3747d6856808cd2a5617adafc8f1b78c2858b2a49014cc58bc7a294a9ee4e44d4550d3dae99a1810cdbad020cb91e3a7eb75d733c0a34d5e7fadb04bddaa74276a4661c4f0872e1ced319a3ceb6cf9bb8e61224412060a506792f7690445dc7caf30a79ec814259a461cdf3d59d44ec606acdcd47bc9dc668b59518b8d4f97baf2886162cd0514a1d268ff0bda4257b83c185c895b3946f67a2687ae2a9622488019ec43fd7f31b4c5a73f4a38bcf46a92dcaf73acdfdfa502e213e5dd84fc20710a38ee86363d4369a68c231203542a23937605b5afcce8f227baa00b53ff0684d54b698e95bdb834656c8d2f4c25aa89fba47d4ecbb681f54dd05eb9c2a682bf80f6815ec3dc7297a324de01b0464109b899481adf173e6dd738396c72ccfd110a20cd066d4df1e2c92a2d554573d0ecfd56a1f4036d9918ee827e559df4d2ae4f212e27d62504e3ba8d322e2a03a02d501824527a33d721b0f94e33630a27a9725e1f220ff4492e603bc9fffe38e98d9c0c7d71af1d09bfb80fc982e2aa860bebbaf4c069bea001d1d0b0143dcc8ef4cb81a37e228671cf45348cab621d2693054785bdea8d59b11b898a97c2e9d2798bae1a70c979e341898679fb1200b243ec118bfd5e07d420216af8f404aa961b2e16e3c83cb3bcd4562bcee7b3ec067f60a4a5857f6de53e02e2b1274328e43f2d392a6f3fb06c876a187147ab2574240a224708b0a450552bd0bdff51e2cb9fcf90856cb30d15feb0afee795eb2141be0c79df786ef2d0c9ababf04a38affb6c57117b62a424569512d38b2e48a324337a77d2a242a274ffc44e47370674bf936d4397ad2f06e4d084e37e8d63a3ae704d6812c1fa58aeecf60c140ebf0327f5c17ef33ef67b0c357aadaaee44b7e396176f6178ac0eac38fd8db5b668995fce31e7a970ec83d4eb21dad5b896536d55590712bad3f73a3698120f8a41eab88b6495a8bc73af4eba8848ed0743f9803202a772f9663bfff20c7e04e4ad9075f1fc18d54d9c4922d71acf8478bbe9d1f7d90e3e9dcde8524d36106113f6c281edbeaffdfcc76e70bc5b00d474a8ca9fd2b7037aaa0f47514c6b5502e3c15b750d37dce26e755a6326910ae42fb7153d5d8be17bca9f776bb8ad4c2f2cd89d6a791e67d4cc46ee154c63bc51304aa0ed5022e00ac74e277aad5de5c85d78e142ee8b4f649e0a520741f5afda71af226cbf0b833fc5644871271e64fe72e1743f3804cf060435d13622608cd330ce8023ca0291d5d80e0497aee84001f22b4377b8f036afa8523d9d9460d2e794f3838e41d124651bc12abf7dce44bd85e299286ee7ae2ec5e8460249db8b48402ccc81ee7d56b697f1068552771848c095dcc340f9d9b274d9f22780fe949c2f8d0e5f21a1381f6127ac664fd22c035131ab268a0200f066f4eadca595f0d682e65ff2e6661a7e96c262703955048cf311c0535ac46e101238335fe9a40b0632fef58a4625e7a2d2dbc76c79d6104b2ec928d81ebbb86536f66cbcce759bb76dfd309364c366cfcbaa9ade4377863083ce8e93c0e2c9d3f5ce069e2c2472508aa4cb31e502fbda6ed30fb4c45dc594e89e592f65c7524e6096c4338c2605fae9a423224ba1d44764f716aae1ce60d70be0c9fc7adb7e048a0c5499aa72737e4aa54f86f230d2d8f24ac72d51d2b819ee19b316eb9568c19412b5fb34513cd21129910975c6fa60191e97230855ef89f75344b2435d6085ad030d4c0ff012068d887962eab06b525e73863b151eb44af4c8dccc81194ab8fbe50c97881ab7d4a9a4af008f8124bbc45e3f2174c7a58b286d9eeb677c1ed6f246012cf872320bc0fc920255f24767764e38356c57a8efa3d364e7765efb254f1c0e9e77495a890708ab10a12cfa56332f58b9f2eed6afae207f2e4214b153872a1b4739444c0ad94e5e615ad46d63e34d1f42f971376621d629d869b1f56a5fc9363645df31e55c0dcba6ab47331cedd8028ce0c84522d3870eac40a386a08e530c531e9e1f9111acce1a1f6ae64542a176f1e7804ac0f73be83e12419560d34452192301ad29b9107672227ec53e35dc93ed09a95fbfb39568c91e34dcfea5fa44b9939529205887771ec4d5334893b1aaac345ff21421d1002253116003a49c011aabf7f6494e88572eadb57e668a16947a55dcd84db732dd1de82dbffaa40a5078fcf01fe5b7e4ff8d58be32a6d808db539410bb02919dbfe30c3fb4bc317865b92400e3d86cb2229688be7e5c5cfb825e70935cbbcaa22f3522b21d615b2dfbfe4fe3b569860e2365946c935815f9aa44ac3dc14f1ca9a1b935c8e47fac26acf8f704777a5517506ffe5164c8461735b00c661a50be84d5ea6263bc7a134a94d0f27c8fa310141a737fb773424b19315fda94de935fa0409f0cd94eec03594f932669e0c575b26dcd311e1c0443e3092666f8a685c8023fec4984bd25d4fa1010030fa43953e6b7a47af27c31f5bc952677f46c25011273f1fa42e9bd44f84b452ea7ce4cb97167f25325fa525e7bc962ed5411d45301af32b4167702793011d8db92aef967483c42d4e29dc9093b3d68dedc7a17390c9732dac943efb9d554db53b617488b0af0aa936792032fc7a38ac7d85be891497eb3afd3676a4159830a793877f66069a2aec6477dd1bf8a4f70c5f57eddd724f98ae1a33395ae271692c6de49923bbebc07bb7d205abdd45c0950afe42b4dca0ed6cee986b3e454a5bcf966ef2169599587076cb9ef996bf487bfd92c2dc39f325c88210b0a7c66606a9426afb7e1be119b637a4d2229229c49046dc0029baf9ad78f26786bdd7a194ef5a8ee028383b8db238c919b0dd776f0e8483277b062930857f1930a95021fa3c497958dd1df3c935cd0883c6ecbfa32d56978b57891af7a33e896dda6b094ec648a7dcaf4d973c1b18944acef0d1d2b822b42628ec0014a87b1e143b35df4c0fdf80cc2aea01b6c181e01d7915481892b55da49198b2d53bbf37b46af20d24f82be219a60e8682c692e39e180e5d3e8e741762f294d779adc764221ec10033c60d5db26b2c6a24249144a0b9e798abaa381e0db2ffb91b837602961c3238d800a447850dd705087853d45e3bf66a326504612b9c3888ec83924ce150d956a447b7542b23bf6f4d6b91b8920f416ab1ca86565bc518367475447f9e958c62b934d8be82529fc1f8938f3fece73033a25a50ff99c87697e2b4edff6b4e592a8797d67eb429bcad602bfcb43de23c651fa48a33ae53e126e496c9bbc8b85ae5f10acc63efe77e66ed0885ffcdab0afd70be50b1045dd24b5bd466eaf19a6ff2d103b2664a65946648c4d03e3d70058847cc56a2d1de5229205aef1db56cfeca9a030f99283ba718d8079b655c9c26883bfa39492849c002b2c32e030a321a2bebf7b863add7765805c7d6a3f5b5d1978d218eaed04235a098d1b9cf403d0f344ee70caca7be62096252fd973592976be5568562d199a5c33f06afca7874d32712c5ec84c83136637451fb6f68d9f5d062039ea5319d72581d679fca127580ab971fae207a17b1d9b12c484a2b7cda4df7c3321b735ef28d2de72cfa7d31328b0238c942162f62ce0859808cf9010ea1a68429995bee1ce276e33cac5c0349420f610e85b2ca34fbdd1b3b9cdd5be11e7638e6cd8da9e12cdee0700cbca54d9fecca4c31d93c9960fe949e809bcf12df005686dae1518ec4ecc7dd00e78e9200c59045af80eed21b5fee6272e3a12ba1f8f09a9bf1b2559fbc1790083fc8a5754f84a215f876e1fd1dca5879d2fb03ece30dabde8c99d88a0180e5ebdf2b951ea76da25bd9bb44ec6119b1d649558527c70444b03d407137452289b10128a0bc6310389f09e01f278ad1e94de386d111b587dc4e765c09b0103bb51d8d29da28976f6150115e08977cafac3f84fa0e2c56cf3dbcd279d0cc5c282fde665db5b34d9b0bb8284a63fb0681bb8a35739c64f0079af4df4eb84e529aa661ddd257b3e85dd954bc1b5e6a4e079ccebb9e6efa0d96b76a4bcb00a970219ada316abd9b524ff668202c6adac06d1f5df4ecd8effa3dcae5f94fd47c14ec9309cff4f99976d6d53b039efeefefe87c1be323f3b1a44fc4f3026215b6b128a92b2a3d871dabc4538a83701843a841165eb44ac51533a035a673cbc23dd184b5491342edd5ef9673f6432000204fd1bf235be4b3dceafe10733a2be565465137674347201f2ad69d6dece558493fe187e64d27b0dcb69c5a61e9c9e2d2ebb8d5f47ffdb2bc096dea8926ecb50e77e7dfaad35fc1684a251e329346ffa068357fec7d932e5d13627be47a3483331e59bf6471fec89a09d3fedc51ce0ea301b54c34fe099aae29dc8b622616b22ca04d0a0e3bd2a3b9b787020bf12f737bd1edd2af443c490619bbb63281fca4b2d5b86cc5560cb7b55e856a6ac712ba98c1ec689c8f2678da28c480e0155c1eddd594788d0bdd96a01e9f70312a208174d22b95d81f2c660312b3d476be365df2d2edc587860c5bfe569292e033649df723194dd20301e9b1df80d10fe30c2bc0d16f0450192621ed2c76705547d2e5ede82cd2a6b1ede4796d2fad90610c464453a9c31a096fe91810c5728f2041841460cfe9c7aef29d006058b252d7cac7009c4331a7ef83e996cab54c7723fe77b68e5dd3bed5687d68d5ec81f7edd73360ba1a0cc84202bbf6615713b924eb6cc955a70bc08c12ba2bab427207bc71f59875eb022fbbcf1b4f35062b01be2fc6c368556b983715fb3b2918d7136afac6f02b7d2d57a953699fd5567888ac51c800db0597d3230cbf0550693d93b42a0dc0197d769e102b8b69e2c2b95f2fcdab71777bf6556062917ffdf7f32c4c888acf7c6ffa51768e267399ca1d1f41bfe0cd146cc8f6f244a7ae4d4dfbb20d9d3e5d65437641bfdbf1e4efaa66ca5fb78840ac6579d44513bf97c401b273f346c1d5d56448b5caa59e89c83123aff277c2f86dfdd5ee58908d94dd634ff50038842c56772e9d117308d0a096fe251e99089885518c45e9dd58d92c3eab9098241ec6874d812ea389456766e65fbb22d33c79b1f181500f6222e5cdfec5ff9e7d35abaadd8e58e83dee71c805a35cd19f43e0504adf822c6d8c24bd209051ee733d3eab48003ef7f97d4561484b6a5a699a2f26aa6aaaead8b07c02513bf2bd3085e65a9a6909d1eca6c9d84f458e61c2cd0f7566b274a7abdab5466d24df76e1fa4bbf82893128031c49060002e55cbf035bbd4f1e3f8ec0943f2f4ffc9e1ce572b68680321f03a9f90634b8b7c2c5c7360049cde0056838b619a86f8a7b277d945ed525f284b2dcb3de373432dc9374bb94006b3d67e131a9b03c9da8e1e64f6a94e532845cfbb38fe4276f4482599d30a845a34a319ffb25e85071a5e1324a59d9088aa2a66b0aca84509c93f3627d1107f35af4331b8802b3971376c1c868178f23750b8bc0f87a32ab3f8ee5412392967b93a43c4b853d4ec97a587a2698a0e02382f1cf05160357d90a98b3506629cc9b7e06d5a775625332e24038428dc954493272acada5ce11d4150a60dd2af9db8e665bf51b8c18510b4b560200565b42fa78956d44c3fb10bb726fe20f3ca463a12a1ac146233e4662de146cdf23b02fd9eaa6c792f75f6996a7d8a9f0e4e64dbb1d53552bc3af4a6f714b6cecd3874f7dbf6bf030f4a198db61ceb948d2ee0cd9cb7b53e7435bb1d62b617e641e443703fbbcb3f608a4427b59bde9a0c61d7e01ad2977a0a362dc312222522098fa95ebbce5090c90df1492b73c0499bb8b063f815ee8b92ba28f860210873a2452e76b3c0fbfd8ba12cbe5bac368398b60858cf864631c4e8d5896fb358e1ec54fe80da931b5b05356dee5c89f76142f312532b0c7dbac5ef03095859a30d76e2cb11a1cacaa5fedddc939929e620b7e077b46cb83820fcf8b9c109915a8de13d5a3b81cbe433309fde057afa728a24437ab8ddafac2dad1e7b8304cc45d564c7a4faba16912bbc4699f8ead496fd67a52d6d94495909f437362bbd29a96d975cb41e824262541d28c8799b500ac2fbae2fdb52f34139c0ba9e8060040449b431dad8e63fda357048c62b2d910bd3e68790286223b4b748a48d49278f8d9ce127ca3ff33cc2c209aa99694e9e4e71956984363ccc14d42c3a987831d3263822e19602c320610c46c09d9c3b8dea4fcf5b95352a8a4f1f0816b4e698d9ca9b8a32046b711545f17ab32b4c8db7e8e2b4e6e958b57dad1b1d53ba7508aaad1c16e0939afd45632e577e340cd2979fdaee975200b0f4fc83361a174ddb05466cb230e2af15156437b890236db9e7f56cb70a950375d590ac97058c75aaf2acec142245b2d7ea900d9de29c1c3c9ff14c4801916ceb27710871d189c82cfe58bfda0cf9b084cf042366e544877c53278c0d2505aa7431a41b1592498d3f0b700038afddd754b9d79d6971b655a75e34f8140a6bed8a92543c7964aef40c646f0e0ee9753ec2ce9ce42d3f4de7c6a21e8beb56037c05389f8efd0e41808e056d1bba1a61603cfbcf242e45c85e952d77b36713af32ca785ed54201ddf04243742c2402cbc4f0f5c9af995c4e6a826763c6fd52121f4e088f5027a8764d7ea2d9e2726e45a527161e76190eace5e8c8f438d4c7448bb0ebc0f5d88066942ddb0b32201d0e15c1bce2882452d862fa0198df12ca89a2355b5729109e29931112d9d1c1b58b6fa6912095d1f4f3d8ffa263efdf268560cf559565fc90ebe475df9d783f03134327a5cd6fe65e6522e2032f109041b15668cceff12c10a64e28c6e108b9676097665874d4aaf3a7b477a185a453b368ab7700d774abe504cb11ed3399cfb90516041bce0083036d99c89361c6b33c4709782bd8911b636afb11601fa5e89f6485be778cbca7c577dce088d858c9e9e5c4638e359fdebcc6285299772be541fc957294adcf2e182cfb815e275ab3c42b3de8a5ad0244169565ea1ff454feb782155c00da98fac101c4ebbd247f5bf6a482613bfa3aa0b186eec90f01171a6aca07bc21e817c6761ca222081ada8db55238a000cbeaaed939613cb49d130117360ac77b5cd1dc4beaa75afa059ec8ab1e40dd53ac4df99c79fc73acce7ac062c182b62283fcd4309dbe8c05ba7c1f8113d4382438f389fd9c3028387fd15172f0d67bccf4a8915f8e60361e23a8134e7ad66cf6f51bea376952b7149d99c699664096071e755747f1315b13297b9b6125e04d75244fd21cdb8a8821433bc3acecdbd88c4f3f865ffad75e38ec1cdafe39d8b76292a25ee142b6d86099110897b14a8e3b2b9f0195126d8687918b36413f7727d6d12733dd0c296fe06c364428f2fe0c8589da41920e6c17f89befaaf233974deb9fc7973c419fda48d8de89cd56e18e3060187079001c0c30c2783ac9ad94800b073a19a4666ef596344edd598a433e79a06536ed43cbd8a08b9a652336740346cb847a5289594a24ec77fd1e403556fbc9c54c968252c577e5933214fe726e87285c7d4ad4cb999737da991da6d5811aac5d5652509641b10782abdb252621d2f61536baf29f831feff55d9eae11779d9cd710de0068f52af46cb05c0a25962b6d0b06432c6710e88b588ebea44d960ad50a9e474fbd9da731e38d84f35598b88d6b403cae13ae3f4195743b85a0313c374d95f695ba586e04ecc47133284b65afc7741650245aca1161443b673392f5d7642a9166c4ccc1a71f628b327b19d526a54dac8d1fcc27ae847f1f77f21edaa8378d1f193218a2a192b87f91ca6fb3c04ed5469152b5836ca7ba375f10393dda2542369ff7cd1cf0f803088772f8eb8bf48bdc532ddbcd058a51f7389284edefb6458c2765166e94486e9190b17141267a76d3754b61c69ef00e0c2caaa4569efed299ecf6d3b461c59feb5646e65d055b369fc39d5aded408a9d1d5eca18ea4c25111524d9988aea8907bdf8b6523db86738aca7405b395c4df81dec0581a28413ba3f1b87cdb64aae99292ec71cf0e5f083a7767f60d8883667e5b6f229d612ecade9ce421d1d754e3ef11f2a7364821750f495cdef5f7cb863ab1d93f59db070f7557ab478445bcd26a1ba4a8b735b970f61bfee6000d7abc5f670b075904acf53883eb58a8447972b8e83f54a17cf718dfc5f192b1b3ba2a79ba1ff58b52d1d3e7b417da571e92f8e9ae86e71a550df25e600fe83953351105f683f882b5dd968a486b2677aca07c859e767e14a576f2971bf1bdef4d2e15c5732ee1e169a6e376ef818c344ec9c9aba0acb5ab90a8933908d29d17f34f1f1a2e84b096b24c487a5b9c4de679492be045e9336d032f24ea6aac6285f09bc6e0b126773ee9281cf5ed8ffbeb56d7d9ce044d478076a58c007f9b4fb4b60db8907823f72e2c54b158c0b928fd90246e8ba47d4218b297d9bd6e1ff411c734f382008990340d68ff75683e77d362b817906057f49c64e14a3bec7893d2ecc46b86b7b1bf7dc1c400b0b3b9a627f38affbfb4ffc384c454d9a34c321aaa4db8a50869197b9bef12edbe9a2e5f97ae882b6d920575a552c6f8341c0ed1ebc852de601d417cce7e8faf69232cd19f48c5c0538100591f27f37a13aa0492d4fc2bbff477ad41264c32961bc934a45f72059da78fe2d2b2203eed84c9a504e8dbf8f118cbd9da9fc0d2ef3330c5ff8e0ff647a69d27704c9b3e289b9837694360cb406472cac7132348bb4c5f811b06ce6f3d57922277adb95ff", 0x2000, &(0x7f0000005880)={&(0x7f0000002100)={0x50, 0x0, 0xff, {0x7, 0x21, 0x6, 0x0, 0xffff, 0xdc, 0x5, 0x5}}, &(0x7f0000004240)={0x18, 0x0, 0x0, {0x732}}, &(0x7f0000004280)={0x18, 0x0, 0x6dc9, {0x4}}, &(0x7f00000042c0)={0x18, 0x0, 0x1, {0xfffffffa}}, &(0x7f0000004300)={0x18, 0x0, 0xfff, {0x3ff}}, &(0x7f0000004340)={0x28, 0x0, 0x81, {{0x5, 0x7, 0x1}}}, &(0x7f0000004380)={0x60, 0xfffffffffffffffe, 0xfffffffffffffffe, {{0x3, 0x3bdf, 0x662, 0x7ff, 0x100000001, 0x7, 0x40, 0x20}}}, &(0x7f0000004400)={0x18, 0xfffffffffffffffe, 0x1000, {0xffff}}, 0x0, &(0x7f0000004480)={0x20, 0xfffffffffffffff5, 0x1000, {0x0, 0x2}}, &(0x7f00000044c0)={0x78, 0x0, 0x5, {0x5, 0x401, 0x0, {0x6, 0x81, 0x842, 0x1, 0x100000001, 0x1, 0x8, 0x5adc, 0x0, 0x8000, 0x80000000, 0xffffffffffffffff, 0xee00, 0x8001, 0x60}}}, &(0x7f0000004680)={0x90, 0x0, 0xb9a, {0x6, 0x3, 0x1, 0x16, 0x3, 0xfa, {0x1, 0x6, 0x7f, 0x10001, 0xffffffffffffffff, 0x81, 0x81, 0x63, 0x20, 0x6000, 0x7, 0x0, 0xffffffffffffffff, 0x3, 0xf87}}}, &(0x7f0000004740)={0x180, 0x0, 0xfffffffffffffffb, [{0x2, 0xc1, 0x17, 0x7, '\vem1\xc1\xf8\xa6\x8dN\xc0\xa3w\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff'}, {0x2, 0xa5, 0x2, 0x3, '\'\xc7'}, {0x4, 0x3, 0xd, 0x3, '/dev/net/tun\x00'}, {0x6, 0x0, 0xd, 0x1, '/dev/net/tun\x00'}, {0x2, 0x8, 0x0, 0x6b14}, {0x0, 0xd77, 0x3, 0x0, ']\\]'}, {0x4, 0x81, 0x4, 0x3, '/\xe10*'}, {0x5, 0x4, 0x18, 0x7ff, 'net/nf_conntrack_expect\x00'}, {0x1, 0x800000000, 0xd, 0xd7, '/dev/net/tun\x00'}, {0x4, 0x80, 0x2, 0x3, '%#'}]}, &(0x7f00000051c0)={0x5b8, 0x0, 0x5, [{{0x6, 0x3, 0x100000001, 0x3, 0xe4, 0x7fff, {0x3, 0xfffffffffffffffd, 0x100000000, 0x1, 0x8001, 0x0, 0x3, 0x0, 0x5, 0x2000, 0x9, 0x0, 0x0, 0xfffff41c, 0x10000}}, {0x0, 0x7fff, 0x5, 0xbb, '{]\'{#'}}, {{0x0, 0x3, 0x10000, 0xa20, 0x2a74, 0x2fbe, {0x4, 0xfffffffffffffff7, 0xe5a4, 0x10000, 0x3, 0xfffffffffffffffa, 0x6, 0x800, 0x4d8, 0x2000, 0x4, 0x0, 0xee01, 0x7fff, 0x100}}, {0x2, 0x0, 0x4, 0x10000, ',\',\''}}, {{0x6, 0x2, 0x3, 0x1, 0x1f, 0x8, {0x3, 0x8, 0x9, 0xec, 0x7fff, 0x1, 0x7d181f51, 0x0, 0x0, 0x1000, 0x3f, 0xee01, 0xffffffffffffffff, 0x3, 0x1ff}}, {0x3, 0x3, 0x3, 0xfffffff9, '^#}'}}, {{0x3, 0x2, 0xd499, 0x8, 0x226, 0x7ff, {0x6, 0x7fffffff, 0x7, 0x5, 0x0, 0xffffffffffffff08, 0xffffffc1, 0x7, 0x3, 0x8000, 0x101, 0x0, 0x0, 0x5, 0x2b0}}, {0x3, 0x3, 0x4, 0x0, '^^[$'}}, {{0x1, 0x2, 0x1, 0xfffffffffffffb30, 0x7, 0x1, {0x2, 0xffffffff00000000, 0x7, 0x20, 0x3, 0x200, 0xace0, 0x0, 0x9, 0x9000, 0x0, 0xee00, 0x0, 0x2, 0xcc}}, {0x4, 0x8, 0x3, 0x401, '\x99\xc2\x1a'}}, {{0x1, 0x1, 0x8, 0x0, 0x5, 0x7fffffff, {0x0, 0x0, 0x7fffffff, 0x0, 0x7, 0x20, 0x0, 0x2, 0x1, 0x8000, 0x5, 0xffffffffffffffff, 0x0, 0x7, 0x4}}, {0x5, 0x100, 0x0, 0x1b13}}, {{0x2, 0x2, 0x0, 0x6, 0x39d, 0x2, {0x2, 0x0, 0x100000000, 0x9, 0x2, 0x20, 0x7c, 0x8, 0x8, 0xa000, 0x1, 0x0, 0x0, 0x9, 0x7}}, {0x6, 0x5, 0xb, 0x2, '/dev/vcsa#\x00'}}, {{0x4, 0x2, 0x0, 0x5, 0x1, 0xffff, {0x5, 0x2, 0x1, 0xfffffffffffffff7, 0x9, 0x101, 0x4, 0x7, 0x4, 0x2000, 0x401, 0x0, 0x0, 0x7fffffff, 0x401}}, {0x6, 0x9, 0x18, 0x9, 'net/nf_conntrack_expect\x00'}}, {{0x1, 0x2, 0x1, 0x6, 0x3ff, 0x3, {0x6, 0x1, 0x2, 0x3e, 0x80000000, 0x3d, 0x413e, 0xdb5, 0x1, 0x4000, 0x7, 0x0, 0x0, 0x512, 0x80000001}}, {0x5, 0x5, 0x0, 0x9}}]}, &(0x7f0000005780)={0xa0, 0x0, 0xffffffff80000000, {{0x6, 0x2, 0x81d3, 0x0, 0x10000, 0x2, {0x3, 0x5, 0x9, 0x8, 0xfffffffffffffff9, 0x3, 0x0, 0x7, 0x9, 0xf000, 0x69, 0xee00, 0x0, 0x5, 0x9}}, {0x0, 0x1}}}, &(0x7f0000005840)={0x20, 0x0, 0x1, {0xffffff6a, 0x4, 0x4, 0x4}}}) perf_event_open(&(0x7f0000002080)={0x8260c7f5739bad9b, 0x80, 0x3, 0xd3, 0x20, 0x83, 0x0, 0x400, 0x80000, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000002040), 0xc6633799512597a3}, 0x1900, 0x101, 0x8, 0x6, 0x9, 0x4, 0xdde, 0x0, 0x830, 0x0, 0x6}, 0x0, 0xf, r2, 0x11) r3 = dup2(r1, r0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller1\x00', {0x2, 0x0, @initdev}}) write$binfmt_script(0xffffffffffffffff, 0x0, 0x191) close(0xffffffffffffffff) unlinkat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/nf_conntrack_expect\x00') unlinkat(r4, &(0x7f0000000000)='./file1\x00', 0x0) perf_event_open$cgroup(&(0x7f00000021c0)={0x1, 0x80, 0x9, 0x1, 0x6, 0x2, 0x0, 0x6, 0xa80a0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x4, @perf_config_ext={0x3, 0x9}, 0x4863, 0x9, 0xfffffffc, 0x9, 0x200, 0xc5f, 0x7f, 0x0, 0x1f, 0x0, 0x6}, 0xffffffffffffffff, 0x10, r4, 0x5) close(0xffffffffffffffff) [ 298.561253][ T22] audit: type=1326 audit(1631031281.623:8531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9441 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 298.561855][ T22] audit: type=1326 audit(1631031281.623:8532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9440 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:42 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 298.664143][ T9442] selection: kmalloc() failed 16:14:42 executing program 0: timer_settime(0x0, 0x0, &(0x7f00000004c0)={{0x0, 0x3938700}, {0x77359400}}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000380), 0x6e, &(0x7f0000000480)=[{&(0x7f0000000400)=""/77, 0x4d}, {&(0x7f0000000300)=""/56, 0x38}], 0x2, &(0x7f0000000a40)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32, @ANYRES32=0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00*v\x00'/22, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x60}, 0x20000040) timer_create(0x1, &(0x7f0000000580)={0x0, 0x31, 0x2, @tid=r1}, &(0x7f00000005c0)) timer_settime(0x0, 0x0, &(0x7f0000000180), &(0x7f00000001c0)) signalfd(0xffffffffffffffff, &(0x7f00000002c0), 0xffffffca) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x515, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fff, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0xb) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000200)={0x2, 0x80, 0xf, 0xb3, 0x0, 0x0, 0x0, 0x2, 0x800, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x4035, 0xffffffff80000001}, 0x0, 0x0, 0x69c, 0x0, 0x7fff, 0xca, 0x61, 0x0, 0x5, 0x0, 0x1000}) fcntl$lock(r2, 0x24, &(0x7f00000000c0)={0x0, 0x2, 0x81, 0x8, 0xffffffffffffffff}) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_settime(r3, 0x1, &(0x7f0000000000)={{0x77359400}}, &(0x7f0000000280)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0xb) inotify_init() clock_gettime(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x0, 0x6, &(0x7f0000000800)=ANY=[@ANYBLOB="8500000049000000180000000000004000000000000000009500000000000000b436feff00000000b94902001000000044929c8239147b557aa61cd083eccf3e7b9823bfa2603aaf4c7e577eeb7c2eab025d9f569bba713c868ff8ed9509b1acf85817ceaa51f7d672e3889d133074bdf303b3525a037d17557b0c6a9b1bc00a8f62f3f26f7df5e5106d0f1edab23ae2f24c50e2c846b7eedd866c11de7735445eef0a4a02ce04a4b4ed4b9a3e2570840301000000eaccc313b4f1af4d1a7c5659db9c5a7dad3bb3e6da2d2bb38c5c03be22cab421a3d0d4711271568c058e38d31ac6d1872b2579f83d1e8be135e1960f87e34e8fa40dd92de54a84681c5285637ed0a671d1c8193dca677f00021058d0fbb69d782702e37b866a2e401ea283da8ac0fbf17929eede63f29bb8c475f9f52c65d407496661bfe5b949ab9bacc564fc9d93c996c67915f0f97e29dbe101d40b5d9fcb972ea6a6c58909e03445219e195cf750e47128b31d24bf33b1a6d1975319998ff82ea8d07c4b3a530b6542f5fd3304c1"], &(0x7f0000000640)='GPL\x00', 0x6, 0xd3, &(0x7f0000000680)=""/211, 0x41000, 0x2, '\x00', 0x0, 0x3585d18cfb280b3e, r0, 0x8, &(0x7f0000000780)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000007c0)={0x5, 0xd, 0x200, 0x5}, 0x10}, 0x78) timer_settime(0x0, 0x1, &(0x7f0000000140), 0x0) 16:14:42 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f00000002c0)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {0x0, 0x0, 0x1000}], 0x400, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0]) chdir(&(0x7f0000000180)='./file0\x00') creat(0x0, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r1, 0x0, 0x2) open(&(0x7f0000000140)='./file0\x00', 0x290200, 0x29) write(0xffffffffffffffff, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x0) open(0x0, 0x0, 0x10) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x80) sendfile(r1, r3, 0x0, 0x8400fffffffa) 16:14:42 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f00000002c0)="eb3c906d6b66732e66617400020101000240008000f801", 0x17}, {0x0, 0x0, 0x1000}], 0x400, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0]) chdir(&(0x7f0000000180)='./file0\x00') creat(0x0, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r1, 0x0, 0x2) open(&(0x7f0000000140)='./file0\x00', 0x290200, 0x29) write(0xffffffffffffffff, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x0) open(0x0, 0x0, 0x10) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x80) sendfile(r1, r3, 0x0, 0x8400fffffffa) [ 299.222723][ T9450] selection: kmalloc() failed [ 299.426913][ T9454] selection: kmalloc() failed 16:14:42 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x0, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x700000007}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x24000040) sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x0, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:null_device_t:s0\x00'}]}, 0x3c}}, 0x20040804) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x0, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r0) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x6c, r1, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4010}, 0x20001) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000004c0)={'wpan4\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x48, r1, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x1000c010}, 0x4000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEV(r3, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)={0x84, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc}}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0102}}}]}, 0x84}, 0x1, 0x0, 0x0, 0x84000}, 0x1) sendmsg$NL802154_CMD_DEL_SEC_DEV(r3, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x6c, 0x0, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0302}}}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0002}}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc}}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x8000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000900), r0) sendmsg$IEEE802154_ASSOCIATE_REQ(r0, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r5, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004058}, 0x2004c005) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000a40), r0) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r4, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14, r6, 0x200, 0x70bd25, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x20048001) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LIST_IFACE(r7, &(0x7f0000000c00)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0xa4800}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x14, 0x0, 0x10, 0x70bd25, 0x25dfdbfe}, 0x14}}, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_LISTDEF(r8, &(0x7f0000000d80)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000d40)={&(0x7f0000000c80)={0x94, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @empty}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2c}, @NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x29}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @empty}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x9bae6d7f885d8c53) 16:14:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)='9', 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, r3}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in=@local}}, 0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000005c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000006c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)=@mpls_getroute={0x50, 0x1a, 0x300, 0x70bd29, 0x25dfdbfb, {0x1c, 0x80, 0x10, 0x40, 0xfd, 0x5, 0xfd, 0x8, 0x3b74abdd8aa67147}, [@RTA_OIF={0x8}, @RTA_TTL_PROPAGATE={0x5, 0x1a, 0xfd}, @RTA_MULTIPATH={0xc, 0x9, {0x5daa, 0x5, 0x6, r3}}, @RTA_OIF={0x8, 0x4, r4}, @RTA_TTL_PROPAGATE={0x5, 0x1a, 0x37}, @RTA_DST={0x8, 0x1, {0x4}}]}, 0x50}}, 0x80) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r8, 0x0) preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r6, @ANYRESDEC=0x0, @ANYBLOB="01010000000800000000000000000100766574686f668b1c966fefdc2e2217b9fccd140c21d7deb41bf5db751921685f35904a24afbe25d0f225e74e8db2f70f8b7824393494bacdd904841517e0274c41da26be75de74586b8890f214f71fd215655aadd0edf7ca0bbd656f0ab18944000000000000000027e90a61b9eeea83511f7147270400ab2b6f899e77cd1ae8d3f6b93a8b709c0edb42a0edf683af6432a741484b8344d81355c9dd33444cbb618d9dd85e"], 0x48}}, 0x2000c080) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x38, 0x10, 0x2cf6e77ca9abd4f7, 0x0, 0x0, {0x0, 0x0, 0x0, r7}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ppp={{0x8}, {0xc, 0x2, 0x0, 0x1, {0x8, 0x1, r5}}}}]}, 0x38}}, 0x0) 16:14:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:42 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 299.570701][ T9463] selection: kmalloc() failed 16:14:42 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 299.712627][ T22] audit: type=1326 audit(1631031282.773:8533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9487 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:42 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 299.773630][ T22] audit: type=1326 audit(1631031282.813:8534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9485 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 300.022778][ T9501] selection: kmalloc() failed [ 300.237291][ T9506] selection: kmalloc() failed [ 301.314712][ T9512] cgroup1: Unknown subsys name 'perf_event' [ 301.320959][ T9512] cgroup1: Unknown subsys name 'net_cls' [ 301.358617][ T9512] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.365721][ T9512] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.373020][ T9512] device bridge_slave_0 entered promiscuous mode [ 301.380519][ T9512] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.387796][ T9512] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.395436][ T9512] device bridge_slave_1 entered promiscuous mode [ 301.434122][ T9512] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.441133][ T9512] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.448417][ T9512] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.455456][ T9512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.475961][ T3432] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.483297][ T3432] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.491299][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 301.499734][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 301.524787][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 301.533318][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 301.541362][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 301.550381][ T3432] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.557409][ T3432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.564730][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 301.572828][ T3432] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.579856][ T3432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.587557][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 301.595577][ T3432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 301.608370][ T3743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 301.624507][ T7011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 301.632938][ T7011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 16:14:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000043c0)=ANY=[@ANYBLOB="d83800003000010029bd7000fcdbdf2500000000ec0201007001010008000100627066005c0002800c0006002e2f66696c65300008", @ANYRES32, @ANYBLOB="1800000000000300002001000000", @ANYRES32, @ANYBLOB="1800020070890000010000000300000000000000000001000c0006002e2f66696c653000f00006006958b94cec241d8b4bc782980718a646d3f3d82cc8930a53d950c6814c185c329bfa9ca32f52c3415be6f075e4115c6d267ee9423f84e6db69bba8ae67dc9ec222822c133fd367477fbb27d4af295f07a83897ed0b76bfd2409aec4b8b4bf2a66f4b0edc17bade07f4b53346b0af35d1904d39ba483b950b1a0c8e6ade3751246eb84ced37f3cbd5d620ecf5d3965540818f28875f95af1f3196631813c2e2cb78683f2fb6569d806c83bf374c30b42b648e0a28f8dd94e0e0e6a411b9742900e489071e9648bab4ec20353d29a7b22ec86a5af10e102154404869e2e304f6e7232f49f8185ff4fc43f42a650c00070001000000000000000c000800020000000000000078011800070001007874000090000280240001006d616e676c6500000000000000000000000000000000000000000000000000000800030006000000240001006d616e676c65000000000000000000000000000000000000000000000000000008000200030000000800020001000000240001006d616e676c6500000000000000000000000000000000000000000000000000000800030006000000c40006007c5474dd7f35d59fa9855a11e2a5a4b73be2ede8ce550f40c8697fd8e750f86f559fd9f4b939f28dc08d0a256ec09e313e8f6c26db5ab86582af758411bb9e1640356ddd60767651040c4f4463df0b0d28b03a53e60e48f7ec24f78e146088e91b26af77f2e1f870c3dd0902f5ba063abc60d04d0faf84ed51c0872c1d3fb04b37bb11ca93b70cbc538b355ecc2b9bd2edcce6f4a4912ce861d3c4acc538932080aa6e52f990d86cbe306335db0980afadad9be967138be32b166e3e50bc833c0c00070000000000010000000c00080003000000020000002004010014010b"], 0x38d8}}, 0x0) 16:14:44 executing program 3: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) fcntl$setsig(r0, 0xa, 0x3f) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5, @none, 0x7}, 0xe) recvmsg$unix(r1, &(0x7f0000001a00)={&(0x7f00000004c0)=@abs, 0x6e, &(0x7f00000018c0)=[{&(0x7f0000000540)=""/209, 0xd1}, {&(0x7f0000000640)=""/200, 0xc8}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/27, 0x1b}, {&(0x7f0000001740)=""/203, 0xcb}, {&(0x7f0000001840)=""/27, 0x1b}, {&(0x7f0000001880)=""/39, 0x27}], 0x7, &(0x7f0000001940)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x98}, 0x888f3e23b6b21920) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r2, 0x8008f511, &(0x7f0000001a40)) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000140)=@filter={'filter\x00', 0xe, 0x4, 0x310, 0xffffffff, 0x170, 0x0, 0xc0, 0xffffffff, 0xffffffff, 0x278, 0x278, 0x278, 0xffffffff, 0x4, &(0x7f0000000080), {[{{@ip={@dev={0xac, 0x14, 0x14, 0x37}, @empty, 0xffffff00, 0xffffff00, 'bond0\x00', 'sit0\x00', {}, {0xff}, 0x67, 0x3, 0x2}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@pkttype={{0x28}, {0x350a4176, 0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4, 0x0, "9fba92475635c8da30f2ee67002f8f798a8f68360f179a2f5ca2b9aa2ab8"}}}, {{@uncond, 0x0, 0xe0, 0x108, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0x4, 0x2}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x4e603518eb322189}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x370) ioctl$HIDIOCSFEATURE(r0, 0x891e, &(0x7f0000000100)="684e9f4e45ead3bdffa3bb7b183a") 16:14:44 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, 0x0) 16:14:44 executing program 0: clone(0x0, 0x0, 0x0, 0x0, 0x0) 16:14:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 301.784726][ T22] audit: type=1326 audit(1631031284.853:8535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9522 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 301.804061][ T9530] netlink: 13784 bytes leftover after parsing attributes in process `syz-executor.2'. 16:14:44 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, 0x0) 16:14:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x6, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) recvmmsg(r1, &(0x7f0000007b80)=[{{0x0, 0x0, &(0x7f0000000780)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, &(0x7f0000000580)=""/145, 0x91}, 0x20}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000440)=""/92, 0x5c}, {0x0}, {0x0}], 0x3, &(0x7f0000003f80)=""/159, 0x9f}}, {{0x0, 0x0, &(0x7f00000044c0)=[{0x0}, {0x0}], 0x2, &(0x7f0000004500)=""/13, 0xd}, 0x3}, {{&(0x7f0000004540)=@tipc, 0x80, &(0x7f0000005b80)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000005900)=""/199, 0xc7}, {0x0}, {0x0}], 0x6}, 0x9}, {{0x0, 0x0, 0x0}, 0x1}], 0x5, 0x0, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3}, 0x0) open(&(0x7f0000000200)='./bus\x00', 0x141042, 0x0) r4 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6800) lseek(r4, 0x4200, 0x2) r5 = creat(&(0x7f0000000740)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f0000000400)=0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f00000002c0)="da455864eeb9167c1ec76189e57e50c68e739ea84e4043521453c701ff8f874b7856a5a7434f6091814e0c7f4f80d24902643c3d4076752752ef6d2b215fa2a85b69f7e26f3abbc9a62fa52d09fd1f96d8ef9bb84710faa5b92bf6c168c6c46c66ee6c8e3fe567dd749027291261984989f79cee47a0d6f29044bbb70ef418a052f1dfe9aab165af7d3b7f7cd5e21cd5b2b3e62b7223290a2aaa95a4045fc2e6247ff36502396ca21c18a60fe6f4699dc563d8b40c84269a24486af086b392ce38e2c573d683282f3a9a345c8dcc7483eda3a26183108d8b16b0c4c651625c833462f9b5ad5e6b276ef0f6b2dadc5e48bc2f736a1e97e4496b770d515271e0c1a32713988e3e6086ca4694973913d27316b6e1d324b155314b217f991a23e3c04cdc00b1e6bf2a912d88", 0xa9f9, 0x7}]) r7 = open(&(0x7f0000000140)='./bus\x00', 0x28000, 0x0) sendfile(r4, r7, 0x0, 0x8400fffffffb) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000100)=0xc, 0x8080ffffff82) 16:14:44 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, 0x0) [ 301.813510][ T22] audit: type=1326 audit(1631031284.863:8536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9524 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 301.825756][ T9530] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.2'. [ 301.857696][ T9530] netlink: 264 bytes leftover after parsing attributes in process `syz-executor.2'. 16:14:44 executing program 2: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) recvmsg$unix(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000280)=""/136, 0x88}, {&(0x7f0000000340)=""/143, 0x8f}, {&(0x7f0000000080)=""/22, 0x16}, {&(0x7f0000000180)=""/100, 0x64}, {&(0x7f00000000c0)=""/58, 0x3a}, {&(0x7f0000000400)=""/149, 0x95}], 0x6, &(0x7f0000000540)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd0}, 0x2000) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc010000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000600000000f000000000000000100000001000000004000000040000020000000d2f4655fd2f4655f0100ffff53ef010001000000d0f4655f000000000000000001000000800400000b00000080", 0x59, 0x400}, {&(0x7f0000010400)="020000001200000022", 0x9, 0x800}, {&(0x7f0000012e00)="ed41000000080000d0f4655fd2f4655fd2f4655f000000000000040004", 0x1d, 0x11080}], 0x0, &(0x7f0000000040)={[{@nombcache}]}) 16:14:45 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:45 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000140)=0x0) r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000380), 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c29184ff7f0000cef809606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45ef4adf634be763289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cd8e5c39d325ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b6c4a00000000ff435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0adb02d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4a00fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768ee58969ced595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30fa94ef241875f3b4b6ab7929a57affe7d7fa29822aea69a660e717a04becff09000000724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7dfa2e5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca378e676c3e08c1ed43ca8d3d10994c0b58645ac518a75fde7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d34b5457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464b635197351a5ef0a0fb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f83100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa370ac891e10096e7e60fc3541a2c905a1a95e9571bf38ae19ff000000caee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5944912d6c98cd1a9fbe1e7d58c08acaf30235b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cbe7df000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc13c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e89fc745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb4a541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83186c1526af6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af930cd6db49a47613808bad959719c0000000000378a921c7f7f8433c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205aa00b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569ed7aa287378c697f6cafa86966d7ba19e720413268e4770132618df552c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f9360984b5c2d4523497e4d64f95f0a093564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf596218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5002512bcbf9b24accfecb0f477db103463af2847e6ade5b9e065ec0d0ba58fedae5f08818fea475b169469f9efd131925d98c34b3cb26fe26796dd43b87e1cdee39f5cf21d2e80a64ac97e71cafc29bfb78db090dd12225efeda2e93bf7f6ba7865e9c375a780929dfa5a7036f5858e2a4ff8e8d1e8c9cceed07c6312b734c72510d335acc94f76e7078ce4066f1e0ac9429f8013683301277a11e25b248b61180cb6207a0e26757f3f1bfc6c27f3720d1fb74afb17f3b5239bc2243853d5234afb05ed6024e94dee34666c5b5522b54cb433efa54b4e9022533e7c89bdee957dfa9ded9f16fdcd1b681e4c72f32fa3334313e334cc140daec7dcb22f463457a1a5ac230bbded86258206046f556589f5627ab2751eb34d940519f009412098398ad822a8509d2d32da656ac5935e4c7f9503ce4daf13300dfd611528049310544d3e8613926fbe2647e258932592c9123f1c74023144442d09ef90c64950176c666da6b658108ac54beb2379aa70501c42bd9c4e4f426ab5ff2a33767b408ed19e399c33b52abc4ac24da0d4cf07d93029583591c33f0f80513c541581977f2e9735e1edb66fdbbe22eb4b0b670ba74fdee2f1a3cf85777af5d8267acaa9d83c23a4b40d0f53dce003c03c5959e405fc4f2c05d3394f014a39caabbeff7c7cadbdc57def7f5f758aa46b6e2fddc779770d7e395c4ac2a136a30e7c0a301dffc5565d7244fb29cd302c36e76221a3c4e21559216c078f06b0b04fb236ea14f9998776a0ae88dfeccc9ad64d2fe3cfdeb9684b7b7e5c00f7323f8214ed0189539e0e3e34c8e542c82ddbd6a75c1adbedef4d5d69b246a5a36ab802b0161908e748ed9891678c228413bf51b18a25bf776b9d1f1fedf97cf5e7de4455ea359e5796bd60cc415066fc271a2bdb7db13e72d1a99b375f96c4b5aef874037faf6a1d1aacf46a57346d000000000000000040c1051e444ea35432e022889fde59f038db4f83ffa3191116c7ba9434a7f758890f27b3acb915a7e5db2149e18c51b6db3edfdeb2ac8fe038f7987c5b38f206084bc5e8243f73e152980c414558a1f9dd35691d7f51f182393a434ba11112d7b3bf20fb62dc263b68149d8c22eb700f1e3b6ada85d949ddba3afae71082931899d138a2865685cb0d7e231838d00d1f1f104ab37b2929017a1d08f60b2cee3a49ea82b54244bec41e289ae1d7d578eed068912e2e72ffb0ccdacb8f459162b1338f91f247a2520e08c880463af6733fb1eecf800b7d074b435f1eaf608f34ddc421dc910fc282cf71114e97e5e4ab11c12c81502fb679666626e0cabdd23e7e29b4070cc18c24cf77fd9cae782eb7956e80abbc7da288a8be5869230fae230de433ef97c499e4f5ed5636b0bd0000000086c970de845572766c4e1d09154cd322f1a8c8ebe5a9492e7d1486d702018c"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_exit\x00', r3}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=@setneightbl={0x60, 0x43, 0x2, 0x70bd2c, 0x25dfdbfe, {0xa}, [@NDTA_THRESH3={0x8, 0x4, 0x2aa695ff}, @NDTA_GC_INTERVAL={0xc, 0x8, 0x4}, @NDTA_GC_INTERVAL={0xc, 0x8, 0xff}, @NDTA_GC_INTERVAL={0xc, 0x8, 0x4db}, @NDTA_THRESH3={0x8, 0x4, 0x5}, @NDTA_THRESH2={0x44, 0x3, 0xfffff001}, @NDTA_THRESH2={0x8, 0x3, 0x6}, @NDTA_THRESH3={0x8, 0x4, 0xff}]}, 0x60}, 0x1, 0x0, 0x0, 0x20004000}, 0x24810) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000240)=@kern={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)=[{&(0x7f0000000600)=ANY=[@ANYRESOCT=r2], 0x11e8}], 0x1, &(0x7f0000002f40)=ANY=[@ANYBLOB="1c080000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32=r1, @ANYRES32=0xee00, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0], 0x60, 0x8001}, 0x20040005) r4 = socket$inet6(0x10, 0x80000, 0x4000) sendto$inet6(r4, &(0x7f00000002c0)="1c0000001200280f0c1000000049b23e9b200a00080001c0ff030000393927bed178f79e608fb7935854d1accc52a8d75f5e3a9bdec0e75cc537379f3e537349eed0511f882379a308bd3eb50add3f3cd3b232f3444447a5a2ceba67dd05207c5cbd019e7d7d86887c74661e0028f62ca8e53c3eb2961bcf1aa1ba2e9142ed8b4e126060afa6", 0x86, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f00000003c0)={0x0, 0x59, &(0x7f0000000940)=[{&(0x7f0000005200)=""/4096, 0x1000}, {&(0x7f0000000980)=""/4100, 0x1004}, {&(0x7f00000019c0)=""/4085, 0xff5}], 0x3}, 0x0) recvfrom$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0) recvfrom$inet6(r4, &(0x7f0000000000)=""/114, 0xfffffffffffffd1b, 0x0, 0x0, 0x0) sendto$inet6(r4, &(0x7f00000000c0)="2bc2960267021fd4b11758eb6c87414271a779a0e3aca9cccdb2f632d1806a4cc151b01d9d53951f1fc4d868a59c3a4c4a24be", 0x33, 0x0, &(0x7f0000000100)={0xa, 0x4e22, 0x3, @loopback, 0x101}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="9000000020001f", 0x7, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x1, 0xf638) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="58ad000011", 0x5, 0x0, 0x0, 0x0) r5 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r5, &(0x7f0000000580)="1dd1fb444b1f507215c0f194cf09cfe9f69a63eaed6f325f64a2d580d4b96a532ae8e3fbadf304d21d54a08fb9aa35bbdff5688644d209cad2b1c5c568da6bc16e890000000000000000", 0xffffffffffffff45, 0x10, 0x0, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000200)=0x10080cd, 0x4) 16:14:45 executing program 2: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="b00000000000000b98c74d4f5251ddecc1e6126b7b8a491613092df5ba63"], 0xb0) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000000)={r2, 0xfffffffffffffffb, 0x7, 0x2}) write$P9_RVERSION(r3, &(0x7f0000000080)={0x15, 0x65, 0xffff, 0x401, 0x8, '9P2000.L'}, 0x15) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000004f80)={&(0x7f0000003b80)=@abs, 0x6e, &(0x7f0000004e80)=[{&(0x7f0000003c00)=""/243, 0xf3}, {&(0x7f0000003d00)=""/112, 0x70}, {&(0x7f0000003d80)=""/118, 0x76}, {&(0x7f0000003e00)=""/4096, 0x1000}, {&(0x7f0000004e00)=""/65, 0x41}], 0x5, &(0x7f0000004f00)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}], 0x70}, 0x40000000) mount$bpf(0x0, &(0x7f0000000140)='./file0/../file1\x00', &(0x7f0000000200), 0x2, &(0x7f0000004fc0)={[{@mode={'mode', 0x3d, 0x100}}, {@mode={'mode', 0x3d, 0xffff}}], [{@uid_lt={'uid<', r5}}, {@dont_measure}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '\\-*{['}}, {@dont_hash}]}) write$FUSE_DIRENTPLUS(r4, &(0x7f00000004c0)={0x150, 0xfffffffffffffff5, 0x0, [{{0x3, 0x1, 0x55, 0x0, 0xb3, 0x9, {0x4, 0x101, 0x400, 0x7ff, 0x200, 0x9, 0x80000000, 0x7f, 0x0, 0x8000, 0x1, r5, 0xee01, 0x0, 0x8}}, {0x2, 0x9, 0x5, 0x4, '.&%:]'}}, {{0x3, 0x1, 0x80, 0x0, 0x2, 0xe2, {0x2, 0x54, 0x3, 0x5, 0x7fff, 0x20, 0x0, 0x234000, 0x6, 0xa000, 0x97a, 0xee00, 0xffffffffffffffff, 0x10000}}, {0x3, 0x800, 0x8, 0x4, '9P2000.L'}}]}, 0x150) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [{@defcontext={'defcontext', 0x3d, 'root'}}]}}) 16:14:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x6, &(0x7f00000000c0)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x5e, 0x8000}, [@ldst={0x6, 0x3, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, @alu={0x4, 0x1, 0xb, 0x7, 0x3, 0x100, 0xffffffffffffffff}, @exit]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x78) 16:14:45 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000140)="390000001100090468fe0700000000000700ff3f0800000045000e070000001419001a00", 0x24}], 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) write$binfmt_misc(r1, &(0x7f0000000180)=ANY=[@ANYRES16=r3], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x19c04, 0x0) utime(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x5, 0x16}) [ 302.063393][ T9557] SELinux: security_context_str_to_sid(root) failed for (dev 9p, type 9p) errno=-22 [ 302.070973][ T9533] selection: kmalloc() failed [ 302.188383][ T9569] selinux_nlmsg_perm: 23 callbacks suppressed [ 302.188394][ T9569] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9569 comm=syz-executor.3 [ 302.191798][ T9568] SELinux: security_context_str_to_sid(root) failed for (dev 9p, type 9p) errno=-22 [ 302.195448][ T9569] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=38888 sclass=netlink_route_socket pid=9569 comm=syz-executor.3 16:14:45 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 302.308715][ T9546] selection: kmalloc() failed [ 302.316086][ T9569] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35137 sclass=netlink_route_socket pid=9569 comm=syz-executor.3 16:14:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:45 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:45 executing program 2 (fault-call:1 fault-nth:0): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 302.637928][ T22] audit: type=1326 audit(1631031285.703:8537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9579 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 302.686724][ T22] audit: type=1326 audit(1631031285.753:8538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9583 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 302.769345][ T9586] selection: kmalloc() failed 16:14:46 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 0: r0 = socket(0x0, 0x80805, 0x0) write(0xffffffffffffffff, 0x0, 0x0) close(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x0, 0x0, 0x0, 0x7, 0x10000, 0x0, 0x4, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_trie\x00') r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840), 0x802, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='.\x00', 0x20000051) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1000009b241310b307c84930c5ff08a64867bb6e807bb859169620269af0a9dc12d3de5ffcff8ab7b7b4ff176dd8dc19413c37c659010e11f6f7466e93cfa9a2822cd64a0c878fdc4a819bccdd58f81faa20a8434fff8c519e4cab4be82b0514d9a890cfd0cd93c976b053a81baeb38d090d36d609e1598d3873344b9dd49eb45dc1c4cc493652b1ff97975516015feb615df06ecc2c571f5cab47e198da2144d0d7e52ebe21cc4407c1acdb0058489fb170a42b77453f39aae9526d00000000000055e58edf318ea49be3cde252dd0d8bc6c283db38abc40a69f77fa6e0806b2dbe6582ea694c257718dcc5601eed6a93cff6d4605150e49cc7fdf987db67092a38bc90a17adfc207f76504c573b8209037b129420a7c84f4bd95fea58a", @ANYRES16=0x0, @ANYBLOB="0100004835aa1c67a5847f826a564dea489d0990884f584f1999", @ANYRES32=r3, @ANYBLOB="14005e800800060000000000080005"], 0x30}}, 0x0) sendfile(r2, r1, 0x0, 0x7ffff000) dup2(r1, r2) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x3f) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0x4000000000010046) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x810, r5, 0xe86ac000) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) 16:14:46 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000200)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file1\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(r0, 0x0, 0x1, &(0x7f00000002c0)) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) setrlimit(0x3, &(0x7f0000000280)={0x2}) sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c47fe3b04dc8cb2acd37913b1f73ab71d6dc45954a8205787ffff992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182207050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d2fec1de6770338786a729bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab4877b07f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298e54258ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cffa277233a378e5cbdf9d18aa6f823a0eee8e60f2627681200021afcffab6b76713074fa1b737b6dd68457b0b100000000000000e7aab97628569897d804986838614b32e2eb83b4cd080277abb4862824672d7ef659a3c2b217d76be42e495d751d8dde26cecba021e627df1e13015900146c50441557a3bb10dff19516e6456c9560e298785fe0f90e010500722ea99cfcd862f8000000000000b7f91b24204ee5937a5ed2bc800da626604f179b56c1cab48aed63a30000000000000094f6113b17a1a679fea2c9a8f3dc9b0687ced9d170914d7c08ea8a3ffc1b45c2394b3dc3bfe86452f044183729dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a17333424475adeafa2a5ca643ed1be45c869a8b4b69098fd7ad2f8d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435d07b9b5d1be8527b9acdc7dea2d4f5969bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cae40f0a25955257cac2fbae73e3b066a59b27df5f96e122534b2cc6c8c298eafff148aefd6cc9e57f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece7141aa0ff4e0a73ac436b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6001c66ad4ab6fe55a0319ab26e804bf14d636e292912f1d52cffad47f5180c8b082a78596675fb70e50d5184e7c4fd0dea3a487c76145ffde841c0153a5ddbf52a70a63923b5868e5a433969d359a999650800000000000000297fb602e59143a2b2a40bdfb795986feea7021bc1361ad120c45b0f6d561a56fc3bcd51533245ef2905c6fb46ae068575457fe13804b3514b9903b76a1890c0b7f8713c67850fa935362993964f83e900b37edea48b7e7d3329e43600005dff234c0fdb4329ea7a412b072b91b220d300002eac42dd451616d6236e86b70100cf767cb2cc8337dc54c2214ce0ed6b8295e7d3703c4155a050fd8df6d31d039c98e6a18d2e92fb414df2782c99a79ee56b3e0133c92605895bd2c12deaf7923c7a2004d534e024fa6f0113fa784062203100000000000000000000000000000000000000200000004d7df6fe3a8dfdc8c09ef0fa6366022fe8d329f25802d7f69eead5873945d9a7e48447ef5fe0c99253b2fc61155cbbaf22a4b4ee42e4a78aba821ab83367443c93d7a8e6c0df2c966a3c3e7ae025a84c1830a0c2ba31c6de62873d0578ec0861ab839f36441c8b09885bd5104632b3ad7de4945b6dc9f51a12f77f9019c38f112d4771a1d06ee1ece6f975fb3a7aa4d84090948905685f7e864bed7417f9256cbf742e546588efa4b1000000000000000084911d116eabcba50eaa36e63feeb1748c8c77931632a9d3004b01158fea35dd5629e9022585d68a16c7535e251e211e01d1eff18604ad8c12a281df04bf13a465e4ce8e0bfba098f3cfd5d5512bbf2742881f828d0a3a77c2a97d94512154f392933daf2cd0da58a8c2eb5737002b26db96d1d53d4b500d9409f68635764369e76dcea08c4fe7c28f529ea340da6351c50db6146d7126feb17a00000000000000000000a04708fd643d5be33d43a175b7000000deddd47e8e154c0e7ee38b293c7352b48bf324cee466a4070cb3ea22fdc5cacd6bbe77111921e197257212ed4b3eca34d62f79a5a9255c70f5dcee40ea0a540c95a61f0655be73f3601e5c2df00f8d9dbd0648532c2e8827305b99d7e2810392000e7a7d428693cebd2b9ff0753d4045fb89b122b55f555f20a45aac094aa2a59d24ee621e7245cf0a266e779319cd9694d1e871e6b82c235ffdda0500000000000000b2fef00b623ede0e7add75cde17a08fec2b752ddc3496d8e1f47a6a92630eb0c182f5f679642c206dc4aa30a83dd431f78c14105e498710821b27954967929f510587ddec437442ed0a7ad3d3f165314c11a633a9d769724ca81867af81bdaa315bb075808a4967369c4af336cd79ed049a1335aa93df0d4db62a75a53d96ac3c4630126752cdd371d575ae0be62cf565ba30000000000000000000000000000009397675b6b77ab9e7e4dcffc499bb01d0b8f763a525041ca0cf167da81630d8a04854996f04783ab51bd42daffc67e5a3b940d1f1ab3f8264eac27e25bed405064503dafefd141245344e8530fe7a465abdc39b31d35c8c2ea81513dae69e9cf9d9cca8841f38640196b19fb8089d2c5396aff29b6fed72a917441c6fc2c0e118f2f1615975b0000000021a3ca94b05549b4ccb798935aad8eab26afece067707fc77c0a7120de0aaec2e20d6b55e38bf54aa6c4b77e0ed3d73c31d043e010566458de0266ef347aa94caf0b02bb2345938a92a2b8c5b3022b09f71439"], 0x18}}], 0x1b1, 0x0) prlimit64(r0, 0xa, &(0x7f0000000180), &(0x7f0000000240)) socket$inet(0x2, 0x1, 0x80000) 16:14:46 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 302.923922][ T9591] selection: kmalloc() failed 16:14:46 executing program 1: ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x2, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 1: ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b2f, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b30, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:46 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) splice(0xffffffffffffffff, &(0x7f00000002c0)=0x9, 0xffffffffffffffff, &(0x7f0000000300)=0x4d, 0x6149, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, 0x0}}], 0x1, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)) io_uring_enter(r0, 0x2ff, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3ede, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r6, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0}}, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r7, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r8}}, 0xffffffff) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r9, 0x0) preadv(r9, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r9, 0x62a6, 0xcd4d, 0x3, &(0x7f00000001c0)={[0x5]}, 0x8) syz_io_uring_submit(r4, 0x0, &(0x7f00000000c0)=@IORING_OP_MADVISE={0x19, 0x2, 0x0, 0x0, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x0, {0x0, r8}}, 0x1ff) 16:14:46 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) r1 = socket(0x11, 0x0, 0x8) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6) bind(r1, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e030a86df875f2e3ff5f163ee340b7679500800000000000000101013c5811039e0c775027ec8e66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5acc326d3a0dffc2c654"}, 0x80) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x0, &(0x7f00000000c0)}, 0xfffffffffffffe51) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000007c0)='bbr\x00', 0x4) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b93e480941ba3860ac5cf65ac618ded8974895abeaf4b4835ef922b3f1e0b02bd60da03059bcecc7a95425a3a07e758044ab4ea6f7ae56d88fecf9141a7511bf746bec66ba", 0x15, 0x0, 0x0, 0x0) 16:14:46 executing program 1: ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b31, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b32, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b33, &(0x7f0000000000)={0x2, {0x3}}) [ 303.568892][ T22] audit: type=1326 audit(1631031286.633:8539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9624 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:46 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:46 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b34, &(0x7f0000000000)={0x2, {0x3}}) [ 303.596946][ T22] audit: type=1326 audit(1631031286.653:8540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9629 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 303.715047][ T9640] selection: kmalloc() failed [ 303.876048][ T9652] selection: kmalloc() failed 16:14:47 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:47 executing program 1: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 304.446846][ T22] audit: type=1326 audit(1631031287.513:8541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9658 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:47 executing program 3: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000011c0), 0x24000, &(0x7f00000000c0)={[{@fat=@time_offset={'time_offset', 0x3d, 0x600}}], [{@appraise}, {@subj_role={'subj_role', 0x3d, '%'}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@smackfshat={'smackfshat', 0x3d, 'time_offset'}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@appraise_type}]}) open$dir(&(0x7f0000000040)='./file0\x00', 0x43, 0x141) 16:14:47 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b35, &(0x7f0000000000)={0x2, {0x3}}) 16:14:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:47 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, 0x0) [ 304.669552][ T9666] selection: kmalloc() failed 16:14:47 executing program 0: prlimit64(0x0, 0x6, &(0x7f0000000280)={0x9, 0x8000008091}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x10000000, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x6, 0x10000048, 0x10002, 0x100, 0x2, 0x401, 0x5, 0x0, 0x9}, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x8000000000006, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYBLOB="415680dac5535bdaa9f4107a751d12e0e086b1b6a155481d96a7b323b4dd8645aa0806061f477db03279465b96", @ANYRES64], 0xfffffd2d) sched_setscheduler(0x0, 0x5, &(0x7f00000000c0)=0x86) fcntl$setpipe(r2, 0x407, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x880) write(r2, &(0x7f0000000340), 0x41395527) preadv(0xffffffffffffffff, 0x0, 0x0, 0xd9f, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000500)='sysfs\x00', 0x0, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') 16:14:47 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b36, &(0x7f0000000000)={0x2, {0x3}}) 16:14:47 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, 0x0) 16:14:47 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b37, &(0x7f0000000000)={0x2, {0x3}}) 16:14:47 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, 0x0) [ 304.745467][ T22] audit: type=1326 audit(1631031287.813:8542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9669 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:47 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b3a, &(0x7f0000000000)={0x2, {0x3}}) [ 304.920248][ T9685] selection: kmalloc() failed 16:14:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getrlimit(0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000007c0)=[{{0x0, 0x0, 0x0}, 0x7faa}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x7, 0x4, 0x800008000000}, 0x0) sched_setattr(r4, &(0x7f00000000c0)={0x38, 0x2, 0x58, 0x3, 0x80000000, 0x3, 0x1, 0x7, 0x8, 0x6}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = inotify_init() sched_setattr(0x0, 0x0, 0x0) inotify_add_watch(r5, &(0x7f0000000180)='.\x00', 0xfe) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x200c2, 0x0) write$nbd(r6, &(0x7f00000000c0)=ANY=[], 0x1) sendfile(r6, r6, &(0x7f0000000200), 0xaa4) 16:14:48 executing program 1 (fault-call:1 fault-nth:0): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:48 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b3b, &(0x7f0000000000)={0x2, {0x3}}) [ 305.324908][ T9704] FAULT_INJECTION: forcing a failure. [ 305.324908][ T9704] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 305.324922][ T9704] CPU: 1 PID: 9704 Comm: syz-executor.1 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 305.324927][ T9704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.324930][ T9704] Call Trace: [ 305.324948][ T9704] dump_stack+0x1d8/0x24e [ 305.324959][ T9704] ? devkmsg_release+0x11c/0x11c [ 305.324968][ T9704] ? __kernel_text_address+0x93/0x100 [ 305.324978][ T9704] ? show_regs_print_info+0x12/0x12 [ 305.324986][ T9704] ? unwind_get_return_address+0x48/0x80 [ 305.324995][ T9704] ? arch_stack_walk+0xf8/0x140 [ 305.325006][ T9704] should_fail+0x6f6/0x860 [ 305.325016][ T9704] ? setup_fault_attr+0x3d0/0x3d0 [ 305.325025][ T9704] ? do_update_region+0x2cd/0x710 [ 305.325035][ T9704] ? __sanitizer_cov_trace_pc+0x41/0x50 [ 305.325045][ T9704] __alloc_pages_nodemask+0x1c4/0x880 [ 305.325055][ T9704] ? hide_cursor+0x310/0x310 [ 305.325064][ T9704] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 305.325075][ T9704] ? invert_screen+0xc62/0xe30 [ 305.325085][ T9704] kmalloc_order_trace+0x2a/0xf0 [ 305.325094][ T9704] __kmalloc+0x1ae/0x2f0 [ 305.325105][ T9704] set_selection_kernel+0xdd0/0x1770 [ 305.325115][ T9704] set_selection_user+0xb9/0xf0 [ 305.325124][ T9704] ? sel_loadlut+0x100/0x100 [ 305.325131][ T9704] ? capable+0x82/0xe0 [ 305.325138][ T9704] ? tioclinux+0xd7/0x430 [ 305.325146][ T9704] vt_ioctl+0x46f/0x3ea0 [ 305.325162][ T9704] ? unwind_next_frame+0x1f0a/0x27b0 [ 305.325171][ T9704] ? vt_waitactive+0x770/0x770 [ 305.325181][ T9704] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.325190][ T9704] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 305.325196][ T9704] ? memset+0x1f/0x40 [ 305.325204][ T9704] ? stack_trace_save+0x120/0x1f0 [ 305.325211][ T9704] ? fsnotify+0x1332/0x13f0 [ 305.325219][ T9704] ? __fsnotify_parent+0xeb/0x310 [ 305.325228][ T9704] ? __fsnotify_update_child_dentry_flags+0x2d0/0x2d0 [ 305.325238][ T9704] ? __rcu_read_lock+0x50/0x50 [ 305.325245][ T9704] ? __fsnotify_parent+0x310/0x310 [ 305.325254][ T9704] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.325262][ T9704] ? mntput_no_expire+0x114/0xbd0 [ 305.325269][ T9704] ? stack_trace_save+0x1f0/0x1f0 [ 305.325276][ T9704] ? check_preemption_disabled+0x9e/0x330 [ 305.325283][ T9704] ? __rcu_read_lock+0x50/0x50 [ 305.325289][ T9704] ? __unwind_start+0x72f/0x8e0 [ 305.325297][ T9704] ? debug_smp_processor_id+0x20/0x20 [ 305.325307][ T9704] ? is_bpf_text_address+0x280/0x2a0 [ 305.325314][ T9704] ? stack_trace_save+0x1f0/0x1f0 16:14:48 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x0, 0x0, 0x48cc, 0x2}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)={0x7, 0x80, 0xffffff1b, 0x974f, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3}, 0x40) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x80010, r1, 0x113ac000) r2 = fcntl$dupfd(r0, 0x0, r0) readv(r2, &(0x7f00000014c0)=[{&(0x7f0000000000)=""/17, 0x11}, {&(0x7f0000001580)=""/74, 0x4a}, {&(0x7f00000001c0)=""/131, 0x83}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/152, 0x98}, {&(0x7f0000000140)=""/53, 0x35}, {&(0x7f0000001340)=""/98, 0x62}, {&(0x7f00000013c0)=""/19, 0x13}, {&(0x7f0000001400)=""/98, 0x62}, {&(0x7f0000001480)}], 0xa) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2f) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 16:14:48 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b3c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 305.325322][ T9704] ? __kernel_text_address+0x93/0x100 16:14:48 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b3d, &(0x7f0000000000)={0x2, {0x3}}) [ 305.325330][ T9704] ? unwind_get_return_address+0x48/0x80 [ 305.325341][ T9704] ? __rcu_read_lock+0x50/0x50 [ 305.325349][ T9704] ? check_preemption_disabled+0x154/0x330 [ 305.325361][ T9704] tty_ioctl+0xed5/0x1710 16:14:48 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b40, &(0x7f0000000000)={0x2, {0x3}}) [ 305.325371][ T9704] ? tty_do_resize+0x170/0x170 [ 305.325380][ T9704] ? avc_ss_reset+0x3a0/0x3a0 [ 305.325389][ T9704] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 305.325397][ T9704] ? refcount_inc_checked+0x50/0x50 [ 305.325410][ T9704] ? proc_fail_nth_write+0x1d5/0x240 [ 305.325420][ T9704] ? proc_fail_nth_read+0x1c0/0x1c0 [ 305.325429][ T9704] ? memset+0x1f/0x40 16:14:48 executing program 1 (fault-call:1 fault-nth:1): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:48 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b41, &(0x7f0000000000)={0x2, {0x3}}) 16:14:49 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b44, &(0x7f0000000000)={0x2, {0x3}}) [ 305.325437][ T9704] ? fsnotify+0x1332/0x13f0 [ 305.325445][ T9704] ? tty_do_resize+0x170/0x170 [ 305.325455][ T9704] do_vfs_ioctl+0x76a/0x1720 [ 305.325465][ T9704] ? selinux_file_ioctl+0x72f/0x990 [ 305.325475][ T9704] ? ioctl_preallocate+0x250/0x250 [ 305.325485][ T9704] ? __fget+0x37b/0x3c0 [ 305.325492][ T9704] ? vfs_write+0x422/0x4e0 [ 305.325502][ T9704] ? fget_many+0x20/0x20 [ 305.325510][ T9704] ? debug_smp_processor_id+0x20/0x20 [ 305.325519][ T9704] ? security_file_ioctl+0x9d/0xb0 [ 305.325529][ T9704] __x64_sys_ioctl+0xd4/0x110 [ 305.325538][ T9704] do_syscall_64+0xcb/0x1e0 [ 305.325547][ T9704] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.325555][ T9704] RIP: 0033:0x4665f9 [ 305.325563][ T9704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 305.325568][ T9704] RSP: 002b:00007fc53c990188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 305.325577][ T9704] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 305.325582][ T9704] RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000003 [ 305.325586][ T9704] RBP: 00007fc53c9901d0 R08: 0000000000000000 R09: 0000000000000000 [ 305.325591][ T9704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.325595][ T9704] R13: 00007ffe5d18898f R14: 00007fc53c990300 R15: 0000000000022000 [ 305.325657][ T22] audit: type=1326 audit(1631031288.394:8543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9699 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 305.326108][ T9704] selection: kmalloc() failed [ 305.827408][ T22] audit: type=1326 audit(1631031288.884:8544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9713 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 305.833042][ T9717] input: syz1 as /devices/virtual/input/input14 [ 305.872192][ T9721] input: syz1 as /devices/virtual/input/input15 [ 306.137773][ T9709] selection: kmalloc() failed 16:14:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:49 executing program 3: r0 = open(&(0x7f0000000100)='./bus\x00', 0x1c30c2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x4000000000010046) r2 = syz_io_uring_setup(0x2de7, &(0x7f0000001600)={0x0, 0x985c, 0x0, 0x0, 0x2, 0x0, 0x0}, &(0x7f0000001000/0x3000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0xd1de40ca06d5419b}, 0x0) io_uring_enter(r2, 0x302, 0x0, 0x0, 0x0, 0x0) 16:14:49 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b45, &(0x7f0000000000)={0x2, {0x3}}) 16:14:49 executing program 0: perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x0, 0x0, 0x858}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0) perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0x9, 0x4, 0x0, 0x3, 0x0, 0x100000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3f, 0x0, @perf_config_ext={0x0, 0xb}, 0x0, 0x8, 0x0, 0x0, 0xffffffffffdf7fff, 0x0, 0x1, 0x0, 0x8, 0x0, 0x100000000080006}, 0x0, 0xc, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) symlink(&(0x7f0000000380)='./file1\x00', &(0x7f0000000500)='./bus/file0\x00') r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000680), 0x8000, 0x0) perf_event_open(&(0x7f0000000600)={0x4, 0x80, 0x2, 0x9, 0xf7, 0x3f, 0x0, 0x20, 0x801, 0xd, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_bp={&(0x7f00000004c0), 0x7}, 0x806, 0x9, 0x1, 0x3, 0xf9, 0x8, 0x3, 0x0, 0x1b07, 0x0, 0x7}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x8) mount(0x0, &(0x7f0000000f40)='./bus\x00', &(0x7f0000000140)='binder\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) renameat2(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000440)='./bus\x00', 0x6) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=./file0']) socketpair$unix(0x1, 0x0, 0x0, 0x0) chdir(&(0x7f0000000540)='./bus\x00') lsetxattr$security_capability(&(0x7f0000000480)='./bus\x00', &(0x7f0000000000), &(0x7f00000006c0)=@v3={0x3000000, [{0x0, 0x1ba}]}, 0x18, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000340)='./bus\x00') 16:14:49 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 306.291435][ T9722] selection: kmalloc() failed [ 306.333713][ T9747] overlayfs: overlapping lowerdir path [ 306.344253][ T9747] overlayfs: workdir and upperdir must reside under the same mount [ 306.523544][ T9757] selection: kmalloc() failed 16:14:49 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:49 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b46, &(0x7f0000000000)={0x2, {0x3}}) 16:14:49 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x2) sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) ftruncate(r0, 0x5) 16:14:49 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x2, &(0x7f0000000000)={0x2, {0x3}}) 16:14:49 executing program 0: perf_event_open(&(0x7f0000000580)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x0, 0x0, 0x858}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0) perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0x9, 0x4, 0x0, 0x3, 0x0, 0x100000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3f, 0x0, @perf_config_ext={0x0, 0xb}, 0x0, 0x8, 0x0, 0x0, 0xffffffffffdf7fff, 0x0, 0x1, 0x0, 0x8, 0x0, 0x100000000080006}, 0x0, 0xc, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) symlink(&(0x7f0000000380)='./file1\x00', &(0x7f0000000500)='./bus/file0\x00') r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000680), 0x8000, 0x0) perf_event_open(&(0x7f0000000600)={0x4, 0x80, 0x2, 0x9, 0xf7, 0x3f, 0x0, 0x20, 0x801, 0xd, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, @perf_bp={&(0x7f00000004c0), 0x7}, 0x806, 0x9, 0x1, 0x3, 0xf9, 0x8, 0x3, 0x0, 0x1b07, 0x0, 0x7}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x8) mount(0x0, &(0x7f0000000f40)='./bus\x00', &(0x7f0000000140)='binder\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0) renameat2(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000440)='./bus\x00', 0x6) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=./file0']) socketpair$unix(0x1, 0x0, 0x0, 0x0) chdir(&(0x7f0000000540)='./bus\x00') lsetxattr$security_capability(&(0x7f0000000480)='./bus\x00', &(0x7f0000000000), &(0x7f00000006c0)=@v3={0x3000000, [{0x0, 0x1ba}]}, 0x18, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000340)='./bus\x00') 16:14:49 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b47, &(0x7f0000000000)={0x2, {0x3}}) 16:14:49 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b2f, &(0x7f0000000000)={0x2, {0x3}}) [ 306.697037][ T9765] overlayfs: overlapping lowerdir path [ 306.716577][ T9765] overlayfs: workdir and upperdir must reside under the same mount [ 306.789983][ T9774] selection: kmalloc() failed 16:14:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, 0x0) tkill(0x0, 0x22) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf3521ca907d9f11d}}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xd, r2, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(r1, &(0x7f0000000140)=[{&(0x7f0000000ac0)=""/228, 0xe4}, {&(0x7f0000000080)=""/4, 0x4}], 0x2, 0x3, 0x4de) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f00000002c0)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf200000000000002500020007ffffffbd0301000000000095002000000000006916000000000000bf6700000000000017060000b964b01a4606feff00200000370600000ee60000bf150000000000000f5700000000000065070000020000002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e057df9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f16d0a3e127bee45a0100000fe9de56c9d8a814261bdb94a05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8da39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f69b649a462e7ee4bcf8b07a10311145eac1f2ede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b268f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed8400200aab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000006400000000000072c6000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac693a27051f2ab779b8dbe843aeeda0426c7e7c0032028c95b29b6ddb55117669d9598c0f3598073f3a922a76beceff7e4fbfea5011db9020823b83abe54346c7af0a99fa077ffe70cac8b9e44023a1749eb1d0d572b77d6e0d0fcd74035c7a1eb6eb4e1c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c716d906fbc3c9b412e0478cfee4485f423c63f49db5a583c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4f18ca372104772a3a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec9f9f3262cb13f4a2575fbe943a6c40000000000000000000000000000000026b80c3899543223a6079ee96198b9a326da3be3248af415ca284b746710c800990e8e29af8d763ef9b1f31befcad2ce5394601c7c4f5975e8bd07d8dcce3c7bebdc233ba3d4ce26ed703dcbb3ad650f7fe339768924f6dbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4946bf19e617d51f964727bfd5cc5ba15370f6e1b39f1541eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d95ac7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1dc02af2b7bcf6f8af41933ce5370e593d9eafbefdb91fbdff9ee3307d4a1837963b2dc3f3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e37f0c85d13a33250d78cfa7daf529c5bea49cad7c3433e322d8dbd6e9b000065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d7d24b20166d7f510f80d131382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da047ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673893ff2c1e27ced4b77b8743fbf46a19600b802cba88b7d0a938d9e0e6cfe5d66b874cd004179e5b6025c0e1050faec7d7d9de19a0975db2f8c06a551236278c474914c7cf8406f95351704fc428806c23d16847bde483d98329d7648496e065f120ed7ffc11c29a1145c09b5e48ccbdb66dfe4188952868da9c0ad91463ec7670bec7772deb4e2b56f411f586dd4285146d1a0686975c89d7caa234be3c6aee7697860385f99a4a918fe6eea78e3227d54fe9c9fde78e16db810abb601e15a231f9510c7607204ad685177659b844efeb1d448b692444375c49e2b482b32470fc2e15511bb71cdea87b8c7179f56366666b57a3e1e226a481b6db11367685750cdec47e3c76f84788dbe28aa4a39a196bde8aa2de215d49c552c70000000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x1, 0x0, 0x80, 0x2, 0x0, 0x4000000000, 0x80000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x834, 0x1, @perf_config_ext={0x3, 0x7ff}, 0x11000, 0x1, 0x400, 0x2, 0x7e3b, 0x1, 0x4b, 0x0, 0x7, 0x0, 0xffffffff80000000}, 0x0, 0x10, 0xffffffffffffffff, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, 0x0, 0x4) r3 = open(&(0x7f0000000000)='./bus\x00', 0x161242, 0x0) write$P9_RREADLINK(r3, &(0x7f00000003c0)=ANY=[], 0x9) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000bc0), 0x440000, 0x0) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) 16:14:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b48, &(0x7f0000000000)={0x2, {0x3}}) 16:14:50 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x18) fremovexattr(r1, &(0x7f0000000580)=@known='user.incfs.size\x00') syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./mnt\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000040)="1020f5f2887b380b8a3f", 0xa, 0x400}, {0x0}], 0x0, &(0x7f0000000240)=ANY=[@ANYRES16=r1, @ANYRES32=r1]) 16:14:50 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b30, &(0x7f0000000000)={0x2, {0x3}}) [ 307.139611][ T22] kauditd_printk_skb: 2 callbacks suppressed [ 307.139619][ T22] audit: type=1326 audit(1631031290.204:8547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9781 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 307.187651][ T9785] F2FS-fs (loop0): Unable to read 1th superblock [ 307.200078][ T9785] F2FS-fs (loop0): Unable to read 2th superblock [ 307.376481][ T9799] selection: kmalloc() failed 16:14:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b49, &(0x7f0000000000)={0x2, {0x3}}) 16:14:50 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b31, &(0x7f0000000000)={0x2, {0x3}}) 16:14:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x1, 0x0) mmap(&(0x7f0000757000/0x2000)=nil, 0x2000, 0x100000a, 0x8010, 0xffffffffffffffff, 0xab98a000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000040)=0xc0000000, &(0x7f0000000080)=0x4) write(r0, &(0x7f0000c34fff), 0xffffff0b) ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000000)={0x3, 0xbc}) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 16:14:50 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4a, &(0x7f0000000000)={0x2, {0x3}}) 16:14:50 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b32, &(0x7f0000000000)={0x2, {0x3}}) [ 307.544108][ T22] audit: type=1326 audit(1631031290.614:8549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9806 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 307.576188][ T22] audit: type=1326 audit(1631031290.594:8548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9802 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 307.724359][ T9817] selection: kmalloc() failed [ 307.853358][ T9820] selection: kmalloc() failed 16:14:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b33, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4b, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = accept(r0, &(0x7f00000002c0)=@alg, &(0x7f0000000080)=0x80) r3 = socket$inet6(0xa, 0x803, 0x2) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, r5}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in=@local}}, 0xe8) sendmsg$nl_route(r2, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=@ipv6_deladdrlabel={0x38, 0x49, 0x10, 0x70bd2c, 0x25dfdbfe, {0xa, 0x0, 0x20, 0x0, r5, 0x8}, [@IFAL_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IFAL_LABEL={0x8, 0x2, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040001}, 0x40) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=ANY=[@ANYBLOB="3000000024001d0f3a61aa51acb1d59e1a43ca38", @ANYRES32=r8, @ANYBLOB="00000000f3ffffff000000000b000100636c73616374"], 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@delchain={0x24, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff3, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x2c, 0x2e, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff3, 0xffff}}, [@TCA_CHAIN={0x8}]}, 0x2c}}, 0x0) 16:14:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4c, &(0x7f0000000000)={0x2, {0x3}}) [ 308.016755][ T9825] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 308.025275][ T22] audit: type=1326 audit(1631031291.094:8550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9828 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 308.053118][ T9832] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 308.252167][ T9838] selection: kmalloc() failed 16:14:51 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b34, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4d, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b33, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b35, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4e, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000001c0), 0x4, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000340)='./file0/file0\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x200004) openat$bsg(0xffffff9c, &(0x7f0000000380), 0x40802, 0x0) socket$nl_audit(0x10, 0x3, 0x9) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000e80)) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000004, 0x10010, 0xffffffffffffffff, 0x7b665000) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4) sync_file_range(r3, 0x5, 0x6, 0xb6546fecb41a61ef) sendfile(r1, r2, 0x0, 0x80001d00c0d0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x18) fremovexattr(r4, &(0x7f0000000580)=@known='user.incfs.size\x00') ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000180)={0xffffffff, 0xfffffe01, 0xccc8, 0x10000, 0x7}) [ 308.393352][ T22] audit: type=1326 audit(1631031291.464:8551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9841 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 308.539711][ T9851] selection: kmalloc() failed 16:14:51 executing program 0: socketpair(0x28, 0x0, 0xca00, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000040)={0xc, 0x6, '\x00', [@pad1, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @pad1, @jumbo={0xc2, 0x4, 0xff}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x38) 16:14:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b52, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b36, &(0x7f0000000000)={0x2, {0x3}}) 16:14:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xffffffffffff0166) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) close(0xffffffffffffffff) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x14d842, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x80000005) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x208000, 0x40) openat$incfs(r4, &(0x7f00000002c0)='.log\x00', 0x54100, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="440000401000010400000000800037089f0e055e", @ANYRES32=0x0, @ANYBLOB="414002000000000024000da665fd471267686964676500001400028005001900fd00000005001700000000f229921f97f58a0fb85938b787b04d002b3a58927aed20299fecdc1b9712c708cb3d8dcd7567c2703adc9eacbb292f97bac4fbe053c3283851978459dfedb3d6c2dfce261e2315134aa9433a5b4a6846d42caed5e32748470f08c01b2b8191013a6b3c4e2c08060a0f8e4c28f77fe4298efb84df190f97f22ac9fb50e12441bc7c6525c2a39110155aced05af36d908b297a34c5ce5f470c16b49f8f10d4ad1061e713dc8a217585bff259f19e7ca5b4268b6a591bd10c32ebf1fac7918f495f"], 0x44}}, 0x0) [ 308.913493][ T22] audit: type=1326 audit(1631031291.984:8552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9864 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 309.140012][ T9877] selection: kmalloc() failed 16:14:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b60, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b37, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000180)={0x0, 0x0, r0, 0x9}) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xdd20}) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='system.posix_acl_default\x00', &(0x7f0000000380)=ANY=[], 0x74, 0x6) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@my=0x0}) ptrace$getregset(0x4204, r1, 0x0, 0x0) capget(&(0x7f0000000200)={0x20071026, r1}, &(0x7f00000001c0)={0x7, 0x6, 0x4, 0x2be, 0x4, 0x57c1}) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) r5 = socket$inet6(0xa, 0x80003, 0x7) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000140)=0x3bb, 0x4) socket$inet6(0xa, 0xa, 0x1) syz_open_procfs(0xffffffffffffffff, &(0x7f00000034c0)='gid_map\x00') 16:14:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {0x0}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:52 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b3a, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b61, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b62, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b3b, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b3c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b63, &(0x7f0000000000)={0x2, {0x3}}) [ 309.401133][ T22] audit: type=1326 audit(1631031292.464:8553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9883 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 309.580649][ T9896] selection: kmalloc() failed 16:14:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:52 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b3d, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b64, &(0x7f0000000000)={0x2, {0x3}}) 16:14:52 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000180)={0x0, 0x0, r0, 0x9}) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xdd20}) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='system.posix_acl_default\x00', &(0x7f0000000380)=ANY=[], 0x74, 0x6) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@my=0x0}) ptrace$getregset(0x4204, r1, 0x0, 0x0) capget(&(0x7f0000000200)={0x20071026, r1}, &(0x7f00000001c0)={0x7, 0x6, 0x4, 0x2be, 0x4, 0x57c1}) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) r5 = socket$inet6(0xa, 0x80003, 0x7) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000140)=0x3bb, 0x4) socket$inet6(0xa, 0xa, 0x1) syz_open_procfs(0xffffffffffffffff, &(0x7f00000034c0)='gid_map\x00') 16:14:52 executing program 3: mmap(&(0x7f0000329000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0xe9) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x800) lseek(r1, 0x1200, 0x0) openat(0xffffffffffffffff, 0x0, 0x400, 0x100) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8400fffffffa) fallocate(r0, 0x10, 0x0, 0x8800000) fgetxattr(r1, &(0x7f00000000c0)=@random={'osx.', '\x00'}, &(0x7f0000000100)=""/91, 0x5b) [ 309.804421][ T22] audit: type=1326 audit(1631031292.874:8554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9916 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 310.030993][ T9931] selection: kmalloc() failed 16:14:53 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b65, &(0x7f0000000000)={0x2, {0x3}}) 16:14:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {0x0}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:53 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b40, &(0x7f0000000000)={0x2, {0x3}}) 16:14:53 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r3 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r3, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x4924924924927be, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) io_setup(0x7f, &(0x7f0000000000)=0x0) io_submit(r6, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3f00}]) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="7472616e733d66642c728364c9866b", @ANYRESHEX=r0, @ANYBLOB=',soo=', @ANYRESHEX=r2, @ANYBLOB=',k']) 16:14:53 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b41, &(0x7f0000000000)={0x2, {0x3}}) 16:14:53 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b66, &(0x7f0000000000)={0x2, {0x3}}) 16:14:53 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b67, &(0x7f0000000000)={0x2, {0x3}}) [ 310.256585][ T22] audit: type=1326 audit(1631031293.324:8555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9936 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:53 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b44, &(0x7f0000000000)={0x2, {0x3}}) 16:14:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:53 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b68, &(0x7f0000000000)={0x2, {0x3}}) 16:14:53 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b69, &(0x7f0000000000)={0x2, {0x3}}) [ 310.385290][ T9949] 9pnet: Insufficient options for proto=fd [ 310.713095][ T22] audit: type=1326 audit(1631031293.784:8556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=9953 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 310.733708][ T9945] selection: kmalloc() failed [ 310.946118][ T9965] selection: kmalloc() failed 16:14:54 executing program 3: io_setup(0x9, &(0x7f0000000040)=0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/rt_acct\x00') io_submit(r0, 0x1, &(0x7f0000000200)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xc236, 0xffffffffffffffff, &(0x7f0000000080)="5fc9c8a2f37826a30af5f65dd816394ff3b44fec5a5e82d0246d3eb83bdee65b3e16b9baaecff4737a6560df86ba3ea1810638bfafef0dce15bc0ad811b44625ea5c9b446002fdcf43659b46f68cf919f2f9a755fe720305cd15759e853620f2a65a6c75a2602fff80adc01c16f0ba8752b9ebd909441c7f49f4917bf61188c4984fd38335db90317ecdf299bca7c9fee52e5573784494d5c066d30c4bd888685709e4b5843b43f92fea63fb85c81b76ca9a8f2b43c60d63d4051e67f17ff2bc7c55b35433febe54a99b22edc49ccbe7aab7e83c2f1667d3e54e98bd1ce8", 0xde, 0xf0, 0x0, 0x3, r1}]) syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000951b5409911596835d6000000010902120001000000000904000000d0897b000eb079114d7203e88b27679bb646f849154720b500536c21b527e4895d2679f8feeeb62c6e257b9ab0434827b0c4bab9244c357b4cae856c262b93366fb6bc6d03a9188bf8589a61a7d5014137c2e407683d94f1d73be85bc4f453f9bc1e9f982df790de3475ab2c4887e396fa132203c24e271c78f77c16309f8679ec2723dde97d18d8be35dcd19309c9b7301aa85d11b4309d8b8f3fbd2e13f2213e39fd46d7e4a2fe28552058acfa274759899ecb51c5fa9dbd959047b79553"], 0x0) 16:14:54 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b45, &(0x7f0000000000)={0x2, {0x3}}) 16:14:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {0x0}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:54 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b6a, &(0x7f0000000000)={0x2, {0x3}}) 16:14:54 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b46, &(0x7f0000000000)={0x2, {0x3}}) 16:14:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000280)={0x58, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x30, 0x8, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x4}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}, @WGDEVICE_A_IFNAME={0x2a, 0x2, 'wg2\x00'}]}, 0x58}}, 0x801) 16:14:54 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b6b, &(0x7f0000000000)={0x2, {0x3}}) [ 311.085810][ T9948] 9pnet: Insufficient options for proto=fd 16:14:54 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b47, &(0x7f0000000000)={0x2, {0x3}}) 16:14:54 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b6c, &(0x7f0000000000)={0x2, {0x3}}) [ 311.236791][ T9987] selection: kmalloc() failed [ 311.372870][ T17] usb 4-1: new high-speed USB device number 8 using dummy_hcd 16:14:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000540)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3000003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB="240000001800dd8dff00000000000000020010002000fe020000000008000400", @ANYRES32=r3], 0x24}}, 0x0) bind(r1, &(0x7f0000000400)=@sco, 0x80) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x40100, 0x0) r7 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x2040, 0x0) ppoll(&(0x7f00000001c0)=[{r6, 0x1}, {r7, 0x1}, {r0, 0x2}], 0x3, &(0x7f0000000240)={0x77359400}, &(0x7f0000000280)={[0x5]}, 0x8) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2000000011000d0400"/20, @ANYRES32=r8], 0x20}}, 0x0) mlockall(0x3) 16:14:54 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b48, &(0x7f0000000000)={0x2, {0x3}}) [ 311.572869][ T9993] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 311.733055][ T17] usb 4-1: New USB device found, idVendor=1199, idProduct=6859, bcdDevice=d6.35 [ 311.769568][ T17] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.821975][T10000] selection: kmalloc() failed [ 311.905980][ T17] usb 4-1: config 0 descriptor?? [ 311.943284][ T17] hub 4-1:0.0: bad descriptor, ignoring hub [ 311.949224][ T17] hub: probe of 4-1:0.0 failed with error -5 [ 312.262838][ T17] usb 4-1: USB disconnect, device number 8 16:14:55 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = getpid() prlimit64(r0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write(r2, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000180), 0x0) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x7, 0x4, 0x800008000000}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x6, 0x50, 0x8, 0x9, 0x3, 0x7, 0x0, 0x9, 0xffffff7e}, 0x0) sendmsg$ETHTOOL_MSG_WOL_SET(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)={0xfc, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_WOL_SOPASS={0xe5, 0x3, "1141d548ea28e6fab690acaf968231987d7f30671181dc002c15cb6958784f8cf254bf473bfd31cf0fa9a18eb90eb482eb5370d4bf290e98940687cedfa1018a86fbe16337fccd314533db2da3ed706e8bf28b796002a1b36368266d3fd510cddcb292439a96de575c9deade27fbf25fe38dd98ae7ed7a3fb5e2484fefa18db6edbd13b100e1f02b85b4bb0d0b1338e052444ae7a8cb3dcbbedee31b19edb3f6136db1f555ac5da74f0800d728b340dfd7f3f73e57ae4528da4bcd22fd64b2910c797e2340af5c6c379a16948bb967357013952c17750ef5616a83d8ba21af0e58"}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000001}, 0x40050) writev(r3, &(0x7f0000000240)=[{&(0x7f00000002c0)="390000001300034700bb65e1c3e4ffff06000000010000004500000025000000190004000400ad00000000000006040000000000000000f528", 0x39}], 0x1) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000040)) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) 16:14:55 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b6d, &(0x7f0000000000)={0x2, {0x3}}) 16:14:55 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b49, &(0x7f0000000000)={0x2, {0x3}}) 16:14:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:55 executing program 0: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000f195"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0xe, 0x4, 0x4, 0x40400, 0x0, 0x1, 0xfffffe01}, 0x40) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0, r1}, 0xc) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f00000004c0)={{}, 0xa0, 0x800, 0x1}) r2 = socket$inet(0x10, 0x3, 0xc) sendmsg(r2, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2400000002031f001cfffd946fa2830020200a800900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) r3 = socket(0x10, 0x80002, 0x0) dup2(r2, r3) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x40, 0x5, 0x0, 0x10000000000000}, 0x0) perf_event_open(&(0x7f0000000200)={0x5, 0x80, 0x80, 0x85, 0x6, 0x9, 0x0, 0x3, 0x80000, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x6, 0x3f}, 0x44030, 0x3, 0x7fff, 0x5, 0x4, 0x9, 0xba, 0x0, 0x6, 0x0, 0x3}, r5, 0xe, r1, 0xa) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002d80)=[{{&(0x7f0000000300)=@ieee802154, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000500)="6ddcd5ae7c383fe4944d1fd3efe18accc799de7bd7fa6fe6d2342cbd7830d2f3abd3e05fe90320a8fd0a50b89790dd5fbb498d6005dbf165a2107d1953b6737fcc0ec5fddfc35ff8e786eb45e4519ff9d771c1180f031f6f96e3731e65c665c836856e66d68935adbaa0bec2f899bd9aa2675b8aaac46e7d62e9aa02695f7d7a6e219af3d6c8bbda17dde922ea1bbe4f3214d5c089dc9e2980c02f7ddf7bc4ae14f904e274a127ed41d9bf1e744b71fde129dad5e673630f141e2db7609b70b3cc3f17e84a73225ff377bd8987bedaac19dc5b462a729bcfc162a51450fd35511155348ee12c00d68db0bff4042dd0c79ca43cde0d7dd4a7ca1e0dbfc819eeeb373d0fdb280c7aebd9a20f6a7c8c56656a22112c480a3eccb609788d648b19b1ba8828c93cbbba2dc56149e8da821c5f634401ce4f4707e9f3732bf2eda640e5ab9fc0b9cd078d3be9185e92364fc7a64e94b882cf4aed38d71c9e5d9d834a010c001fadc05533b31cde545a73ec88afef33baa8c0e8ea4cdd3276bd1ab0177a56f635448ae40e733c3ff740f6310f7be078619d8c83ca598a5cb2fcbd714165f719e3a4d6c90ff20018351f5f5cc4f0c28a46f61ac973aebd1ee324fc84c2f8ac80335a1a6cc3cbd6a4635d9427db7c1afacf7a47717670948ef1ed44144d8cf908c7c2dcb07c36e2940bd0195e697b6471110a8b875ef3171e75a611eff63ffd86af664113f5fb432322bcfc3e8f49c9cc0939177f7a37377285b8085ba925dcd54214860c6725246d5eb6cab7ad5b6390c5edf9e5fa0d951bd8b1e9e0d26d604d79c3e7f7de51f6997cd57b2cdb9b56afb76f2b88abf490ba1d59aa910f3583234334bb0f2f8285f6f08d3f2850119aeb7cf6a82f3c05e8499ccd8a45e03482d093a3ace191e8562eea0e4df80fd2c3e4573a1f7b49b184b9584bf66ab1db8aa6764161ec7bb1df76a1964e5d6a19d6b832f3a7f638a6d574369be5c525fb7631f11c7f4f772d4f7ce1dcbeb91e6460080ade1e88ea25b581a6ccbc12a1499db4eda643024b8e4e7db1db0802637fa0cfc8509e7bdafdf61112eb4cde0c7e74685486acb374a0cdd73de9f182ecd868d75c96daa523091a70db83576df25c88e0b453ad3ade6daef4fb0d76e307c201381c6c8722db2988c982aeb4ff08bfb1981fa619fabb88bd5510dcdeb9a86e129c2b8740bb9ea970035944ee691812d8668be07ca5738597a02499e501f77958944f8c3efadbe68bfe84541958d90a9ac2b4b8b2625d01673232764fa7a44478849ee2ebb4ca845b8120d8b48edebb72849d2441adb732c9e24c8f9abe11ff704228458c4f2453ce7ed43e1a985f771af665f349dba955842acea9876e74152e30d9b1056a9c545fc53afc8cd533755b954d94c22cfc2664acc19dfecc8d81c2fe527a290d5cd6ea007a6f4d4a685a9984739f19ad6dda152b30714810cecf08bb5e6e501f6132beb1fb396db47b99589c3176029d70faae7dcd6faa33e90c56585bfcc524aa73fba0e24021c46f00cac8faf91c0458bdbd949a9b0c1d7a6c31c2a2aa2d77eed3a632fc21ccd5f9a6f5c1036d9a36b7e1cd92bf55837eb3e1dfe1a0a25ff6ddabf71d582df48e27d44f9aa9d698a61fff54e9b54e0bc6b43d9b5fafae9eac6ff31c3fe31b5621140591f14786d9ca06c01ed8579b049029346a29f4c8aceda248ece63cf721aaf49423b477e355bbd1aa4abe0b13676baaf96296ec0e2285e1929e20f759ee68a2f6e6c1d486939652f2824ad387f49ca8f759b2cf6d0f0cdd80dfbdf8b807afa718273940b467a5bf3c4d8b97c8ccb8633f13cc781b955253434e4bc716366e0b4400fad8debec74cb0afa08dbaf28b19dba2627a50ffecc2267b54498a814b7c86c144ff9eff10b2f8f0ac7cea43854310cf93199974f7014ecfcf7fe679199befd486494e5ea218bbaae41beea4b8ae617d5158dd12be3fd252a81617c275db3cc293354ddc3e638ca0f32ace10fb51280d6c0630f874cfa8c9d697694d148665d5ba06c9a859352d482d1cc2d5ff9026a2bc788842787376c4771c46051ca3019bf60a706e207339e8118021f919244c297340b6de30a15da8ce13246c407644bc174f9e707f8648c4d096460093ac1a7a84a4bf3a5d1bae74a2228815d2571a7bf7d6111ac73ea7632c4c937718ae185b507fcc038bf98dba21cab2612c2f7d3578bfc1f63fa7d86d1df54e84aa833a74daacdd495a1bac76e99c1a8f26007471f0f73d7dfc1227d23cf247560fcd3f8513bf29ab5be79cf96b1cc934acdfdd9543323347e2d1167a0041c8f748e8a4ab33f4996dbfd5d76ca51d88a21f5206feafc85a7b83b9ee4f2017c04aab8231951d8ffa7187b15f2d82344c927ffc1bf10866233451318d3c6472a487c881b72877653441962cdb5f454ee897cea585e8a62a13bff95a400983cda0c5b8fd82e33b9969664ccc6b57403e74b020ee74e6d249d95cfe30f5465d1c1eeb207e12a36cc5ed4be073a388a7ebed6815993d0cc20a7e8a411e3986cb3e27183f07c2446fbf83ffbd0f2b8d9f236e3d6badd2ccd234d487d536434cc634311d0b2591142286e147d8d145f86476e4b726a169fc49603f739b4d9ef74a7090b6371d5a27405d06495a7cf2e5cbf5f9f7fe28f578c5c726ce6a9734289133e88298ebf2aa0d5ec7859b251f6241167736038ce99e8312b360ba708477fa5f1014bbfbf46979ffc8473ea9344399aa990cc732437694bb8f0b2480a20ca96d77d1d68fcbaf0ba1da1a369f015cbc4aebbd22b8563d71c6c3d65951d6c07b33f2a0453023d740843dd2ffccace91f9a8f16a0f4bf15188876a8cad96d5e810e4e700148fbe0ec03424d2ca6faccdec76a33728553ccaa356d46800ebcd0a469c0ecf93c3bfa844b4df6fdb7e2b1a3124343bb40a2b84ee02ea472f6f73d0dc11c8762b7d6450d8912052933df115feaa172944fe2a863c1f761cd2096168fab777763411ceea0089b9d8f4ac1401ad286630e529951fe5278ce8801e01e315e6c12a5178345f891cbb2c7f85155f3439414b115216b69ce55062c73933d57909b22ba3e01c34b615b0d7c67e76d1414ef3615306ce560b67cc45a667c7135e100a8da06b75735bd67eaf2c1790d2873a223b1b4250fe13ee9bdeb4c1a019d844233a6c76389320b3483ab30be7cdd04d612f34c2ed29f9bffc08bed1ccc00e0e43b98d289dda513fafd592a06ef93cda1ce6c1d3a03461037937fb9e35e3e834e33b429adca32de7604735c6d011e8c018e927e24e124980a47503ec1667e43d7fb413d24dd51b8467b71dd4e377c82713c76d69ea88ee6e610351e7a3d2e7ed6c1f0a6f34e6e510dd8d571a93d017c148c10a04ddff91f92dcbbc9d08d7e41ebc56ad0960911815135ddb48f7f41a09bd8bf77e3567acc18a1e80b44178a24619f3a432a43f24b162dd8726cf7b33c47c2c3243a4a248ad5f75a1a5e31dea4cb27546f57ad426700d7414c4b47662fd8ffd1cf7f7c1f5c8bd28127e90a4111f53a0fa45e326da9c384e20bae5b1815bb46c08f66e79be66beef430a8b8dbee18920de8b5a7d267e23e6abf30b5769aecab6edb481d99341e1f7dfc37b05d0a9f785e38cc45a5212a6e3380169fa92a4071eb0a671f91f5b5d055491ce935112d47beb5566565616a0913fd28e0000e5a77ef01533c66c7601154de3ccf46caf3728571b78aabd13412b730ea580499b2484743729d84dc988ee691414da7c2690dc84c9ad22a461590949e7a749fc285a6060c88e5e93f26c42cd5f19d405e28fe8f95bdf1df8cd141d4c71da4022b97f5ef1dec8e05eaade34e6e88fba32ab3aa03df12db53bf2764411c5b78046408d979edc055ffba3588d9216b7da5d3427e165414770eea0e53cad37ddd4ed526a7503110c701c3b0f0f8764806ecb3377584c152b148f6f4e855db9dbccccb252ec27acd165d4e2c3ca4e63065977743c6b225337eda001f11e0f7095f24ff2e502c8348ae848fde16ba4d81b424ec5de6394f949a2ac579610114c6faed0b242093ed88f6006522f6f72fc928c1e54af24a78def95061c5ba3b5bcecf9de8995f90c075fd9be365b3cc9a8f28dc52cc6672f40ea57bfbe00beb549260daa850fc8ced2dbe6b358d66cf5504f9b877bdc7e42ae9da9d2fbb97a17a0c6e1fb19a9ed42e3e4cd8c69d07604e044c23d9ed879be26b5adf12c28254f7ac8a78b7b7c44b51bf0bfae69be32d12a9dab9ef2a72a90ff7d1d751f0133d69a0ad1d41ab01f6faab8e44268cf75f0feb0701af7561ea7a75021217f18963646efc423476fa99be0c773c1ded4f02b40c7b6198f2799d1a270f7d5d266d89ef2e97957077149632a252db66d2a138ca014b711a3a3ef58bb5b5574713c12269a99ac9df321e759f362f8095b46d91aacca1e9069e320849945a5de3a38cb627e540c3ae91b8ce9296772e6f8042b6720b2bda3d60f7985c061b1fc5519833e23a38521cc4b871da13a09b30cb3655083dc87207f00fb2e2529320d53fa063f735050812eeadc8386750a1fe400f76de4a53381224200f8bb8ea1d0cd954374ba709e5d52134cb0e7fef3677a0a8139645544ce1c57f10e524e95210772f81a886499c3f96307e32f5e011fe151ce82f06e10b453f3b97b3ec8b1b156860bf7cb4ee3399a5647ed6087aedc0fb3ff8eb5f1127f6df79daab9a603663822f6b5e2c10e069716b675e7027cab3e6ff8ef46cd46ad7ee8e68abaab03ceaba9d75b5a74f2197c18b6f0552b77908380b376a70954d0154b6e0c8517e26757d0a492e66996d0e3461acd560f2a98a1f4873e68d7cb8067444de011171784e806039c0d22f2b098d8d7be00a8aaafedb0ce5b5975e24b002fd0705743d661491cd4a1b022bd4962784fc3ad853f942cc36d02c20f7ea52053826a732b7b167b97c6a44aee73cd272b4e0858953cd82bfa5eec673835cb23c9329dab4fbea16838bfda6f61ffd9dde516c3ea48f1fe076468486a13fc05a067b5b680c9310cc96b796f59d2693a6e31469d5ffc451b81cc8afc4c8d7c720204147e931e88db0425037a476d8c9debb2acb99b79546d247b0411438e6000adb1b7b5e2f4879bac623692fa2891616d9e588133aeed7c8e11aad60bda9ff96f9ab06e40865ce6a919b70a567b3cac4fcee75ed3f8d9c14c480bf55a9c8315f88d27bd4e5dd50cff7a937a27e22ed301a0b768153ecd74befb92b3b0c434a65478318309662d2bec0fd768f4f603e57cf789d3d35f5d31a82237716bdeb3172c830cd919436369dcf825eb66de3a57c0bd3cbbc1f612631a970ee766f89249dc90b11e6a1a9191f1af38828ffc6a0206aad6e3c7a4f2cb64cd9933a6e6827edac9033bfd2c5655f81d93eba8baa51af07cfb3c3b9ae9151dc0c95e048d639b8c7f39f22bf1cd02a0c541357cdaeade955ec4fc7d967602d5855e67cf9c2b98e5ecc10ef830aa5be01c858c85ed425963b5a4d703e41468ed6ae536f10adcf56517098759e55034029a096614ff142a4fb77820f5ef525c9aa8987cfb78faaa93ed79a0f4d76f11e442fdeeb668a31a3cbef30ecfbaf9036cf859da476e8f9dbbe83b6203290d692e9646fd38b2ddb0bf1b7886be8106b0ac9f868e6259d62920daf41eebc5c6a5125cb51deaf2afa66d374062e833ec056e54369eb3325e91ac0ead4dd2d98afa792e331c0a69b92b22a45ec1c704ba7f52c00a81f862477a21e72b3e37ae063be8497f4966542ff4f71a9ca0b13", 0x1000}], 0x1, &(0x7f0000001500)=ANY=[@ANYBLOB="4000000000000000050100000600000076e67b6a154acd465043c885a8ab6ca77929768d9f90d0fb1b87da2960e97d7ec704c2c47ee3b956fbdc9cf65f00000018000000000000000901000009000000864efa080000000020000000000000000a01000000000000dc466da3f095a354b26abb4698390000f800000000000000f969c82fe30500004361b3f7eba56719e12efda7806d65d4097051a4944838ce854416d267940dbe464e6034746a565a38b4402e8dffd3c14796f00f0959b8ac96c52c7c8ac4d4b7f79b90d1b67afca6399ed09aef615e81829c807c58712fd1e421fba6e18a82384f48ec0bd30eb7ff1de5e70d203f0425376b28ca05e39f60be1e3d04f001da354376837e420968f3a28ff880c47b461bbbafe8d84dfbe6e1fbadb28297b5c77f3f3b5f414968d7b3f307734257f2082ab3e99648a19cbfbabcbcc0cded2272b77e8e1ad28fadba8458231a4e7a4acb97ebbb4153ef7acbbd4d906a45c3e30c28138adc7ae3000000"], 0x170}}, {{&(0x7f0000001680)=@in6={0xa, 0x4e23, 0x8, @empty}, 0x80, &(0x7f0000001700)=[{&(0x7f0000000380)="a60add05b50a1b1a751d30320ee6006750350a3b1a5719febdff5e", 0x1b}], 0x1, &(0x7f0000004080)=ANY=[@ANYBLOB="380000000000000009010000ff0300004ea2ebf8fdd0680cb78da17b034005ada8c4eefde3504359bc3546124a835943f8141dbf2fbf4c0010100000000000001501000001000000555f44999f351b92eaf66d77b55eb0d08885d8845571693b449c9c0ade3c9dc15cd0aa6adffbf291beae5e93ea4dd3605c88b595e25788f65caa6b45439f21b233da5ddd7cfe883c866dbe9d02a04d1b1cdf3a992c71b2f2ff91172ef7492ea2eb7c625b5fa04db7a39aff667a85d9bb2d77aa3ec51d683d4ace3522b7ad62b1e4f6ad441254b6f21e9da8821598bdfba2f34fa1c4c105000000e71ee06d31391f16716e7ac8c31f335493549beb1590a40a5c6fd07de51739cdff993bd354b9dcfa1e1ff9ee973c9a7798466656d04f2256c11b240f672c66bbdcb05749aea89d3e6842b04e0b89f1f5265433535cbea3322b2f221502aeedfde52b5e9a06b42bb1d6cda96da8a66d367e3fa6463ba3c7a2ef1ae6439cc0c970b906f36516f1def0eacfdbbd5b1ecc66a812594463c9fc0d342eb4b3e92c4e7f140de6f30dfe2c23a4f640d90b93dd27c4b6727005d32e803f67ff36d785727892abb9a06a0004ed5aef3096ea5e275b1c1196a9ecc12880525c3ad6903427194270e2787b4b25f86fb90c3924ed33a7831e9d8efa1064678e620b9293f15160e71059c88cc56ee44a42a9db694d08f47783de9a29edf9ec0494e13146513906e3400f1f4439aaf385a63a6768a0598dbc7a64f821e52422be012b21022219145b9ab25b9a1229c6b08e5120d5c1a96f507c9a4025fc95640cc45e5658e98fa700416fa9708cf0b1192b96724b0de90855ff2a1b9a64dcea13e699db52a19bc981d089a76e8946b39aedea4e4f534d6bebbc46f812bfb6cceecd201e1617541279f295b3875cdd19cc64ee01edef26d47695326d2117548c673d9576f49d7dd4943c6bd120d55cb459c3bd719f13c90e159d89f63e2c5dd4f55603b77242fce0fdb4de9a797d6b93604e4ecb943f8bba038f4343d40400badac7420396cf5978eb223f4fc1d46d42e48ceb481800b0ef62885e75e56bff0811bbf59bdafa6536ebc0b28186a650544ca4e198d5e0509f80691aca4dbce3e9b8a30f78b137d57b446979c6aa06dcd166d056e21420c0c19670336f563c0579686244b5928196908e30eacb79451206d2878c21768c3d22fb9b2c853914974d20e9a87b8a84dae8a191d37fd5765ffb0a0dd53118ec193310e72759f690e007cebffd517bb50e291b4306f4a1b0fd1e0e9e1b2ba7080d7a67ad45f1712a8e0849ef79f1afdaed0c00d42f38224cc92b59110f48ca0c9165b1bc5a8f54a3a1130cab3e1c61d4fb133b83a675e8784cce3f065931698382150802a0e81c1c47a3d0135ed63ea8a4f256f84263758ba0c1150238f8e3bfa0c8ea8351420127a5b11ba04d9673f61e2f5d934423f055adaae3c3c3cd8b79439b1c28c875e9585af74152dffa02568148826a9e42af27a3b1867b72c6fcfa930f63e1951572b453a3c5dc3465e5de5999e2f874d60f6d6a347262e9d36681a8d2f039bf35c52050bb113dad029a750d136ccb14b97331179bb3b9d373af9321630bbb70bee4081cf45b51111ce3119763058af464f9991dfc352fd753320075cdc242c16c205791951fdfd21224255fa6b5832bf136150ae36df5741537af0dbbd656b57d62dca734df62c4fe98e2420c2af0c99cfe36dd11f2ecfde0b82b55cc9ce2f130bb9b1339b98e55ac7ed46e3f5b0115609ee80a15c3ee2a762a5122978709809e418f5705b016ef271fb73535fa57a469968d8ee3479194ea14488b5a9a2fb41a7fa5af70675462d6969a8fe0241367f5d3bd4eb1faf9c421f7e25336261de31cae4288f200520fb152b7fd2253a6b69a162d8e1ae5c87203be5dc97bd831b948445151f61fba7bea8455e43030651f2b35cd320bb1ad18a867d161cec5ed51bb0ac87ebc7c4c8fb4c44f148a7dd5082ca2cdc1bf04d30348f25e5600dccc34fa40cb00ee521843f714f497e6013299fd719abff3d9d57153a9b4b3909181fd70043de7926f8e6b015259aba8e85c90ca14affc91dd5bec49d98184d4dfa9c640fcf940eae62305eafaeb3b3cf3f6d98210c269d2360a090bbba7efb24650a2c65dbdf7a931ef963383a4b9d0dc787bab2d4ad9477fa1c5c9142cb80a643379f032c2e7a08e86aef6be105cc6dd41a49c93cb73ee77c185cb5a19af97e2c5fb83111b611ec559cf03ca9cd5aa2f698159a84f049df4384af271f27fe7a5a5e8b8c2bbdeaaba325fe6fadc8d270e1d55aa9ef1fb34b9e3880664c7f00159f9db088490c5735d90a81affe919e438643001e3ad790437ee128bae575f776c13eb7be1f671869c3839e8264bf838f850a34367aaff72513ceba979bcc6881fc1685e1ec156d13087d80cc9b7c81f5ca63a70a21bd89b4b43011b9474bdb664591b74d231a457e2ee78cf5b70e48a5ed40ebfd919f67619bd7737eb6fb9fe7eb462fad9a25889b2081d2e301b4ea5367242d9db68a0649fa504cde390608f2791f6dd87d57eb9a944a05dac5738e2fb2ed077260fd4da8d8c66662114dcf9a9cf726037a6052c7dcd6d03a0c8590b99f825996c1c31240cf0cff954ed335cb4af07c2e80055b4b3e36069aaa628793e490e7f46519e263c4f1d732e85372857c237d54f4d6262881cb91ea1f3a71514c0eeafc6d241c06d22b29ffd53203f011b81df436ba07a5646a06442ac7ab21e23ad02a96f10564f0e3cf846f0c7d06ab299e895b9a11f2dcc2770ff5dedf7ed3eec9d2c50cd077e492f40dd2b858e0cae61453820d754e8daf7c66ba8ff3a8c6d86bd4293f1a82be5366a2eb171c05792cf4e8ad908498f5db58b2b8255ba3118b2d4949995315e245cc6e3e3acdf2733e34616c3fa0ff30aa657278e3948ecb75c0b8d83665b14958d79df312b188cc16ecc7167fabafe927761525d50cfef82518322a1793c3787d829ab907ba05c3cbe835763c66213a323529e0ebd0fd52f5a340cc147d45679ad759662b18dadb73941422df12dacea45dc838b4c1569fb5fcaa1c33cd9230de81338508b8adb104300ca27f0071a3c257c3bd2fd4fa88274292e480894b3a1391257c2931f5707dc6fbd8819cb89aef536d5d317d5edbf5c38da90ed5b02b5d38b37f05f46f0c947712df2c42b9727632f29f60fbdf33caf44f2b2250e43fa66a61dca1f6b4d78e867b4b31a8de164cd5db526ea6911fad637f9894c59867b062e48f20a757b9977d096ea6ac6b93630257dab02088562a48661ee5f4653f5263bcce4459da2072c2e3c31db494a8d65e9eac3bb8aed9a8147e668de137875ca62d10b5bcf84527c2a257b2a2c4454b50945f935b1129e159aecf7c86508187106e3fe9ee5a1cb0de2098b7af018f6d75accce45adbb7d2f605116077eb9135167f06084f5e4dc5c9671a6f0b9a7911188dc915b248201a9af1dfb4cfdf8e9367a696e2eb2feb0455d2983fcbc78130be4b97f3cd269668722c05cae551ba72224bc0cfb6e982594ac853cf37678bcd4747fdf057306df780e436fb2314d4ac66082493611d8741bf2af932c7c55e45fa952977c3e8ffb7a91d7c40a699c1d5d134e7cf7541cabe36bf09ba97926adeb068c35e9f8b46836a42164f1e90fe9760e50023a0fb6e7a7dda7394347214abb91e3cb1fd20a28c56fc22dda072e81f7939b5b84121cbde90b21eeb16e702d01f5e526c68de7362611c3bbad8950a11a98edf1d85ce5f5e42b5de607bb70ae7098951c468a9dfdd79b6570e68f86a570b68bf8e7d16e2a49a1c84bd106103074a3c4402f7378355f7f38ebe327407fbbbc185731b76041840013e35e60a11c3cd488277e04e259e5511e715853352588a1466a0de98aa3a8c950b1895a406183a5af0821656af7f03670c216178461cf0cc50a69e1834adf43363477cd6d73c602338099df934d9e4a3bb827e01d8ff6b76be6b7d4456b6a381af1909418915432e76552e51379e3bdfcdef7ab2ffa3922f6eb7bd9c1fbd96496e58f89107318a00460c02d4c662b9a8fcc48874287f0d85b03376d4af38f7922ddbbbb6bfcdeadb985c5960df3f4e2956d4837e9775c49e8f09c41265e07bdfb2e8266c081c79844f0f95dbf897c4619bc2d5ab096ea3c7ddbbae891c92c13cd41b9311ceb8f5a794682d56cef712f09a4f4497bda9346af1f10b4c6f45f84fa6217287cf68900b54e08445575db70f8db486678122220d2260d20d0f03cefdd996170490c8055708c18c866ba04fadf582f426e92c8740533fe0541c78e61dd607bbda995eaac9e202fece22dfafc3e82326fb6a3ed307161329890d8aac8ce3775a0f32873af36a7b9213bcc8d2b94c846ab3b3ab6113fe2d4eb0aa82569f9f0546f68046fb801fc5f82b8390a1cd34916ddd3d6d49aea3b7198a26859db2dbc499d6ba2314370d841c668c585663e2d4758d9c9102d2ab1d9e141f05fe57e3ee76ee5d47ee97ed1e850aa5d022821ed17924f368f189b7effb0446666237f5c044ea56c28cd089dadc5115638ef41a748e8b2147e2ab6fe599f9255fb921dbb15d0777dd0786d75acf8eaed062340a7ec67c9978e76f28eabee3a3aa13857ff97b815e9abb83c19b0aa1da78ba25fc429e716bac30b4e575e86f2af5bcd46b15e4073e3368cb435a7763ba046c64cc088bc3d65520204d0d7902d662e0edf9ce2d38bf3777658ef6614f1752ac939268aaac67ccaba1a449043c4e396dedc1d23870cbfe0651961473fe3fbdf962b1007d8d0371034c36bdde3cc987c40514a1684509ad8071a831a05e540b29494549c672c62599c2a27ad8632d2fd9f57cec15fea2dfcf7937d96ed5a24ad5cc375ea16691ff674d5faabaa4c83c2990db176280567d793785bac4b167000f6efc8e446d5964584d03f0af8b8a0cf5bccfd62b4e491c138b07b9466938738900066f3fe48d4c7b86809b7d356f2aa0151c20dace8902fd366ecec6a77b680baf58459474eff252993f70242734abb58e319f546d3a5143c52d12dca7664df6575a6fada1b0629e5acc5ea6d6b9a25402964e805b2c66607510d152d0508d726e927035be6ae144a9c650f36042e6507629a97d4b746d23a46320cf7fec9de75360c60911ad533e69817678806715dbcf7a6cdb16ebae4af54f257bf10c794bbc283bacd283eca4a694c1baade900881cb09f49090a0129044e348e853c0fe91689e7afd9aa03e3bda6768a196808da74c17e4521ad8d8f870347c64e456a095e2248f4affda02c2ceeaf34eb36f4c2db2396650e906d9b55c120672bd3e070e8813553b7df4beebea8a5cd557f36cb6cfe7d09ba4e7bd458a51596179e47bd7ca3c3431591accee69545de377a9ca52669c30d1ddd90017f9d2feb477cc2dc641bc1398ac39fcff2c01a75a52d0cb3bab71bf2072f7fd218a767157eb7f965b59bdd55b71be65e815cbb19c413d5895fdfb4f67a7412f2680e01844916650634d0f2dde90d0c5cb8c82ad8e7a512091a5b9ffa659962426944dd4745061e81c408da2284c38aa7c7f630b16c0bde8802c8284263fd57458a556050000002339cf610d20085941a856b3ba0c5a5a2cd4d5270dcce99edb678b2687bc7a05589d21a64b9c7516b8b754f0b58a2b0d9b634e1749fc6197f1e0f8a8e0e4d8e11c45e9efd98e6603e0824fa093b242a303dd09983845bbde5edc4a723f6879ec51688078b7fa054f2f2bb9fe3ef8c93a923f35fca6e4f3f3277d65915ac5ba0b2225feb2b3a1d1d4c9c8fc40a894f9fb9d6dd03a75b44d0706fa61e0e6381b8b8146cf1204465802f7631589bf451ea4e89f122d14c705721027f6c2b442cb15a44581687205e86136b47fb0000000000000001201000000800000e8b3dec0d25553a3b7a3f2bf6f306485bf0bca216e68da9d360ead06aef93d4e8d610e648515d27cc70ff69559888dfd66bf9c5b003df3d5ea51884906663b8510bcdc3f2b6b01de94a15fe1cc25d7aa5fd4e70f1c405cef609e7004aaadbdfa310d5f85055e706edb628ebb0d2810911c5a759ac6d01eaf224a696194cd6997e8cfe977df3033c5d2e8e726f2ecf8434d46fd57470ddfa7b50000000000000010000000000000000300fb1a31bcbf3c8e86281d8c17c422cf4f70605738432cc1d41b978743989dab14f161b29cceead07f8b6e75c646a582623781d17808ba918903e106aedfab7baa5ca61675f3885e11c55b04c940e0ad213a6b46f788f06e444d279f165f23820203f062c8fef8ca93905c54747b436313ce75fe967a5015eee59cd119356e7c5966db87d432f6104c59fbd9295bf973e884f458d7c5aa4dee158e1e219e81487a198f69d48f7e21a478ba4c0adfda8c8acfa079d679f4a8c325c268c85867c5e0132231628945387168e2ba2bc7b26f42be0de7d29e766106ff2fdf10056f91a4f13cd64ddd14a0115731cc98bbe2be10e96d9923249036ec6d6e57b8973a10c3d1e9f0cee3d362953314cd"], 0x1108}}, {{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000002880)="abc7bc99e0fc8589d54b0daf9034c77dda0c194c6623edff86022e4c29af6eaf57af7343f8b4bb7690194f9c5edbf607750ba3a56af7b20ed2df38ee5c8503642f39f9735e6ee1d261797c53a52ceb96670ae1b23950dfe87930877e7ca6e398813c0479272fb296e7dfe0682da8246ef24f637e8fa25c83e1964193c6545a3391676bdb096afbb37577da16215710d55d0cf1e4c12fcf2c8c3f7c7445ce5a254e9e9877e4f60b4adc485fedb9e652ff264619e0737f6dcf866935e39091bed77cde", 0xc2}, {&(0x7f0000002980)="f9f5a4ae8dc2911c1e2e575b8e10403367e60575ffccdf8770d3d25c1acb6fb4d6c3d990269d32eb8a8ef1a6bd0e34bed5961efcd123de0387e50052e85f1cbe844d4064ef37c59645246c25f9de059641947669cef4ed936916e4c2c4fbf3dbcc27ce81d6a3c2fe6c53718c6148ab88b3921a53db8c8e05d8c74770f5835b9f6f47e2398bdd76e625c095a464359f5852610950c70bd71860370dbc65bc95540a24a9b175712f1276a181055276792d9036b89049c0c6a04933a5b5c26168c5e8a553e6f61f00d9e5f942d3a3957fa30fdd0b", 0xd3}, {&(0x7f0000002a80)="8e59ed6cb41adf7464eaa99106e10b08ab8baf89556db42e1bef7ddebf289d1bb5405d9df6f1e5b64945f93e7999a7d89dbe2ec7cc85838df7", 0x39}], 0x3, &(0x7f0000002b00)=[{0x60, 0x102, 0x3, "f0e899ce31cda5a2d10009d35c5a255ba52031aa39e67fb5cf510933ca1f2f51878a330b69356b060cee643af3e8847057920dd9b9b65ba0eaf59636052086fae1070715275eeeeb0494c50c43"}, {0xc8, 0x111, 0x0, "d3f5c33e3b58b35334a4cc00d917aa22996ead8e8e0041189292271ce2294997f68db7e76c5c60fe169cdddb36555d769c0be0dd121ad6b222b84209ababe0c19bdf8025f93079956e2de906c7d1dfe61fa19750a8b15967cc6078f677331ee47c85dc4a287bcc17f3ed84e13f8557bedeba4484d3befc92aeb4ca920b37688985516f480b92722d554aa113c69f0905485d65cc9045546446eba17c200fda3a9ef218625834f05f9661dfd4fcce8c293430746e44"}, {0x30, 0x100, 0x7, "4545d82e82a9c3f31d0428b683c3c715bd0bef85c945756a68feb27838bb"}, {0x80, 0x112, 0x1, "fe6507cf5d64e8637b11b4645c7c150b213b6efb2dd3edb7e41b35e015e77b1a930c9f204c451d552aa15e83b5e5f966e7110a3aeafdab3b89262154ade076605dd616e06880d2610f2d3bb1230d653b66945730544505494b0a0521c4a0d615c98eefe0108b814fa2c00733f2b1"}, {0x70, 0x10a, 0x2, "6eecf769dec09e34b4063ba75a30021094cba14572ef8db16b6f454e8e3106902fd73ef25241397a92e7b8d9734381a8979cfbf3f04e5d08eb5be6815aa41060cfa591900a8152a7bd2a2e91f562162fda1484eb5b35fcc97002a53febaf"}], 0x248}}], 0x3, 0x24000011) r7 = socket(0x10, 0x803, 0x0) sendmsg$WG_CMD_GET_DEVICE(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x48}}, 0x0) getsockname$packet(r7, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001740)=ANY=[@ANYBLOB="700000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="8384010000000000400012800e0001006970366772657461700000002c000280080004000101000008000100", @ANYRES32=0x0, @ANYBLOB="050008000400000005000b0009000000060003000700000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8, @ANYBLOB="08ca750115bdc8bfd64a758008c704494bd9063f032f7a87330ce0a4b4590349cedbf222153ccb9850dd75db969beddd8eeed66d4487b5664a7cc70ffaaf0d0364f329dd92b9bdb7c2f7f3a561c319ef08f256d7a7e9e739"], 0x70}}, 0x0) 16:14:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:55 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b70, &(0x7f0000000000)={0x2, {0x3}}) [ 312.823131][ T22] kauditd_printk_skb: 2 callbacks suppressed [ 312.823141][ T22] audit: type=1326 audit(1631031295.894:8559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10013 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:55 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4a, &(0x7f0000000000)={0x2, {0x3}}) [ 312.860980][ T22] audit: type=1326 audit(1631031295.894:8560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10015 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 312.871931][T10018] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 16:14:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4b, &(0x7f0000000000)={0x2, {0x3}}) 16:14:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4c, &(0x7f0000000000)={0x2, {0x3}}) 16:14:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4d, &(0x7f0000000000)={0x2, {0x3}}) 16:14:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4e, &(0x7f0000000000)={0x2, {0x3}}) [ 313.014668][T10033] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10033 comm=syz-executor.3 [ 313.336682][T10033] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 313.375681][T10025] selection: kmalloc() failed [ 313.405240][T10018] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 313.534393][T10032] selection: kmalloc() failed 16:14:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x100, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@alu={0x8000000201a7f19, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xdba3dd835d632db6, 0x10, &(0x7f0000000000), 0xffffffffffffff41}, 0x48) 16:14:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b52, &(0x7f0000000000)={0x2, {0x3}}) 16:14:56 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b4a, &(0x7f0000000000)={0x2, {0x3}}) 16:14:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b71, &(0x7f0000000000)={0x2, {0x3}}) 16:14:56 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b60, &(0x7f0000000000)={0x2, {0x3}}) 16:14:56 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0xc0, 0x124) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x8000000000, r0, 0x0) r1 = memfd_create(&(0x7f0000000300)=']\xe4\xd6^\x8c\xbf\x17D\xad\xb5c/\xfbi\x98Z\x10\xa5\x01.\x86s}\xdd\x966\xea\x9d\xa2\xb6\xdc\xa9\xffEmDx\xa6\x85\xf2#\xf5ESr\xd7X\xe7S\xb2\x14!\xa2\xe2\a\x0es\xad;\xb0\xf0j,5\xb6\xa8\xae\x92\f\x91gY\xcd\x85&{\xc9\xb6\xc3\x9e\xf0\x93\t\xc4\x17\x00\x1b\x15\xbbaN*\x9d\xa3B\xaf;\x84\xf8l\xbd(\xa5+0\rx3rc1\b>\x85BY\a\x101j\xab\x00\xed\xf7W\xf6\x9cc\xe5\x0e\xcd\xdf\xc4\xa7?dx/\xb1\x8a\x82Zg\xf9\x11\xb6\xda\x14o\xdb\x84\"Y\xa8v\x92\xdc\xdc\xa1\xf5\x1bg\x15\xb5\x17\xe7\x86\rA\xa0\xbd\xfb\xc7\r9\xba\x02O\xdb\xdf\xc7\xa7B\xf2\xa7\xc8\ri\x98\xb8Mz\x85\x92\xc5\xf7\xd6\xa9\xa6dC\xf9\x8d\xe3\xf4\a\xc0\xa8\xa9\xd1\xc0\xe1|\"\x1b\xc8\xb5\xc3\xd1\xe5\x9f\x82\xe1\xfePsC\xd5\xc9\xf7\x7f\x92\xa8-\xbf\xb5\xf1D\xfc\x17\x11\xcd\"&F8\x95\x11\xc26\v-\xa7(<\x9a\v\xda\xe6\x19\xe5^\x96\xf6\xdf\xe6\xe8Kh<\x95\x05{\x8a\x01\x15\xba\xb9\xdc\xec\xebs\xe5\x99\xf2\f\t\xb2\x7f\xb8\xfb\xd5\x06\x814a\x06\x8d]\x9ev\xeeT\x8eo\xab\xa0E\'kAvyNb\xd1\xe2\x85,x\x8e\xa6\xb3\xac\x04\x88~P[\x0f \x86\x06', 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) writev(r1, &(0x7f0000000500)=[{&(0x7f00000001c0)="bb", 0x1}], 0x1) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100)="2d13368a655ad4c3feaf02cde4b694d9becbad4e471fbf2ebb5e42e473bc94ae144c6ac91a7386a2863742b8d055b5d4f246807574fb6079e919ec7b73329fbb952f27a3e7352d05fdf28a0837fda7dd3bfd2015cb08fe03b47359d4fa7d47213fb94526273b2c3228f46d5022931f4e425b344912ab1b261802fbd1277028214f853c", 0x83}, {&(0x7f0000001040)="25c0c95be60d2866be00f500869b0f03fc4f3be340bf0c8fab12336740ae6f52ec1aad0f4f54302b346b2531f259145ac5cdeed3e51dba63cd2ea1e05320a83088cfce3bc951945ffda19c799260fdc0c4a4e72770dacdbfcddabe175b8cc8288282ace8012ad1acaa505635318afa974f4be20c4d64f685578de6e6bd20b8f60321bd0ad056833063ffe82c0a6eef4409ff44fc51226b6b49c3213e32123c01fc79098523594ae1417397782078370fb1c875e89438db0147838b6239040aae966cafdbc62e02c5784941e7d76cb1c9ad7dc49a008e08faf637715e0a5d69c15495201dde113c4a79956320e6df7b91443e72023afd6b0064976046f0657fcc9b40ed414fc43dd802bae1915a2fd2e01ae72136686f8654df81a7df65d717c03c4697bf3c30c4eb414531fb9eb27a8ac30b1a7ccebbd3f6cee3425403529c43fe98ba40be15d34573c4f24ac554f98fffd000f6f75ad375fef5f80890700bdc8dbc55945bb38cc531fbe97ce38bc99297caa35e16e0a5d230ee737cc74f0aecb60fa4a2af14e14ecf32133afd05183f1b899f8cef47943378ab08848dab86a1b250e9d6a8fac31a36452b436a92793042f5e655fe092b55b0cbbe6f52150b5b3bccdd9853a4b549755df46e6042ee13fd566e0d7066d8a148a55d77723cc6868cac2dc668e5459dd4b5031ead527d28ef0ff3630252ced0f98ee2cdea01530234cb76b5ba0a5221d457dde0bb6461df468459d9bdc2f6dd9398e908344165ffe518d9ac3fa06c2e321a7fc7f431e015c3f0baf09437ae0b0c80ff7622c5eea7bcec0087cdf04ff244103f779d15feb769179ab511e586fc66c2492e437bd01f4fc82be7031fc09175f4f67fa3a074072bc89f9554674338d864622a2b53ddb6ad45d9f2b2460bda3e562066d6dcaad0baa5e38abf6a78af7c7112665ba636a10feac468dd83a692d415249ae58b6c4a45997759b175ba90f5f45d87cf33bbfcb3eedee880d0b6d6a50600effa4dad5aa61ed82afd4a2a0cd75b44b18e1939f234bb613f63f3963ca031d168e66280cf85d0a87ee9d3518e61f5f33531ea537aa2f99516bd4c340f4390060345211005caaab40bee950c9aa45fb916e5c613f84cf5602007bf886e27d480c075e60a137da9b2da3b489a6366a37989245ef234aae40e9802d18128a16fa1e5569d5733e52fee3a8439f0b389a5572fdd1ce29af85758ea7a4fbd89b64854a35e165bea0771fe94568a749f121cd35b56bb60b14ec388dcc61853847e096000dda5dda1c2c7c1a7ae853cd9bd81aa23b8731fa86874e5a19f93b0eb736ebbd7ba543535710fe0bbc2b0f9a587cc1db40bf168f9069a2ed30c3e3aec8cdf71411299c552c6564cf4c825a3e6c51983c83e0539636a4bc0883fde98fa3fea9642b7a659557bd3475087f8270fe7a9b65f146c03331f6fa75079acee87d48c395dc8ab1a9570884f9320e8a2e4da02ff5919507c4cd1a74207afa3df82f899cd1a59d4d9114fba03d186e061d013854cf3fc3c6c96bfaa701bbf80e56f1869c226dba287e2439d4710ead1a17ab6843d8be7a99f8cff5ce5a845d75bc50a668613943efc281f523016ad702c5121a05189e4c3154103e11e3e35c3b8a6b991e4c88d36d124a208b41d13742460057d7f82c6cc4c9a8dc24f8f98fd7781eafcf84738b72b89bf032af686269016aebd9dff538b7485fd9df6e4db83426e997d4bc1547ff993c2a630823b4f761250ee0a9d94f05073989f49fe3bd300e13ce57f5aa4e8d5f4084dd580f3b88e156b5151f1e8ed47683f3f3c25d42e8afb250b439ceb81b748cc97c858c5343de37c3214099083a7cd834e70cf63d6bf48ebdbf1f9a6c6ab236baad23f52dab0b6dd3c4b5c3492c70dccb0f967c51d1c0202e5ed32557d0cf267682959ee110f46640c9ff3102e1c29dcd8b4045d1ee1e50bbd8782adf8af6a36b367d33e5271ff24c47d6bd9a837481e7f7238d635df5325a261c66fefd693ebb6bb5986d0261e4a331a0927806b7c08b0a1b6ee959cc6d0a663d61f1d0032c97cfdd4c888b10126412cd5641a5123e118eda44544b0475f0361fb15ae757bf6fc314d6e5022548b6dd9a27cb53147564b83f69b8ed4f41bb1efe7427292123b5947f78477acbd63e70838cdc4913e69edef7513a3a4028427290b461e23b97820fbffd6cdd312c842c04e8d537abee3fa6ad5970020c9c3ed7326a256d66e23d04238f507bd84616fa330fee02a166e2c33121eebd4efa1747f03038de742e113018060ec2d03abb845029f58b02b610eb8a206dd98e3d39e69689f2bc48cb22c6cd5ecff03bbe70a16a1d32945801278bb16771ed46a99f2ded640b2b987032150f9183705f3d872955e03dc85953d5bd17bda6c3f3f880c59f6abae62ae1950c18c88900f524a0d324b7fbfa9ff8eae2443ab234dbb68ac54c11460437076112f9a157295d2e7b08c46be2bf0785c143a671027f7dce66f3666d94edad34f0a69966bc0efd9729b33b5b48f0c1fd48ae9dff5fcf996ba5b2f41f0f84d514294e4759ba4ba53c021277d96baa321566f05d782183c6d90140415ce87e73d65147da5250e1271b8cd8a0817f2c96e0d6ccf7e0cf5e9fa69e1c94719d4d5326343ac27cbac004041f26668f14bf527821e39d5afebe7520fef54308356a17dc32a677ed744c11416e7a7faeb46f848da23fcd0acab48ef97d904bd677e4db02be4b80ef127d4b2a7e54e126907c08637fc891516353a08d8c6a4eadb0fcfecfd66b5c08ce9b2a44c28006a24c7d83f87ce541fab69761a0fd290e0432f2ae0b3f58263951d23727fe5182d694ca961f0e84a05cff4c5bb744977fc3595bedb2f186dc1373746411001785ee744cae383f0c1572b0787bf80d57153d3b4c2d59cd15eb167a6fd1fd8e731935c411c2e6a2f382aba4ceb1a56211c3c2b0c369a1d88bc7328a56dc8db6ab781cbffce3e89e80a1934f9022e22a7b5cd7aa90405c8546453f5b8b34ce17219960caa133e2052b8c0cb6faf84676bfeac8614046d487e1d0fa382fdb095d03de283fe1584782effff7ff80d8402890e4a51c2b41c181d5cf1d76930a95e3a09039d9194bbdc5ef7d6f9c517752726e851a0504aa199397de9014339e6c11dc843428c3b31fbb609bc9d24cd8542b5909f95e9548b6bf3a4411fae245e252673630a89af3c586f0cf9816a87bd645ebc58df23d3ac8341e1633dd5e79d2d09a77ad8bb2afb370093482d7677cf4d69f7240c4af3e333457c49e83b5ad2cdb320f1137db45084c1150ad5b56265cc2ca846f49fb2924099ca4e9c4f1ed3cae268db671c8593ae58efcd9b1f82543812d090cfa5d21e48f27f75d923d375c9555d695d86c9d98fb1345a4fef4f6ea710b4098f5afc55d205c8546485c36fa58ee895672a355bdc4d569f27e0f08dc599e50c696b3b7b98f5d4240d9169c6528d92253c1b30c289e79b68e7c0649a8a278223d772c4f8ff8985c283fa0558688d8ed99d9578ccc0d20f2cd5e99649d5154e4b9ae309fe5b6335e1005f39e36de9b07be58e312fae67c350ed679ebc372ae3dbe1573adb21117dfd20561d2ea2b37125609fa90ba90c56f89877dec063d1f38389a7a82862edc12031df1ac3f74ed41cebe5897ab2876527b35e5669a45d9364203d5d68460624ab27f927e24be45a12929d01a27b8b9f9a42620a921c42de9d7026f8b4ab1c192604e1609255b170b8d59988560f0a4aaa7d60e3544a3ba9301e1f5c65abed639b004c0e2755d9a4104bac8866840b2f82a04f9f1990c2cb14a19dc453e399c17e4494a9ccf77c1bb00c38a9c563a30f081e10c08c6d075a0cce4120f917ed3b91219a0c460ca4be8fceeab1e44bb8495032327e6dc4663914eea103c04bdde2b3afd29a2c1913f8d14ab068812c5a62b4d90ee33b6d7b34023e9aaa4a4c0b599ab91d11fcf7412d816c7613163a18e777c337cc45558b051175aa41434427f6583cd25d9fdd2c15360fc4d9a3df6ca95e45fe655c7987ed6a064070f46d56c884d6d7bc7c9018c09dedd079b6d753ffa615afb68b40073d3936664a84e35deedc702aff389bc3bcb7589b222fb53f64469c7cb0aefc4dd57c02c87dbb9c8c5432e6d732b0076a2cbcaed370e026c0f8395162b2db53fe1f98b0fd3ec9004f59ccd2be236afcf89d3330273072abd3665c9dc6e9e1dec80dea56de57f2b7e319e82cf1858ae1cb71b893971bafab4b478a807009b457c1ae4ee9ca4083e9140caed6f5a124fbacfba03e24fce00da17c0993a0605fc6ff1f623c862b0177007e6f4643d436c9ffa0711d6f5d3332e773405a1eb79b247a6405f4316f13a0bfdb6a71c89034d2e365a2a7ee7701165353cb42d31b33b52b78b01a19c33407144eaabe7ee2d2462903d3f8376f1f5c30a7b6eb7494f4a674f4a2f527ab9ac7555120fc33de593fb22c9dd9df71f3903a5687534eea630a8f46455f00c3841c765f9626b63fa8fcd06ac1628b43304301b407913c41d70d9bcf4df90b3bb6e74a6b1f327844febfae11b236b2a0ba559fea9b2edd513facda960e5928dcdb8fc4fa6b3efe593e924e81e283df3566fc018d96490f45cfc58bfc8fd7effcc69d0fe748d78f975e8dfbd2f9fa7231c58e1996adfd760f32e7c7c19d3e0377e079ce1fc19e3d6c58dbe1b02b9be54b8ea486099c7f07cf423d240c6fb33e6874216d7994db6764c440e30932f0a515bacbe9100d9cf035549a0cf85343aaaec2dff806039edcff3546aefdc260839aef8e69c927b8a2ba4f4e7a2c416da281bb2ab5cb60d3fd718b35d4f56119093ee5b3afcc1458c97933e544c4a2481b22b51a86939259b1eec88f20c5560a38a4a2f1c6d5a5958c13b82fea3b7001d280b0860c858adf4eb8d1f0ce39bc1d72c2130ae7f181cee9048505fde7471880368418437b5ac62e15ec036992eea97b58911bf40b96e7efac558c68cb83ab009bd1f25134746d7cc04d3af247aa6247d02386954838aa8a6aeb5dac9483f7393b3114e8e6696c20e10b2a84faf1c46e7622b4e02abd88871e4a21e8cb060af2d80271bd6f358e0591b10daedc9f06ceee14c069f8f905e41bbb86ef31f2fc3029ffced797e7033e14310195ad3777408bbb645b019aa4fe3bc53466103a488b8412f00dd9106b8dd8834feeeb49b0cbd6b4a39ef6267f8b99960599d9ea92881cdea58e193edde9fd4b164ae66b90bf1d39096e51d56575e4a3f308d0e06fcd6cabb73f709324775e5ae232bd33a870f2dde12dc271ff73425f45e4702ee4c90d8a695b08eeb4ad434337319bc1268973c7bf6ecbcfa9b092207c4aaef1ef6d0075087b8a314d2697a926f7292d0eee30ded2a658c6b1af54cee8093f40b69efdb76df1b57bb1ef882a996e5eca3598f390d1fe831546bd608de6c093541aa14a05e6ae4c69bbe1c6b199a2cb4fe53f58d404ff54b945d4d4563c093eb38f03948c23a7b1cf899d43a8b658e82b642ef5b8196585955e1270fbf9c232ec3aef21058a841da0d7105717a6e591ab", 0xf5c}], 0x2) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./bus\x00') [ 313.812777][ T22] audit: type=1326 audit(1631031296.884:8561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10052 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:56 executing program 3: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) write$evdev(r0, &(0x7f0000000040)=[{{0x0, 0xea60}, 0x4, 0x3f, 0x7d9476cd}, {{}, 0x15, 0x5, 0x6}, {{0x0, 0xea60}, 0x16, 0x80, 0x1f}, {{}, 0x17, 0xfc00, 0x5}, {{0x0, 0x2710}, 0x1f, 0x5, 0x9}, {{0x0, 0x2710}, 0x1, 0x1, 0x6}, {{0x0, 0x2710}, 0x12, 0x8, 0x1}, {{}, 0x11, 0x40}, {{0x0, 0xea60}, 0x600fc68e98c5d3c4, 0x55e}], 0xd8) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) clock_gettime(0x0, &(0x7f0000000240)={0x0}) select(0x40, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x3}, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x10000, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f0000000280)={r1}) 16:14:56 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000006fc0)={0x0, 0x0}) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000006e00)=[{{&(0x7f0000000440), 0x6e, &(0x7f00000004c0)=[{&(0x7f0000000580)=""/194, 0xc2}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000680)=""/161, 0xa1}, {&(0x7f0000000140)}], 0x5, &(0x7f0000000740)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x118}}, {{&(0x7f0000000880), 0x6e, &(0x7f0000003d40)=[{&(0x7f0000000240)=""/10, 0xa}, {&(0x7f0000000900)=""/183, 0xb7}, {&(0x7f00000009c0)=""/22, 0x16}, {&(0x7f0000000a00)=""/60, 0x3c}, {&(0x7f0000002ac0)=""/205, 0xcd}, {&(0x7f0000002bc0)=""/4096, 0x1000}, {&(0x7f0000003bc0)=""/68, 0x44}, {&(0x7f0000003c40)=""/220, 0xdc}], 0x8, &(0x7f0000003dc0)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x50}}, {{&(0x7f0000003e40), 0x6e, &(0x7f0000005340)=[{&(0x7f0000000a40)=""/13, 0xd}, {&(0x7f0000003ec0)=""/214, 0xd6}, {&(0x7f0000003fc0)=""/17, 0x11}, {&(0x7f0000004000)=""/58, 0x3a}, {&(0x7f0000004040)=""/183, 0xb7}, {&(0x7f0000004100)=""/180, 0xb4}, {&(0x7f00000041c0)=""/4096, 0x1000}, {&(0x7f00000051c0)=""/181, 0xb5}, {&(0x7f0000005280)=""/128, 0x80}, {&(0x7f0000005300)=""/28, 0x1c}], 0xa, &(0x7f0000005400)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000005440)=@abs, 0x6e, &(0x7f0000006580)=[{&(0x7f00000054c0)=""/132, 0x84}, {&(0x7f0000005580)=""/4096, 0x1000}], 0x2}}, {{&(0x7f00000065c0), 0x6e, &(0x7f0000006880)=[{&(0x7f0000006640)=""/66, 0x42}, {&(0x7f00000066c0)=""/210, 0xd2}, {&(0x7f00000067c0)=""/166, 0xa6}], 0x3}}, {{&(0x7f00000068c0), 0x6e, &(0x7f0000006ac0)=[{&(0x7f0000006940)=""/24, 0x18}, {&(0x7f0000006980)=""/10, 0xa}, {&(0x7f00000069c0)=""/16, 0x10}, {&(0x7f0000006a00)=""/76, 0x4c}, {&(0x7f0000006a80)=""/1, 0x1}], 0x5, &(0x7f0000006b40)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x20}}, {{&(0x7f0000006b80)=@abs, 0x6e, &(0x7f0000006c80)=[{&(0x7f0000006c00)=""/43, 0x2b}, {&(0x7f0000006c40)=""/20, 0x14}], 0x2, &(0x7f0000006cc0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000200"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x130}}], 0x7, 0x3, &(0x7f0000007000)={r0, r1+10000000}) perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0x5, 0x80, 0xd5, 0x7, 0x0, 0x6, 0x80000, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0x5}, 0x52b2, 0x5, 0x5, 0x7, 0x0, 0x3, 0x0, 0x0, 0xfffffff7, 0x0, 0x38000000000000}, r2, 0x4, 0xffffffffffffffff, 0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x8, 0x0, 0x0, 0x2fae, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x0, 0x2}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x74) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x4c084) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x8c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x64, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x54, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}, @IFLA_IPTUN_FLAGS={0x8, 0x8, 0x2d}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @remote}, @IFLA_IPTUN_LINK={0x8, 0x1, r5}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x1}, @IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e22}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x3ff}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x8c}}, 0x8044) io_setup(0x7, &(0x7f0000000280)=0x0) io_submit(r6, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0xfff, 0xffffffffffffffff, 0x0}]) io_destroy(r6) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 16:14:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b72, &(0x7f0000000000)={0x2, {0x3}}) 16:14:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b61, &(0x7f0000000000)={0x2, {0x3}}) [ 313.844321][ T22] audit: type=1326 audit(1631031296.914:8562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10051 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4bfa, &(0x7f0000000000)={0x2, {0x3}}) 16:14:57 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{}, 'syz1\x00'}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2f) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 16:14:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4bfb, &(0x7f0000000000)={0x2, {0x3}}) 16:14:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5409, &(0x7f0000000000)={0x2, {0x3}}) [ 314.047293][T10090] input: syz1 as /devices/virtual/input/input16 [ 314.073525][T10092] input: syz1 as /devices/virtual/input/input18 [ 314.120059][T10071] selection: kmalloc() failed [ 314.235780][T10084] selection: kmalloc() failed 16:14:57 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:57 executing program 0: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x8607}, 0x10) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e24, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}, 0x1c) mmap(&(0x7f00007e2000/0x3000)=nil, 0x3000, 0x100000a, 0x11, r4, 0x89091000) preadv(r4, &(0x7f0000000280), 0x100000000000008d, 0x4, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c29184ff7f0000cef809606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45ef4adf634be763289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cd8e5c39d325ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b6c4a00000000ff435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0adb02d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4a00fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768ee58969ced595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30fa94ef241875f3b4b6ab7929a57affe7d7fa29822aea69a660e717a04becff09000000724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7dfa2e5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca378e676c3e08c1ed43ca8d3d10994c0b58645ac518a75fde7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d34b5457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464b635197351a5ef0a0fb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f83100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa370ac891e10096e7e60fc3541a2c905a1a95e9571bf38ae19ff000000caee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5944912d6c98cd1a9fbe1e7d58c08acaf30235b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cbe7df000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc13c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e89fc745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb4a541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83186c1526af6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af930cd6db49a47613808bad959719c0000000000378a921c7f7f8433c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205aa00b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569ed7aa287378c697f6cafa86966d7ba19e720413268e4770132618df552c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f9360984b5c2d4523497e4d64f95f0a093564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf596218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5002512bcbf9b24accfecb0f477db103463af2847e6ade5b9e065ec0d0ba58fedae5f08818fea475b169469f9efd131925d98c34b3cb26fe26796dd43b87e1cdee39f5cf21d2e80a64ac97e71cafc29bfb78db090dd12225efeda2e93bf7f6ba7865e9c375a780929dfa5a7036f5858e2a4ff8e8d1e8c9cceed07c6312b734c72510d335acc94f76e7078ce4066f1e0ac9429f8013683301277a11e25b248b61180cb6207a0e26757f3f1bfc6c27f3720d1fb74afb17f3b5239bc2243853d5234afb05ed6024e94dee34666c5b5522b54cb433efa54b4e9022533e7c89bdee957dfa9ded9f16fdcd1b681e4c72f32fa3334313e334cc140daec7dcb22f463457a1a5ac230bbded86258206046f556589f5627ab2751eb34d940519f009412098398ad822a8509d2d32da656ac5935e4c7f9503ce4daf13300dfd611528049310544d3e8613926fbe2647e258932592c9123f1c74023144442d09ef90c64950176c666da6b658108ac54beb2379aa70501c42bd9c4e4f426ab5ff2a33767b408ed19e399c33b52abc4ac24da0d4cf07d93029583591c33f0f80513c541581977f2e9735e1edb66fdbbe22eb4b0b670ba74fdee2f1a3cf85777af5d8267acaa9d83c23a4b40d0f53dce003c03c5959e405fc4f2c05d3394f014a39caabbeff7c7cadbdc57def7f5f758aa46b6e2fddc779770d7e395c4ac2a136a30e7c0a301dffc5565d7244fb29cd302c36e76221a3c4e21559216c078f06b0b04fb236ea14f9998776a0ae88dfeccc9ad64d2fe3cfdeb9684b7b7e5c00f7323f8214ed0189539e0e3e34c8e542c82ddbd6a75c1adbedef4d5d69b246a5a36ab802b0161908e748ed9891678c228413bf51b18a25bf776b9d1f1fedf97cf5e7de4455ea359e5796bd60cc415066fc271a2bdb7db13e72d1a99b375f96c4b5aef874037faf6a1d1aacf46a57346d000000000000000040c1051e444ea35432e022889fde59f038db4f83ffa3191116c7ba9434a7f758890f27b3acb915a7e5db2149e18c51b6db3edfdeb2ac8fe038f7987c5b38f206084bc5e8243f73e152980c414558a1f9dd35691d7f51f182393a434ba11112d7b3bf20fb62dc263b68149d8c22eb700f1e3b6ada85d949ddba3afae71082931899d138a2865685cb0d7e231838d00d1f1f104ab37b2929017a1d08f60b2cee3a49ea82b54244bec41e289ae1d7d578eed068912e2e72ffb0ccdacb8f459162b1338f91f247a2520e08c880463af6733fb1eecf800b7d074b435f1eaf608f34ddc421dc910fc282cf71114e97e5e4ab11c12c81502fb679666626e0cabdd23e7e29b4070cc18c24cf77fd9cae782eb7956e80abbc7da288a8be5869230fae230de433ef97c499e4f5ed5636b0bd0000000086c970de845572766c4e1d09154cd322f1a8c8ebe5a9492e7d1486d702018c"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_exit\x00', r6}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRESHEX=r6], 0x18}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) r7 = syz_io_uring_complete(0x0) ioctl$HIDIOCSFEATURE(r7, 0xc0404806, &(0x7f00000001c0)="53f64d98316875ccf6ac97bf143f37419b5a6a4c38397260be12c4fd7b535412309e061e60cca499d8dcc855f923a4357593d01fc36735ff43b7418cad626db393253e5244e85765332a9d59c7807cb2df91844344ecf126f725f2464249b262c13d7084d6d3d0a700d5e81ebd81111f0b4e72abda96152bc2687d87e710d6527f5017c83bc4374cfe140cd8f7c99678489ae1223c145e42a87618944551de43f49164fce498bc81f71553af6c4bea37322fd283395eec81a3114c106a3bf6dc9f8be82faa6d967729") recvmmsg(r5, &(0x7f0000001b40)=[{{&(0x7f0000000300)=@isdn, 0x80, &(0x7f0000000500)=[{&(0x7f0000000380)=""/91, 0x5b}, {&(0x7f0000000400)=""/229, 0xe5}], 0x2, &(0x7f0000000580)=""/102, 0x66}, 0x2}, {{&(0x7f0000000600)=@caif=@dbg, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000680)=""/36, 0x24}, {&(0x7f00000006c0)=""/2, 0x2}, {&(0x7f0000000700)=""/181, 0xb5}, {&(0x7f00000007c0)=""/71, 0x47}, {&(0x7f0000000840)=""/26, 0x1a}, {&(0x7f0000000880)}, {&(0x7f00000008c0)=""/103, 0x67}, {&(0x7f0000000940)=""/78, 0x4e}, {&(0x7f00000009c0)=""/165, 0xa5}], 0x9}}, {{&(0x7f0000000b40)=@ipx, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000bc0)=""/67, 0x43}], 0x1}, 0x6}, {{&(0x7f0000000c80)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000d00)=""/102, 0x66}, {&(0x7f0000000d80)=""/200, 0xc8}, {&(0x7f0000000e80)=""/239, 0xef}, {&(0x7f0000000f80)=""/45, 0x2d}], 0x4, &(0x7f0000001000)=""/20, 0x14}, 0x1f}, {{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000001040)=""/124, 0x7c}, {&(0x7f00000010c0)=""/229, 0xe5}], 0x2, &(0x7f0000001200)=""/142, 0x8e}, 0x6}, {{&(0x7f00000012c0)=@un=@abs, 0x80, &(0x7f0000001980)=[{&(0x7f0000001340)=""/204, 0xcc}, {&(0x7f0000001440)=""/28, 0x1c}, {&(0x7f0000001480)=""/118, 0x76}, {&(0x7f0000001500)=""/205, 0xcd}, {&(0x7f0000001600)=""/89, 0x59}, {&(0x7f0000001680)=""/251, 0xfb}, {&(0x7f0000001780)=""/185, 0xb9}, {&(0x7f0000001840)=""/189, 0xbd}, {&(0x7f0000001900)=""/43, 0x2b}, {&(0x7f0000001940)=""/36, 0x24}], 0xa, &(0x7f0000001a40)=""/251, 0xfb}, 0xffffffc0}], 0x6, 0x2120, &(0x7f0000001d00)) 16:14:57 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 16:14:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540b, &(0x7f0000000000)={0x2, {0x3}}) 16:14:57 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b62, &(0x7f0000000000)={0x2, {0x3}}) 16:14:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:14:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540c, &(0x7f0000000000)={0x2, {0x3}}) [ 314.689049][ T22] audit: type=1326 audit(1631031297.754:8563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10101 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:14:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540d, &(0x7f0000000000)={0x2, {0x3}}) 16:14:57 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b63, &(0x7f0000000000)={0x2, {0x3}}) 16:14:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x3fe}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/scsi_disk', 0x541, 0x0) open(0x0, 0x4040, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x8, 0x8, 0x7, 0x5, 0x101, 0x8, 0x0, 0x8}, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f00000001c0)=@fragment={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x66}, 0x8) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) sendmmsg(r2, &(0x7f0000006d00)=[{{0x0, 0x1002002, 0x0}}], 0xc6, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000054e00)) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0xfa, 0xe4, 0x9, 0x0, 0x0, 0xafbd, 0x6400, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6, 0x0, @perf_config_ext={0x5, 0x7}, 0x0, 0x4, 0x0, 0x0, 0x6, 0x3, 0xc415, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x2, 0xffffffffffffffff, 0x0) 16:14:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540e, &(0x7f0000000000)={0x2, {0x3}}) [ 314.721532][ T22] audit: type=1326 audit(1631031297.754:8564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10105 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 314.749771][T10104] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35148 sclass=netlink_route_socket pid=10104 comm=syz-executor.0 16:14:57 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b64, &(0x7f0000000000)={0x2, {0x3}}) [ 314.764092][ T87] Bluetooth: hci0: sending frame failed (-49) [ 314.769337][T10120] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35148 sclass=netlink_route_socket pid=10120 comm=syz-executor.0 [ 314.966331][T10115] selection: kmalloc() failed [ 315.114167][T10130] selection: kmalloc() failed 16:14:58 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540f, &(0x7f0000000000)={0x2, {0x3}}) 16:14:58 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b65, &(0x7f0000000000)={0x2, {0x3}}) [ 316.782409][ T3743] Bluetooth: hci0: command 0x1003 tx timeout [ 316.788626][T10118] Bluetooth: hci0: sending frame failed (-49) [ 318.862525][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 318.868708][T10118] Bluetooth: hci0: sending frame failed (-49) [ 320.942101][ T3743] Bluetooth: hci0: command 0x1009 tx timeout 16:15:08 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 16:15:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x3fe}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/scsi_disk', 0x541, 0x0) open(0x0, 0x4040, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x8, 0x8, 0x7, 0x5, 0x101, 0x8, 0x0, 0x8}, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f00000001c0)=@fragment={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x66}, 0x8) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) sendmmsg(r2, &(0x7f0000006d00)=[{{0x0, 0x1002002, 0x0}}], 0xc6, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000054e00)) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0xfa, 0xe4, 0x9, 0x0, 0x0, 0xafbd, 0x6400, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6, 0x0, @perf_config_ext={0x5, 0x7}, 0x0, 0x4, 0x0, 0x0, 0x6, 0x3, 0xc415, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x2, 0xffffffffffffffff, 0x0) 16:15:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a", 0x62}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:08 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b66, &(0x7f0000000000)={0x2, {0x3}}) 16:15:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:08 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5410, &(0x7f0000000000)={0x2, {0x3}}) [ 325.288969][ T22] audit: type=1326 audit(1631031308.355:8565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10144 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:08 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b67, &(0x7f0000000000)={0x2, {0x3}}) 16:15:08 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5412, &(0x7f0000000000)={0x2, {0x3}}) 16:15:08 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b68, &(0x7f0000000000)={0x2, {0x3}}) [ 325.332205][T10118] Bluetooth: hci0: sending frame failed (-49) [ 325.339988][ T22] audit: type=1326 audit(1631031308.405:8566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10151 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:08 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b69, &(0x7f0000000000)={0x2, {0x3}}) 16:15:08 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b6a, &(0x7f0000000000)={0x2, {0x3}}) 16:15:08 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b6b, &(0x7f0000000000)={0x2, {0x3}}) [ 325.460643][T10156] selection: kmalloc() failed [ 325.668116][T10168] selection: kmalloc() failed [ 327.341633][ T17] Bluetooth: hci0: command 0x1003 tx timeout [ 327.347916][T10118] Bluetooth: hci0: sending frame failed (-49) [ 329.421492][ T3743] Bluetooth: hci0: command 0x1001 tx timeout [ 329.427519][T10118] Bluetooth: hci0: sending frame failed (-49) [ 331.501339][ T3743] Bluetooth: hci0: command 0x1009 tx timeout 16:15:18 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 16:15:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x3fe}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/scsi_disk', 0x541, 0x0) open(0x0, 0x4040, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x0, 0x8, 0x8, 0x7, 0x5, 0x101, 0x8, 0x0, 0x8}, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f00000001c0)=@fragment={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x66}, 0x8) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) sendmmsg(r2, &(0x7f0000006d00)=[{{0x0, 0x1002002, 0x0}}], 0xc6, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000054e00)) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0xfa, 0xe4, 0x9, 0x0, 0x0, 0xafbd, 0x6400, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6, 0x0, @perf_config_ext={0x5, 0x7}, 0x0, 0x4, 0x0, 0x0, 0x6, 0x3, 0xc415, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x2, 0xffffffffffffffff, 0x0) 16:15:18 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b6c, &(0x7f0000000000)={0x2, {0x3}}) 16:15:18 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5413, &(0x7f0000000000)={0x2, {0x3}}) 16:15:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a", 0x62}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {0x0}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:18 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5414, &(0x7f0000000000)={0x2, {0x3}}) 16:15:18 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b6d, &(0x7f0000000000)={0x2, {0x3}}) [ 335.545165][ T22] audit: type=1326 audit(1631031318.616:8567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10183 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 335.569087][T10118] Bluetooth: hci0: sending frame failed (-49) 16:15:18 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5415, &(0x7f0000000000)={0x2, {0x3}}) 16:15:18 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b70, &(0x7f0000000000)={0x2, {0x3}}) [ 335.585161][ T22] audit: type=1326 audit(1631031318.616:8568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10185 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:18 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5416, &(0x7f0000000000)={0x2, {0x3}}) 16:15:18 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5417, &(0x7f0000000000)={0x2, {0x3}}) [ 335.755749][T10196] selection: kmalloc() failed [ 335.906416][T10206] selection: kmalloc() failed [ 337.580868][ T3743] Bluetooth: hci0: command 0x1003 tx timeout [ 337.586980][T10118] Bluetooth: hci0: sending frame failed (-49) [ 339.660773][ T3743] Bluetooth: hci0: command 0x1001 tx timeout [ 339.666951][T10118] Bluetooth: hci0: sending frame failed (-49) [ 341.740621][ T3743] Bluetooth: hci0: command 0x1009 tx timeout 16:15:28 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 16:15:28 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200000b400000bfa300000000000024020000fffeff7f7a03f0fff8ffffff79a4f0ff00000000b7060000ffffff112e460500000000007502faff07cd02020404000009007d60b7030000001000006a0a00fe000000008500000026000000b7000000000000299500ffffffffffffffffad3548ebb63d18db6a1c72821c9b767ac8308fbce596c6d89ef05c0672c2c9ff215ac60c2ceaea4c0ec908abb6e7325ed1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078da9144ce8734ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5ca0b6c00000000000080f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed78cd5a3ab1321ea5e82ae5ba2c42a5e23ea6253d5df768a162ab41d0cb06000000000000004c03e53466fa4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee5d605bb32935f542127a8f000000000000f00699f5c95177fbd0b14b6084d676d8ef8aa6ecc2d32e3f4ee367c5a769643bed96ec96ad73f77f0e2aeee2b703c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c4af9a9d91c3e41ac37a63f85ad8f32b70829d44ea4e4d0599a76519205b0fa80cce69df304b153c989ef100bbf7606393f6ffffb73d70e9c3d7b90aecf48e7565efff2dbcb512218c98442406333c890923a797e00b75481739952fe87fde27ca81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d702575935323db7656c12ee11e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55a73876a6ed7fd0d9338923789a1ed68324a25df14010c8ed6b8c97c00eac0e451ac4544d3a7c86fe09b404e0b7c723d3bfdc339e93583d7134b589f3f1329cbe9c7af24aad0922091d49e2bc408a5a37d2fe7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa66d07000000000000cf3bf8a90eb029faca7dce34c41aec7aa86e596119109ea8b3fcff01643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e757bae30b356521df06f995cb57f97052fc4158250ccecfb47ea8faf509593fadc7c8fb613313b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b3a464803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535e87dbdeb0dcca5303eedde47e6672e93a314a5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b518e01ffb985f8054d37959c529e99b7daf34b2d825d192ade90a1162acfe9749d516d014cef783620cf585cf3acc85808c4d69e5749901b09e4902a6f5addc0103756b894418e4591c624a9b2ccabbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0af212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebf070000c30b6290dc757a4903a88fb2c035b2349b6d2f384eebd5fc19928ceb713ff09e179c308fbe9bc54374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1000000000a88de7596429a20793e12616aa32b3e720c6521fbe93963e22bd2a9b03957afea7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c956847bc03d10411ac6eec9a3ecd9e3c325fcabbab3d129c0cced3ce11dafa387a8077db8a00000032fabc643bcb9c42c0ab1eef5f989c207eb1f160cbcb92968fb40b1f9a37ef19551dff7f837d37aabf30d2e9a8e5b0df5daa78dabc3e1aae4b286e276dedb4d2d661560c73c95b0f4e2e1e07d61e43859d08366f52a2c8f5f34b0fdda9586728b417bfd9d325aa2a6770bf3753e99b1f0ef865f1ae377e8c084a46888ca3a71b5815d9d22c56bc8e967b1c04577e736c0a2cdcc0f3c605d80d7e2e9aaf78d9ece3986a1b0481c19a8e9008769b3159426f5be7b300004e341f4e74370e0000000000008000009405649a683c6a338b61095a9ec7780500000000000000f665bf232282a23747d71cbae1c88b136ccc05e034834ca06479271a846f82e797c002038504484e142e7b1242eee8655684c654ade7ed810feac9b9428ea238cd4835f6dbe8cbcd023b16879d240c641df07b4b06bff89bfbb399f136456579b8170b6c000000000000000000daa426da3dd1d3958b608ebcfa0045a2c464e00ff15a7108eca8deb58a39bec62dda7fa6bbe1d8e9d242d0c96d06951dca1abbf50eb945b9b24cc451d0cb27de09d2dd4fa8e90e1b953c91691332a7cfcedf4708eec12fc21e6fd4f6682ee64b500adccbb96c52b881ed0bbd96e494795745ce03f0a0720490787f35aa7f092c16c590cfd8bd35ce08f8287e5e0d799d3a53b7be1b1edca2e522fcf55c013bd4c94c6a7ea153c8d1ad8b211768db3d00206884c5da7b0e85fd59678d2805adaeeb8f9e5520052d4d8077d384f32ee86a63f94e11305f3ca55ba95dca43da4ae9d93682df785afd37195a7dbbce2b077e9b21fe61457e994a57540fff4ed436af3aa32c1ebc73b7575871e3242220a56e0922d22e28f2df0fe44974a0e6f6bca046b7b283d7ced0ef32788bf6a6102ea3ddb63c4d787eb30c704ac367dec64170ba47c84ba56ace679158c5a9b0b8c4018318098f9d73a96bd838b449d17b42a6347a1c973db987eb641016097a5354c0a74c2b755da0714656fa50d4cd9da9ada1fe0ccc5273"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x171}, 0x48) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000180)={0x800000}) 16:15:28 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5418, &(0x7f0000000000)={0x2, {0x3}}) 16:15:28 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b71, &(0x7f0000000000)={0x2, {0x3}}) 16:15:28 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a", 0x62}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:28 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {0x0}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:28 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4b72, &(0x7f0000000000)={0x2, {0x3}}) [ 345.763030][ T22] audit: type=1326 audit(1631031328.837:8569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10217 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:28 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541b, &(0x7f0000000000)={0x2, {0x3}}) 16:15:28 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4bfa, &(0x7f0000000000)={0x2, {0x3}}) 16:15:28 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541d, &(0x7f0000000000)={0x2, {0x3}}) [ 345.810393][ T3974] Bluetooth: hci0: Frame reassembly failed (-84) 16:15:28 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x5) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r2, 0xae60, 0x0) dup2(r0, r1) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x24080, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r4, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r5, 0x0) preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3) sendmsg$NL80211_CMD_DEL_PMKSA(r5, &(0x7f0000000680)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400600}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x5c, r6, 0x10, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x2}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x7}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x5}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x20}, @NL80211_ATTR_PMK={0x14, 0xfe, "8f862a18f44f13d66990f83348ac58e9"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x33}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24004844}, 0x4000000) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x7, 0xa, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000008000000000000000100000085120000f8ffffff950000000000000085100000ffffffff18000000ff7f00000000000000010000182b0000d10cde23d2b822266e794b8e58c6cdb71528ee51427320aec595dd3008d24cab29dc340314c08e943927d5f8589680bc71ba97fd9d506df3d7fff251", @ANYRES32=r3, @ANYBLOB="00000000040000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x98, 0x65, &(0x7f0000000140)=""/101, 0x41000, 0x2, '\x00', 0x0, 0x18, r4, 0x8, &(0x7f00000001c0)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x3, 0x7, 0x512a, 0x9f}, 0x10}, 0x78) ioctl$KVM_SET_IRQCHIP(r3, 0xc208ae62, &(0x7f00000002c0)={0x1}) 16:15:28 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541e, &(0x7f0000000000)={0x2, {0x3}}) [ 345.843385][ T22] audit: type=1326 audit(1631031328.837:8570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10215 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 346.017977][T10230] selection: kmalloc() failed [ 346.139671][T10244] selection: kmalloc() failed [ 347.820209][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 347.826330][T10118] Bluetooth: hci0: sending frame failed (-49) [ 349.900093][ T67] Bluetooth: hci0: command 0x1001 tx timeout [ 349.906101][T10118] Bluetooth: hci0: sending frame failed (-49) [ 351.979986][ T67] Bluetooth: hci0: command 0x1009 tx timeout 16:15:39 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 16:15:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4bfb, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 0: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/141, 0x8d}, {&(0x7f0000000180)=""/146, 0x92}, {&(0x7f0000000240)=""/8, 0x8}], 0x3, 0xd9e, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{}, 'syz0\x00'}) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsn(&(0x7f00000002c0), 0x5421, 0x109100) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0xd) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) mlockall(0x1) getsockname$netlink(0xffffffffffffffff, &(0x7f00000000c0), 0x0) mlockall(0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_COALESCE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x1}}}}}, 0x28}}, 0x0) 16:15:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541e, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a8", 0x93}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {0x0}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5421, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5409, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5422, &(0x7f0000000000)={0x2, {0x3}}) [ 356.004618][ T22] audit: type=1326 audit(1631031339.067:8571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10259 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 356.028190][ T22] audit: type=1326 audit(1631031339.077:8572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10262 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5423, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540b, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5424, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540c, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x0) [ 356.273870][T10273] selection: kmalloc() failed [ 356.416911][T10286] selection: kmalloc() failed 16:15:39 executing program 0: r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/141, 0x8d}, {&(0x7f0000000180)=""/146, 0x92}, {&(0x7f0000000240)=""/8, 0x8}], 0x3, 0xd9e, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{}, 'syz0\x00'}) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsn(&(0x7f00000002c0), 0x5421, 0x109100) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0xd) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) mlockall(0x1) getsockname$netlink(0xffffffffffffffff, &(0x7f00000000c0), 0x0) mlockall(0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_COALESCE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x1}}}}}, 0x28}}, 0x0) 16:15:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5425, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a8", 0x93}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540d, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 16:15:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5427, &(0x7f0000000000)={0x2, {0x3}}) 16:15:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:40 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) [ 356.906866][ T22] audit: type=1326 audit(1631031339.967:8573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10306 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5428, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540e, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5429, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x540f, &(0x7f0000000000)={0x2, {0x3}}) [ 356.939182][ T22] audit: type=1326 audit(1631031339.967:8574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10302 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5437, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5410, &(0x7f0000000000)={0x2, {0x3}}) [ 357.172181][T10314] selection: kmalloc() failed [ 357.327020][T10327] selection: kmalloc() failed 16:15:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a8", 0x93}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:40 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:15:40 executing program 0: r0 = getpid() r1 = gettid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000002c0)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x6, 0x9884, 0x3, 0x0, 0x0, 0x0, 0x68, 0x2d4a, 0xffffff01, 0xa000, 0x3, 0x0, 0x0, 0x0, 0xffffffff}}}, 0x78) sched_setparam(r1, &(0x7f0000000080)) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000600)="0da83f9e4abab52f87412550e93c9596a8093ae3be84ae0e62f43d56f06464c2cc56f53bbab69609f93f02d41eeea35db2c1b55e944e916ca144a8e0e36d66b6f7a9279e21405b1db3ab833ca79678907cbf2ed8b260ea06fd89c05c2ff958f27a5e1abf99a885c6679ef648e331998e8733cb7cbfc8b0a7da711e279c435b71b7c8b22d8b95723c5eb55f23e18f92dee40b6487753d7c4fc9391bae1620269e7a9644d806f58eb60dbfa5d44d28bf7eb584c9e5d7e7c616826c19a188a79a59af27ec520ff327832b33627b68af1103cbbff197ec212c52102058a59c5eb5e0a00f36fda5a22d3c355280996705abca08d0f7a17894ad1d75543f40bbf6afea896794764746051d0bacdf9d24f8144e4fe137881712e4a19c3873313fa4615332e47f427a084fb844727747c9c30b76a31dee8504a7c3404961b3a214332fa5e001379ed73791a648ca2453a378ec4eb71bdd6d08595b2801d7294c229bb9aba24c8b0310cdbe9a6507ffc75061caf72a2677aeb5cde9c090ce8e7f27af0b798e405f060f90f9931456deea1b1868ca184c4ee37440651b7f8fdd427b76536024104f2b924f317cfed89b1934aa44c935902bafabbb59b71c3d786f1165efc3a95d5b62cb1e1a46294162551232d50c976767d31b8eb9a53e29f28c64387ad57aafdae16a6bbed5eec55b44a52f14b68b31fc236b50fda93c6ff337b7c7b8f3725315e3c47101188448242953cd09c5c1be659090a1bd5babd823ca790dc270b0ffad742f2ef5d9a6cdd55894b40757bfbd797464f1f31ad7419ba3c772d1fc5fd31b938f13ae73c5d8fbb0364c1611d1fb05d8bba08c22fa943982a79a1dfaf7f6b92727bd88e36926271388b73262b4dc2f4a88bfdc218ea35ef02bb524964d1f6132644bd6e20093a3ac6ecb0dbd3a449ef454a0fc9ad7bd36c25782cf5f7340ea6f23cf5e18c702cb85d8f406d01f52e9018b7c562f05be35ca128d9cbf275050c5573081c15612865ca1abf376f674d91b2a7bc6f5b84869ff996da38cd54995f2698dca185a9d4cd31bf7175ee1de364f1ee7ba870f0a747165ccce8f4dcf0a0318fa060a69e143415f76456d773c39edca8b8883849ee9acd1ed27b9ecae117583b824e88e0e538c7a8b108e2fa29799965c8106f9fe7272b74994a766f6bb1e16922e296d58da02a8733cd9cd577594273c3024c70518b6a7e6379f7965714c1fc1bd97ceda325e7abbe86ddb2f7fd1390b5f251bdc5866b7ea0b6546341faa52d878209305eb27b3372cc8b43ba565da288c1f44b336b8df9d70eebf72e2752ce6474464fb10da3a44d0867b51adf3c97ff760eff04fed21929fa91cab56f9cf4a16bb360586852bdc84c6e59ffe059241f01290e492ae0bac2581b7567ae9ab240fdb4b963285180138bcd8232d0933cea94aa838e0c84a6f573b6e300ac89f5063b860aa23a91baa95041f797fb5be72b22248e15155a64f3aefcbd39e040ce5d2b2c5e7f4fcdfa6fabe2053822c033d5d6312819bb8c5f4618a3d0a83020454326fcb544317a2cc0020d96219276e143b6a98618f91ca6166af2de33a39062854b46cec2f6c84b1acf95ddff502eddc1c6970f2a5ac6b3d2c996d88a4aeff2fe505f2f135ec1abe41ca23bfa9839c46f350612fa8b29984338b9bcfce3479899b51f840646d04f6af42e9c54b9d16b80941d99e7eb774583ec87d3478d4b1516260871704d8a554f454864cf6deb9ac6ba55f94f6b13a5073d2e647d262516924f1a53490007a196a5fc5554bcf89a7bee69882598907e760acfcc39351d891e6704d73bdb9bc513f778e58329545f67f697795743536b869bd546f3ed6e540330835cf3df20199c63163a5eec97fd3db8afa2fe68d698233d008b546ebbace56b7015e55b7b0dc524269745aa2e9bfdc41793fc6a8e4705b4df0e3653121741fa54bdca2ef080fcfdeeb66d105c48eacd95356990059ab6a98a76e5479ba12c5ab78c47e1f387ccc5c3b04223a0b8035df046463ed36af66a8c0dedebf15ca7060a83b325126d65e00e21064f670aaad635710f70b533b9528a75a116a5fd450d81c0cfdf9735dc51af8fd06b2e010777e3ddf7dbbc2b0b93b89a5f648b732ccffaa4abcaae96618270e8cadac8add8968a4dbec709eea072ad2a8cb78b5d0ec23e2a95d93cdd86edcfda9b75cd0cff1d6619c61df4b5cfa5b23e45102df5cb2b66ffd1ba012bb7e4f5d5275d118d652c3edc87d499e261b7d88dd8e9aed8fae27202cb4ff8fa23f0cf435be79b96318fef0e2279f260818c173733cfaf34d773cec9ce9e1537a747bc66f9924a3d49767869c32493e42fe9ab28a6adeeb964072c1475278a7546a8bec2a9b57b71776d72d137c431399060966bf06278e3eef0133477c05b937cf400bd9064cd4513408c237cdfcb28c858be41d496a1fc55e194f867d7bbdff35f3079d5dff477b3dc1cac1b969369ff632a39cac06e1c516696f72cc987a037bddfa3229928faa822e2e53fc552f1df2b4f7ddc02635262f81a80948f0664e2cf0ef1d45e231be12c5c26061d1ec0ca0ec11767e68ae333078ed6674073340b180a819c30bae4b01114b65af56f0858d65962fb5c63b3cc8f7f77dc9f7630986e1d3d3ad1742ac7547a97ab6bbe6f04e3cd08786970ba0d46572ad9be3f0657fa619a60882f072b7efd260d11f9abd37c9ea05467f64d6ddcd36c48f33e30473623fa154eab1c6213ba1a7d5bcfbda247241331555260dcf773682ca2c2066dc707dc162f0e66a7f6940faf060761485bf23710b27c1f3f67fe56526d50c816b71f1b5230ef8cc9fb270e886d6272798dd615c1717110c27b68549e1f2e502fb3236c6d6b78617a51acdd35f0347e0ac3cbcd8f23f5cff0b2a6a61a5232c8d1dd4c45cd331d0e38986929f159c2cfc77d44b0188a4b682962fd2c059d42fb12798e917285f7926b26d586b2137b8ec7b3a269e627a3d7b4aac5b070f99bd09ad9bf143dc40a4c5a46cd3e3ee68e26a3358899e4c62e82ed058f0060d849355cc4ce687e45767fd763602d48ce740eac1a38b6ba8e8dea22926eded01e4da190c941b60d65e55b69aca96b40e2d5aff81fc40cd3b41795fed416755a6645e3ae618a700acceb93e0bbf595d21f03439284fe3babb553d5ea76c052adc44daea904c2fbc95affc595b7d1c17ae64170b1c1dfc5c930ea5393e60f9c2612e2b91b28507fdb4ce2e87e454c9028df58bec0c62f23dee64f57618d8624ad8193a1720b715c225c6909008cd62375d57afb11801f10ec6f3f72ffdd80d0f1bd29c61ef7f72a800cf20f44361f08b29907426e3ca34951d0a258f8f22e024039c3b33c9766d4f30f125bfa979ff585d3eb6afbda578b26a1166d4464d761cd455b60f5b2275cf817d20faf492b951d8fa913441ddc264ef938a9775649c77dbc027f16b69bd4f765733e0b4748b9c43f16a687ea3c4d127129a1dae91485fab7137e0e054d0ede57deeefa797bb1e118d55ad77b7a02e97b86f8ea47d6df5401256b4e042f5ec3dacc8f44e79cdd749760111b47b51753bfa86d9269241ab4b92688b6d5bbe504644d5c674df08cf7e5c094f04f3b81c52dadcfeff1ad7942fae5c685c8a23542dd5ce75e059d253aa4f2ebfd7442821eae7ba8710ed32880c6ad91b230ab7151dbfbf96e16dc194e643fa343e51db89c012dc48aac8aad27d0f9370581a900a4da421caaa5df540274b7de76f854f5f8e8df130ea13daa47b89ccd48381014ce33bf4ef5bd9ed8bb800512de4a724fe7437ffb729c652132607abb8cd2bf4ebc369b93d05cdcfbeae93aca32c910820c9b4d37e8c0f7b9a3600fb170470e7a011cbd73f8a827536c78edc6a386af31c4fcdabbe47979ec9a3a4e321fa5d3e8585feb5e6c4a752fadc81fd18586bad9ed41c4ef11a3b67cebc248f0da6d0db28d391b120a3bc464fd9a591ea88ad29fa92bfa4c308dc35af33dd97f068acf365eb0c19e7bd5977f88563e784b74045dfaa6b3375e1e583ae978439be0b0601bdd0e64015042c05e0ed2475f53920664a23c2f9fdf7db2f22c211d5adb9454e8f58ef9ac09c74ca38c709fb9fd24b587e6f421a3aa30da7ce5961639e9e854775261f1ef9fd4c4b38fc2b3be5d67590c840da6af1c868e9095d546141ac565024ce952c42181a527ca39a2d8f8201c112f6e8f8495fe5f2d35ae9c7761a99e03812ee747df78c68d8d9ecb0b8bd7d2251b277a01e8d009e498b7d9d388dae3a749970c8a05001e976c434d925febdc12e1910952b4a611e2dba0372688215ba24f608fc0265a6d8aac0268d0db16ba1023a6eaf5fb1eb1cf2c11086723f589a0e7780af4b5ac4fb463d888b0ea708da8b1d5a9abe652b4eb80bdb18c7c6ac2c828b726082efaebdcc259896ee395d7b3db856bf67a746d8517356b0e351f770ad8ef9896dddffaaae7fcb61d9a17262a16a34ed99da7408f9e62371582af69f85543eb8fa937560521d87213ae3c6a7325ce0a62ee62fd557a3d6465eef8d8bad87ff714c5f8afcd04c5788a09387e01037aaddd70ac2edcf8b360a86aa130c0eb618b3a3a75425191fd8d037fc69f96fc6031f5e91d231e461a5c0333abeca068ca667fbf77a8b5649ddab81dfb1acaeac9827f266a3140f7e6feca650f3a98597d34d9bf91a1fccc167a79ef98a3584d8c9868912e1410eabbb3d917e980bb2ce11ae3ae12621e3809d7bbedc3274eadb233ef6e2f98e9eea20aa856be58d6089d3405f65b7252a3908f47133744b009eda647bbd567d79f1b4a63dbe14854fcf69766223ee96b1f6044138907af2036d33bc914a12afde8c16bbc98595d74dad841cabf2526c8d5dcda829986fd54af087b499e01624f7d757452c41e48478189cf5ab5bec10c37c18cc807e56d7ae7081fd68278eacbee2210442e6e11739ffd16b7a4cd5fbb4d986d6ddd102927c51d15256b04f237f7b82766ebd44df1f8fe4fc1caadc0a2d0f9c8a96a9cb870ae1f7983063e183e9aaab1f57d82fd67a43d9db3f0db81fb7aaabff6ea711069f6e901cad80ebee7ab689ddc138dac348734d467d157bb91bfa5b74fa0ea0eabd2a6e2f3b3b7f6fad611ed5086c16a70e5aa4c38ff7cc6f52d2c345a9432d13a6711ffe8bc084e5e02eac707686ee9841099bddc92196013d9f7ec257a95f16bfbe7fc8284e40e057c27c7680912b8869831c7e17554558ec66172562d16020f5a8474282d6400a786976956fd6c4f161bc500aa3489ee34a906e457e8abd223cced7039df2333d83192dfb1d78ef0366a8f9efda68d23d2c8a43faa6b44882826dec6a46ee54cee1d84ade00d37187e6ba09cce6cc11a140069dbd593564763b003612e34c7f34ad0456fb7a2334780f095343f7ba60b1cf41334bb2dfb8400d2521b1e502fa88aaeeb432a982b420bcb82133c402a6050d5386c1d92b324a894b92abd74f465f1bc0bb8faeb9d9a77764926927b5c6d6b98b0ca0b5ba19c554a781962a320cdbeec1be6a969cecb3ab79bfbaf7a5e050a747d54b6a00bc72710a8f24f0ab62a4adf8dd0f40f0b412e4d16cb9aa4f702361f53d3b53b20616648dc2136110e4e3430d109d91485fc0a9c8e9a6a839fc6a44805de7c9e321c5903b20ccc7fac518d4fe36ac03930f0df1a5453a278b88e534875a658c986af27099658a39ec18b0c943460d803b8c96300689985d985be22baf8174776fa8bb786e6ea2acfcf10878974ccaff3eb9dc8ed8f6e16ecf5c42b1c6d0d67ad0fbe3e89006bb6b86671e94f146763293f7f13fde919bfdbbfdaf6131c59104ac1430718e0a77e41325258190c9f57e1e0a51d96d48af55b45a746fb84b51397940e3896efdc3cd0839b08064aa6379e49093092e82c1a4e352c4859ac12d12a7a38c213b966c3be3945b063025978344c404e6be510d3a6b647d9f096dd81ee1da723d5300a7f42abf1e8580ca46a86a5a14700950510b2d8036b50753b9e0bf5c0631c9c774672c1fdc99f0f0d46eb77c62ce2c19eaed5dfc02b853c08e5562aacfcb716e6e89676cdfa8b1fedbf6b821d4758c177de07f440517e169a8dee05b813e77490b6e9da3d34ba145f04a3b610a78c97812eb4be03b99e7ddca54bc60f6ab66dc93d3a20de05cdec2ee4f69d4618ce17fe0243ec493a9d7ebec2b7a167a5f2c49d78a5289de87ac10c6657534faeb7a5af044f5b4652c1e4e232ae39446520f802bfbd5e80878c6b4c5756ef24fecdcb2f57d2dba09f2b4b05c4332259eb92adf68c39e6bfcb33acc6bafc6c85f44436f5a6ee1e8a1ae8df1ffc2b58f4d50796a295d80cb803e5a991c92f88951d6cfbc285dbb0078a991217f00c12faebcf2a07b8317096ef87471e956cc720780f083be1a487dc6246e3b5bd42a2aee6d5e5009955002a9fb9663017e09758fa0372a19bdf98bced5e5ec528dfccf866137a0788ec4628812287efaf13ea0054a271ef2456b08e853a9890ed36b01f2469895400cb063b439cf93e05e63ca529cf1a1041f5c874168b7434f86b95b44faf16cb8cd3cee8dd7efe46c27b7104680e9c4a670e534b58e082187360e31ad69591d07ed35fe2dfd78e84d61e4c0231e48f1eefb581799cf489c2e967052dadff3981e7be54c4efa382ae2f03a24647d4ac6dc23c14dcd2e78ccd017c3f739ee4fbb546d93076a327782701dcd0768bb9828bfddb7f53a398aacd296d3db12c0d4928a30966c81dd53f59a64915538dc3eb4445ed5db8f09b9a18391fa589443165dbea1aea384f64906bfa0992f10adbe6b8a75facea1b2686e81e2587cb2e2a1df1f437d17104f9f2c94bce8113f8fb289aba60efb188f65e25fba4d44d2ce119c861e6547a1d8447df7c550cecf1e5f83839d08b31c08fa5ee843083395c30a5f2a6c8c3c30f267923a08a88dd1d1126e4c381242066f4098c34c83394fbecaf5334414b98056d3f96bc39818a976e16b0852cd709714db423c0ac2db6c89fbdcc591093874789237ec986ad2debc5fd4bc5c4079f526e625565d06b48390c622502fada0d57a3e3e31464bbee2b34840ff4a22f93388809bad54b11459783cc42394c6c06d00ee4f22418822c8ee72c910b7eb9f5e358eb038cc892f0f63bca777e3cad28ec9d525504a59599dd8b371cba08a505111e848c8742fe6808a17e7c80b407b0cfc4b85017a6baa52819fca3cdb43f6c1a2701f2c56ec97cd32302d0cc2af7df38d004e392b2d55c5c352d0b7ce9c2b6c1013a05222ef3e3b2d6f6918d39fb2afb26bfbdcf2b997d4cdee231d24f75a1116dfb92037d72eee09718bfc119b9a542fed3a8902ed888476ddbc3b9e4cfc0d2adfe1ccd7c48a5e420c2178b9b682aa67a8bba1a0d414775d2bfffc21184aa02cbbe1bda5f4afcdcf2818a1f94bce50e50a524c0d6e4d356d556d923663622edd9bc5753f77f8273cd14f2d344850f7ab71cefc9214d433a2692bc07bac608fb69d1ce693936302bb869045f5033a9a976071a073f0eeac592998cb393097000796a63c14429248ec9408de5fa7f483c9945965967c98a219b2d6c580007bb496a91e1bd4557d6a271429fbd347c5d415970a84bdac25730ce6748ce29e3e86ad2e84df3384c199db20117265712022b516d340eb5200ecfa99f9df13a141641721edde346e6b7a76ad0e679a3c08a9b0427376094917bea1921c310b0db429ba114cf5d747c057961363dba0e6eed452a7d7a71da593a9bec590bf806cd28aa4c590ffa9d46ad881bc556b885e493d07bef6e96532c680df3e7550b33c513d907dce9fd047bd0c006288b1a6efe4b902d606890d58216f09a8d9a1fba5e065d2eeaed9be6d815e2e7e2fbcc9b421d821ed89b55065721f619043ed856ef96080bcb6cea728747f737b79c779d905123e46c8ed88d32446902c93520158db7d046541ad17aad610dfddd66b8c406e7ca3e6cb5fa3f71d6cddf024e0e673a5fb62c5d0d60decbb8830b45e5756b52d085cd27fce388d219a4d4cecb2fcb6c3310bfedf476fd2d28a03e26105208eae3eb09d22674adec1ed1940eae9ab90fdab1ad06eca63a0164aeece9fdfe18800412a094a78222d0c83a966ca3277cb52fee8f2faf9975ce1c11828de635f321b84f5a0a182b841a838c7a5da7a63e36f5f1cc1df2ec19421cff16a3a87eb4d91802bcb07d08c58cc34eabd9d26fea3fd0e99e3a3de4d97b7637c2b2093587e4f480d8e8f4faed3e4de892d7b50d513544d9403ab2ea9ff32424879313d3853bede6bd309c43df55de1d4e00eb02bdb08e3ad04bb076580fb6117df5ac89a515086efd261d3c2ecdd787a0a9d5118edd02419bfcc5ef307fad9f26e361ae4200d3d5bd46643c7fc9914b2c8809888eeb5349e030f9410cbd50d2e552b4c5af1398dc5646475c30775eb3ddaa8e2059c4345e7cfb8f7bcc849e801423bbd307064124224542b7688142330635b827e1f0fae70aee97efce4c6e8a4bbd830a497ee0714bb32e64b9748dc5b1207f105a19733a5e37fd6f124bc1ee5d50c74b66b8d20a19037e877d852c2620e9c45949f774b9277c0de174caf62474e983d0cec784fb6708ac183e14075290ceaa1ff2a09f40d9e8e392318ab659bdf9803af1e515c0c8bed11616f801180becae57989914f5c3972d90cfa025e435c92b59f10940abab48dc86086f00409f181566d7bb622749eac1f40434b0cf7a9c7670639c6f212a3751dc466275c69365bbc88de818ef912a30e6b3b7b0c902c90f9718e01f47a66f097683511653ac2a72da5356f3df207117b209a1754c9134534227418e62bb32e5ceeda3427d926232130d66bc7d813fb6218311144d78fbbb138ab286c81f07d220b1e7e1335916dd5e767c9f905f303a1b81d224bbebd17287fb3df48d0c84ac9b5b211d55fcfbeb705b316a7f00f5a9a888d22419102ee7dce95e0a155dcf0e20c24d059c812800f095eeb6041b169211d65a2599e076f49d41baeff94af21477bcc51720b755afbe71e7d6d1decb9aea5833e727cbb45b5330a0abc1a630afe31d82fed1be18390589d1e2ded5e92db6017ea6c302984d9d4bdc3c4b104ed5af22522d53972fa9c7b5a875af5bdd21e1df6a86fd69b73930f47bcec6103d6e004c91c4fec9edcbcd47971aef9366e551863962945948a427ff5bb5f1054dbd468fe12915e66655e22f39831a6f8112263e8b327950f4008423d13c79b3e57c35eb146c30d572743a0eddfc66f90858dede12cac6961ddc7c720f58f5e6969c7a92d095f25669f1dc4c3f8c61788bf0691ff9b12189a8cef2869c559cc453bd0239db153a5ec856c9dde4350503e5bedc6d20c7514a14224a7f866001c7497b4b96541fe6ba6f975ea6b4f54e21386126b37eb364718ea1067743e1efd55d43086f845a1801901da54aa559c33db42224be13a773bb31f8f7dd0ecd59d781f16bca08d13781aca8404ddb1d0623f3d11739e8bbeb5d276a9bbccb794e5e3ce338d9d08292da080ec1da1961826d3dce2db062760ac7e537ccc69842c6387fecedb08689f1ac7eaf8bd351830fdbd731b17b40a0a3b25ce6b98e8e5aad51b15d5888a451c5df1ccc9e6c3cb0dd93e4dc2fedabdd6ef9e5199d1a1e25a2d5f28edc3ff46666e108e82fc375ee89670e58a61c181d2736b9bc291dca9247946e5aee0c62674393cbcbdc593319e6cc7a7540135e188e3609ebd17c54ac441cd60660b45e641068176298c70f26bf320164fd2dcb000bb83ce7929cab31f1c2cdc3cc57c0d4a0506cfefc47e1b2f2e57f05dbea93ad7a46f97d06f344cab7924bd4e461c3a0289bcc329ee69312e86079a3c7c5ffa2b1be8649fa0b3dd45808486b8dec41196330fcd5dc73839d5809f9173b7cc0f85e47355b3f6275db17c30d20ebb0af342412f0fab19eb96728af6625ee6c67598c99fa1beb580fac934eb1766413a89447d35c249c62042db67a73932cc31fa1bb7d184dc10a3b02d11b01e518c1b29aa74cb5a25134350dc909bb4405159288cfaf9520d77b8966f3c71444e897453e039d8c9bdb52a0e501c8b68489794eebb847945fffbd95accdcc38a060648f9eee00aa43fabf78cba55c65b4e4737f14fa2e4483e4a820050d55de7bf7ddb3bd6675aa0933c2291cba8dc336e3b608f25e492f5f85989d8e7746a2813fa6ffcdfc329db34aeb3859ce9d411842153914ea4cce06b2154694ea21dbb53a1bd5d65d1145e4f0aef07bf590796f1f0c9fb59ae1e1f35d10657372a55cf186cfc6e909ee54da95d4cc4908cbe531ef0f5812ff660be8d7c05c034eaa90d1eff73d9eeb39424a59c67515d0872fd8b05ccf83e16f3de7d157db428be36dac7cfd45a28bb38bda27da6bcd601ee92f958b37bd529c848278e976fb4638f6a9049b9f94353e5f210438fe8942cb08d5c02937e8e05074362a69bd4e36c3261f1d3dcb14bac50422bc2c6e7330b298689e0c41ee88c32a476e18d51b91a7db31e4d8e9d606031664575a96a96c1bae74980ffadaf41031c3270e6460b118e8a143561d4c962a050bb8b8a2745af1cbe2a48dcf8df4062e7f3faf978c66a4a3b1cc9079598cf1af66ddb14c05d6eb86d8d3052be18e8a08d8719be0f24ec36435c6efd13015f7e0de3b4ed36868f1ab28ec2a6d412ff35b5bddeaaf73db5490d9a3a2af80aebb98aadf7ad34463b85e5897ef99ef4d71733c55979add2e18f2bdb5016622c4de450a6b54f5234c750a99193df5a3f9b11ebb4c9da573807d3fd4e044cf6bd0439746112250af9aac6ee5056bf52c3e3f4a4a8903d591d804417ce978bd8fbc3c7500a82e9763c8aa5642e22cdf7691c312c53cf73f4f8e32a7b13a40a6e93b4e758b7b93169e255cfbe0478761a985ab33edefd0c19a608050970bdd3dfe6870bc1d25c7e36639679d621a8231d5842a79f4b94e65704093a23c47242cad9eae4a192ea87b4cd8dc5998354bb57377d185840efdc6595ba5677ea696b2825728933caa9ab89b8011fa47ebcfe22f8935476666d8cd5abf0b72eadfebe86983cdb6a64706446e112c6ce2eedcc799cd7cc24ab0260fbd764f7d98747db5f6f0935673eb4603906d978801ba44b6f114a6d1922ad0d867d899769168e016ff825e9ba49008e6be4f75af2ed43857bec1ec3c6f067d359f4a3b7e5edc330ad0557079a400fe29b61907dcf1c9a8fcaeeeea245668736113572656c34037df6b3a1dad3a9fa8c49f5e67624d3c620df975bfc0ee64f29e6cd71c05f07be71ba6e7d4cc3816ee6a0455795620b043c62e5eecb6e676d3162a295f86baafd596fcaa985d362117c1a622e8fc40489902a570b8e5a82203c41ce4b40e3e712f21bb768e35dceea5a722650a29ff8e9171a6a288fbba3b0f0b69b468b33dae090c78599e30f02f195d185c7afe17789f69ec6fa23ce645ee82bb02c4de39736826549b7cd3900c0c2bd6a8fd18509da05f3481097bd81fdc485253c1cd4ef18b84ccf8f5851ce10e39315973c252bbd62146e2edaa699f3f8cb202d04f42d173c9066a5a871bd9d9b19957a894063e76225", 0x2000, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000000400)={0x18, 0x0, 0x0, {0x4}}, &(0x7f0000002680)={0x18, 0xfffffffffffffff5}, &(0x7f00000026c0)={0x18}, &(0x7f0000002700)={0x28, 0x0, 0x0, {{0x0, 0x6}}}, 0x0, &(0x7f00000027c0)={0x18, 0x0, 0x606a}, 0x0, &(0x7f0000002840)={0x20, 0xfffffffffffffff5, 0x0, {0x0, 0xa}}, &(0x7f0000002880)={0x78, 0x0, 0x413, {0x0, 0x4, 0x0, {0x6, 0x16, 0x1f, 0x6, 0x0, 0x7, 0x6, 0x6, 0x0, 0x0, 0x7635fc6d, 0x0, 0x0, 0x8, 0x8}}}, &(0x7f00000029c0)={0x90, 0x0, 0x0, {0x0, 0x0, 0x1000, 0x6}}, 0x0, 0x0, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000000940)={0x2020}, 0x2020) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) fork() ioctl$BTRFS_IOC_DEFRAG(r2, 0x50009402, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x4000, 0x8) preadv(r5, &(0x7f0000000900)=[{0x0}, {0x0}, {&(0x7f0000000600)=""/200, 0x7ffff000}], 0x3, 0xffa00, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}}, 0x800) 16:15:40 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5412, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5441, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5450, &(0x7f0000000000)={0x2, {0x3}}) [ 357.784254][ T22] audit: type=1326 audit(1631031340.847:8575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10343 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:40 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5413, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5451, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5414, &(0x7f0000000000)={0x2, {0x3}}) 16:15:40 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x545d, &(0x7f0000000000)={0x2, {0x3}}) [ 357.816248][ T22] audit: type=1326 audit(1631031340.847:8576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10342 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 357.993750][T10356] selection: kmalloc() failed [ 358.137106][T10366] selection: kmalloc() failed 16:15:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a725", 0xac}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:41 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000002c0)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:15:41 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5460, &(0x7f0000000000)={0x2, {0x3}}) 16:15:41 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5415, &(0x7f0000000000)={0x2, {0x3}}) 16:15:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:41 executing program 0: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:modem_device_t:s0\x00', 0x24) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c29184ff7f0000cef809606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45ef4adf634be763289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cd8e5c39d325ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b6c4a00000000ff435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0adb02d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4a00fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c108285e71b5565b1768ee58969ced595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30fa94ef241875f3b4b6ab7929a57affe7d7fa29822aea69a660e717a04becff09000000724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7dfa2e5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca378e676c3e08c1ed43ca8d3d10994c0b58645ac518a75fde7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d34b5457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464b635197351a5ef0a0fb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f83100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa370ac891e10096e7e60fc3541a2c905a1a95e9571bf38ae19ff000000caee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5944912d6c98cd1a9fbe1e7d58c08acaf30235b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cbe7df000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc13c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e89fc745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb4a541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83186c1526af6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af930cd6db49a47613808bad959719c0000000000378a921c7f7f8433c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205aa00b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569ed7aa287378c697f6cafa86966d7ba19e720413268e4770132618df552c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f9360984b5c2d4523497e4d64f95f0a093564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf596218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5002512bcbf9b24accfecb0f477db103463af2847e6ade5b9e065ec0d0ba58fedae5f08818fea475b169469f9efd131925d98c34b3cb26fe26796dd43b87e1cdee39f5cf21d2e80a64ac97e71cafc29bfb78db090dd12225efeda2e93bf7f6ba7865e9c375a780929dfa5a7036f5858e2a4ff8e8d1e8c9cceed07c6312b734c72510d335acc94f76e7078ce4066f1e0ac9429f8013683301277a11e25b248b61180cb6207a0e26757f3f1bfc6c27f3720d1fb74afb17f3b5239bc2243853d5234afb05ed6024e94dee34666c5b5522b54cb433efa54b4e9022533e7c89bdee957dfa9ded9f16fdcd1b681e4c72f32fa3334313e334cc140daec7dcb22f463457a1a5ac230bbded86258206046f556589f5627ab2751eb34d940519f009412098398ad822a8509d2d32da656ac5935e4c7f9503ce4daf13300dfd611528049310544d3e8613926fbe2647e258932592c9123f1c74023144442d09ef90c64950176c666da6b658108ac54beb2379aa70501c42bd9c4e4f426ab5ff2a33767b408ed19e399c33b52abc4ac24da0d4cf07d93029583591c33f0f80513c541581977f2e9735e1edb66fdbbe22eb4b0b670ba74fdee2f1a3cf85777af5d8267acaa9d83c23a4b40d0f53dce003c03c5959e405fc4f2c05d3394f014a39caabbeff7c7cadbdc57def7f5f758aa46b6e2fddc779770d7e395c4ac2a136a30e7c0a301dffc5565d7244fb29cd302c36e76221a3c4e21559216c078f06b0b04fb236ea14f9998776a0ae88dfeccc9ad64d2fe3cfdeb9684b7b7e5c00f7323f8214ed0189539e0e3e34c8e542c82ddbd6a75c1adbedef4d5d69b246a5a36ab802b0161908e748ed9891678c228413bf51b18a25bf776b9d1f1fedf97cf5e7de4455ea359e5796bd60cc415066fc271a2bdb7db13e72d1a99b375f96c4b5aef874037faf6a1d1aacf46a57346d000000000000000040c1051e444ea35432e022889fde59f038db4f83ffa3191116c7ba9434a7f758890f27b3acb915a7e5db2149e18c51b6db3edfdeb2ac8fe038f7987c5b38f206084bc5e8243f73e152980c414558a1f9dd35691d7f51f182393a434ba11112d7b3bf20fb62dc263b68149d8c22eb700f1e3b6ada85d949ddba3afae71082931899d138a2865685cb0d7e231838d00d1f1f104ab37b2929017a1d08f60b2cee3a49ea82b54244bec41e289ae1d7d578eed068912e2e72ffb0ccdacb8f459162b1338f91f247a2520e08c880463af6733fb1eecf800b7d074b435f1eaf608f34ddc421dc910fc282cf71114e97e5e4ab11c12c81502fb679666626e0cabdd23e7e29b4070cc18c24cf77fd9cae782eb7956e80abbc7da288a8be5869230fae230de433ef97c499e4f5ed5636b0bd0000000086c970de845572766c4e1d09154cd322f1a8c8ebe5a9492e7d1486d702018c"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) fcntl$getflags(r1, 0x408) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) 16:15:41 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:15:41 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5416, &(0x7f0000000000)={0x2, {0x3}}) 16:15:41 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5600, &(0x7f0000000000)={0x2, {0x3}}) 16:15:41 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5417, &(0x7f0000000000)={0x2, {0x3}}) [ 358.665752][ T22] audit: type=1326 audit(1631031341.727:8577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10373 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:15:41 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5601, &(0x7f0000000000)={0x2, {0x3}}) 16:15:41 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5418, &(0x7f0000000000)={0x2, {0x3}}) [ 358.737989][ T22] audit: type=1326 audit(1631031341.727:8578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10381 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 358.738324][ T22] audit: type=1400 audit(1631031341.777:8579): avc: denied { create } for pid=10380 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:modem_device_t:s0 tclass=socket permissive=1 [ 358.827370][T10392] selection: kmalloc() failed [ 359.010513][T10403] selection: kmalloc() failed 16:15:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a725", 0xac}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:42 executing program 0: close(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuset.effective_cpus\x00', 0x0, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) sched_setattr(r0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clone(0x20002044dfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r3 = creat(&(0x7f0000000300)='./bus\x00', 0x0) lseek(r3, 0x400009, 0x0) fcntl$setstatus(r3, 0x4, 0x6800) preadv(r3, &(0x7f00000006c0)=[{&(0x7f0000000300)=""/142, 0x8e}, {&(0x7f0000000180)=""/16, 0x10}, {&(0x7f00000001c0)=""/57, 0x39}, {&(0x7f00000003c0)=""/72, 0x48}, {&(0x7f0000000440)=""/249, 0xf9}, {&(0x7f0000000640)=""/97, 0x61}], 0x6, 0x1ff, 0x3) sched_setattr(r0, &(0x7f0000000100)={0x38, 0x1, 0x22, 0x20, 0x1, 0x80000001, 0x1000, 0x4808, 0x7, 0x1}, 0x0) clone(0x40100100, 0x0, 0x0, 0x0, 0x0) clone(0x40000000, &(0x7f0000000000)="61226eb8447132f76054c4d30e7f61f0176f0b2127671e39aa1c09ec58e62558b7a6ad5dbe9b354d1a1bf3dd9f388aa4ad0c04e0a927abb94d5d9c3a13c96fb0e86f7b29aecd88c965256639aa9331aff95272737d0dddfb3ea0cf41afffe404abcd5d1c676bf17b15d5d8b977f3948c", &(0x7f0000000080), &(0x7f00000000c0), 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 16:15:42 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541b, &(0x7f0000000000)={0x2, {0x3}}) 16:15:42 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5602, &(0x7f0000000000)={0x2, {0x3}}) 16:15:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a", 0x62}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:42 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5603, &(0x7f0000000000)={0x2, {0x3}}) [ 359.492434][ T22] audit: type=1326 audit(1631031342.557:8580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10405 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 360.067652][T10413] selection: kmalloc() failed [ 360.169252][T10425] selection: kmalloc() failed [ 360.779435][ T17] Bluetooth: hci0: command 0x1003 tx timeout [ 360.785483][T10118] Bluetooth: hci0: sending frame failed (-49) [ 362.859319][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 362.865339][T10118] Bluetooth: hci0: sending frame failed (-49) [ 364.939825][ T17] Bluetooth: hci0: command 0x1009 tx timeout 16:15:51 executing program 3: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:15:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541d, &(0x7f0000000000)={0x2, {0x3}}) 16:15:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5605, &(0x7f0000000000)={0x2, {0x3}}) 16:15:51 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a725", 0xac}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:51 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x20) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, 0x0, &(0x7f00000000c0)=0x28) perf_event_open(&(0x7f000001d000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x8}, 0x0, 0x0, 0x7fffffff, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000026c0)=ANY=[@ANYBLOB="1802000000000000dee7228c3f5889a79dff47c4ff32e900000000feffff2f850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x18) fremovexattr(r2, &(0x7f0000000580)=@known='user.incfs.size\x00') ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000004ac0)={0x0, ""/256, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x40042409, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, &(0x7f0000004cc0)={r3, 0x0, "2e2eba7824ef65b1fd047ed4434f2fb72b32af1023ab4f4717bbc529904cb8628af950fdc9c4c312bcc240ba55ff51d8f9e65aa604f2598010c6f70d6563f0fda652eba543287693c5564bcc93f8b0af136d6d7e4c9289df134cc79502f9f49449c5101097c71b0db4b509432fd6115323125d43b9446658eefa58461d823b9c2076ed119c60a5a5c3f2b346bcdc355e951b9c211e4a581b27ffcfd470b4247027e9a26b915bb36b4c0831b87918bd099625a7a93cb026ee2e6a2143a8c76f2b8ee97a4e0cae4a974d5545d2b469f940911eb44285045359eb5cda5036f8237aeab31fe7319c548df6ea09e1ce9d210ba558bf8db3483a29d387fc49aab0aafd", "6d5d3f4d5b6c97a68739f5e79d7d0e872154eaa96032d4e3a1f6725a8bfeb84b1b82cef3f6f4ee84c63a9aff36de955720fa1c30e3f81a2f09b2967d086819b1dd4ddc7cc84a92cbd76f7d8377d32123d11ab70d48dad151bf116c8b52d6f33cf3ca2cccc339b80528e981353d226daf55053a2e18ff30fadebc2a8313bf4274a792b14c4732fc06efae17b8183e5cf61e1cd9ec67ef08c967ee0a2d1413bec3e6800ffb92604808ff2fb2f9f459556fdec74ddc9c6f2a5c4a44b2b97206bd0d755e4e13073266fc2d11680a307e9a3df71fb8bdb421516452884a410b6a74e9614aafd83f0efc3f74c505317cb7ac07e3bb7fb2b7f80d334c6095cdd75fce341a37116eb42019bb75ffdcc78fc27417e58c80ac830dadf387ffa14af394633530d856a53573cccb920a72e81c8dca9750b7f1e57c7f72c07a7536d9a3838421ff4813e1f475713d6f45df7c5a9e699a8e98e615f29d5335595e98ccb2a68d9947c180690b4c59a6950e4124b68486035f9f1974e37fffe19675a2e4c036736a791ac94cebda40eb50dd0e037cf91ae9789aec325c0d29096b539f145f6b2a023a46936cb2bd3ad45c5f9eb94182803d107809ef0fdf28dd0af8244642b96a6506a5e35a9152786d8c205605dd846301c7bac5a602018aad1ab04c042ba66babd957c55d81a6d497202fbea9d626079607aba3caff3eded1af29ea7658655918983f6eebfec02ac5ac651e9f64fd067870cb5d009d1f425c643c6f0755783cc32494d717fad9537fa7f0f8e2dc1149a5ba342caf91914e1d018a2eedd3cfacb2c9ed0c7edb6788548e1797427efc4311d447823db47b72bbe71ff0dc0587ddd6f7cee541828a43db6f4e453649c12eafee316ae09bdf30fa9d0869cc226fcfa1862d921068d203c61c3174d8c3568e9365964aad44050a4a9de75a166b96abf8365416b47defd80179e9d716e7808efb1cf254db47830ef9e6c9ebf19034be73073d44cd28c7e451c78c2d6169af69bf6b40d4fb5ac14c562ab6a469c520f90b9478070cd8fe077a5c31686542889d89c8b3442c4c89703c862a5cd2bd95eaed1617a7362b4847dd016222dfd0aed438dfe51b0a5b291c740a5f1e90a5210a7cd6bfdf6432041b706dcc479f86f0b633e3dc518b384b3da607f231044c50fbaaf06a0c6bbd8ed0c2e207bcaaa47fd6906d499fc476e99ad5b524e56ea24c315d49e6b6365dcd37e7bbc4e7809e7a9fc363777b694f2f7dcada119939cbacf65e8844d79f5468aac20510f1855aed07205877130f8fdb927d3b530a185c47778ddb78773e22b642798f7d63b5b5d5313a901c6a0952d025315f12b68abd751ad5bc9c5b5f28a12aa40827eda17516381d1220b1284c28a97bc66970ee97dc1ae3da348dbfd69aac9d3438ba2163e00971a580ab631a020873cdfb46c8d06c8bd7d05c1ff6e9875ecc9c24e49e543dd2fa651f06b615532552d525a864983b13dbdec23fac5cd397a8956065fc150922d2369b65e166bdb13520b9d07246f19b8f8ba839d2320de35ed5c59c082a54e6035694340caa9c6080ebcc7e140ffe976ecfdb349e84a1af473ad3c4496ba8c5a129a6e653569f299b242acc3df9da3dc3573b8e7542a2ae25bbd3f4754b1452b193b4f46930a285ac4d33fdc455079fd00e65f6ef7717302195d3968915a0594cd55db52cba94722a988059693d92ac2808765eec9395ac9580a448ff4beb250907267df73e599cc8ac71f4101045b7be4ba5311afa4feec6ac3b42344425707f7a24e2d1c5e0e44a848f4f26b80fd840c6bc352853f303815da5122d485e67a7c92438677af8814495871574d212b1d937aaed2f7efaa4edde0387121402fb7e1bb2be9a6da92ac15f39ca2a1c0f14b64b3da83ee06d370e67881f13fbe37b6443cfd5855ca24a69893298599d1441fd1afdca5f54f27961e20eab4fc2e4367754eae68fc7a115b9a75964696a76249b60080b1958720f97686cca532daf0e219fa9c6c7c18048b617ecd740c646be431ba020b2f7016568b409dea1432b970c1aad296dd812ece6467b4238d646fda2328b9413f9f27c2def7f00f8e4dc550fa083e0ad1c116087a619dd13ac414aad4ddec5d15fe91ba1d89df64efd176610365fb4c0f58dcd2a19b7539f7bbcb34bf7f2630588085974c7e84404fbe949695d30c587f979256394132fcfa36334244425846008a59d896c83298b8a0a30c4fae8d2395727756b564ff11fef2ee5d5b3a87294341a465ffa1a5b2e0b2681ba36f6a1c240e8e10509ad51ef8086bb4cc062c6bf0cba6fe68e6dd0ec976f0fa71d20b3e0b37a444e878b73448ad6bf1439949643635f4aab1a0c557a738c485b37c6e971d60aa82f5039df1044c93f99c9d87bf9d4a5df1e7cb3f50294ad4914d750adcb4e57825134321eed9fdb9a67e84e4cad0e885927ba0ac4ade09be8264819dfeab2228ea158bcbdf9d3229fad4a2ff92250cb361c5a9a8f2827fff3dd614248f674e59668d5d5624b569de874752c4e2cd826af63fdaf40693fd50888a9ad1e1e9afa32f2f421528197a71251e0bc1d581da50ea507dc137abbc86d3b4ac21cc3b9a56d4afa60933ad141c97c6a2b02cd8946ed22a6988336455fad60f9967a37741864cbee4940133de46647766c1ef5b6446a3eaa1cdb9a4ee72e8571f9ca40b88dff046ea4e1a2ff484847520a4f32da586722520e9e87468555dac7f82e04ed8e20a9e5e437728987439499df04c9de0d180fb86f4cdaf4c02d82689e5ed89c1e0e6850140d9217d6aa6412a2b002bdc7b9655fe081e0d1d652ee51cfde144e244100801f742f240536492f5432375cc2baf60d220feaa8e1433e5611f6baa399824d0932db556fe6430e7e82f43ff8d94d4a72b377a677eea902229e99273ec50cf5df3fe716af3d773b133dc0171016282272f419365dedb7b2d5c0693a6a7e2cb5bfe5f0c0bc0575bb1a10937cadd54745e8f1af9052385100db1fecf85b577007d9f937fff3f8aba5525d9b033fce8c2cb3334e3bfc864ec4783bf3186fdba7fe51d9ec7efd820b73aaf559d3e555176c8897306bad300d432f2443a75a50c3be72432e8db62c5a0983398c621e34ed1bc4401242980a427a8a3ba245b2c01222bc095fcc60af0ceee52e5d6b930b059dd52101a401277ec784c682637c021540f1d2240bb790ea8c83e812427399cf5b0dd599e7bc6d616e0f18c5084104f20a2fec3254b3e87a0d17d20bcb6082b7fe01fe357003b9fb1a5e2b4d42977a2a827c90a11781115592516e4ca8af97ecc700a3edc7b29864c054f328733a9fb880de2fedec59fd9a01e2cee3ba05a09a87504e0e18bfafe3d7fd62060761433e1c1b4a3c062d3aadc72c2a4bc51f0abb6eb6196376d4fb805553707b35fd72c1814d05b4e6e20fd72f80969411bd7d80afdb6453a7476bbe5635c7b91378529f11cd1bd102ad77ac776e32f2cded48726957f67a73ed648d549ffe71017b83ffdb6504544f27ff52b8e6a93158891dfebd3e97a3adb48f357de7af6f15f992107342b6c300ed4a6ed0d2d4f85dbbe425674f8f5a6b910c6bb184b1ed00d09342b4404447236eff01fb4d14e2a4165a14aa7a7cc72714e16be3ab76aaa7ea6fea08130e904c47ad1d0dbd0f2d0b0950e08962fe7172edd300a76130829bccf1986ce674d212cde9e19314872b8536f496c5a2ed1a96ce9d3cf113d889865387eea3ba2ba47dfe02bd6159f1a2ffe1af8db0d092f0b4f4d73dd065c651898a2c009aae9d3012b34b36949314878c4b25943475673c12d49ac1adefead0fe8fea334095cb240facbd26d966c94366e9c09888027dac243aff7788975b2b4d245e4f4b628ef56d6b990adfb13a01b1cf08afb30eb34051d675c3cbf4dac1a034311b4f962a16a130c002e0734183546b10fe980a72227131fa8d9ef4157b52ad7ea397ab7d1d1098eb15efeb10130b34bdaf07f45386e02eb1798c36f0599464297cd1b4da4928d621cf501209e13db2ef0cbf2914b39273c575a2d34072aa0d1f91d15c870a2903d85f838f7472f5349b4da5427f5b8e802e57f0abd9906d8a28ffc6b2d542cd7f49aa53c31ea4e9080b86f0a1ef9ca737f91d1c8da7343a7a0b310a4171aa72c64a6a8f3eb26e012176f3013d9b65e2ab180b8b87bb88c22c04a67364635495106e9ba47cd3a4d69f2a72838fa3e3e4bf9094233c6dd0a5a927ddb3d33f83da5ee8c6a4b3e2204b58e0cc0565c505ca69ecee5d4f2d6ffe239089fdb8c39a2260aea4436189ec7e1db5e0f7b4ead15d0cee1637a72c55fba70b21ccb3dc74d0e9dd72fcd1e7e3699a20e8fa8d26f00a752640b5ed5d118f8f3499140b48a2aedf806960356749e2b162e6bb695888fdb70c9fb700821fdad0c3624e76ed15a0dce2954776cb9d2e8f3387e061b6f39b356f8ae4357d754289774f8dea8aa2ca8e8129a4048d7da6c79ed37a4279fc57afea2c56ca6ec58e59f31399fe323ce3555407da2bbbb33e8b5a959409b3e49845c6f1cbbfc14d3bf2bae3d97510ae33cb8cab1f12b241beb6c2ca48617efa22324c60af7d0559f85d8dcd2caf3421e2e67df1ee15de6db25436d8ad46c3f377b19cb82c6b046bab77597a7aa395d8b916a0808171d7babb24b8c5fe64f5d66ebd225b942e32887b6950f576c3d8fa7e1b32c87d00ea923ebc3f9324496000afcf61660957fc3508c7e96c4b8983945ca47f05f1efef0ee1973ee7a8c84b9a7923a34c5e3bf6087d14cdb27de57ff9b8beb9ec12f883d78aebcf5c6dc1995f469a6a808a5df21e4bad33ca335e7ec78c874b5f76f44988a900397e44e0716bd07b070d60955e22e2d0446f87548ba2d3787e3a3f5fabac787d65b33daeb1c4b0a8caf6da1b9e65c15e1c2cf21b13dce771a54a814031b781d63f5f2659d19f2e62227d57f9a21fcbe6b5887c1ea34c796bdda023cd21ef6203e37d6f1c4bdb59db04997f964919e7bd86411a1ef035b9c21b2bf6deda068c216b5ab816087784d1222b073dfa99e6bfca2c2962b88be6dd58c6d767d20827a5dbd48419a6bdb90eaf5604ebd1903b6699f26664cc3a5f97960519eb78488ee893efd1118f4efd4892dc551f5fee3272213ca06c626efa27c8e6aee727752632f5c46667b7dd06a7d4f0933e4e7f7e960c9b104a366948240d665171405bb86c952d585a4e893cb2c7014dd306d817de9a4d8a8d831f4a51e56843c8de41d344b6ffd8e0dc8959df17363bc17f867c3ce0b42a2ac452a1923d126da6b8cdf5f4e6fc8da90eaf1257fb897ffeb57341f926cd49b1fc9c2daf8bc782e47749e669ba30cbf61afafb6398336a9193af4856177d7ca1592e31ade3dfc53a4987a441531a4acd03897b80b3e7ea"}) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000080)={0x7ff}, 0x3f4) write(r1, &(0x7f0000000280)="1c0000001a009b8a14013b003b9b301f00"/28, 0x1c) recvmmsg(r1, &(0x7f0000004080)=[{{&(0x7f0000000100)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)=""/81, 0x51}, {&(0x7f00000002c0)=""/4096, 0x1000}], 0x2}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000047c0)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000001c40)=""/130, 0x82}, {0x0}, {&(0x7f0000001f00)=""/225, 0xe1}, {&(0x7f0000002f40)=""/4096, 0x1000}], 0x4, &(0x7f0000002040)=""/125, 0x7d}, 0xc6e6}, {{0x0, 0x0, &(0x7f0000002340)=[{0x0}, {&(0x7f00000021c0)=""/131, 0x83}, {0x0}], 0x3, &(0x7f0000002380)=""/228, 0xe4}, 0x7fffffff}, {{&(0x7f0000002480)=@l2tp={0x2, 0x0, @remote}, 0x80, 0x0}, 0xffffffff}, {{&(0x7f0000002d40)=@pptp={0x18, 0x2, {0x0, @dev}}, 0x80, &(0x7f0000004040)=[{&(0x7f0000002dc0)=""/91, 0x5b}, {&(0x7f0000003f40)=""/222, 0xde}], 0x2}, 0xfffffff7}], 0x7, 0x2, &(0x7f00000000c0)={0x77359400}) recvmmsg(r1, &(0x7f0000004600)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/221, 0xdd}, {&(0x7f00000013c0)=""/156, 0x9c}, {&(0x7f0000001480)=""/250, 0xfa}], 0x3, &(0x7f0000000040)=""/50, 0x32}, 0x2}, {{&(0x7f0000001580)=@ipx, 0x80, &(0x7f0000000240)=[{&(0x7f0000001600)=""/128, 0x80}, {&(0x7f00000016c0)=""/132, 0x84}, {&(0x7f0000002840)=""/211, 0xd0}, {&(0x7f0000001880)=""/120, 0x78}], 0x4}, 0x64}, {{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000001900)=""/127, 0x7f}, {&(0x7f0000001980)=""/98, 0x62}, {&(0x7f0000001a00)=""/145, 0x91}], 0x3}, 0x81}, {{&(0x7f0000001b40)=@caif, 0x80, &(0x7f0000001ec0)=[{&(0x7f0000001bc0)=""/78, 0x4e}, {&(0x7f0000001d00)=""/135, 0x87}, {&(0x7f0000001dc0)=""/251, 0xfb}, {&(0x7f00000020c0)=""/222, 0xde}], 0x4, &(0x7f0000002280)=""/37, 0x25}}, {{&(0x7f00000022c0)=@un=@abs, 0x80, &(0x7f0000002640)=[{&(0x7f0000002500)=""/220, 0xdc}, {&(0x7f0000002600)=""/21, 0x15}, {&(0x7f0000004980)=""/259, 0x103}, {&(0x7f0000002740)=""/252, 0xfc}, {&(0x7f0000004880)=""/238, 0xee}, {&(0x7f0000002940)=""/102, 0x66}, {&(0x7f00000029c0)=""/239, 0xef}], 0x7}, 0x1}, {{&(0x7f0000002b40)=@phonet, 0x80, &(0x7f0000002ec0)=[{&(0x7f0000004800)=""/101, 0x65}, {&(0x7f0000002c40)=""/150, 0x96}, {&(0x7f0000002e40)=""/67, 0x43}, {&(0x7f0000004240)=""/229, 0xe5}, {&(0x7f0000002d00)=""/54, 0x36}, {&(0x7f0000004340)=""/148, 0x94}, {&(0x7f0000004400)=""/216, 0xd8}], 0x7, &(0x7f0000004500)=""/203, 0xcb}}], 0x61, 0x1, &(0x7f0000004780)={0x77359400}) 16:15:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a", 0x62}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:15:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5606, &(0x7f0000000000)={0x2, {0x3}}) 16:15:51 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:15:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5607, &(0x7f0000000000)={0x2, {0x3}}) 16:15:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541e, &(0x7f0000000000)={0x2, {0x3}}) [ 368.806272][ T22] kauditd_printk_skb: 1 callbacks suppressed [ 368.806280][ T22] audit: type=1326 audit(1631031351.868:8582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10436 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 368.835825][T10118] Bluetooth: hci0: sending frame failed (-49) 16:15:51 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5608, &(0x7f0000000000)={0x2, {0x3}}) 16:15:51 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541e, &(0x7f0000000000)={0x2, {0x3}}) [ 368.868319][ T22] audit: type=1326 audit(1631031351.918:8583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 368.962843][T10449] selection: kmalloc() failed [ 369.118039][T10463] selection: kmalloc() failed [ 370.858815][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 370.864830][T10454] Bluetooth: hci0: sending frame failed (-49) [ 370.938772][ T67] Bluetooth: hci1: command 0x1003 tx timeout [ 370.944807][T10454] Bluetooth: hci1: sending frame failed (-49) [ 372.938718][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 372.944769][T10454] Bluetooth: hci0: sending frame failed (-49) [ 373.018732][ T17] Bluetooth: hci1: command 0x1001 tx timeout [ 373.024749][T10454] Bluetooth: hci1: sending frame failed (-49) [ 375.018602][ T17] Bluetooth: hci0: command 0x1009 tx timeout [ 375.098604][ T17] Bluetooth: hci1: command 0x1009 tx timeout 16:16:02 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:02 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5609, &(0x7f0000000000)={0x2, {0x3}}) 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5421, &(0x7f0000000000)={0x2, {0x3}}) 16:16:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d", 0xb8}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a", 0x62}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:02 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5422, &(0x7f0000000000)={0x2, {0x3}}) [ 379.050584][ T22] audit: type=1326 audit(1631031362.118:8584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10468 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 379.075206][ T4171] Bluetooth: hci0: sending frame failed (-49) 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5423, &(0x7f0000000000)={0x2, {0x3}}) 16:16:02 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560a, &(0x7f0000000000)={0x2, {0x3}}) 16:16:02 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5424, &(0x7f0000000000)={0x2, {0x3}}) [ 379.082222][ T22] audit: type=1326 audit(1631031362.138:8585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10470 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5425, &(0x7f0000000000)={0x2, {0x3}}) 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5427, &(0x7f0000000000)={0x2, {0x3}}) 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5428, &(0x7f0000000000)={0x2, {0x3}}) 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5429, &(0x7f0000000000)={0x2, {0x3}}) [ 379.286017][T10483] selection: kmalloc() failed [ 379.386956][T10503] selection: kmalloc() failed 16:16:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5437, &(0x7f0000000000)={0x2, {0x3}}) 16:16:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a8", 0x93}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 379.947409][ T22] audit: type=1326 audit(1631031363.009:8586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10507 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 380.178498][T10512] selection: kmalloc() failed [ 381.098241][ T12] Bluetooth: hci0: command 0x1003 tx timeout [ 381.104285][T10454] Bluetooth: hci0: sending frame failed (-49) [ 381.178302][ T17] Bluetooth: hci1: command 0x1003 tx timeout [ 381.184363][T10454] Bluetooth: hci1: sending frame failed (-49) [ 383.178161][ T3743] Bluetooth: hci0: command 0x1001 tx timeout [ 383.184270][T10454] Bluetooth: hci0: sending frame failed (-49) [ 383.258197][ T3743] Bluetooth: hci1: command 0x1001 tx timeout [ 383.264213][T10454] Bluetooth: hci1: sending frame failed (-49) [ 385.258065][ T3743] Bluetooth: hci0: command 0x1009 tx timeout [ 385.338128][ T67] Bluetooth: hci1: command 0x1009 tx timeout 16:16:12 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:16:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d", 0xb8}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:12 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560b, &(0x7f0000000000)={0x2, {0x3}}) 16:16:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5441, &(0x7f0000000000)={0x2, {0x3}}) 16:16:12 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a8", 0x93}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5450, &(0x7f0000000000)={0x2, {0x3}}) [ 389.284691][ T22] audit: type=1326 audit(1631031372.349:8587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10517 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:12 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:12 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:12 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560c, &(0x7f0000000000)={0x2, {0x3}}) 16:16:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5451, &(0x7f0000000000)={0x2, {0x3}}) 16:16:12 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 389.326073][ T392] Bluetooth: hci0: Frame reassembly failed (-84) [ 389.334798][ T22] audit: type=1326 audit(1631031372.359:8588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10518 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 389.526368][T10532] selection: kmalloc() failed [ 389.620418][T10549] selection: kmalloc() failed [ 391.337718][ T12] Bluetooth: hci0: command 0x1003 tx timeout [ 391.343781][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 393.417691][ T12] Bluetooth: hci0: command 0x1001 tx timeout [ 393.423777][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 395.497528][ T12] Bluetooth: hci0: command 0x1009 tx timeout 16:16:22 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:16:22 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5452, &(0x7f0000000000)={0x2, {0x3}}) 16:16:22 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560d, &(0x7f0000000000)={0x2, {0x3}}) 16:16:22 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d", 0xb8}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a8", 0x93}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:22 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560e, &(0x7f0000000000)={0x2, {0x3}}) 16:16:22 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:22 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x545d, &(0x7f0000000000)={0x2, {0x3}}) 16:16:22 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560f, &(0x7f0000000000)={0x2, {0x3}}) [ 399.523700][ T22] audit: type=1326 audit(1631031382.590:8589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10557 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:22 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:16:22 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5460, &(0x7f0000000000)={0x2, {0x3}}) 16:16:22 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:22 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:16:22 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x40049409, &(0x7f0000000000)={0x2, {0x3}}) [ 399.590892][ T22] audit: type=1326 audit(1631031382.610:8590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10556 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:22 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5600, &(0x7f0000000000)={0x2, {0x3}}) [ 399.788724][T10576] selection: kmalloc() failed [ 399.886089][T10590] selection: kmalloc() failed 16:16:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c", 0xbe}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:23 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:16:23 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:23 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x40086602, &(0x7f0000000000)={0x2, {0x3}}) 16:16:23 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5601, &(0x7f0000000000)={0x2, {0x3}}) 16:16:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a725", 0xac}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:23 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:23 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:16:23 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5602, &(0x7f0000000000)={0x2, {0x3}}) 16:16:23 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x40087602, &(0x7f0000000000)={0x2, {0x3}}) [ 400.406543][ T22] audit: type=1326 audit(1631031383.470:8591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10598 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:23 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4020940d, &(0x7f0000000000)={0x2, {0x3}}) 16:16:23 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) getpid() ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) [ 400.471592][ T22] audit: type=1326 audit(1631031383.470:8592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10599 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 400.651022][T10620] selection: kmalloc() failed [ 400.743544][T10628] selection: kmalloc() failed 16:16:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c", 0xbe}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:24 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:24 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5603, &(0x7f0000000000)={0x2, {0x3}}) 16:16:24 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x80045432, &(0x7f0000000000)={0x2, {0x3}}) 16:16:24 executing program 0: r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xba, 0x6, 0x3, 0x8, 0x0, 0xc1, 0x4002, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={&(0x7f0000000000), 0x6}, 0x4000, 0x101, 0x5, 0x0, 0x400, 0x5, 0x8, 0x0, 0x4b, 0x0, 0x8c1}, 0x0, 0x4, r0, 0x3) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) 16:16:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a725", 0xac}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 401.254151][ T22] audit: type=1326 audit(1631031384.320:8593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10631 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:24 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5605, &(0x7f0000000000)={0x2, {0x3}}) 16:16:24 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:24 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x80045440, &(0x7f0000000000)={0x2, {0x3}}) 16:16:24 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:24 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x80086601, &(0x7f0000000000)={0x2, {0x3}}) 16:16:24 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) [ 401.308952][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 401.328310][ T22] audit: type=1326 audit(1631031384.360:8594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10637 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 401.491061][T10644] selection: kmalloc() failed [ 401.614101][T10662] selection: kmalloc() failed 16:16:25 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x80087601, &(0x7f0000000000)={0x2, {0x3}}) 16:16:25 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:16:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c", 0xbe}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:25 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5606, &(0x7f0000000000)={0x2, {0x3}}) [ 402.119197][ T22] audit: type=1326 audit(1631031385.190:8595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10669 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 402.228851][T10674] selection: kmalloc() failed [ 403.337077][ T12] Bluetooth: hci0: command 0x1003 tx timeout [ 403.343143][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 405.417010][ T12] Bluetooth: hci0: command 0x1001 tx timeout [ 405.423029][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 407.496916][ T12] Bluetooth: hci0: command 0x1009 tx timeout 16:16:34 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:34 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:16:34 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0xc0045878, &(0x7f0000000000)={0x2, {0x3}}) 16:16:34 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5607, &(0x7f0000000000)={0x2, {0x3}}) 16:16:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a725", 0xac}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807", 0xc1}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:34 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5608, &(0x7f0000000000)={0x2, {0x3}}) 16:16:34 executing program 3 (fault-call:2 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:34 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0xc0045878, &(0x7f0000000000)={0x2, {0x3}}) [ 411.686311][ T22] audit: type=1326 audit(1631031394.750:8596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10680 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:34 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x5609, &(0x7f0000000000)={0x2, {0x3}}) [ 411.734504][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 411.743774][T10697] FAULT_INJECTION: forcing a failure. [ 411.743774][T10697] name failslab, interval 1, probability 0, space 0, times 1 [ 411.749636][ T22] audit: type=1326 audit(1631031394.790:8597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10679 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:34 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0xc0189436, &(0x7f0000000000)={0x2, {0x3}}) [ 411.766099][T10697] CPU: 1 PID: 10697 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 411.792233][T10697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 16:16:34 executing program 3 (fault-call:2 fault-nth:1): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 411.802461][T10697] Call Trace: [ 411.802486][T10697] dump_stack+0x1d8/0x24e [ 411.802497][T10697] ? devkmsg_release+0x11c/0x11c [ 411.802507][T10697] ? show_regs_print_info+0x12/0x12 [ 411.802517][T10697] ? __set_page_owner+0x35/0x200 [ 411.802529][T10697] should_fail+0x6f6/0x860 [ 411.802539][T10697] ? setup_fault_attr+0x3d0/0x3d0 [ 411.802548][T10697] ? ldsem_down_read+0xb7/0x890 [ 411.802558][T10697] ? hci_alloc_dev+0x4d/0x15e0 [ 411.802599][T10697] should_failslab+0x5/0x20 [ 411.802609][T10697] kmem_cache_alloc_trace+0x39/0x2b0 [ 411.802620][T10697] hci_alloc_dev+0x4d/0x15e0 [ 411.802631][T10697] hci_uart_tty_ioctl+0x3c0/0xa10 [ 411.802641][T10697] ? hci_uart_tty_write+0x10/0x10 [ 411.802651][T10697] tty_ioctl+0xf68/0x1710 [ 411.802661][T10697] ? tty_do_resize+0x170/0x170 [ 411.802671][T10697] ? avc_ss_reset+0x3a0/0x3a0 [ 411.802680][T10697] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 411.802689][T10697] ? refcount_inc_checked+0x50/0x50 [ 411.802699][T10697] ? memcg_check_events+0x5c/0x5b0 [ 411.802711][T10697] ? proc_fail_nth_write+0x1d5/0x240 [ 411.802722][T10697] ? proc_fail_nth_read+0x1c0/0x1c0 [ 411.802731][T10697] ? __lru_cache_add+0x1c4/0x210 [ 411.802739][T10697] ? memset+0x1f/0x40 [ 411.802747][T10697] ? fsnotify+0x1332/0x13f0 [ 411.802756][T10697] ? tty_do_resize+0x170/0x170 [ 411.802767][T10697] do_vfs_ioctl+0x76a/0x1720 [ 411.802777][T10697] ? selinux_file_ioctl+0x72f/0x990 [ 411.802788][T10697] ? ioctl_preallocate+0x250/0x250 [ 411.802800][T10697] ? __fget+0x37b/0x3c0 [ 411.802807][T10697] ? vfs_write+0x422/0x4e0 [ 411.802818][T10697] ? fget_many+0x20/0x20 [ 411.802827][T10697] ? debug_smp_processor_id+0x20/0x20 [ 411.802837][T10697] ? security_file_ioctl+0x9d/0xb0 [ 411.802847][T10697] __x64_sys_ioctl+0xd4/0x110 [ 411.802858][T10697] do_syscall_64+0xcb/0x1e0 [ 411.802869][T10697] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.802878][T10697] RIP: 0033:0x4665f9 [ 411.802888][T10697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 411.802893][T10697] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 411.802902][T10697] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 411.802908][T10697] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 411.802913][T10697] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 411.802919][T10697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.802924][T10697] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 411.830785][T10697] Bluetooth: Can't allocate HCI device [ 411.900298][T10709] FAULT_INJECTION: forcing a failure. [ 411.900298][T10709] name failslab, interval 1, probability 0, space 0, times 0 [ 411.900312][T10709] CPU: 0 PID: 10709 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 411.900317][T10709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 411.900320][T10709] Call Trace: [ 411.900336][T10709] dump_stack+0x1d8/0x24e [ 411.900346][T10709] ? devkmsg_release+0x11c/0x11c [ 411.900359][T10709] ? show_regs_print_info+0x12/0x12 [ 411.900370][T10709] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 411.900381][T10709] should_fail+0x6f6/0x860 [ 411.900392][T10709] ? setup_fault_attr+0x3d0/0x3d0 [ 411.900399][T10709] ? memset+0x1f/0x40 [ 411.900409][T10709] ? h4_open+0x4f/0x140 [ 411.900419][T10709] should_failslab+0x5/0x20 [ 411.900428][T10709] kmem_cache_alloc_trace+0x39/0x2b0 [ 411.900438][T10709] h4_open+0x4f/0x140 [ 411.900447][T10709] hci_uart_tty_ioctl+0x7ea/0xa10 [ 411.900456][T10709] ? hci_uart_tty_write+0x10/0x10 [ 411.900466][T10709] tty_ioctl+0xf68/0x1710 [ 411.900475][T10709] ? tty_do_resize+0x170/0x170 [ 411.900484][T10709] ? avc_ss_reset+0x3a0/0x3a0 [ 411.900492][T10709] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 411.900500][T10709] ? refcount_inc_checked+0x50/0x50 [ 411.900507][T10709] ? memcg_check_events+0x5c/0x5b0 [ 411.900519][T10709] ? proc_fail_nth_write+0x1d5/0x240 [ 411.900529][T10709] ? proc_fail_nth_read+0x1c0/0x1c0 [ 411.900539][T10709] ? __lru_cache_add+0x1c4/0x210 [ 411.900547][T10709] ? memset+0x1f/0x40 [ 411.900555][T10709] ? fsnotify+0x1332/0x13f0 [ 411.900563][T10709] ? tty_do_resize+0x170/0x170 [ 411.900573][T10709] do_vfs_ioctl+0x76a/0x1720 [ 411.900583][T10709] ? selinux_file_ioctl+0x72f/0x990 [ 411.900593][T10709] ? ioctl_preallocate+0x250/0x250 [ 411.900604][T10709] ? __fget+0x37b/0x3c0 [ 411.900612][T10709] ? vfs_write+0x422/0x4e0 [ 411.900622][T10709] ? fget_many+0x20/0x20 [ 411.900630][T10709] ? debug_smp_processor_id+0x20/0x20 [ 411.900640][T10709] ? security_file_ioctl+0x9d/0xb0 [ 411.900650][T10709] __x64_sys_ioctl+0xd4/0x110 [ 411.900660][T10709] do_syscall_64+0xcb/0x1e0 [ 411.900671][T10709] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 411.900678][T10709] RIP: 0033:0x4665f9 [ 411.900687][T10709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 411.900692][T10709] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 411.900701][T10709] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 411.900707][T10709] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 411.900712][T10709] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 411.900717][T10709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.900722][T10709] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 411.961850][T10701] selection: kmalloc() failed [ 412.599337][T10705] selection: kmalloc() failed [ 413.816561][ T3281] Bluetooth: hci0: command 0x1003 tx timeout [ 413.822578][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 415.896482][ T3281] Bluetooth: hci0: command 0x1001 tx timeout [ 415.902506][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 417.976420][ T3281] Bluetooth: hci0: command 0x1009 tx timeout 16:16:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:44 executing program 3 (fault-call:2 fault-nth:2): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d", 0xb8}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:44 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0xc020660b, &(0x7f0000000000)={0x2, {0x3}}) 16:16:44 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560a, &(0x7f0000000000)={0x2, {0x3}}) 16:16:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807", 0xc1}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 421.913599][T10717] FAULT_INJECTION: forcing a failure. [ 421.913599][T10717] name failslab, interval 1, probability 0, space 0, times 0 [ 421.926813][ T22] audit: type=1326 audit(1631031405.001:8598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10721 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 421.930744][ T90] Bluetooth: hci1: Frame reassembly failed (-84) 16:16:45 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x3, {0x3}}) [ 421.958928][ T22] audit: type=1326 audit(1631031405.031:8599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10719 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 421.963658][T10717] CPU: 0 PID: 10717 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 421.993966][T10717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.993971][T10717] Call Trace: [ 421.993989][T10717] dump_stack+0x1d8/0x24e [ 421.994000][T10717] ? devkmsg_release+0x11c/0x11c [ 421.994009][T10717] ? memset+0x1f/0x40 [ 421.994019][T10717] ? show_regs_print_info+0x12/0x12 [ 421.994029][T10717] ? number+0xea3/0x1300 [ 421.994036][T10717] ? xas_create+0x12c3/0x13b0 [ 421.994048][T10717] should_fail+0x6f6/0x860 [ 421.994059][T10717] ? setup_fault_attr+0x3d0/0x3d0 [ 421.994067][T10717] ? xas_store+0xae3/0x1610 [ 421.994076][T10717] ? vsnprintf+0x1e4/0x1d60 [ 421.994084][T10717] ? alloc_workqueue+0x156/0x11d0 [ 421.994095][T10717] should_failslab+0x5/0x20 [ 421.994104][T10717] __kmalloc+0x5f/0x2f0 [ 421.994114][T10717] alloc_workqueue+0x156/0x11d0 [ 421.994124][T10717] ? ptr_to_hashval+0x60/0x60 [ 421.994134][T10717] ? sprintf+0xd6/0x120 [ 421.994141][T10717] ? idr_replace+0x230/0x230 [ 421.994150][T10717] ? vsnprintf+0x1caa/0x1d60 [ 421.994159][T10717] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 421.994169][T10717] ? h4_open+0x4f/0x140 [ 421.994179][T10717] hci_register_dev+0x19a/0x710 [ 421.994189][T10717] ? h4_open+0x60/0x140 [ 421.994198][T10717] hci_uart_tty_ioctl+0x89e/0xa10 [ 421.994207][T10717] ? hci_uart_tty_write+0x10/0x10 [ 421.994217][T10717] tty_ioctl+0xf68/0x1710 [ 421.994225][T10717] ? tty_do_resize+0x170/0x170 [ 421.994233][T10717] ? avc_ss_reset+0x3a0/0x3a0 [ 421.994240][T10717] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 421.994247][T10717] ? refcount_inc_checked+0x50/0x50 [ 421.994255][T10717] ? memcg_check_events+0x5c/0x5b0 [ 421.994267][T10717] ? proc_fail_nth_write+0x1d5/0x240 [ 421.994277][T10717] ? proc_fail_nth_read+0x1c0/0x1c0 [ 421.994285][T10717] ? __lru_cache_add+0x1c4/0x210 [ 421.994293][T10717] ? memset+0x1f/0x40 [ 421.994300][T10717] ? fsnotify+0x1332/0x13f0 [ 421.994308][T10717] ? tty_do_resize+0x170/0x170 [ 421.994319][T10717] do_vfs_ioctl+0x76a/0x1720 [ 421.994329][T10717] ? selinux_file_ioctl+0x72f/0x990 [ 421.994339][T10717] ? ioctl_preallocate+0x250/0x250 [ 421.994351][T10717] ? __fget+0x37b/0x3c0 [ 421.994359][T10717] ? vfs_write+0x422/0x4e0 [ 421.994369][T10717] ? fget_many+0x20/0x20 [ 421.994377][T10717] ? debug_smp_processor_id+0x20/0x20 [ 421.994386][T10717] ? security_file_ioctl+0x9d/0xb0 [ 421.994395][T10717] __x64_sys_ioctl+0xd4/0x110 [ 421.994404][T10717] do_syscall_64+0xcb/0x1e0 [ 421.994414][T10717] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 421.994421][T10717] RIP: 0033:0x4665f9 [ 421.994430][T10717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 421.994435][T10717] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 16:16:45 executing program 3 (fault-call:2 fault-nth:3): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 421.994445][T10717] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 421.994450][T10717] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 421.994455][T10717] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 421.994460][T10717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.994465][T10717] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 421.995550][T10717] Bluetooth: Can't register HCI device 16:16:45 executing program 3 (fault-call:2 fault-nth:4): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:45 executing program 3 (fault-call:2 fault-nth:5): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:45 executing program 3 (fault-call:2 fault-nth:6): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:45 executing program 3 (fault-call:2 fault-nth:7): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 422.343531][T10735] FAULT_INJECTION: forcing a failure. [ 422.343531][T10735] name failslab, interval 1, probability 0, space 0, times 0 [ 422.343546][T10735] CPU: 1 PID: 10735 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 422.343551][T10735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.343554][T10735] Call Trace: [ 422.343569][T10735] dump_stack+0x1d8/0x24e [ 422.343579][T10735] ? devkmsg_release+0x11c/0x11c [ 422.343589][T10735] ? show_regs_print_info+0x12/0x12 [ 422.343601][T10735] should_fail+0x6f6/0x860 [ 422.343612][T10735] ? setup_fault_attr+0x3d0/0x3d0 [ 422.343621][T10735] ? alloc_workqueue+0x1cb/0x11d0 [ 422.343631][T10735] should_failslab+0x5/0x20 [ 422.343640][T10735] kmem_cache_alloc_trace+0x39/0x2b0 [ 422.343647][T10735] ? alloc_workqueue+0x156/0x11d0 [ 422.343656][T10735] alloc_workqueue+0x1cb/0x11d0 [ 422.343667][T10735] ? sprintf+0xd6/0x120 [ 422.343675][T10735] ? idr_replace+0x230/0x230 [ 422.343684][T10735] ? vsnprintf+0x1caa/0x1d60 [ 422.343693][T10735] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 422.343703][T10735] ? h4_open+0x4f/0x140 [ 422.343711][T10735] ? h4_open+0x4f/0x140 [ 422.343722][T10735] hci_register_dev+0x19a/0x710 [ 422.343731][T10735] ? h4_open+0x60/0x140 [ 422.343740][T10735] hci_uart_tty_ioctl+0x89e/0xa10 [ 422.343750][T10735] ? hci_uart_tty_write+0x10/0x10 [ 422.343759][T10735] tty_ioctl+0xf68/0x1710 [ 422.343768][T10735] ? tty_do_resize+0x170/0x170 [ 422.343777][T10735] ? avc_ss_reset+0x3a0/0x3a0 [ 422.343786][T10735] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 422.343794][T10735] ? refcount_inc_checked+0x50/0x50 [ 422.343803][T10735] ? memcg_check_events+0x5c/0x5b0 [ 422.343815][T10735] ? proc_fail_nth_write+0x1d5/0x240 [ 422.343825][T10735] ? proc_fail_nth_read+0x1c0/0x1c0 [ 422.343834][T10735] ? __lru_cache_add+0x1c4/0x210 [ 422.343842][T10735] ? memset+0x1f/0x40 [ 422.343849][T10735] ? fsnotify+0x1332/0x13f0 [ 422.343858][T10735] ? tty_do_resize+0x170/0x170 [ 422.343868][T10735] do_vfs_ioctl+0x76a/0x1720 [ 422.343877][T10735] ? selinux_file_ioctl+0x72f/0x990 [ 422.343887][T10735] ? ioctl_preallocate+0x250/0x250 [ 422.343899][T10735] ? __fget+0x37b/0x3c0 [ 422.343906][T10735] ? vfs_write+0x422/0x4e0 [ 422.343917][T10735] ? fget_many+0x20/0x20 [ 422.343925][T10735] ? debug_smp_processor_id+0x20/0x20 [ 422.343935][T10735] ? security_file_ioctl+0x9d/0xb0 [ 422.343945][T10735] __x64_sys_ioctl+0xd4/0x110 [ 422.343955][T10735] do_syscall_64+0xcb/0x1e0 [ 422.343965][T10735] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.343972][T10735] RIP: 0033:0x4665f9 [ 422.343980][T10735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 422.343985][T10735] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.343994][T10735] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 422.343999][T10735] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 422.344004][T10735] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 422.344009][T10735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.344014][T10735] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 422.344114][T10735] Bluetooth: Can't register HCI device [ 422.379845][T10738] FAULT_INJECTION: forcing a failure. [ 422.379845][T10738] name failslab, interval 1, probability 0, space 0, times 0 [ 422.379860][T10738] CPU: 0 PID: 10738 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 422.379865][T10738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.379868][T10738] Call Trace: [ 422.379884][T10738] dump_stack+0x1d8/0x24e [ 422.379895][T10738] ? devkmsg_release+0x11c/0x11c [ 422.379903][T10738] ? arch_stack_walk+0xf8/0x140 [ 422.379912][T10738] ? show_regs_print_info+0x12/0x12 [ 422.379925][T10738] should_fail+0x6f6/0x860 [ 422.379935][T10738] ? setup_fault_attr+0x3d0/0x3d0 [ 422.379943][T10738] ? __unwind_start+0x72f/0x8e0 [ 422.379953][T10738] ? apply_wqattrs_prepare+0xcb/0x17e0 [ 422.379962][T10738] should_failslab+0x5/0x20 [ 422.379972][T10738] kmem_cache_alloc_trace+0x39/0x2b0 [ 422.379982][T10738] apply_wqattrs_prepare+0xcb/0x17e0 [ 422.379990][T10738] ? alloc_workqueue+0x1cb/0x11d0 [ 422.380007][T10738] ? hci_register_dev+0x19a/0x710 [ 422.380016][T10738] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 422.380025][T10738] ? tty_ioctl+0xf68/0x1710 [ 422.380034][T10738] ? do_vfs_ioctl+0x76a/0x1720 [ 422.380043][T10738] ? __x64_sys_ioctl+0xd4/0x110 [ 422.380051][T10738] ? do_syscall_64+0xcb/0x1e0 [ 422.380060][T10738] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.380071][T10738] ? format_decode+0xc5c/0x1ab0 [ 422.380079][T10738] ? cwt_wakefn+0x70/0x70 [ 422.380088][T10738] ? vsnprintf+0x1d60/0x1d60 [ 422.380098][T10738] ? string+0x280/0x2c0 [ 422.380105][T10738] ? widen_string+0x3a/0x340 [ 422.380113][T10738] ? string+0x280/0x2c0 [ 422.380122][T10738] apply_workqueue_attrs_locked+0x136/0x6d0 [ 422.380129][T10738] ? check_preemption_disabled+0x9e/0x330 [ 422.380137][T10738] ? apply_workqueue_attrs+0x40/0x40 [ 422.380144][T10738] ? mutex_lock+0xa6/0x110 [ 422.380152][T10738] ? mutex_trylock+0xb0/0xb0 [ 422.380162][T10738] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 422.380170][T10738] alloc_workqueue+0xcc4/0x11d0 [ 422.380180][T10738] ? sprintf+0xd6/0x120 [ 422.380188][T10738] ? idr_replace+0x230/0x230 [ 422.380197][T10738] ? vsnprintf+0x1caa/0x1d60 [ 422.380205][T10738] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 422.380215][T10738] ? h4_open+0x4f/0x140 [ 422.380224][T10738] hci_register_dev+0x19a/0x710 [ 422.380233][T10738] ? h4_open+0x60/0x140 [ 422.380242][T10738] hci_uart_tty_ioctl+0x89e/0xa10 [ 422.380252][T10738] ? hci_uart_tty_write+0x10/0x10 [ 422.380260][T10738] tty_ioctl+0xf68/0x1710 [ 422.380269][T10738] ? tty_do_resize+0x170/0x170 [ 422.380278][T10738] ? avc_ss_reset+0x3a0/0x3a0 [ 422.380286][T10738] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 422.380295][T10738] ? refcount_inc_checked+0x50/0x50 [ 422.380304][T10738] ? memcg_check_events+0x5c/0x5b0 [ 422.380314][T10738] ? proc_fail_nth_write+0x1d5/0x240 [ 422.380323][T10738] ? proc_fail_nth_read+0x1c0/0x1c0 [ 422.380332][T10738] ? __lru_cache_add+0x1c4/0x210 [ 422.380339][T10738] ? memset+0x1f/0x40 [ 422.380347][T10738] ? fsnotify+0x1332/0x13f0 [ 422.380355][T10738] ? tty_do_resize+0x170/0x170 [ 422.380365][T10738] do_vfs_ioctl+0x76a/0x1720 [ 422.380374][T10738] ? selinux_file_ioctl+0x72f/0x990 [ 422.380384][T10738] ? ioctl_preallocate+0x250/0x250 [ 422.380396][T10738] ? __fget+0x37b/0x3c0 [ 422.380403][T10738] ? vfs_write+0x422/0x4e0 [ 422.380413][T10738] ? fget_many+0x20/0x20 [ 422.380421][T10738] ? debug_smp_processor_id+0x20/0x20 [ 422.380430][T10738] ? security_file_ioctl+0x9d/0xb0 [ 422.380439][T10738] __x64_sys_ioctl+0xd4/0x110 [ 422.380448][T10738] do_syscall_64+0xcb/0x1e0 [ 422.380458][T10738] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.380466][T10738] RIP: 0033:0x4665f9 [ 422.380475][T10738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 422.380480][T10738] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.380488][T10738] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 422.380493][T10738] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 422.380499][T10738] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 422.380503][T10738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.380509][T10738] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 422.381662][T10738] Bluetooth: Can't register HCI device [ 422.398222][T10728] selection: kmalloc() failed [ 422.421381][T10741] FAULT_INJECTION: forcing a failure. [ 422.421381][T10741] name failslab, interval 1, probability 0, space 0, times 0 [ 422.421394][T10741] CPU: 1 PID: 10741 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 422.421399][T10741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.421402][T10741] Call Trace: [ 422.421419][T10741] dump_stack+0x1d8/0x24e [ 422.421430][T10741] ? devkmsg_release+0x11c/0x11c [ 422.421440][T10741] ? show_regs_print_info+0x12/0x12 [ 422.421452][T10741] should_fail+0x6f6/0x860 [ 422.421462][T10741] ? setup_fault_attr+0x3d0/0x3d0 [ 422.421473][T10741] ? apply_wqattrs_prepare+0x102/0x17e0 [ 422.421484][T10741] should_failslab+0x5/0x20 [ 422.421494][T10741] kmem_cache_alloc_trace+0x39/0x2b0 [ 422.421502][T10741] ? apply_wqattrs_prepare+0xcb/0x17e0 [ 422.421511][T10741] apply_wqattrs_prepare+0x102/0x17e0 [ 422.421523][T10741] ? alloc_workqueue+0x1cb/0x11d0 [ 422.421533][T10741] ? hci_register_dev+0x19a/0x710 [ 422.421542][T10741] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 422.421550][T10741] ? tty_ioctl+0xf68/0x1710 [ 422.421560][T10741] ? do_vfs_ioctl+0x76a/0x1720 [ 422.421569][T10741] ? __x64_sys_ioctl+0xd4/0x110 [ 422.421578][T10741] ? do_syscall_64+0xcb/0x1e0 [ 422.421587][T10741] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.421598][T10741] ? format_decode+0xc5c/0x1ab0 [ 422.421607][T10741] ? cwt_wakefn+0x70/0x70 [ 422.421616][T10741] ? vsnprintf+0x1d60/0x1d60 [ 422.421626][T10741] ? string+0x280/0x2c0 [ 422.421632][T10741] ? widen_string+0x3a/0x340 [ 422.421641][T10741] ? string+0x280/0x2c0 [ 422.421649][T10741] apply_workqueue_attrs_locked+0x136/0x6d0 [ 422.421659][T10741] ? check_preemption_disabled+0x9e/0x330 [ 422.421667][T10741] ? apply_workqueue_attrs+0x40/0x40 [ 422.421676][T10741] ? mutex_lock+0xa6/0x110 [ 422.421685][T10741] ? mutex_trylock+0xb0/0xb0 [ 422.421694][T10741] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 422.421703][T10741] alloc_workqueue+0xcc4/0x11d0 [ 422.421713][T10741] ? sprintf+0xd6/0x120 [ 422.421723][T10741] ? idr_replace+0x230/0x230 [ 422.421732][T10741] ? vsnprintf+0x1caa/0x1d60 [ 422.421741][T10741] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 422.421750][T10741] ? h4_open+0x4f/0x140 [ 422.421760][T10741] hci_register_dev+0x19a/0x710 [ 422.421770][T10741] ? h4_open+0x60/0x140 [ 422.421779][T10741] hci_uart_tty_ioctl+0x89e/0xa10 [ 422.421788][T10741] ? hci_uart_tty_write+0x10/0x10 [ 422.421797][T10741] tty_ioctl+0xf68/0x1710 [ 422.421807][T10741] ? tty_do_resize+0x170/0x170 [ 422.421815][T10741] ? avc_ss_reset+0x3a0/0x3a0 [ 422.421824][T10741] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 422.421832][T10741] ? refcount_inc_checked+0x50/0x50 [ 422.421841][T10741] ? memcg_check_events+0x5c/0x5b0 [ 422.421853][T10741] ? proc_fail_nth_write+0x1d5/0x240 [ 422.421863][T10741] ? proc_fail_nth_read+0x1c0/0x1c0 [ 422.421872][T10741] ? __lru_cache_add+0x1c4/0x210 [ 422.421879][T10741] ? memset+0x1f/0x40 [ 422.421887][T10741] ? fsnotify+0x1332/0x13f0 [ 422.421896][T10741] ? tty_do_resize+0x170/0x170 [ 422.421905][T10741] do_vfs_ioctl+0x76a/0x1720 [ 422.421914][T10741] ? selinux_file_ioctl+0x72f/0x990 [ 422.421925][T10741] ? ioctl_preallocate+0x250/0x250 [ 422.421936][T10741] ? __fget+0x37b/0x3c0 [ 422.421943][T10741] ? vfs_write+0x422/0x4e0 [ 422.421954][T10741] ? fget_many+0x20/0x20 [ 422.421962][T10741] ? debug_smp_processor_id+0x20/0x20 [ 422.421972][T10741] ? security_file_ioctl+0x9d/0xb0 [ 422.421982][T10741] __x64_sys_ioctl+0xd4/0x110 [ 422.421991][T10741] do_syscall_64+0xcb/0x1e0 [ 422.422001][T10741] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.422009][T10741] RIP: 0033:0x4665f9 [ 422.422018][T10741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 422.422023][T10741] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.422032][T10741] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 422.422037][T10741] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 422.422042][T10741] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 422.422047][T10741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.422052][T10741] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 422.424251][T10741] Bluetooth: Can't register HCI device [ 422.464760][T10744] FAULT_INJECTION: forcing a failure. [ 422.464760][T10744] name failslab, interval 1, probability 0, space 0, times 0 [ 422.464775][T10744] CPU: 0 PID: 10744 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 422.464780][T10744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.464783][T10744] Call Trace: [ 422.464799][T10744] dump_stack+0x1d8/0x24e [ 422.464810][T10744] ? devkmsg_release+0x11c/0x11c [ 422.464821][T10744] ? show_regs_print_info+0x12/0x12 [ 422.464832][T10744] should_fail+0x6f6/0x860 [ 422.464842][T10744] ? setup_fault_attr+0x3d0/0x3d0 [ 422.464852][T10744] ? apply_wqattrs_prepare+0x1c0/0x17e0 [ 422.464864][T10744] should_failslab+0x5/0x20 [ 422.464872][T10744] kmem_cache_alloc_trace+0x39/0x2b0 [ 422.464887][T10744] ? apply_wqattrs_prepare+0x102/0x17e0 [ 422.464897][T10744] apply_wqattrs_prepare+0x1c0/0x17e0 [ 422.464904][T10744] ? alloc_workqueue+0x1cb/0x11d0 [ 422.464915][T10744] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 422.464923][T10744] ? tty_ioctl+0xf68/0x1710 [ 422.464933][T10744] ? do_vfs_ioctl+0x76a/0x1720 [ 422.464942][T10744] ? __x64_sys_ioctl+0xd4/0x110 [ 422.464950][T10744] ? do_syscall_64+0xcb/0x1e0 [ 422.464959][T10744] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.464970][T10744] ? format_decode+0xc5c/0x1ab0 [ 422.464979][T10744] ? cwt_wakefn+0x70/0x70 [ 422.464988][T10744] ? vsnprintf+0x1d60/0x1d60 [ 422.464998][T10744] ? string+0x280/0x2c0 [ 422.465005][T10744] ? widen_string+0x3a/0x340 [ 422.465014][T10744] ? string+0x280/0x2c0 [ 422.465023][T10744] apply_workqueue_attrs_locked+0x136/0x6d0 [ 422.465032][T10744] ? check_preemption_disabled+0x9e/0x330 [ 422.465040][T10744] ? apply_workqueue_attrs+0x40/0x40 [ 422.465048][T10744] ? mutex_lock+0xa6/0x110 [ 422.465057][T10744] ? mutex_trylock+0xb0/0xb0 [ 422.465067][T10744] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 422.465075][T10744] alloc_workqueue+0xcc4/0x11d0 [ 422.465087][T10744] ? sprintf+0xd6/0x120 [ 422.465093][T10744] ? idr_replace+0x230/0x230 [ 422.465101][T10744] ? vsnprintf+0x1caa/0x1d60 [ 422.465109][T10744] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 422.465117][T10744] ? h4_open+0x4f/0x140 [ 422.465124][T10744] ? h4_open+0x4f/0x140 [ 422.465135][T10744] hci_register_dev+0x19a/0x710 [ 422.465144][T10744] ? h4_open+0x60/0x140 [ 422.465153][T10744] hci_uart_tty_ioctl+0x89e/0xa10 [ 422.465162][T10744] ? hci_uart_tty_write+0x10/0x10 [ 422.465171][T10744] tty_ioctl+0xf68/0x1710 [ 422.465180][T10744] ? tty_do_resize+0x170/0x170 [ 422.465190][T10744] ? avc_ss_reset+0x3a0/0x3a0 [ 422.465198][T10744] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 422.465207][T10744] ? refcount_inc_checked+0x50/0x50 [ 422.465215][T10744] ? memcg_check_events+0x5c/0x5b0 [ 422.465227][T10744] ? proc_fail_nth_write+0x1d5/0x240 [ 422.465236][T10744] ? proc_fail_nth_read+0x1c0/0x1c0 [ 422.465244][T10744] ? __lru_cache_add+0x1c4/0x210 [ 422.465251][T10744] ? memset+0x1f/0x40 [ 422.465259][T10744] ? fsnotify+0x1332/0x13f0 [ 422.465267][T10744] ? tty_do_resize+0x170/0x170 [ 422.465276][T10744] do_vfs_ioctl+0x76a/0x1720 [ 422.465285][T10744] ? selinux_file_ioctl+0x72f/0x990 [ 422.465294][T10744] ? ioctl_preallocate+0x250/0x250 [ 422.465304][T10744] ? __fget+0x37b/0x3c0 [ 422.465311][T10744] ? vfs_write+0x422/0x4e0 [ 422.465320][T10744] ? fget_many+0x20/0x20 [ 422.465328][T10744] ? debug_smp_processor_id+0x20/0x20 [ 422.465338][T10744] ? security_file_ioctl+0x9d/0xb0 [ 422.465348][T10744] __x64_sys_ioctl+0xd4/0x110 [ 422.465356][T10744] do_syscall_64+0xcb/0x1e0 [ 422.465366][T10744] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.465374][T10744] RIP: 0033:0x4665f9 [ 422.465383][T10744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 422.465388][T10744] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.465397][T10744] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 422.465403][T10744] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 422.465408][T10744] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 422.465413][T10744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.465418][T10744] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 422.465452][T10744] Bluetooth: Can't register HCI device [ 422.500084][T10747] FAULT_INJECTION: forcing a failure. [ 422.500084][T10747] name failslab, interval 1, probability 0, space 0, times 0 [ 422.500098][T10747] CPU: 0 PID: 10747 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 422.500103][T10747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.500107][T10747] Call Trace: [ 422.500121][T10747] dump_stack+0x1d8/0x24e [ 422.500132][T10747] ? devkmsg_release+0x11c/0x11c [ 422.500141][T10747] ? show_regs_print_info+0x12/0x12 [ 422.500153][T10747] should_fail+0x6f6/0x860 [ 422.500163][T10747] ? setup_fault_attr+0x3d0/0x3d0 [ 422.500173][T10747] ? apply_wqattrs_prepare+0x8a5/0x17e0 [ 422.500184][T10747] should_failslab+0x5/0x20 [ 422.500193][T10747] kmem_cache_alloc+0x36/0x290 [ 422.500202][T10747] apply_wqattrs_prepare+0x8a5/0x17e0 [ 422.500214][T10747] ? __x64_sys_ioctl+0xd4/0x110 [ 422.500225][T10747] ? format_decode+0xc5c/0x1ab0 [ 422.500232][T10747] ? cwt_wakefn+0x70/0x70 [ 422.500240][T10747] ? vsnprintf+0x1d60/0x1d60 [ 422.500249][T10747] ? string+0x280/0x2c0 [ 422.500256][T10747] ? widen_string+0x3a/0x340 [ 422.500263][T10747] ? string+0x280/0x2c0 [ 422.500272][T10747] apply_workqueue_attrs_locked+0x136/0x6d0 [ 422.500281][T10747] ? check_preemption_disabled+0x9e/0x330 [ 422.500288][T10747] ? apply_workqueue_attrs+0x40/0x40 [ 422.500297][T10747] ? mutex_lock+0xa6/0x110 [ 422.500306][T10747] ? mutex_trylock+0xb0/0xb0 [ 422.500315][T10747] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 422.500323][T10747] alloc_workqueue+0xcc4/0x11d0 [ 422.500332][T10747] ? sprintf+0xd6/0x120 [ 422.500338][T10747] ? idr_replace+0x230/0x230 [ 422.500347][T10747] ? vsnprintf+0x1caa/0x1d60 [ 422.500356][T10747] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 422.500366][T10747] ? h4_open+0x4f/0x140 [ 422.500375][T10747] hci_register_dev+0x19a/0x710 [ 422.500383][T10747] ? h4_open+0x60/0x140 [ 422.500392][T10747] hci_uart_tty_ioctl+0x89e/0xa10 [ 422.500402][T10747] ? hci_uart_tty_write+0x10/0x10 [ 422.500412][T10747] tty_ioctl+0xf68/0x1710 [ 422.500421][T10747] ? tty_do_resize+0x170/0x170 [ 422.500429][T10747] ? avc_ss_reset+0x3a0/0x3a0 [ 422.500437][T10747] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 422.500446][T10747] ? refcount_inc_checked+0x50/0x50 [ 422.500454][T10747] ? memcg_check_events+0x5c/0x5b0 [ 422.500465][T10747] ? proc_fail_nth_write+0x1d5/0x240 [ 422.500475][T10747] ? proc_fail_nth_read+0x1c0/0x1c0 [ 422.500483][T10747] ? __lru_cache_add+0x1c4/0x210 [ 422.500491][T10747] ? memset+0x1f/0x40 [ 422.500498][T10747] ? fsnotify+0x1332/0x13f0 [ 422.500506][T10747] ? tty_do_resize+0x170/0x170 [ 422.500516][T10747] do_vfs_ioctl+0x76a/0x1720 [ 422.500525][T10747] ? selinux_file_ioctl+0x72f/0x990 [ 422.500535][T10747] ? ioctl_preallocate+0x250/0x250 [ 422.500546][T10747] ? __fget+0x37b/0x3c0 [ 422.500553][T10747] ? vfs_write+0x422/0x4e0 [ 422.500562][T10747] ? fget_many+0x20/0x20 [ 422.500570][T10747] ? debug_smp_processor_id+0x20/0x20 [ 422.500580][T10747] ? security_file_ioctl+0x9d/0xb0 [ 422.500590][T10747] __x64_sys_ioctl+0xd4/0x110 [ 422.500599][T10747] do_syscall_64+0xcb/0x1e0 [ 422.500609][T10747] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 422.500616][T10747] RIP: 0033:0x4665f9 [ 422.500622][T10747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 422.500637][T10747] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.500645][T10747] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 422.500651][T10747] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 422.500656][T10747] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 422.500660][T10747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.500665][T10747] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 422.500704][T10747] Bluetooth: Can't register HCI device [ 423.986020][ T3281] Bluetooth: hci1: command 0x1003 tx timeout [ 424.491327][ T4171] Bluetooth: hci1: sending frame failed (-49) [ 424.539555][T10732] selection: kmalloc() failed [ 426.535959][ T12] Bluetooth: hci1: command 0x1001 tx timeout [ 426.541973][ T4171] Bluetooth: hci1: sending frame failed (-49) [ 428.615876][ T12] Bluetooth: hci1: command 0x1009 tx timeout 16:16:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:55 executing program 3 (fault-call:2 fault-nth:8): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807", 0xc1}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:55 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x4, {0x3}}) 16:16:55 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560b, &(0x7f0000000000)={0x2, {0x3}}) 16:16:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d", 0xb8}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:55 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x5, {0x3}}) [ 432.158031][ T22] audit: type=1326 audit(1631031415.231:8600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10756 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 432.195459][T10765] FAULT_INJECTION: forcing a failure. [ 432.195459][T10765] name failslab, interval 1, probability 0, space 0, times 0 16:16:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:55 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560c, &(0x7f0000000000)={0x2, {0x3}}) 16:16:55 executing program 3 (fault-call:2 fault-nth:9): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 432.196706][ T22] audit: type=1326 audit(1631031415.261:8601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10764 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 432.211263][T10765] CPU: 0 PID: 10765 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 16:16:55 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560d, &(0x7f0000000000)={0x2, {0x3}}) 16:16:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 432.243237][T10765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.243241][T10765] Call Trace: [ 432.243257][T10765] dump_stack+0x1d8/0x24e [ 432.243270][T10765] ? devkmsg_release+0x11c/0x11c [ 432.243280][T10765] ? show_regs_print_info+0x12/0x12 [ 432.243290][T10765] ? kfree+0xe0/0x660 [ 432.243300][T10765] ? apply_wqattrs_commit+0x3d1/0x730 [ 432.243311][T10765] should_fail+0x6f6/0x860 [ 432.243321][T10765] ? setup_fault_attr+0x3d0/0x3d0 [ 432.243329][T10765] ? check_preemption_disabled+0x9e/0x330 [ 432.243337][T10765] ? pwq_adjust_max_active+0xc0/0x900 [ 432.243347][T10765] ? mutex_lock+0xa6/0x110 [ 432.243354][T10765] ? alloc_workqueue+0x156/0x11d0 [ 432.243364][T10765] should_failslab+0x5/0x20 [ 432.243373][T10765] __kmalloc+0x5f/0x2f0 [ 432.243383][T10765] alloc_workqueue+0x156/0x11d0 [ 432.243394][T10765] ? sprintf+0xd6/0x120 [ 432.243401][T10765] ? idr_replace+0x230/0x230 [ 432.243411][T10765] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 432.243421][T10765] ? h4_open+0x4f/0x140 [ 432.243432][T10765] hci_register_dev+0x1f2/0x710 [ 432.243444][T10765] hci_uart_tty_ioctl+0x89e/0xa10 [ 432.243454][T10765] ? hci_uart_tty_write+0x10/0x10 [ 432.243464][T10765] tty_ioctl+0xf68/0x1710 [ 432.243475][T10765] ? tty_do_resize+0x170/0x170 [ 432.243484][T10765] ? avc_ss_reset+0x3a0/0x3a0 [ 432.243493][T10765] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 432.243502][T10765] ? refcount_inc_checked+0x50/0x50 [ 432.243512][T10765] ? memcg_check_events+0x5c/0x5b0 [ 432.243525][T10765] ? proc_fail_nth_write+0x1d5/0x240 [ 432.243535][T10765] ? proc_fail_nth_read+0x1c0/0x1c0 [ 432.243544][T10765] ? __lru_cache_add+0x1c4/0x210 [ 432.243552][T10765] ? memset+0x1f/0x40 [ 432.243561][T10765] ? fsnotify+0x1332/0x13f0 [ 432.243569][T10765] ? tty_do_resize+0x170/0x170 [ 432.243580][T10765] do_vfs_ioctl+0x76a/0x1720 [ 432.243590][T10765] ? selinux_file_ioctl+0x72f/0x990 [ 432.243601][T10765] ? ioctl_preallocate+0x250/0x250 [ 432.243613][T10765] ? __fget+0x37b/0x3c0 [ 432.243621][T10765] ? vfs_write+0x422/0x4e0 [ 432.243631][T10765] ? fget_many+0x20/0x20 [ 432.243639][T10765] ? debug_smp_processor_id+0x20/0x20 [ 432.243650][T10765] ? security_file_ioctl+0x9d/0xb0 [ 432.243660][T10765] __x64_sys_ioctl+0xd4/0x110 [ 432.243671][T10765] do_syscall_64+0xcb/0x1e0 [ 432.243682][T10765] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 432.243691][T10765] RIP: 0033:0x4665f9 [ 432.243701][T10765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 432.243707][T10765] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 432.243716][T10765] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 432.243721][T10765] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 432.243727][T10765] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 432.243732][T10765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.243737][T10765] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 432.263221][T10765] Bluetooth: Can't register HCI device [ 432.388409][T10786] FAULT_INJECTION: forcing a failure. [ 432.388409][T10786] name failslab, interval 1, probability 0, space 0, times 0 [ 432.388423][T10786] CPU: 0 PID: 10786 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 432.388428][T10786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.388431][T10786] Call Trace: [ 432.388447][T10786] dump_stack+0x1d8/0x24e [ 432.388458][T10786] ? devkmsg_release+0x11c/0x11c [ 432.388470][T10786] ? show_regs_print_info+0x12/0x12 [ 432.388483][T10786] should_fail+0x6f6/0x860 [ 432.388493][T10786] ? setup_fault_attr+0x3d0/0x3d0 [ 432.388506][T10786] ? mutex_lock+0xa6/0x110 [ 432.388514][T10786] ? alloc_workqueue+0x1cb/0x11d0 [ 432.388526][T10786] should_failslab+0x5/0x20 [ 432.388536][T10786] kmem_cache_alloc_trace+0x39/0x2b0 [ 432.388544][T10786] ? alloc_workqueue+0x156/0x11d0 [ 432.388552][T10786] alloc_workqueue+0x1cb/0x11d0 [ 432.388562][T10786] ? sprintf+0xd6/0x120 [ 432.388568][T10786] ? idr_replace+0x230/0x230 [ 432.388578][T10786] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 432.388589][T10786] ? h4_open+0x4f/0x140 [ 432.388597][T10786] hci_register_dev+0x1f2/0x710 [ 432.388606][T10786] hci_uart_tty_ioctl+0x89e/0xa10 [ 432.388616][T10786] ? hci_uart_tty_write+0x10/0x10 [ 432.388626][T10786] tty_ioctl+0xf68/0x1710 [ 432.388634][T10786] ? tty_do_resize+0x170/0x170 [ 432.388643][T10786] ? avc_ss_reset+0x3a0/0x3a0 [ 432.388651][T10786] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 432.388659][T10786] ? refcount_inc_checked+0x50/0x50 [ 432.388668][T10786] ? memcg_check_events+0x5c/0x5b0 [ 432.388679][T10786] ? proc_fail_nth_write+0x1d5/0x240 [ 432.388686][T10786] ? proc_fail_nth_read+0x1c0/0x1c0 [ 432.388695][T10786] ? __lru_cache_add+0x1c4/0x210 [ 432.388702][T10786] ? memset+0x1f/0x40 [ 432.388710][T10786] ? fsnotify+0x1332/0x13f0 [ 432.388718][T10786] ? tty_do_resize+0x170/0x170 [ 432.388727][T10786] do_vfs_ioctl+0x76a/0x1720 [ 432.388736][T10786] ? selinux_file_ioctl+0x72f/0x990 [ 432.388746][T10786] ? ioctl_preallocate+0x250/0x250 [ 432.388757][T10786] ? __fget+0x37b/0x3c0 [ 432.388764][T10786] ? vfs_write+0x422/0x4e0 [ 432.388774][T10786] ? fget_many+0x20/0x20 [ 432.388781][T10786] ? debug_smp_processor_id+0x20/0x20 [ 432.388791][T10786] ? security_file_ioctl+0x9d/0xb0 [ 432.388800][T10786] __x64_sys_ioctl+0xd4/0x110 [ 432.388817][T10786] do_syscall_64+0xcb/0x1e0 [ 432.388827][T10786] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 432.388835][T10786] RIP: 0033:0x4665f9 [ 432.388844][T10786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 432.388849][T10786] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 432.388859][T10786] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 432.388864][T10786] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 432.388869][T10786] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 16:16:56 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c3068071525", 0xc3}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560e, &(0x7f0000000000)={0x2, {0x3}}) [ 432.388874][T10786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 432.388879][T10786] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 432.393906][T10786] Bluetooth: Can't register HCI device [ 432.457094][T10770] selection: kmalloc() failed 16:16:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d", 0xb8}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:56 executing program 3 (fault-call:2 fault-nth:10): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x6, {0x3}}) 16:16:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x560f, &(0x7f0000000000)={0x2, {0x3}}) [ 433.192183][T10787] selection: kmalloc() failed [ 433.196981][ T22] audit: type=1326 audit(1631031416.271:8602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10796 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x7, {0x3}}) 16:16:56 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x40049409, &(0x7f0000000000)={0x2, {0x3}}) 16:16:56 executing program 3 (fault-call:2 fault-nth:11): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 433.336858][ T22] audit: type=1326 audit(1631031416.411:8603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10803 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 433.345373][T10810] FAULT_INJECTION: forcing a failure. [ 433.345373][T10810] name failslab, interval 1, probability 0, space 0, times 0 [ 433.345385][T10810] CPU: 1 PID: 10810 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 433.345390][T10810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.345393][T10810] Call Trace: [ 433.345409][T10810] dump_stack+0x1d8/0x24e [ 433.345419][T10810] ? devkmsg_release+0x11c/0x11c [ 433.345426][T10810] ? arch_stack_walk+0xf8/0x140 [ 433.345436][T10810] ? show_regs_print_info+0x12/0x12 [ 433.345448][T10810] should_fail+0x6f6/0x860 [ 433.345458][T10810] ? setup_fault_attr+0x3d0/0x3d0 [ 433.345469][T10810] ? apply_wqattrs_prepare+0xcb/0x17e0 [ 433.345479][T10810] should_failslab+0x5/0x20 [ 433.345488][T10810] kmem_cache_alloc_trace+0x39/0x2b0 [ 433.345498][T10810] apply_wqattrs_prepare+0xcb/0x17e0 [ 433.345505][T10810] ? alloc_workqueue+0x1cb/0x11d0 [ 433.345514][T10810] ? hci_register_dev+0x1f2/0x710 [ 433.345523][T10810] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 433.345534][T10810] ? tty_ioctl+0xf68/0x1710 [ 433.345544][T10810] ? do_vfs_ioctl+0x76a/0x1720 [ 433.345551][T10810] ? __x64_sys_ioctl+0xd4/0x110 [ 433.345560][T10810] ? do_syscall_64+0xcb/0x1e0 [ 433.345586][T10810] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.345598][T10810] ? format_decode+0xc5c/0x1ab0 [ 433.345612][T10810] ? cwt_wakefn+0x70/0x70 [ 433.345622][T10810] ? vsnprintf+0x1d60/0x1d60 [ 433.345632][T10810] ? string+0x280/0x2c0 [ 433.345639][T10810] ? widen_string+0x3a/0x340 [ 433.345648][T10810] ? string+0x280/0x2c0 [ 433.345658][T10810] apply_workqueue_attrs_locked+0x136/0x6d0 [ 433.345667][T10810] ? check_preemption_disabled+0x9e/0x330 [ 433.345676][T10810] ? apply_workqueue_attrs+0x40/0x40 [ 433.345685][T10810] ? mutex_lock+0xa6/0x110 [ 433.345694][T10810] ? mutex_trylock+0xb0/0xb0 [ 433.345704][T10810] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 433.345713][T10810] alloc_workqueue+0xcc4/0x11d0 [ 433.345724][T10810] ? sprintf+0xd6/0x120 [ 433.345731][T10810] ? idr_replace+0x230/0x230 [ 433.345740][T10810] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 433.345750][T10810] ? h4_open+0x4f/0x140 [ 433.345759][T10810] hci_register_dev+0x1f2/0x710 [ 433.345770][T10810] hci_uart_tty_ioctl+0x89e/0xa10 [ 433.345780][T10810] ? hci_uart_tty_write+0x10/0x10 [ 433.345788][T10810] tty_ioctl+0xf68/0x1710 [ 433.345798][T10810] ? tty_do_resize+0x170/0x170 [ 433.345806][T10810] ? avc_ss_reset+0x3a0/0x3a0 [ 433.345815][T10810] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 433.345823][T10810] ? refcount_inc_checked+0x50/0x50 [ 433.345832][T10810] ? memcg_check_events+0x5c/0x5b0 [ 433.345845][T10810] ? proc_fail_nth_write+0x1d5/0x240 [ 433.345854][T10810] ? proc_fail_nth_read+0x1c0/0x1c0 [ 433.345863][T10810] ? __lru_cache_add+0x1c4/0x210 [ 433.345871][T10810] ? memset+0x1f/0x40 [ 433.345878][T10810] ? fsnotify+0x1332/0x13f0 [ 433.345886][T10810] ? tty_do_resize+0x170/0x170 [ 433.345896][T10810] do_vfs_ioctl+0x76a/0x1720 [ 433.345905][T10810] ? selinux_file_ioctl+0x72f/0x990 [ 433.345916][T10810] ? ioctl_preallocate+0x250/0x250 [ 433.345927][T10810] ? __fget+0x37b/0x3c0 [ 433.345935][T10810] ? vfs_write+0x422/0x4e0 [ 433.345945][T10810] ? fget_many+0x20/0x20 [ 433.345953][T10810] ? debug_smp_processor_id+0x20/0x20 [ 433.345963][T10810] ? security_file_ioctl+0x9d/0xb0 [ 433.345973][T10810] __x64_sys_ioctl+0xd4/0x110 [ 433.345982][T10810] do_syscall_64+0xcb/0x1e0 [ 433.345991][T10810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.345998][T10810] RIP: 0033:0x4665f9 [ 433.346007][T10810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 433.346011][T10810] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 433.346022][T10810] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 433.346028][T10810] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 433.346033][T10810] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 433.346039][T10810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 433.346044][T10810] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 433.353809][T10801] selection: kmalloc() failed [ 433.360013][T10810] Bluetooth: Can't register HCI device [ 433.437320][T10823] FAULT_INJECTION: forcing a failure. [ 433.437320][T10823] name failslab, interval 1, probability 0, space 0, times 0 [ 433.437333][T10823] CPU: 1 PID: 10823 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 433.437338][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.437341][T10823] Call Trace: [ 433.437357][T10823] dump_stack+0x1d8/0x24e [ 433.437368][T10823] ? devkmsg_release+0x11c/0x11c [ 433.437380][T10823] ? show_regs_print_info+0x12/0x12 [ 433.437394][T10823] should_fail+0x6f6/0x860 [ 433.437404][T10823] ? setup_fault_attr+0x3d0/0x3d0 [ 433.437415][T10823] ? apply_wqattrs_prepare+0x102/0x17e0 [ 433.437425][T10823] should_failslab+0x5/0x20 [ 433.437435][T10823] kmem_cache_alloc_trace+0x39/0x2b0 [ 433.437443][T10823] ? apply_wqattrs_prepare+0xcb/0x17e0 [ 433.437453][T10823] apply_wqattrs_prepare+0x102/0x17e0 [ 433.437461][T10823] ? alloc_workqueue+0x1cb/0x11d0 [ 433.437470][T10823] ? hci_register_dev+0x1f2/0x710 [ 433.437479][T10823] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 433.437488][T10823] ? tty_ioctl+0xf68/0x1710 [ 433.437498][T10823] ? do_vfs_ioctl+0x76a/0x1720 [ 433.437507][T10823] ? __x64_sys_ioctl+0xd4/0x110 [ 433.437515][T10823] ? do_syscall_64+0xcb/0x1e0 [ 433.437524][T10823] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.437535][T10823] ? format_decode+0xc5c/0x1ab0 [ 433.437544][T10823] ? cwt_wakefn+0x70/0x70 [ 433.437553][T10823] ? vsnprintf+0x1d60/0x1d60 [ 433.437563][T10823] ? string+0x280/0x2c0 [ 433.437570][T10823] ? widen_string+0x3a/0x340 [ 433.437578][T10823] ? string+0x280/0x2c0 [ 433.437587][T10823] apply_workqueue_attrs_locked+0x136/0x6d0 [ 433.437602][T10823] ? check_preemption_disabled+0x9e/0x330 [ 433.437610][T10823] ? apply_workqueue_attrs+0x40/0x40 [ 433.437620][T10823] ? mutex_lock+0xa6/0x110 [ 433.437629][T10823] ? mutex_trylock+0xb0/0xb0 [ 433.437638][T10823] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 433.437648][T10823] alloc_workqueue+0xcc4/0x11d0 [ 433.437658][T10823] ? sprintf+0xd6/0x120 [ 433.437665][T10823] ? idr_replace+0x230/0x230 [ 433.437675][T10823] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 433.437685][T10823] ? h4_open+0x4f/0x140 [ 433.437695][T10823] hci_register_dev+0x1f2/0x710 [ 433.437707][T10823] hci_uart_tty_ioctl+0x89e/0xa10 [ 433.437716][T10823] ? hci_uart_tty_write+0x10/0x10 [ 433.437725][T10823] tty_ioctl+0xf68/0x1710 [ 433.437735][T10823] ? tty_do_resize+0x170/0x170 [ 433.437745][T10823] ? avc_ss_reset+0x3a0/0x3a0 [ 433.437753][T10823] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 433.437762][T10823] ? refcount_inc_checked+0x50/0x50 [ 433.437772][T10823] ? memcg_check_events+0x5c/0x5b0 [ 433.437784][T10823] ? proc_fail_nth_write+0x1d5/0x240 [ 433.437794][T10823] ? proc_fail_nth_read+0x1c0/0x1c0 [ 433.437803][T10823] ? __lru_cache_add+0x1c4/0x210 [ 433.437810][T10823] ? memset+0x1f/0x40 [ 433.437818][T10823] ? fsnotify+0x1332/0x13f0 [ 433.437825][T10823] ? tty_do_resize+0x170/0x170 [ 433.437834][T10823] do_vfs_ioctl+0x76a/0x1720 [ 433.437843][T10823] ? selinux_file_ioctl+0x72f/0x990 [ 433.437853][T10823] ? ioctl_preallocate+0x250/0x250 [ 433.437864][T10823] ? __fget+0x37b/0x3c0 [ 433.437872][T10823] ? vfs_write+0x422/0x4e0 [ 433.437881][T10823] ? fget_many+0x20/0x20 [ 433.437889][T10823] ? debug_smp_processor_id+0x20/0x20 [ 433.437899][T10823] ? security_file_ioctl+0x9d/0xb0 [ 433.437908][T10823] __x64_sys_ioctl+0xd4/0x110 [ 433.437916][T10823] do_syscall_64+0xcb/0x1e0 [ 433.437925][T10823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.437932][T10823] RIP: 0033:0x4665f9 [ 433.437940][T10823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 433.437945][T10823] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 433.437955][T10823] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 433.437960][T10823] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 16:16:57 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c3068071525", 0xc3}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:57 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x40086602, &(0x7f0000000000)={0x2, {0x3}}) [ 433.437965][T10823] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 433.437970][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 433.437975][T10823] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 433.438224][T10823] Bluetooth: Can't register HCI device 16:16:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c", 0xbe}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:57 executing program 3 (fault-call:2 fault-nth:12): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:57 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xa, {0x3}}) 16:16:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:57 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x40087602, &(0x7f0000000000)={0x2, {0x3}}) [ 434.420799][ T22] audit: type=1326 audit(1631031417.491:8604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10829 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 434.462890][T10826] selection: kmalloc() failed 16:16:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:57 executing program 3 (fault-call:2 fault-nth:13): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:57 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x4020940d, &(0x7f0000000000)={0x2, {0x3}}) 16:16:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 434.598452][ T22] audit: type=1326 audit(1631031417.671:8605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10838 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 434.614156][T10845] FAULT_INJECTION: forcing a failure. [ 434.614156][T10845] name failslab, interval 1, probability 0, space 0, times 0 [ 434.614170][T10845] CPU: 1 PID: 10845 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 434.614174][T10845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.614178][T10845] Call Trace: [ 434.614194][T10845] dump_stack+0x1d8/0x24e [ 434.614204][T10845] ? devkmsg_release+0x11c/0x11c [ 434.614213][T10845] ? show_regs_print_info+0x12/0x12 [ 434.614225][T10845] should_fail+0x6f6/0x860 [ 434.614235][T10845] ? setup_fault_attr+0x3d0/0x3d0 [ 434.614245][T10845] ? apply_wqattrs_prepare+0x1c0/0x17e0 [ 434.614255][T10845] should_failslab+0x5/0x20 [ 434.614265][T10845] kmem_cache_alloc_trace+0x39/0x2b0 [ 434.614273][T10845] ? apply_wqattrs_prepare+0x102/0x17e0 [ 434.614287][T10845] apply_wqattrs_prepare+0x1c0/0x17e0 [ 434.614294][T10845] ? alloc_workqueue+0x1cb/0x11d0 [ 434.614303][T10845] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 434.614312][T10845] ? tty_ioctl+0xf68/0x1710 [ 434.614322][T10845] ? do_vfs_ioctl+0x76a/0x1720 [ 434.614330][T10845] ? __x64_sys_ioctl+0xd4/0x110 [ 434.614339][T10845] ? do_syscall_64+0xcb/0x1e0 [ 434.614349][T10845] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 434.614360][T10845] ? format_decode+0xc5c/0x1ab0 [ 434.614369][T10845] ? cwt_wakefn+0x70/0x70 [ 434.614378][T10845] ? vsnprintf+0x1d60/0x1d60 [ 434.614387][T10845] ? string+0x280/0x2c0 [ 434.614394][T10845] ? widen_string+0x3a/0x340 [ 434.614403][T10845] ? string+0x280/0x2c0 [ 434.614412][T10845] apply_workqueue_attrs_locked+0x136/0x6d0 [ 434.614420][T10845] ? check_preemption_disabled+0x9e/0x330 [ 434.614428][T10845] ? apply_workqueue_attrs+0x40/0x40 [ 434.614437][T10845] ? mutex_lock+0xa6/0x110 [ 434.614446][T10845] ? mutex_trylock+0xb0/0xb0 [ 434.614455][T10845] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 434.614464][T10845] alloc_workqueue+0xcc4/0x11d0 [ 434.614474][T10845] ? sprintf+0xd6/0x120 [ 434.614481][T10845] ? idr_replace+0x230/0x230 [ 434.614490][T10845] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 434.614500][T10845] ? h4_open+0x4f/0x140 [ 434.614510][T10845] hci_register_dev+0x1f2/0x710 [ 434.614520][T10845] hci_uart_tty_ioctl+0x89e/0xa10 [ 434.614529][T10845] ? hci_uart_tty_write+0x10/0x10 [ 434.614538][T10845] tty_ioctl+0xf68/0x1710 [ 434.614547][T10845] ? tty_do_resize+0x170/0x170 [ 434.614563][T10845] ? avc_ss_reset+0x3a0/0x3a0 [ 434.614572][T10845] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 434.614580][T10845] ? refcount_inc_checked+0x50/0x50 [ 434.614590][T10845] ? memcg_check_events+0x5c/0x5b0 [ 434.614602][T10845] ? proc_fail_nth_write+0x1d5/0x240 [ 434.614611][T10845] ? proc_fail_nth_read+0x1c0/0x1c0 [ 434.614620][T10845] ? __lru_cache_add+0x1c4/0x210 [ 434.614628][T10845] ? memset+0x1f/0x40 [ 434.614635][T10845] ? fsnotify+0x1332/0x13f0 [ 434.614643][T10845] ? tty_do_resize+0x170/0x170 [ 434.614653][T10845] do_vfs_ioctl+0x76a/0x1720 [ 434.614662][T10845] ? selinux_file_ioctl+0x72f/0x990 [ 434.614673][T10845] ? ioctl_preallocate+0x250/0x250 [ 434.614684][T10845] ? __fget+0x37b/0x3c0 [ 434.614691][T10845] ? vfs_write+0x422/0x4e0 [ 434.614701][T10845] ? fget_many+0x20/0x20 [ 434.614709][T10845] ? debug_smp_processor_id+0x20/0x20 [ 434.614719][T10845] ? security_file_ioctl+0x9d/0xb0 [ 434.614729][T10845] __x64_sys_ioctl+0xd4/0x110 [ 434.614738][T10845] do_syscall_64+0xcb/0x1e0 [ 434.614748][T10845] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 434.614755][T10845] RIP: 0033:0x4665f9 [ 434.614764][T10845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 434.614769][T10845] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 434.614778][T10845] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 434.614783][T10845] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 434.614788][T10845] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 434.614793][T10845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 434.614798][T10845] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 434.614914][T10845] Bluetooth: Can't register HCI device [ 434.662971][T10851] FAULT_INJECTION: forcing a failure. [ 434.662971][T10851] name failslab, interval 1, probability 0, space 0, times 0 [ 434.662985][T10851] CPU: 1 PID: 10851 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 434.662990][T10851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.662993][T10851] Call Trace: [ 434.663008][T10851] dump_stack+0x1d8/0x24e [ 434.663019][T10851] ? devkmsg_release+0x11c/0x11c [ 434.663029][T10851] ? show_regs_print_info+0x12/0x12 [ 434.663042][T10851] should_fail+0x6f6/0x860 [ 434.663051][T10851] ? setup_fault_attr+0x3d0/0x3d0 [ 434.663062][T10851] ? apply_wqattrs_prepare+0x8a5/0x17e0 [ 434.663072][T10851] should_failslab+0x5/0x20 [ 434.663082][T10851] kmem_cache_alloc+0x36/0x290 [ 434.663092][T10851] apply_wqattrs_prepare+0x8a5/0x17e0 [ 434.663104][T10851] ? __x64_sys_ioctl+0xd4/0x110 [ 434.663115][T10851] ? format_decode+0xc5c/0x1ab0 [ 434.663123][T10851] ? cwt_wakefn+0x70/0x70 [ 434.663131][T10851] ? vsnprintf+0x1d60/0x1d60 [ 434.663140][T10851] ? string+0x280/0x2c0 [ 434.663147][T10851] ? widen_string+0x3a/0x340 [ 434.663155][T10851] ? string+0x280/0x2c0 [ 434.663164][T10851] apply_workqueue_attrs_locked+0x136/0x6d0 [ 434.663173][T10851] ? check_preemption_disabled+0x9e/0x330 [ 434.663182][T10851] ? apply_workqueue_attrs+0x40/0x40 [ 434.663191][T10851] ? mutex_lock+0xa6/0x110 [ 434.663200][T10851] ? mutex_trylock+0xb0/0xb0 [ 434.663210][T10851] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 434.663219][T10851] alloc_workqueue+0xcc4/0x11d0 [ 434.663229][T10851] ? sprintf+0xd6/0x120 [ 434.663236][T10851] ? idr_replace+0x230/0x230 [ 434.663246][T10851] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 434.663256][T10851] ? h4_open+0x4f/0x140 [ 434.663266][T10851] hci_register_dev+0x1f2/0x710 [ 434.663278][T10851] hci_uart_tty_ioctl+0x89e/0xa10 [ 434.663287][T10851] ? hci_uart_tty_write+0x10/0x10 [ 434.663296][T10851] tty_ioctl+0xf68/0x1710 [ 434.663306][T10851] ? tty_do_resize+0x170/0x170 [ 434.663315][T10851] ? avc_ss_reset+0x3a0/0x3a0 [ 434.663324][T10851] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 434.663332][T10851] ? refcount_inc_checked+0x50/0x50 [ 434.663341][T10851] ? memcg_check_events+0x5c/0x5b0 [ 434.663353][T10851] ? proc_fail_nth_write+0x1d5/0x240 [ 434.663363][T10851] ? proc_fail_nth_read+0x1c0/0x1c0 [ 434.663372][T10851] ? __lru_cache_add+0x1c4/0x210 [ 434.663379][T10851] ? memset+0x1f/0x40 [ 434.663387][T10851] ? fsnotify+0x1332/0x13f0 [ 434.663396][T10851] ? tty_do_resize+0x170/0x170 [ 434.663405][T10851] do_vfs_ioctl+0x76a/0x1720 [ 434.663415][T10851] ? selinux_file_ioctl+0x72f/0x990 [ 434.663426][T10851] ? ioctl_preallocate+0x250/0x250 [ 434.663437][T10851] ? __fget+0x37b/0x3c0 [ 434.663444][T10851] ? vfs_write+0x422/0x4e0 [ 434.663455][T10851] ? fget_many+0x20/0x20 [ 434.663463][T10851] ? debug_smp_processor_id+0x20/0x20 [ 434.663473][T10851] ? security_file_ioctl+0x9d/0xb0 [ 434.663483][T10851] __x64_sys_ioctl+0xd4/0x110 [ 434.663492][T10851] do_syscall_64+0xcb/0x1e0 [ 434.663503][T10851] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 434.663510][T10851] RIP: 0033:0x4665f9 [ 434.663519][T10851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 434.663524][T10851] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 434.663533][T10851] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 434.663538][T10851] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 434.663549][T10851] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 434.663555][T10851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 16:16:58 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c3068071525", 0xc3}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:58 executing program 3 (fault-call:2 fault-nth:14): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:16:58 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x80045432, &(0x7f0000000000)={0x2, {0x3}}) [ 434.663560][T10851] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 434.665893][T10851] Bluetooth: Can't register HCI device [ 434.689867][T10836] selection: kmalloc() failed [ 435.690101][T10866] FAULT_INJECTION: forcing a failure. [ 435.690101][T10866] name failslab, interval 1, probability 0, space 0, times 0 [ 435.690115][T10866] CPU: 1 PID: 10866 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 435.690120][T10866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.690123][T10866] Call Trace: [ 435.690139][T10866] dump_stack+0x1d8/0x24e [ 435.690149][T10866] ? devkmsg_release+0x11c/0x11c [ 435.690159][T10866] ? show_regs_print_info+0x12/0x12 [ 435.690171][T10866] should_fail+0x6f6/0x860 [ 435.690181][T10866] ? setup_fault_attr+0x3d0/0x3d0 [ 435.690192][T10866] ? __d_alloc+0x2a/0x6a0 [ 435.690201][T10866] should_failslab+0x5/0x20 [ 435.690211][T10866] kmem_cache_alloc+0x36/0x290 [ 435.690220][T10866] __d_alloc+0x2a/0x6a0 [ 435.690230][T10866] d_alloc_parallel+0xf3/0x1350 [ 435.690241][T10866] ? avc_has_perm_noaudit+0x30c/0x400 [ 435.690250][T10866] ? avc_denied+0x1c0/0x1c0 [ 435.690258][T10866] ? kfree+0xe0/0x660 [ 435.690266][T10866] ? d_hash_and_lookup+0x1e0/0x1e0 [ 435.690278][T10866] ? __rcu_read_lock+0x50/0x50 [ 435.690286][T10866] ? selinux_inode_permission+0x445/0x690 [ 435.690295][T10866] __lookup_slow+0x14f/0x450 [ 435.690304][T10866] ? lookup_one_len+0x2c0/0x2c0 [ 435.690313][T10866] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 435.690321][T10866] ? generic_permission+0x13a/0x490 [ 435.690331][T10866] lookup_one_len+0x17f/0x2c0 [ 435.690340][T10866] ? lookup_one_len_common+0x430/0x430 [ 435.690348][T10866] ? sprintf+0xd6/0x120 [ 435.690365][T10866] ? mntput+0x63/0xb0 [ 435.690377][T10866] start_creating+0xec/0x270 [ 435.690387][T10866] debugfs_create_dir+0x24/0x3f0 [ 435.690398][T10866] ? h4_open+0x4f/0x140 [ 435.690408][T10866] hci_register_dev+0x297/0x710 [ 435.690420][T10866] hci_uart_tty_ioctl+0x89e/0xa10 [ 435.690430][T10866] ? hci_uart_tty_write+0x10/0x10 [ 435.690440][T10866] tty_ioctl+0xf68/0x1710 [ 435.690450][T10866] ? tty_do_resize+0x170/0x170 [ 435.690459][T10866] ? avc_ss_reset+0x3a0/0x3a0 [ 435.690467][T10866] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 435.690476][T10866] ? refcount_inc_checked+0x50/0x50 [ 435.690485][T10866] ? memcg_check_events+0x5c/0x5b0 [ 435.690496][T10866] ? proc_fail_nth_write+0x1d5/0x240 [ 435.690506][T10866] ? proc_fail_nth_read+0x1c0/0x1c0 [ 435.690515][T10866] ? __lru_cache_add+0x1c4/0x210 [ 435.690523][T10866] ? memset+0x1f/0x40 [ 435.690530][T10866] ? fsnotify+0x1332/0x13f0 [ 435.690539][T10866] ? tty_do_resize+0x170/0x170 [ 435.690548][T10866] do_vfs_ioctl+0x76a/0x1720 [ 435.690558][T10866] ? selinux_file_ioctl+0x72f/0x990 [ 435.690568][T10866] ? ioctl_preallocate+0x250/0x250 [ 435.690579][T10866] ? __fget+0x37b/0x3c0 [ 435.690586][T10866] ? vfs_write+0x422/0x4e0 [ 435.690597][T10866] ? fget_many+0x20/0x20 [ 435.690605][T10866] ? debug_smp_processor_id+0x20/0x20 [ 435.690615][T10866] ? security_file_ioctl+0x9d/0xb0 [ 435.690625][T10866] __x64_sys_ioctl+0xd4/0x110 [ 435.690634][T10866] do_syscall_64+0xcb/0x1e0 [ 435.690644][T10866] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 435.690652][T10866] RIP: 0033:0x4665f9 [ 435.690666][T10866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 435.690671][T10866] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 435.690682][T10866] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 435.690688][T10866] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 435.690693][T10866] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 16:16:59 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c", 0xbe}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:16:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:16:59 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xb, {0x3}}) 16:16:59 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x80045440, &(0x7f0000000000)={0x2, {0x3}}) 16:16:59 executing program 3 (fault-call:2 fault-nth:15): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 435.690698][T10866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 435.690704][T10866] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 435.718327][T10861] selection: kmalloc() failed [ 435.732953][ T22] audit: type=1326 audit(1631031418.781:8606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10863 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:16:59 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x80086601, &(0x7f0000000000)={0x2, {0x3}}) 16:16:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:16:59 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xc, {0x3}}) 16:16:59 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x80087601, &(0x7f0000000000)={0x2, {0x3}}) [ 436.239012][ T22] audit: type=1326 audit(1631031419.311:8607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10874 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 436.254875][T10883] FAULT_INJECTION: forcing a failure. [ 436.254875][T10883] name failslab, interval 1, probability 0, space 0, times 0 [ 436.254890][T10883] CPU: 1 PID: 10883 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 436.254899][T10883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.254902][T10883] Call Trace: [ 436.254918][T10883] dump_stack+0x1d8/0x24e [ 436.254929][T10883] ? devkmsg_release+0x11c/0x11c [ 436.254939][T10883] ? show_regs_print_info+0x12/0x12 [ 436.254949][T10883] ? simple_lookup+0xb9/0xf0 [ 436.254958][T10883] ? __lookup_slow+0x340/0x450 [ 436.254969][T10883] should_fail+0x6f6/0x860 [ 436.254979][T10883] ? setup_fault_attr+0x3d0/0x3d0 [ 436.254991][T10883] ? new_inode_pseudo+0x79/0x220 [ 436.255000][T10883] should_failslab+0x5/0x20 [ 436.255009][T10883] kmem_cache_alloc+0x36/0x290 [ 436.255017][T10883] ? lookup_one_len_common+0x430/0x430 [ 436.255027][T10883] new_inode_pseudo+0x79/0x220 [ 436.255036][T10883] new_inode+0x25/0x1d0 [ 436.255046][T10883] ? start_creating+0x183/0x270 [ 436.255056][T10883] debugfs_create_dir+0x68/0x3f0 [ 436.255064][T10883] ? h4_open+0x4f/0x140 [ 436.255075][T10883] hci_register_dev+0x297/0x710 [ 436.255086][T10883] hci_uart_tty_ioctl+0x89e/0xa10 [ 436.255095][T10883] ? hci_uart_tty_write+0x10/0x10 [ 436.255105][T10883] tty_ioctl+0xf68/0x1710 [ 436.255114][T10883] ? tty_do_resize+0x170/0x170 [ 436.255123][T10883] ? avc_ss_reset+0x3a0/0x3a0 [ 436.255131][T10883] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 436.255140][T10883] ? refcount_inc_checked+0x50/0x50 [ 436.255149][T10883] ? memcg_check_events+0x5c/0x5b0 [ 436.255160][T10883] ? proc_fail_nth_write+0x1d5/0x240 [ 436.255170][T10883] ? proc_fail_nth_read+0x1c0/0x1c0 [ 436.255179][T10883] ? __lru_cache_add+0x1c4/0x210 [ 436.255187][T10883] ? memset+0x1f/0x40 [ 436.255194][T10883] ? fsnotify+0x1332/0x13f0 [ 436.255203][T10883] ? tty_do_resize+0x170/0x170 [ 436.255212][T10883] do_vfs_ioctl+0x76a/0x1720 [ 436.255222][T10883] ? selinux_file_ioctl+0x72f/0x990 [ 436.255232][T10883] ? ioctl_preallocate+0x250/0x250 [ 436.255243][T10883] ? __fget+0x37b/0x3c0 [ 436.255251][T10883] ? vfs_write+0x422/0x4e0 [ 436.255261][T10883] ? fget_many+0x20/0x20 [ 436.255270][T10883] ? debug_smp_processor_id+0x20/0x20 [ 436.255280][T10883] ? security_file_ioctl+0x9d/0xb0 [ 436.255289][T10883] __x64_sys_ioctl+0xd4/0x110 [ 436.255299][T10883] do_syscall_64+0xcb/0x1e0 [ 436.255309][T10883] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.255317][T10883] RIP: 0033:0x4665f9 [ 436.255325][T10883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 436.255330][T10883] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 436.255339][T10883] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 436.255344][T10883] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 436.255350][T10883] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 436.255355][T10883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 436.255361][T10883] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 436.255371][T10883] debugfs: out of free dentries, can not create directory 'hci0' [ 436.262005][T10872] selection: kmalloc() failed 16:16:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 16:16:59 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xd, {0x3}}) 16:16:59 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0xc0045878, &(0x7f0000000000)={0x2, {0x3}}) [ 436.824136][T10897] selection: kmalloc() failed 16:17:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c", 0xbe}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:00 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0xc0045878, &(0x7f0000000000)={0x2, {0x3}}) 16:17:00 executing program 0 (fault-call:2 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 437.100897][ T22] audit: type=1326 audit(1631031420.171:8608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10906 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 437.110025][T10913] FAULT_INJECTION: forcing a failure. [ 437.110025][T10913] name failslab, interval 1, probability 0, space 0, times 0 [ 437.134030][ T22] audit: type=1326 audit(1631031420.201:8609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10912 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 437.137126][T10913] CPU: 0 PID: 10913 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 437.172204][T10913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.182528][T10913] Call Trace: [ 437.185794][T10913] dump_stack+0x1d8/0x24e [ 437.190096][T10913] ? devkmsg_release+0x11c/0x11c [ 437.195011][T10913] ? show_regs_print_info+0x12/0x12 [ 437.200454][T10913] ? check_preemption_disabled+0x9e/0x330 [ 437.206140][T10913] ? __set_page_owner+0x35/0x200 [ 437.211057][T10913] should_fail+0x6f6/0x860 [ 437.215441][T10913] ? setup_fault_attr+0x3d0/0x3d0 [ 437.220435][T10913] ? ldsem_down_read+0xb7/0x890 [ 437.225783][T10913] ? hci_alloc_dev+0x4d/0x15e0 [ 437.230521][T10913] should_failslab+0x5/0x20 [ 437.235018][T10913] kmem_cache_alloc_trace+0x39/0x2b0 [ 437.240412][T10913] hci_alloc_dev+0x4d/0x15e0 [ 437.240424][T10913] hci_uart_tty_ioctl+0x3c0/0xa10 [ 437.240434][T10913] ? hci_uart_tty_write+0x10/0x10 [ 437.240445][T10913] tty_ioctl+0xf68/0x1710 [ 437.240455][T10913] ? tty_do_resize+0x170/0x170 [ 437.240464][T10913] ? avc_ss_reset+0x3a0/0x3a0 [ 437.240473][T10913] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 437.240482][T10913] ? refcount_inc_checked+0x50/0x50 [ 437.240493][T10913] ? memcg_check_events+0x1a2/0x5b0 [ 437.240506][T10913] ? proc_fail_nth_write+0x1d5/0x240 [ 437.240517][T10913] ? proc_fail_nth_read+0x1c0/0x1c0 [ 437.240526][T10913] ? __lru_cache_add+0x1c4/0x210 [ 437.240534][T10913] ? memset+0x1f/0x40 [ 437.240543][T10913] ? fsnotify+0x1332/0x13f0 [ 437.240551][T10913] ? tty_do_resize+0x170/0x170 [ 437.240563][T10913] do_vfs_ioctl+0x76a/0x1720 [ 437.240573][T10913] ? selinux_file_ioctl+0x72f/0x990 [ 437.240583][T10913] ? ioctl_preallocate+0x250/0x250 [ 437.240595][T10913] ? __fget+0x37b/0x3c0 [ 437.240602][T10913] ? vfs_write+0x422/0x4e0 [ 437.240613][T10913] ? fget_many+0x20/0x20 [ 437.240622][T10913] ? debug_smp_processor_id+0x20/0x20 [ 437.240632][T10913] ? security_file_ioctl+0x9d/0xb0 [ 437.240643][T10913] __x64_sys_ioctl+0xd4/0x110 [ 437.240652][T10913] do_syscall_64+0xcb/0x1e0 [ 437.240663][T10913] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 437.240672][T10913] RIP: 0033:0x4665f9 [ 437.240682][T10913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 437.240687][T10913] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 437.240697][T10913] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 437.240702][T10913] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 437.240707][T10913] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 437.240713][T10913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 437.240718][T10913] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 437.252361][T10913] Bluetooth: Can't allocate HCI device [ 437.300189][T10916] selection: kmalloc() failed [ 437.599064][T10917] selection: kmalloc() failed [ 438.295396][ T12] Bluetooth: hci0: command 0x1003 tx timeout [ 438.301415][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 440.375343][ T12] Bluetooth: hci0: command 0x1001 tx timeout [ 440.381353][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 442.455236][ T12] Bluetooth: hci0: command 0x1009 tx timeout 16:17:09 executing program 3 (fault-call:2 fault-nth:16): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:09 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807", 0xc1}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:09 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0xc0189436, &(0x7f0000000000)={0x2, {0x3}}) 16:17:09 executing program 0 (fault-call:2 fault-nth:1): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:09 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xe, {0x3}}) 16:17:09 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0xc020660b, &(0x7f0000000000)={0x2, {0x3}}) [ 446.879734][ T22] audit: type=1326 audit(1631031429.952:8610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10926 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 446.890651][T10937] FAULT_INJECTION: forcing a failure. [ 446.890651][T10937] name failslab, interval 1, probability 0, space 0, times 0 [ 446.916516][ T22] audit: type=1326 audit(1631031429.982:8611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10925 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 446.916940][T10937] CPU: 0 PID: 10937 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 446.943345][T10935] FAULT_INJECTION: forcing a failure. [ 446.943345][T10935] name failslab, interval 1, probability 0, space 0, times 0 [ 446.951661][T10937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.951665][T10937] Call Trace: [ 446.951684][T10937] dump_stack+0x1d8/0x24e [ 446.951694][T10937] ? devkmsg_release+0x11c/0x11c [ 446.951702][T10937] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.951710][T10937] ? show_regs_print_info+0x12/0x12 [ 446.951722][T10937] should_fail+0x6f6/0x860 [ 446.951731][T10937] ? setup_fault_attr+0x3d0/0x3d0 [ 446.951740][T10937] ? security_inode_alloc+0x32/0x1d0 [ 446.951757][T10937] should_failslab+0x5/0x20 [ 447.018082][T10937] kmem_cache_alloc+0x36/0x290 [ 447.018096][T10937] security_inode_alloc+0x32/0x1d0 16:17:10 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x3, {0x3}}) 16:17:10 executing program 0 (fault-call:2 fault-nth:2): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 447.018106][T10937] inode_init_always+0x387/0x810 [ 447.018115][T10937] new_inode_pseudo+0x90/0x220 [ 447.018123][T10937] new_inode+0x25/0x1d0 [ 447.018132][T10937] ? start_creating+0x183/0x270 [ 447.018141][T10937] debugfs_create_dir+0x68/0x3f0 [ 447.018149][T10937] ? h4_open+0x4f/0x140 [ 447.018158][T10937] hci_register_dev+0x297/0x710 16:17:10 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xf, {0x3}}) 16:17:10 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x10, {0x3}}) [ 447.018168][T10937] hci_uart_tty_ioctl+0x89e/0xa10 [ 447.018177][T10937] ? hci_uart_tty_write+0x10/0x10 [ 447.018186][T10937] tty_ioctl+0xf68/0x1710 [ 447.018195][T10937] ? tty_do_resize+0x170/0x170 [ 447.018203][T10937] ? avc_ss_reset+0x3a0/0x3a0 [ 447.018211][T10937] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 447.018218][T10937] ? refcount_inc_checked+0x50/0x50 [ 447.018227][T10937] ? memcg_check_events+0x5c/0x5b0 [ 447.018238][T10937] ? proc_fail_nth_write+0x1d5/0x240 [ 447.018247][T10937] ? proc_fail_nth_read+0x1c0/0x1c0 16:17:10 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x11, {0x3}}) [ 447.018255][T10937] ? __lru_cache_add+0x1c4/0x210 [ 447.018262][T10937] ? memset+0x1f/0x40 [ 447.018269][T10937] ? fsnotify+0x1332/0x13f0 [ 447.018276][T10937] ? tty_do_resize+0x170/0x170 [ 447.018286][T10937] do_vfs_ioctl+0x76a/0x1720 [ 447.018295][T10937] ? selinux_file_ioctl+0x72f/0x990 [ 447.018304][T10937] ? ioctl_preallocate+0x250/0x250 [ 447.018314][T10937] ? __fget+0x37b/0x3c0 [ 447.018320][T10937] ? vfs_write+0x422/0x4e0 [ 447.018330][T10937] ? fget_many+0x20/0x20 [ 447.018337][T10937] ? debug_smp_processor_id+0x20/0x20 [ 447.018346][T10937] ? security_file_ioctl+0x9d/0xb0 [ 447.018355][T10937] __x64_sys_ioctl+0xd4/0x110 [ 447.018363][T10937] do_syscall_64+0xcb/0x1e0 [ 447.018373][T10937] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 447.018380][T10937] RIP: 0033:0x4665f9 [ 447.018388][T10937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 447.018392][T10937] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 447.018401][T10937] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 447.018405][T10937] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 447.018410][T10937] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 447.018415][T10937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 447.018419][T10937] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 447.018435][T10935] CPU: 1 PID: 10935 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 447.018441][T10935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 447.018444][T10935] Call Trace: [ 447.018455][T10935] dump_stack+0x1d8/0x24e [ 447.018464][T10935] ? devkmsg_release+0x11c/0x11c [ 447.018474][T10935] ? show_regs_print_info+0x12/0x12 [ 447.018482][T10935] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 447.018492][T10935] should_fail+0x6f6/0x860 [ 447.018501][T10935] ? setup_fault_attr+0x3d0/0x3d0 [ 447.018507][T10935] ? memset+0x1f/0x40 [ 447.018515][T10935] ? h4_open+0x4f/0x140 [ 447.018524][T10935] should_failslab+0x5/0x20 [ 447.018532][T10935] kmem_cache_alloc_trace+0x39/0x2b0 [ 447.018541][T10935] h4_open+0x4f/0x140 [ 447.018550][T10935] hci_uart_tty_ioctl+0x7ea/0xa10 [ 447.018559][T10935] ? hci_uart_tty_write+0x10/0x10 [ 447.018568][T10935] tty_ioctl+0xf68/0x1710 [ 447.018577][T10935] ? tty_do_resize+0x170/0x170 [ 447.018586][T10935] ? avc_ss_reset+0x3a0/0x3a0 [ 447.018594][T10935] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 447.018603][T10935] ? refcount_inc_checked+0x50/0x50 [ 447.018612][T10935] ? memcg_check_events+0x5c/0x5b0 [ 447.018624][T10935] ? proc_fail_nth_write+0x1d5/0x240 [ 447.018633][T10935] ? proc_fail_nth_read+0x1c0/0x1c0 [ 447.018642][T10935] ? __lru_cache_add+0x1c4/0x210 [ 447.018648][T10935] ? memset+0x1f/0x40 [ 447.018655][T10935] ? fsnotify+0x1332/0x13f0 [ 447.018663][T10935] ? tty_do_resize+0x170/0x170 [ 447.018671][T10935] do_vfs_ioctl+0x76a/0x1720 [ 447.018679][T10935] ? selinux_file_ioctl+0x72f/0x990 [ 447.018689][T10935] ? ioctl_preallocate+0x250/0x250 [ 447.018700][T10935] ? __fget+0x37b/0x3c0 [ 447.018706][T10935] ? vfs_write+0x422/0x4e0 [ 447.018716][T10935] ? fget_many+0x20/0x20 [ 447.018723][T10935] ? debug_smp_processor_id+0x20/0x20 [ 447.018733][T10935] ? security_file_ioctl+0x9d/0xb0 [ 447.018743][T10935] __x64_sys_ioctl+0xd4/0x110 [ 447.018752][T10935] do_syscall_64+0xcb/0x1e0 [ 447.018760][T10935] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 447.018766][T10935] RIP: 0033:0x4665f9 [ 447.018773][T10935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 447.018777][T10935] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 447.018785][T10935] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 447.018790][T10935] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 447.018795][T10935] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 447.018801][T10935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.018806][T10935] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 447.070003][T10937] debugfs: out of free dentries, can not create directory 'hci0' [ 447.073025][T10948] FAULT_INJECTION: forcing a failure. [ 447.073025][T10948] name failslab, interval 1, probability 0, space 0, times 0 [ 447.081609][ T90] Bluetooth: hci0: Frame reassembly failed (-84) [ 447.085000][T10948] CPU: 0 PID: 10948 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 447.581478][T10948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 447.581482][T10948] Call Trace: [ 447.581503][T10948] dump_stack+0x1d8/0x24e [ 447.581514][T10948] ? devkmsg_release+0x11c/0x11c [ 447.581522][T10948] ? memset+0x1f/0x40 [ 447.581535][T10948] ? show_regs_print_info+0x12/0x12 [ 447.581545][T10948] ? number+0xea3/0x1300 [ 447.581553][T10948] ? xas_create+0x12c3/0x13b0 [ 447.581564][T10948] should_fail+0x6f6/0x860 [ 447.581575][T10948] ? setup_fault_attr+0x3d0/0x3d0 [ 447.581583][T10948] ? xas_store+0xae3/0x1610 [ 447.581592][T10948] ? vsnprintf+0x1e4/0x1d60 [ 447.581601][T10948] ? alloc_workqueue+0x156/0x11d0 [ 447.581611][T10948] should_failslab+0x5/0x20 [ 447.581620][T10948] __kmalloc+0x5f/0x2f0 [ 447.581630][T10948] alloc_workqueue+0x156/0x11d0 [ 447.581639][T10948] ? ptr_to_hashval+0x60/0x60 [ 447.581648][T10948] ? sprintf+0xd6/0x120 [ 447.581655][T10948] ? idr_replace+0x230/0x230 [ 447.581664][T10948] ? vsnprintf+0x1caa/0x1d60 [ 447.581673][T10948] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 447.581682][T10948] ? h4_open+0x4f/0x140 [ 447.581689][T10948] hci_register_dev+0x19a/0x710 [ 447.581698][T10948] ? h4_open+0x60/0x140 [ 447.581707][T10948] hci_uart_tty_ioctl+0x89e/0xa10 [ 447.581716][T10948] ? hci_uart_tty_write+0x10/0x10 [ 447.581726][T10948] tty_ioctl+0xf68/0x1710 [ 447.581736][T10948] ? tty_do_resize+0x170/0x170 [ 447.581745][T10948] ? avc_ss_reset+0x3a0/0x3a0 [ 447.581753][T10948] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 447.581760][T10948] ? refcount_inc_checked+0x50/0x50 [ 447.581767][T10948] ? memcg_check_events+0x5c/0x5b0 [ 447.581775][T10948] ? proc_fail_nth_write+0x1d5/0x240 [ 447.581780][T10948] ? proc_fail_nth_read+0x1c0/0x1c0 [ 447.581785][T10948] ? __lru_cache_add+0x1c4/0x210 [ 447.581789][T10948] ? memset+0x1f/0x40 [ 447.581794][T10948] ? fsnotify+0x1332/0x13f0 [ 447.581798][T10948] ? tty_do_resize+0x170/0x170 [ 447.581805][T10948] do_vfs_ioctl+0x76a/0x1720 [ 447.581811][T10948] ? selinux_file_ioctl+0x72f/0x990 [ 447.581817][T10948] ? ioctl_preallocate+0x250/0x250 [ 447.581823][T10948] ? __fget+0x37b/0x3c0 [ 447.581827][T10948] ? vfs_write+0x422/0x4e0 [ 447.581833][T10948] ? fget_many+0x20/0x20 [ 447.581838][T10948] ? debug_smp_processor_id+0x20/0x20 [ 447.581843][T10948] ? security_file_ioctl+0x9d/0xb0 [ 447.581849][T10948] __x64_sys_ioctl+0xd4/0x110 [ 447.581854][T10948] do_syscall_64+0xcb/0x1e0 [ 447.581861][T10948] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 447.581867][T10948] RIP: 0033:0x4665f9 [ 447.581873][T10948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 447.581876][T10948] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 447.581882][T10948] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 447.581885][T10948] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 447.581888][T10948] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 447.581890][T10948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.581893][T10948] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 447.597216][T10942] selection: kmalloc() failed [ 447.604172][T10948] Bluetooth: Can't register HCI device [ 447.950458][T10943] selection: kmalloc() failed [ 449.094970][ T17] Bluetooth: hci0: command 0x1003 tx timeout [ 449.100991][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 451.174883][ T3743] Bluetooth: hci0: command 0x1001 tx timeout [ 451.181297][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 453.254799][ T17] Bluetooth: hci0: command 0x1009 tx timeout 16:17:20 executing program 3 (fault-call:2 fault-nth:17): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:20 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x10}}) 16:17:20 executing program 0 (fault-call:2 fault-nth:3): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:20 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x4, {0x3}}) 16:17:20 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807", 0xc1}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 457.119068][ T22] audit: type=1326 audit(1631031440.192:8612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10965 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 457.124096][T10972] FAULT_INJECTION: forcing a failure. [ 457.124096][T10972] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 457.150587][ T22] audit: type=1326 audit(1631031440.192:8613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=10963 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 457.159566][T10972] CPU: 0 PID: 10972 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 457.180589][T10970] FAULT_INJECTION: forcing a failure. [ 457.180589][T10970] name failslab, interval 1, probability 0, space 0, times 0 [ 457.190939][T10972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.190943][T10972] Call Trace: [ 457.190963][T10972] dump_stack+0x1d8/0x24e [ 457.190972][T10972] ? devkmsg_release+0x11c/0x11c [ 457.190981][T10972] ? show_regs_print_info+0x12/0x12 [ 457.190989][T10972] ? __kasan_kmalloc+0x1a3/0x1e0 [ 457.190999][T10972] should_fail+0x6f6/0x860 [ 457.191014][T10972] ? setup_fault_attr+0x3d0/0x3d0 [ 457.245499][T10972] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.245513][T10972] __alloc_pages_nodemask+0x1c4/0x880 [ 457.245525][T10972] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 457.245534][T10972] ? lockref_get+0x1b2/0x2a0 16:17:20 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 457.245542][T10972] ? asan.module_dtor+0x20/0x20 [ 457.245554][T10972] __get_free_pages+0xa/0x30 [ 457.245562][T10972] inode_doinit_with_dentry+0x93a/0x11d0 [ 457.245572][T10972] ? sb_finish_set_opts+0x7b0/0x7b0 [ 457.245581][T10972] ? current_time+0x1ae/0x2f0 [ 457.245589][T10972] ? atime_needs_update+0x560/0x560 [ 457.245599][T10972] security_d_instantiate+0xa5/0x100 [ 457.245609][T10972] d_instantiate+0x51/0x90 [ 457.245620][T10972] debugfs_create_dir+0x1bc/0x3f0 [ 457.245631][T10972] hci_register_dev+0x297/0x710 [ 457.245643][T10972] hci_uart_tty_ioctl+0x89e/0xa10 [ 457.245653][T10972] ? hci_uart_tty_write+0x10/0x10 [ 457.245663][T10972] tty_ioctl+0xf68/0x1710 [ 457.245672][T10972] ? tty_do_resize+0x170/0x170 [ 457.245681][T10972] ? avc_ss_reset+0x3a0/0x3a0 [ 457.245690][T10972] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 457.245699][T10972] ? refcount_inc_checked+0x50/0x50 [ 457.245709][T10972] ? memcg_check_events+0x5c/0x5b0 [ 457.245721][T10972] ? proc_fail_nth_write+0x1d5/0x240 [ 457.245731][T10972] ? proc_fail_nth_read+0x1c0/0x1c0 [ 457.245740][T10972] ? __lru_cache_add+0x1c4/0x210 [ 457.245748][T10972] ? memset+0x1f/0x40 [ 457.245756][T10972] ? fsnotify+0x1332/0x13f0 [ 457.245764][T10972] ? tty_do_resize+0x170/0x170 [ 457.245774][T10972] do_vfs_ioctl+0x76a/0x1720 [ 457.245783][T10972] ? selinux_file_ioctl+0x72f/0x990 [ 457.245794][T10972] ? ioctl_preallocate+0x250/0x250 [ 457.245805][T10972] ? __fget+0x37b/0x3c0 [ 457.245812][T10972] ? vfs_write+0x422/0x4e0 [ 457.245824][T10972] ? fget_many+0x20/0x20 [ 457.245832][T10972] ? debug_smp_processor_id+0x20/0x20 [ 457.245842][T10972] ? security_file_ioctl+0x9d/0xb0 [ 457.245852][T10972] __x64_sys_ioctl+0xd4/0x110 [ 457.245861][T10972] do_syscall_64+0xcb/0x1e0 [ 457.245872][T10972] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.245879][T10972] RIP: 0033:0x4665f9 [ 457.245889][T10972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 457.245894][T10972] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.245903][T10972] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 457.245909][T10972] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 457.245914][T10972] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 457.245919][T10972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 457.245925][T10972] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 457.258637][T10970] CPU: 0 PID: 10970 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 457.261247][ T90] Bluetooth: hci0: Frame reassembly failed (-84) [ 457.264344][T10970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.540738][T10970] Call Trace: [ 457.540754][T10970] dump_stack+0x1d8/0x24e [ 457.540761][T10970] ? devkmsg_release+0x11c/0x11c [ 457.540767][T10970] ? show_regs_print_info+0x12/0x12 [ 457.540775][T10970] should_fail+0x6f6/0x860 16:17:20 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x5, {0x3}}) [ 457.540780][T10970] ? setup_fault_attr+0x3d0/0x3d0 [ 457.540786][T10970] ? alloc_workqueue+0x1cb/0x11d0 [ 457.540792][T10970] should_failslab+0x5/0x20 [ 457.540798][T10970] kmem_cache_alloc_trace+0x39/0x2b0 [ 457.540803][T10970] ? alloc_workqueue+0x156/0x11d0 [ 457.540808][T10970] alloc_workqueue+0x1cb/0x11d0 [ 457.540814][T10970] ? sprintf+0xd6/0x120 [ 457.540818][T10970] ? idr_replace+0x230/0x230 [ 457.540823][T10970] ? vsnprintf+0x1caa/0x1d60 [ 457.540828][T10970] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 457.540835][T10970] ? h4_open+0x4f/0x140 [ 457.540841][T10970] hci_register_dev+0x19a/0x710 [ 457.540847][T10970] ? h4_open+0x60/0x140 [ 457.540852][T10970] hci_uart_tty_ioctl+0x89e/0xa10 [ 457.540857][T10970] ? hci_uart_tty_write+0x10/0x10 [ 457.540863][T10970] tty_ioctl+0xf68/0x1710 [ 457.540869][T10970] ? tty_do_resize+0x170/0x170 [ 457.540874][T10970] ? avc_ss_reset+0x3a0/0x3a0 [ 457.540879][T10970] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 457.540884][T10970] ? refcount_inc_checked+0x50/0x50 [ 457.540890][T10970] ? memcg_check_events+0x5c/0x5b0 [ 457.540898][T10970] ? proc_fail_nth_write+0x1d5/0x240 [ 457.540903][T10970] ? proc_fail_nth_read+0x1c0/0x1c0 [ 457.540908][T10970] ? __lru_cache_add+0x1c4/0x210 [ 457.540913][T10970] ? memset+0x1f/0x40 [ 457.540917][T10970] ? fsnotify+0x1332/0x13f0 [ 457.540922][T10970] ? tty_do_resize+0x170/0x170 [ 457.540929][T10970] do_vfs_ioctl+0x76a/0x1720 [ 457.540935][T10970] ? selinux_file_ioctl+0x72f/0x990 [ 457.540940][T10970] ? ioctl_preallocate+0x250/0x250 [ 457.540946][T10970] ? __fget+0x37b/0x3c0 [ 457.540951][T10970] ? vfs_write+0x422/0x4e0 [ 457.540956][T10970] ? fget_many+0x20/0x20 [ 457.540961][T10970] ? debug_smp_processor_id+0x20/0x20 [ 457.540968][T10970] ? security_file_ioctl+0x9d/0xb0 [ 457.540973][T10970] __x64_sys_ioctl+0xd4/0x110 [ 457.540979][T10970] do_syscall_64+0xcb/0x1e0 [ 457.540985][T10970] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.540991][T10970] RIP: 0033:0x4665f9 [ 457.540997][T10970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 457.541000][T10970] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.541007][T10970] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 457.541010][T10970] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 457.541013][T10970] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 457.541016][T10970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 16:17:20 executing program 0 (fault-call:2 fault-nth:4): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 457.541019][T10970] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 457.557492][T10970] Bluetooth: Can't register HCI device 16:17:21 executing program 0 (fault-call:2 fault-nth:5): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:21 executing program 0 (fault-call:2 fault-nth:6): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:21 executing program 0 (fault-call:2 fault-nth:7): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 457.899234][T10985] FAULT_INJECTION: forcing a failure. [ 457.899234][T10985] name failslab, interval 1, probability 0, space 0, times 0 [ 457.899247][T10985] CPU: 0 PID: 10985 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 457.899251][T10985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.899254][T10985] Call Trace: [ 457.899268][T10985] dump_stack+0x1d8/0x24e [ 457.899279][T10985] ? devkmsg_release+0x11c/0x11c [ 457.899287][T10985] ? arch_stack_walk+0xf8/0x140 [ 457.899296][T10985] ? show_regs_print_info+0x12/0x12 [ 457.899309][T10985] should_fail+0x6f6/0x860 [ 457.899321][T10985] ? setup_fault_attr+0x3d0/0x3d0 [ 457.899329][T10985] ? __unwind_start+0x72f/0x8e0 [ 457.899339][T10985] ? apply_wqattrs_prepare+0xcb/0x17e0 [ 457.899352][T10985] should_failslab+0x5/0x20 [ 457.899363][T10985] kmem_cache_alloc_trace+0x39/0x2b0 [ 457.899373][T10985] apply_wqattrs_prepare+0xcb/0x17e0 [ 457.899381][T10985] ? alloc_workqueue+0x1cb/0x11d0 [ 457.899390][T10985] ? hci_register_dev+0x19a/0x710 [ 457.899400][T10985] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 457.899408][T10985] ? tty_ioctl+0xf68/0x1710 [ 457.899417][T10985] ? do_vfs_ioctl+0x76a/0x1720 [ 457.899426][T10985] ? __x64_sys_ioctl+0xd4/0x110 [ 457.899435][T10985] ? do_syscall_64+0xcb/0x1e0 [ 457.899444][T10985] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.899456][T10985] ? format_decode+0xc5c/0x1ab0 [ 457.899465][T10985] ? cwt_wakefn+0x70/0x70 [ 457.899474][T10985] ? vsnprintf+0x1d60/0x1d60 [ 457.899485][T10985] ? string+0x280/0x2c0 [ 457.899492][T10985] ? widen_string+0x3a/0x340 [ 457.899500][T10985] ? string+0x280/0x2c0 [ 457.899510][T10985] apply_workqueue_attrs_locked+0x136/0x6d0 [ 457.899519][T10985] ? check_preemption_disabled+0x9e/0x330 [ 457.899527][T10985] ? apply_workqueue_attrs+0x40/0x40 [ 457.899535][T10985] ? mutex_lock+0xa6/0x110 [ 457.899544][T10985] ? mutex_trylock+0xb0/0xb0 [ 457.899553][T10985] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 457.899562][T10985] alloc_workqueue+0xcc4/0x11d0 [ 457.899572][T10985] ? sprintf+0xd6/0x120 [ 457.899580][T10985] ? idr_replace+0x230/0x230 [ 457.899589][T10985] ? vsnprintf+0x1caa/0x1d60 [ 457.899597][T10985] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 457.899607][T10985] ? h4_open+0x4f/0x140 [ 457.899617][T10985] hci_register_dev+0x19a/0x710 [ 457.899626][T10985] ? h4_open+0x60/0x140 [ 457.899635][T10985] hci_uart_tty_ioctl+0x89e/0xa10 [ 457.899645][T10985] ? hci_uart_tty_write+0x10/0x10 [ 457.899654][T10985] tty_ioctl+0xf68/0x1710 [ 457.899663][T10985] ? tty_do_resize+0x170/0x170 [ 457.899671][T10985] ? avc_ss_reset+0x3a0/0x3a0 [ 457.899680][T10985] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 457.899688][T10985] ? refcount_inc_checked+0x50/0x50 [ 457.899697][T10985] ? memcg_check_events+0x5c/0x5b0 [ 457.899709][T10985] ? proc_fail_nth_write+0x1d5/0x240 [ 457.899719][T10985] ? proc_fail_nth_read+0x1c0/0x1c0 [ 457.899727][T10985] ? __lru_cache_add+0x1c4/0x210 [ 457.899735][T10985] ? memset+0x1f/0x40 [ 457.899743][T10985] ? fsnotify+0x1332/0x13f0 [ 457.899752][T10985] ? tty_do_resize+0x170/0x170 [ 457.899761][T10985] do_vfs_ioctl+0x76a/0x1720 [ 457.899770][T10985] ? selinux_file_ioctl+0x72f/0x990 [ 457.899781][T10985] ? ioctl_preallocate+0x250/0x250 [ 457.899792][T10985] ? __fget+0x37b/0x3c0 [ 457.899799][T10985] ? vfs_write+0x422/0x4e0 [ 457.899809][T10985] ? fget_many+0x20/0x20 [ 457.899818][T10985] ? debug_smp_processor_id+0x20/0x20 [ 457.899828][T10985] ? security_file_ioctl+0x9d/0xb0 [ 457.899838][T10985] __x64_sys_ioctl+0xd4/0x110 [ 457.899847][T10985] do_syscall_64+0xcb/0x1e0 [ 457.899857][T10985] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.899866][T10985] RIP: 0033:0x4665f9 [ 457.899875][T10985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 457.899880][T10985] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.899889][T10985] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 457.899894][T10985] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 457.899899][T10985] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 457.899904][T10985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.899909][T10985] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 457.900405][T10985] Bluetooth: Can't register HCI device [ 457.965583][T10988] FAULT_INJECTION: forcing a failure. [ 457.965583][T10988] name failslab, interval 1, probability 0, space 0, times 0 [ 457.965597][T10988] CPU: 0 PID: 10988 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 457.965602][T10988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.965606][T10988] Call Trace: [ 457.965621][T10988] dump_stack+0x1d8/0x24e [ 457.965633][T10988] ? devkmsg_release+0x11c/0x11c [ 457.965642][T10988] ? show_regs_print_info+0x12/0x12 [ 457.965661][T10988] should_fail+0x6f6/0x860 [ 457.965672][T10988] ? setup_fault_attr+0x3d0/0x3d0 [ 457.965683][T10988] ? apply_wqattrs_prepare+0x102/0x17e0 [ 457.965693][T10988] should_failslab+0x5/0x20 [ 457.965704][T10988] kmem_cache_alloc_trace+0x39/0x2b0 [ 457.965712][T10988] ? apply_wqattrs_prepare+0xcb/0x17e0 [ 457.965722][T10988] apply_wqattrs_prepare+0x102/0x17e0 [ 457.965729][T10988] ? alloc_workqueue+0x1cb/0x11d0 [ 457.965738][T10988] ? hci_register_dev+0x19a/0x710 [ 457.965747][T10988] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 457.965755][T10988] ? tty_ioctl+0xf68/0x1710 [ 457.965764][T10988] ? do_vfs_ioctl+0x76a/0x1720 [ 457.965773][T10988] ? __x64_sys_ioctl+0xd4/0x110 [ 457.965782][T10988] ? do_syscall_64+0xcb/0x1e0 [ 457.965793][T10988] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.965804][T10988] ? format_decode+0xc5c/0x1ab0 [ 457.965814][T10988] ? cwt_wakefn+0x70/0x70 [ 457.965822][T10988] ? vsnprintf+0x1d60/0x1d60 [ 457.965831][T10988] ? string+0x280/0x2c0 [ 457.965839][T10988] ? widen_string+0x3a/0x340 [ 457.965846][T10988] ? string+0x280/0x2c0 [ 457.965862][T10988] apply_workqueue_attrs_locked+0x136/0x6d0 [ 457.965871][T10988] ? check_preemption_disabled+0x9e/0x330 [ 457.965879][T10988] ? apply_workqueue_attrs+0x40/0x40 [ 457.965888][T10988] ? mutex_lock+0xa6/0x110 [ 457.965897][T10988] ? mutex_trylock+0xb0/0xb0 [ 457.965907][T10988] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 457.965916][T10988] alloc_workqueue+0xcc4/0x11d0 [ 457.965926][T10988] ? sprintf+0xd6/0x120 [ 457.965933][T10988] ? idr_replace+0x230/0x230 [ 457.965943][T10988] ? vsnprintf+0x1caa/0x1d60 [ 457.965951][T10988] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 457.965961][T10988] ? h4_open+0x4f/0x140 [ 457.965971][T10988] hci_register_dev+0x19a/0x710 [ 457.965980][T10988] ? h4_open+0x60/0x140 [ 457.965989][T10988] hci_uart_tty_ioctl+0x89e/0xa10 [ 457.965998][T10988] ? hci_uart_tty_write+0x10/0x10 [ 457.966007][T10988] tty_ioctl+0xf68/0x1710 [ 457.966017][T10988] ? tty_do_resize+0x170/0x170 [ 457.966034][T10988] ? avc_ss_reset+0x3a0/0x3a0 [ 457.966042][T10988] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 457.966051][T10988] ? refcount_inc_checked+0x50/0x50 [ 457.966068][T10988] ? proc_fail_nth_write+0x1d5/0x240 [ 457.966078][T10988] ? proc_fail_nth_read+0x1c0/0x1c0 [ 457.966087][T10988] ? __lru_cache_add+0x1bb/0x210 [ 457.966095][T10988] ? memset+0x1f/0x40 [ 457.966103][T10988] ? fsnotify+0x1332/0x13f0 [ 457.966112][T10988] ? tty_do_resize+0x170/0x170 [ 457.966121][T10988] do_vfs_ioctl+0x76a/0x1720 [ 457.966131][T10988] ? selinux_file_ioctl+0x72f/0x990 [ 457.966141][T10988] ? ioctl_preallocate+0x250/0x250 [ 457.966153][T10988] ? __fget+0x37b/0x3c0 [ 457.966160][T10988] ? vfs_write+0x422/0x4e0 [ 457.966171][T10988] ? fget_many+0x20/0x20 [ 457.966180][T10988] ? debug_smp_processor_id+0x20/0x20 [ 457.966190][T10988] ? security_file_ioctl+0x9d/0xb0 [ 457.966199][T10988] __x64_sys_ioctl+0xd4/0x110 [ 457.966208][T10988] do_syscall_64+0xcb/0x1e0 [ 457.966218][T10988] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 457.966225][T10988] RIP: 0033:0x4665f9 [ 457.966234][T10988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 457.966240][T10988] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.966249][T10988] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 457.966259][T10988] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 457.966264][T10988] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 457.966269][T10988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.966274][T10988] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 457.966315][T10988] Bluetooth: Can't register HCI device [ 458.003958][T10991] FAULT_INJECTION: forcing a failure. [ 458.003958][T10991] name failslab, interval 1, probability 0, space 0, times 0 [ 458.003972][T10991] CPU: 0 PID: 10991 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 458.003977][T10991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 458.003980][T10991] Call Trace: [ 458.003995][T10991] dump_stack+0x1d8/0x24e [ 458.004006][T10991] ? devkmsg_release+0x11c/0x11c [ 458.004016][T10991] ? show_regs_print_info+0x12/0x12 [ 458.004028][T10991] should_fail+0x6f6/0x860 [ 458.004038][T10991] ? setup_fault_attr+0x3d0/0x3d0 [ 458.004048][T10991] ? apply_wqattrs_prepare+0x1c0/0x17e0 [ 458.004059][T10991] should_failslab+0x5/0x20 [ 458.004068][T10991] kmem_cache_alloc_trace+0x39/0x2b0 [ 458.004076][T10991] ? apply_wqattrs_prepare+0x102/0x17e0 [ 458.004086][T10991] apply_wqattrs_prepare+0x1c0/0x17e0 [ 458.004093][T10991] ? alloc_workqueue+0x1cb/0x11d0 [ 458.004102][T10991] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 458.004110][T10991] ? tty_ioctl+0xf68/0x1710 [ 458.004119][T10991] ? do_vfs_ioctl+0x76a/0x1720 [ 458.004128][T10991] ? __x64_sys_ioctl+0xd4/0x110 [ 458.004136][T10991] ? do_syscall_64+0xcb/0x1e0 [ 458.004145][T10991] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 458.004156][T10991] ? format_decode+0xc5c/0x1ab0 [ 458.004165][T10991] ? cwt_wakefn+0x70/0x70 [ 458.004175][T10991] ? vsnprintf+0x1d60/0x1d60 [ 458.004184][T10991] ? string+0x280/0x2c0 [ 458.004191][T10991] ? widen_string+0x3a/0x340 [ 458.004200][T10991] ? string+0x280/0x2c0 [ 458.004208][T10991] apply_workqueue_attrs_locked+0x136/0x6d0 [ 458.004217][T10991] ? check_preemption_disabled+0x9e/0x330 [ 458.004226][T10991] ? apply_workqueue_attrs+0x40/0x40 [ 458.004234][T10991] ? mutex_lock+0xa6/0x110 [ 458.004244][T10991] ? mutex_trylock+0xb0/0xb0 [ 458.004253][T10991] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 458.004262][T10991] alloc_workqueue+0xcc4/0x11d0 [ 458.004272][T10991] ? sprintf+0xd6/0x120 [ 458.004279][T10991] ? idr_replace+0x230/0x230 [ 458.004289][T10991] ? vsnprintf+0x1caa/0x1d60 [ 458.004297][T10991] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 458.004307][T10991] ? h4_open+0x4f/0x140 [ 458.004317][T10991] hci_register_dev+0x19a/0x710 [ 458.004327][T10991] ? h4_open+0x60/0x140 [ 458.004336][T10991] hci_uart_tty_ioctl+0x89e/0xa10 [ 458.004345][T10991] ? hci_uart_tty_write+0x10/0x10 [ 458.004354][T10991] tty_ioctl+0xf68/0x1710 [ 458.004364][T10991] ? tty_do_resize+0x170/0x170 [ 458.004372][T10991] ? avc_ss_reset+0x3a0/0x3a0 [ 458.004381][T10991] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 458.004389][T10991] ? refcount_inc_checked+0x50/0x50 [ 458.004397][T10991] ? memcg_check_events+0x5c/0x5b0 [ 458.004410][T10991] ? proc_fail_nth_write+0x1d5/0x240 [ 458.004419][T10991] ? proc_fail_nth_read+0x1c0/0x1c0 [ 458.004427][T10991] ? __lru_cache_add+0x1c4/0x210 [ 458.004435][T10991] ? memset+0x1f/0x40 [ 458.004443][T10991] ? fsnotify+0x1332/0x13f0 [ 458.004452][T10991] ? tty_do_resize+0x170/0x170 [ 458.004462][T10991] do_vfs_ioctl+0x76a/0x1720 [ 458.004472][T10991] ? selinux_file_ioctl+0x72f/0x990 [ 458.004483][T10991] ? ioctl_preallocate+0x250/0x250 [ 458.004495][T10991] ? __fget+0x37b/0x3c0 [ 458.004502][T10991] ? vfs_write+0x422/0x4e0 [ 458.004513][T10991] ? fget_many+0x20/0x20 [ 458.004522][T10991] ? debug_smp_processor_id+0x20/0x20 [ 458.004532][T10991] ? security_file_ioctl+0x9d/0xb0 [ 458.004542][T10991] __x64_sys_ioctl+0xd4/0x110 [ 458.004551][T10991] do_syscall_64+0xcb/0x1e0 [ 458.004561][T10991] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 458.004568][T10991] RIP: 0033:0x4665f9 [ 458.004576][T10991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 458.004581][T10991] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 458.004590][T10991] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 458.004595][T10991] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 458.004600][T10991] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 458.004605][T10991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 458.004611][T10991] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 458.009371][T10991] Bluetooth: Can't register HCI device [ 458.010516][T10975] selection: kmalloc() failed [ 458.037623][T10994] FAULT_INJECTION: forcing a failure. [ 458.037623][T10994] name failslab, interval 1, probability 0, space 0, times 0 [ 458.037637][T10994] CPU: 0 PID: 10994 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 458.037642][T10994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 458.037645][T10994] Call Trace: [ 458.037660][T10994] dump_stack+0x1d8/0x24e [ 458.037671][T10994] ? devkmsg_release+0x11c/0x11c [ 458.037681][T10994] ? show_regs_print_info+0x12/0x12 [ 458.037692][T10994] should_fail+0x6f6/0x860 [ 458.037708][T10994] ? setup_fault_attr+0x3d0/0x3d0 [ 458.037718][T10994] ? apply_wqattrs_prepare+0x8a5/0x17e0 [ 458.037727][T10994] should_failslab+0x5/0x20 [ 458.037736][T10994] kmem_cache_alloc+0x36/0x290 [ 458.037746][T10994] apply_wqattrs_prepare+0x8a5/0x17e0 [ 458.037758][T10994] ? __x64_sys_ioctl+0xd4/0x110 [ 458.037770][T10994] ? format_decode+0xc5c/0x1ab0 [ 458.037779][T10994] ? cwt_wakefn+0x70/0x70 [ 458.037788][T10994] ? vsnprintf+0x1d60/0x1d60 [ 458.037798][T10994] ? string+0x280/0x2c0 [ 458.037805][T10994] ? widen_string+0x3a/0x340 [ 458.037814][T10994] ? string+0x280/0x2c0 [ 458.037823][T10994] apply_workqueue_attrs_locked+0x136/0x6d0 [ 458.037832][T10994] ? check_preemption_disabled+0x9e/0x330 [ 458.037841][T10994] ? apply_workqueue_attrs+0x40/0x40 [ 458.037849][T10994] ? mutex_lock+0xa6/0x110 [ 458.037859][T10994] ? mutex_trylock+0xb0/0xb0 [ 458.037868][T10994] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 458.037876][T10994] alloc_workqueue+0xcc4/0x11d0 [ 458.037897][T10994] ? sprintf+0xd6/0x120 [ 458.037904][T10994] ? idr_replace+0x230/0x230 [ 458.037919][T10994] ? vsnprintf+0x1caa/0x1d60 [ 458.037928][T10994] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 458.037939][T10994] ? h4_open+0x4f/0x140 [ 458.037950][T10994] hci_register_dev+0x19a/0x710 [ 458.037959][T10994] ? h4_open+0x60/0x140 [ 458.037968][T10994] hci_uart_tty_ioctl+0x89e/0xa10 [ 458.037977][T10994] ? hci_uart_tty_write+0x10/0x10 [ 458.037987][T10994] tty_ioctl+0xf68/0x1710 [ 458.037997][T10994] ? tty_do_resize+0x170/0x170 [ 458.038006][T10994] ? avc_ss_reset+0x3a0/0x3a0 [ 458.038014][T10994] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 458.038023][T10994] ? refcount_inc_checked+0x50/0x50 [ 458.038031][T10994] ? memcg_check_events+0x5c/0x5b0 [ 458.038043][T10994] ? proc_fail_nth_write+0x1d5/0x240 [ 458.038053][T10994] ? proc_fail_nth_read+0x1c0/0x1c0 [ 458.038062][T10994] ? __lru_cache_add+0x1c4/0x210 [ 458.038070][T10994] ? memset+0x1f/0x40 [ 458.038077][T10994] ? fsnotify+0x1332/0x13f0 [ 458.038086][T10994] ? tty_do_resize+0x170/0x170 [ 458.038095][T10994] do_vfs_ioctl+0x76a/0x1720 [ 458.038105][T10994] ? selinux_file_ioctl+0x72f/0x990 [ 458.038115][T10994] ? ioctl_preallocate+0x250/0x250 [ 458.038130][T10994] ? __fget+0x37b/0x3c0 [ 458.038137][T10994] ? vfs_write+0x422/0x4e0 [ 458.038147][T10994] ? fget_many+0x20/0x20 [ 458.038155][T10994] ? debug_smp_processor_id+0x20/0x20 [ 458.038165][T10994] ? security_file_ioctl+0x9d/0xb0 [ 458.038175][T10994] __x64_sys_ioctl+0xd4/0x110 [ 458.038184][T10994] do_syscall_64+0xcb/0x1e0 [ 458.038194][T10994] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 458.038202][T10994] RIP: 0033:0x4665f9 [ 458.038211][T10994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 458.038216][T10994] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 458.038226][T10994] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 458.038231][T10994] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 458.038236][T10994] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 458.038241][T10994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 458.038247][T10994] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 458.038284][T10994] Bluetooth: Can't register HCI device [ 459.338595][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 459.338639][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 459.812090][T10982] selection: kmalloc() failed [ 461.414387][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 461.420411][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 463.494290][ T17] Bluetooth: hci0: command 0x1009 tx timeout 16:17:30 executing program 3 (fault-call:2 fault-nth:18): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:30 executing program 0 (fault-call:2 fault-nth:8): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:30 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:30 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x6, {0x3}}) 16:17:30 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x2}}) 16:17:30 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807", 0xc1}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:30 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x7, {0x3}}) [ 467.364146][ T22] audit: type=1326 audit(1631031450.433:8614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11001 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 467.374688][T11012] FAULT_INJECTION: forcing a failure. [ 467.374688][T11012] name failslab, interval 1, probability 0, space 0, times 0 [ 467.399069][ T22] audit: type=1326 audit(1631031450.473:8615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11004 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 467.400816][T11012] CPU: 0 PID: 11012 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 467.424910][T11013] FAULT_INJECTION: forcing a failure. [ 467.424910][T11013] name failslab, interval 1, probability 0, space 0, times 0 [ 467.435332][T11012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 467.435335][T11012] Call Trace: [ 467.435354][T11012] dump_stack+0x1d8/0x24e [ 467.435364][T11012] ? devkmsg_release+0x11c/0x11c [ 467.435372][T11012] ? show_regs_print_info+0x12/0x12 [ 467.435381][T11012] ? kfree+0xe0/0x660 [ 467.435390][T11012] ? apply_wqattrs_commit+0x3d1/0x730 [ 467.435399][T11012] should_fail+0x6f6/0x860 [ 467.435416][T11012] ? setup_fault_attr+0x3d0/0x3d0 [ 467.494616][T11012] ? check_preemption_disabled+0x9e/0x330 [ 467.494627][T11012] ? pwq_adjust_max_active+0xc0/0x900 [ 467.494637][T11012] ? mutex_lock+0xa6/0x110 16:17:30 executing program 3 (fault-call:2 fault-nth:19): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:30 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x3}}) [ 467.494645][T11012] ? alloc_workqueue+0x156/0x11d0 [ 467.494656][T11012] should_failslab+0x5/0x20 [ 467.494666][T11012] __kmalloc+0x5f/0x2f0 [ 467.494676][T11012] alloc_workqueue+0x156/0x11d0 [ 467.494687][T11012] ? sprintf+0xd6/0x120 [ 467.494695][T11012] ? idr_replace+0x230/0x230 [ 467.494704][T11012] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 467.494715][T11012] ? h4_open+0x4f/0x140 [ 467.494725][T11012] hci_register_dev+0x1f2/0x710 [ 467.494737][T11012] hci_uart_tty_ioctl+0x89e/0xa10 [ 467.494747][T11012] ? hci_uart_tty_write+0x10/0x10 16:17:30 executing program 0 (fault-call:2 fault-nth:9): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 467.494757][T11012] tty_ioctl+0xf68/0x1710 [ 467.494767][T11012] ? tty_do_resize+0x170/0x170 [ 467.494777][T11012] ? avc_ss_reset+0x3a0/0x3a0 [ 467.494786][T11012] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 467.494794][T11012] ? refcount_inc_checked+0x50/0x50 [ 467.494804][T11012] ? memcg_check_events+0x5c/0x5b0 [ 467.494818][T11012] ? proc_fail_nth_write+0x1d5/0x240 [ 467.494828][T11012] ? proc_fail_nth_read+0x1c0/0x1c0 [ 467.494837][T11012] ? __lru_cache_add+0x1c4/0x210 [ 467.494845][T11012] ? memset+0x1f/0x40 [ 467.494854][T11012] ? fsnotify+0x1332/0x13f0 [ 467.494862][T11012] ? tty_do_resize+0x170/0x170 [ 467.494873][T11012] do_vfs_ioctl+0x76a/0x1720 [ 467.494883][T11012] ? selinux_file_ioctl+0x72f/0x990 [ 467.494894][T11012] ? ioctl_preallocate+0x250/0x250 [ 467.494905][T11012] ? __fget+0x37b/0x3c0 [ 467.494912][T11012] ? vfs_write+0x422/0x4e0 [ 467.494920][T11012] ? fget_many+0x20/0x20 [ 467.494927][T11012] ? debug_smp_processor_id+0x20/0x20 [ 467.494938][T11012] ? security_file_ioctl+0x9d/0xb0 [ 467.494946][T11012] __x64_sys_ioctl+0xd4/0x110 [ 467.494956][T11012] do_syscall_64+0xcb/0x1e0 [ 467.494966][T11012] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 467.494973][T11012] RIP: 0033:0x4665f9 [ 467.494983][T11012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 467.494988][T11012] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 467.494998][T11012] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 467.495003][T11012] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 467.495014][T11012] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 467.495019][T11012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 467.495024][T11012] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 467.501424][T11013] CPU: 1 PID: 11013 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 467.501431][T11013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 467.501434][T11013] Call Trace: [ 467.501450][T11013] dump_stack+0x1d8/0x24e [ 467.501461][T11013] ? devkmsg_release+0x11c/0x11c [ 467.501472][T11013] ? show_regs_print_info+0x12/0x12 [ 467.501483][T11013] ? lockref_put_or_lock+0x1cd/0x340 [ 467.501494][T11013] should_fail+0x6f6/0x860 [ 467.501511][T11013] ? setup_fault_attr+0x3d0/0x3d0 [ 467.501523][T11013] ? kobject_set_name_vargs+0x5d/0x110 [ 467.501533][T11013] should_failslab+0x5/0x20 [ 467.501546][T11013] __kmalloc_track_caller+0x5d/0x2e0 [ 467.501563][T11013] kstrdup_const+0x51/0x90 [ 467.501572][T11013] kobject_set_name_vargs+0x5d/0x110 [ 467.501583][T11013] dev_set_name+0xd1/0x120 [ 467.501594][T11013] ? up_read+0x10/0x10 [ 467.501602][T11013] ? up_write+0xa6/0x270 [ 467.501612][T11013] ? get_device+0x30/0x30 [ 467.501624][T11013] hci_register_dev+0x326/0x710 [ 467.501637][T11013] hci_uart_tty_ioctl+0x89e/0xa10 [ 467.501647][T11013] ? hci_uart_tty_write+0x10/0x10 [ 467.501657][T11013] tty_ioctl+0xf68/0x1710 [ 467.501667][T11013] ? tty_do_resize+0x170/0x170 [ 467.501676][T11013] ? avc_ss_reset+0x3a0/0x3a0 [ 467.501685][T11013] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 467.501694][T11013] ? refcount_inc_checked+0x50/0x50 [ 467.501704][T11013] ? memcg_check_events+0x5c/0x5b0 [ 467.501716][T11013] ? proc_fail_nth_write+0x1d5/0x240 [ 467.501727][T11013] ? proc_fail_nth_read+0x1c0/0x1c0 [ 467.501735][T11013] ? __lru_cache_add+0x1c4/0x210 [ 467.501747][T11013] ? memset+0x1f/0x40 [ 467.501756][T11013] ? fsnotify+0x1332/0x13f0 [ 467.501764][T11013] ? tty_do_resize+0x170/0x170 [ 467.501775][T11013] do_vfs_ioctl+0x76a/0x1720 [ 467.501786][T11013] ? selinux_file_ioctl+0x72f/0x990 [ 467.501796][T11013] ? ioctl_preallocate+0x250/0x250 [ 467.501807][T11013] ? __fget+0x37b/0x3c0 [ 467.501815][T11013] ? vfs_write+0x422/0x4e0 [ 467.501826][T11013] ? fget_many+0x20/0x20 [ 467.501834][T11013] ? debug_smp_processor_id+0x20/0x20 [ 467.501844][T11013] ? security_file_ioctl+0x9d/0xb0 [ 467.501854][T11013] __x64_sys_ioctl+0xd4/0x110 [ 467.501865][T11013] do_syscall_64+0xcb/0x1e0 [ 467.501875][T11013] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 467.501883][T11013] RIP: 0033:0x4665f9 [ 467.501892][T11013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 467.501897][T11013] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 467.501906][T11013] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 467.501912][T11013] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 467.501917][T11013] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 467.501928][T11013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 467.501934][T11013] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 467.502001][T11013] Bluetooth: Can't register HCI device [ 467.505204][T11012] Bluetooth: Can't register HCI device [ 467.525457][T11019] FAULT_INJECTION: forcing a failure. [ 467.525457][T11019] name failslab, interval 1, probability 0, space 0, times 0 [ 467.585625][T11025] FAULT_INJECTION: forcing a failure. [ 467.585625][T11025] name failslab, interval 1, probability 0, space 0, times 0 [ 467.597220][T11019] CPU: 1 PID: 11019 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 468.091064][T11019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.091067][T11019] Call Trace: [ 468.091087][T11019] dump_stack+0x1d8/0x24e 16:17:31 executing program 0 (fault-call:2 fault-nth:10): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 468.091097][T11019] ? devkmsg_release+0x11c/0x11c [ 468.091106][T11019] ? show_regs_print_info+0x12/0x12 [ 468.091117][T11019] should_fail+0x6f6/0x860 [ 468.091126][T11019] ? setup_fault_attr+0x3d0/0x3d0 [ 468.091133][T11019] ? refcount_add_checked+0x50/0x50 [ 468.091141][T11019] ? device_add+0x121/0x18a0 [ 468.091151][T11019] should_failslab+0x5/0x20 [ 468.091161][T11019] kmem_cache_alloc_trace+0x39/0x2b0 [ 468.091171][T11019] device_add+0x121/0x18a0 [ 468.091182][T11019] ? dev_set_name+0xd1/0x120 [ 468.091192][T11019] ? up_read+0x10/0x10 16:17:31 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xa, {0x3}}) 16:17:31 executing program 3 (fault-call:2 fault-nth:20): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 468.091199][T11019] ? up_write+0xa6/0x270 [ 468.091207][T11019] ? get_device+0x30/0x30 [ 468.091214][T11019] ? virtual_device_parent+0x50/0x50 [ 468.091225][T11019] hci_register_dev+0x32e/0x710 [ 468.091236][T11019] hci_uart_tty_ioctl+0x89e/0xa10 [ 468.091244][T11019] ? hci_uart_tty_write+0x10/0x10 [ 468.091253][T11019] tty_ioctl+0xf68/0x1710 [ 468.091261][T11019] ? tty_do_resize+0x170/0x170 [ 468.091269][T11019] ? avc_ss_reset+0x3a0/0x3a0 [ 468.091276][T11019] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 468.091284][T11019] ? refcount_inc_checked+0x50/0x50 [ 468.091293][T11019] ? memcg_check_events+0x5c/0x5b0 [ 468.091304][T11019] ? proc_fail_nth_write+0x1d5/0x240 [ 468.091312][T11019] ? proc_fail_nth_read+0x1c0/0x1c0 [ 468.091320][T11019] ? __lru_cache_add+0x1c4/0x210 [ 468.091327][T11019] ? memset+0x1f/0x40 [ 468.091335][T11019] ? fsnotify+0x1332/0x13f0 [ 468.091342][T11019] ? tty_do_resize+0x170/0x170 [ 468.091351][T11019] do_vfs_ioctl+0x76a/0x1720 [ 468.091360][T11019] ? selinux_file_ioctl+0x72f/0x990 [ 468.091369][T11019] ? ioctl_preallocate+0x250/0x250 [ 468.091379][T11019] ? __fget+0x37b/0x3c0 [ 468.091385][T11019] ? vfs_write+0x422/0x4e0 [ 468.091394][T11019] ? fget_many+0x20/0x20 [ 468.091403][T11019] ? debug_smp_processor_id+0x20/0x20 [ 468.091413][T11019] ? security_file_ioctl+0x9d/0xb0 [ 468.091424][T11019] __x64_sys_ioctl+0xd4/0x110 [ 468.091442][T11019] do_syscall_64+0xcb/0x1e0 [ 468.091452][T11019] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 468.091460][T11019] RIP: 0033:0x4665f9 [ 468.091468][T11019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 468.091472][T11019] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 468.091481][T11019] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 468.091485][T11019] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 468.091490][T11019] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 468.091494][T11019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 468.091499][T11019] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 468.091514][T11025] CPU: 0 PID: 11025 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 468.091520][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.091522][T11025] Call Trace: [ 468.091532][T11025] dump_stack+0x1d8/0x24e [ 468.091544][T11025] ? devkmsg_release+0x11c/0x11c [ 468.091553][T11025] ? show_regs_print_info+0x12/0x12 [ 468.091563][T11025] should_fail+0x6f6/0x860 [ 468.091571][T11025] ? setup_fault_attr+0x3d0/0x3d0 [ 468.091581][T11025] ? mutex_lock+0xa6/0x110 [ 468.091589][T11025] ? alloc_workqueue+0x1cb/0x11d0 [ 468.091597][T11025] should_failslab+0x5/0x20 [ 468.091605][T11025] kmem_cache_alloc_trace+0x39/0x2b0 [ 468.091612][T11025] ? alloc_workqueue+0x156/0x11d0 [ 468.091621][T11025] alloc_workqueue+0x1cb/0x11d0 [ 468.091631][T11025] ? sprintf+0xd6/0x120 [ 468.091637][T11025] ? idr_replace+0x230/0x230 [ 468.091646][T11025] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 468.091656][T11025] ? h4_open+0x4f/0x140 [ 468.091665][T11025] hci_register_dev+0x1f2/0x710 [ 468.091676][T11025] hci_uart_tty_ioctl+0x89e/0xa10 [ 468.091685][T11025] ? hci_uart_tty_write+0x10/0x10 [ 468.091692][T11025] tty_ioctl+0xf68/0x1710 [ 468.091700][T11025] ? tty_do_resize+0x170/0x170 [ 468.091708][T11025] ? avc_ss_reset+0x3a0/0x3a0 [ 468.091716][T11025] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 468.091725][T11025] ? refcount_inc_checked+0x50/0x50 [ 468.091734][T11025] ? memcg_check_events+0x5c/0x5b0 [ 468.091746][T11025] ? proc_fail_nth_write+0x1d5/0x240 [ 468.091756][T11025] ? proc_fail_nth_read+0x1c0/0x1c0 [ 468.091765][T11025] ? __lru_cache_add+0x1c4/0x210 [ 468.091772][T11025] ? memset+0x1f/0x40 [ 468.091779][T11025] ? fsnotify+0x1332/0x13f0 [ 468.091786][T11025] ? tty_do_resize+0x170/0x170 [ 468.091794][T11025] do_vfs_ioctl+0x76a/0x1720 [ 468.091802][T11025] ? selinux_file_ioctl+0x72f/0x990 [ 468.091811][T11025] ? ioctl_preallocate+0x250/0x250 [ 468.091821][T11025] ? __fget+0x37b/0x3c0 [ 468.091827][T11025] ? vfs_write+0x422/0x4e0 [ 468.091837][T11025] ? fget_many+0x20/0x20 [ 468.091845][T11025] ? debug_smp_processor_id+0x20/0x20 [ 468.091854][T11025] ? security_file_ioctl+0x9d/0xb0 [ 468.091864][T11025] __x64_sys_ioctl+0xd4/0x110 [ 468.091872][T11025] do_syscall_64+0xcb/0x1e0 [ 468.091882][T11025] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 468.091888][T11025] RIP: 0033:0x4665f9 [ 468.091896][T11025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 468.091901][T11025] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 468.091909][T11025] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 468.091914][T11025] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 468.091919][T11025] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 468.091923][T11025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 16:17:31 executing program 3 (fault-call:2 fault-nth:21): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 468.091928][T11025] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 468.107602][T11025] Bluetooth: Can't register HCI device [ 468.110690][T11019] Bluetooth: Can't register HCI device [ 468.144552][T11029] FAULT_INJECTION: forcing a failure. [ 468.144552][T11029] name failslab, interval 1, probability 0, space 0, times 0 [ 468.701034][T11029] CPU: 0 PID: 11029 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 468.701040][T11029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.701043][T11029] Call Trace: [ 468.701058][T11029] dump_stack+0x1d8/0x24e [ 468.701068][T11029] ? devkmsg_release+0x11c/0x11c [ 468.701078][T11029] ? show_regs_print_info+0x12/0x12 [ 468.701089][T11029] ? should_fail+0x3b3/0x860 [ 468.701098][T11029] should_fail+0x6f6/0x860 [ 468.701108][T11029] ? setup_fault_attr+0x3d0/0x3d0 [ 468.701117][T11029] ? apply_wqattrs_prepare+0xcb/0x17e0 [ 468.701127][T11029] should_failslab+0x5/0x20 [ 468.701136][T11029] kmem_cache_alloc_trace+0x39/0x2b0 [ 468.701146][T11029] apply_wqattrs_prepare+0xcb/0x17e0 [ 468.701153][T11029] ? alloc_workqueue+0x1cb/0x11d0 [ 468.701162][T11029] ? hci_register_dev+0x1f2/0x710 [ 468.701171][T11029] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 468.701179][T11029] ? tty_ioctl+0xf68/0x1710 [ 468.701189][T11029] ? do_vfs_ioctl+0x76a/0x1720 [ 468.701197][T11029] ? __x64_sys_ioctl+0xd4/0x110 [ 468.701205][T11029] ? do_syscall_64+0xcb/0x1e0 [ 468.701214][T11029] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 468.701225][T11029] ? format_decode+0xc5c/0x1ab0 [ 468.701234][T11029] ? cwt_wakefn+0x70/0x70 [ 468.701241][T11029] ? vsnprintf+0x1d60/0x1d60 [ 468.701250][T11029] ? string+0x280/0x2c0 [ 468.701257][T11029] ? widen_string+0x3a/0x340 [ 468.701266][T11029] ? string+0x280/0x2c0 [ 468.701275][T11029] apply_workqueue_attrs_locked+0x136/0x6d0 [ 468.701284][T11029] ? check_preemption_disabled+0x9e/0x330 [ 468.701293][T11029] ? apply_workqueue_attrs+0x40/0x40 [ 468.701302][T11029] ? mutex_lock+0xa6/0x110 [ 468.701312][T11029] ? mutex_trylock+0xb0/0xb0 [ 468.701321][T11029] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 468.701331][T11029] alloc_workqueue+0xcc4/0x11d0 [ 468.701341][T11029] ? sprintf+0xd6/0x120 [ 468.701349][T11029] ? idr_replace+0x230/0x230 [ 468.701358][T11029] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 468.701368][T11029] ? h4_open+0x4f/0x140 [ 468.701378][T11029] hci_register_dev+0x1f2/0x710 [ 468.701390][T11029] hci_uart_tty_ioctl+0x89e/0xa10 [ 468.701400][T11029] ? hci_uart_tty_write+0x10/0x10 [ 468.701410][T11029] tty_ioctl+0xf68/0x1710 [ 468.701420][T11029] ? tty_do_resize+0x170/0x170 [ 468.701429][T11029] ? avc_ss_reset+0x3a0/0x3a0 [ 468.701438][T11029] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 468.701446][T11029] ? refcount_inc_checked+0x50/0x50 [ 468.701456][T11029] ? memcg_check_events+0x5c/0x5b0 [ 468.701469][T11029] ? proc_fail_nth_write+0x1d5/0x240 [ 468.701479][T11029] ? proc_fail_nth_read+0x1c0/0x1c0 [ 468.701489][T11029] ? __lru_cache_add+0x1c4/0x210 [ 468.701497][T11029] ? memset+0x1f/0x40 [ 468.701505][T11029] ? fsnotify+0x1332/0x13f0 [ 468.701514][T11029] ? tty_do_resize+0x170/0x170 [ 468.701523][T11029] do_vfs_ioctl+0x76a/0x1720 [ 468.701534][T11029] ? selinux_file_ioctl+0x72f/0x990 [ 468.701556][T11029] ? ioctl_preallocate+0x250/0x250 [ 468.701568][T11029] ? __fget+0x37b/0x3c0 [ 468.701576][T11029] ? vfs_write+0x422/0x4e0 [ 468.701586][T11029] ? fget_many+0x20/0x20 [ 468.701595][T11029] ? debug_smp_processor_id+0x20/0x20 [ 468.701605][T11029] ? security_file_ioctl+0x9d/0xb0 [ 468.701616][T11029] __x64_sys_ioctl+0xd4/0x110 [ 468.701625][T11029] do_syscall_64+0xcb/0x1e0 [ 468.701635][T11029] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 468.701643][T11029] RIP: 0033:0x4665f9 [ 468.701652][T11029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 468.701657][T11029] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 468.701667][T11029] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 468.701672][T11029] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 468.701678][T11029] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 468.701683][T11029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 468.701688][T11029] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 468.701814][T11029] Bluetooth: Can't register HCI device [ 468.702523][T11034] debugfs: Directory 'hci1' with parent 'bluetooth' already present! [ 468.702603][T11034] FAULT_INJECTION: forcing a failure. [ 468.702603][T11034] name failslab, interval 1, probability 0, space 0, times 0 [ 468.702613][T11034] CPU: 1 PID: 11034 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 468.702618][T11034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.702621][T11034] Call Trace: [ 468.702633][T11034] dump_stack+0x1d8/0x24e [ 468.702643][T11034] ? devkmsg_release+0x11c/0x11c [ 468.702652][T11034] ? show_regs_print_info+0x12/0x12 [ 468.702660][T11034] ? _raw_spin_lock+0xa3/0x1b0 [ 468.702670][T11034] should_fail+0x6f6/0x860 [ 468.702679][T11034] ? setup_fault_attr+0x3d0/0x3d0 [ 468.702687][T11034] ? mutex_lock+0xa6/0x110 [ 468.702696][T11034] ? mutex_trylock+0xb0/0xb0 [ 468.702706][T11034] ? __kernfs_new_node+0xdb/0x6d0 [ 468.702715][T11034] should_failslab+0x5/0x20 [ 468.702722][T11034] kmem_cache_alloc+0x36/0x290 [ 468.702731][T11034] __kernfs_new_node+0xdb/0x6d0 [ 468.702739][T11034] ? mutex_unlock+0x19/0x40 [ 468.702750][T11034] ? kernfs_new_node+0x160/0x160 [ 468.702760][T11034] ? kernfs_create_dir_ns+0x1df/0x220 [ 468.702768][T11034] ? sysfs_create_dir_ns+0x181/0x390 [ 468.702775][T11034] ? sysfs_create_dir_ns+0x1c7/0x390 [ 468.702782][T11034] ? sysfs_warn_dup+0xa0/0xa0 [ 468.702791][T11034] kernfs_new_node+0x95/0x160 [ 468.702800][T11034] __kernfs_create_file+0x45/0x260 [ 468.702809][T11034] sysfs_add_file_mode_ns+0x293/0x340 [ 468.702818][T11034] sysfs_create_file_ns+0x18c/0x2b0 [ 468.702827][T11034] ? sysfs_add_file_mode_ns+0x340/0x340 [ 468.702837][T11034] ? device_create_file+0xe2/0x1a0 [ 468.702845][T11034] device_add+0x64c/0x18a0 [ 468.702855][T11034] ? get_device+0x30/0x30 [ 468.702861][T11034] ? virtual_device_parent+0x50/0x50 [ 468.702868][T11034] ? h4_open+0x4f/0x140 [ 468.702875][T11034] hci_register_dev+0x32e/0x710 [ 468.702885][T11034] hci_uart_tty_ioctl+0x89e/0xa10 [ 468.702894][T11034] ? hci_uart_tty_write+0x10/0x10 [ 468.702903][T11034] tty_ioctl+0xf68/0x1710 [ 468.702912][T11034] ? tty_do_resize+0x170/0x170 [ 468.702920][T11034] ? avc_ss_reset+0x3a0/0x3a0 [ 468.702929][T11034] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 468.702937][T11034] ? refcount_inc_checked+0x50/0x50 [ 468.702946][T11034] ? memcg_check_events+0x5c/0x5b0 [ 468.702958][T11034] ? proc_fail_nth_write+0x1d5/0x240 [ 468.702968][T11034] ? proc_fail_nth_read+0x1c0/0x1c0 [ 468.702977][T11034] ? __lru_cache_add+0x1c4/0x210 [ 468.702984][T11034] ? memset+0x1f/0x40 [ 468.702991][T11034] ? fsnotify+0x1332/0x13f0 [ 468.702997][T11034] ? tty_do_resize+0x170/0x170 [ 468.703005][T11034] do_vfs_ioctl+0x76a/0x1720 [ 468.703013][T11034] ? selinux_file_ioctl+0x72f/0x990 [ 468.703022][T11034] ? ioctl_preallocate+0x250/0x250 [ 468.703031][T11034] ? __fget+0x37b/0x3c0 [ 468.703036][T11034] ? vfs_write+0x422/0x4e0 [ 468.703045][T11034] ? fget_many+0x20/0x20 [ 468.703062][T11034] ? debug_smp_processor_id+0x20/0x20 [ 468.703071][T11034] ? security_file_ioctl+0x9d/0xb0 [ 468.703079][T11034] __x64_sys_ioctl+0xd4/0x110 [ 468.703096][T11034] do_syscall_64+0xcb/0x1e0 [ 468.703107][T11034] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 468.703114][T11034] RIP: 0033:0x4665f9 [ 468.703123][T11034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 468.703128][T11034] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 468.703137][T11034] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 468.703142][T11034] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 468.703147][T11034] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 468.703152][T11034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 468.703157][T11034] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 468.703526][T11034] Bluetooth: Can't register HCI device [ 468.784457][T11040] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 468.784545][T11040] FAULT_INJECTION: forcing a failure. [ 468.784545][T11040] name failslab, interval 1, probability 0, space 0, times 0 [ 468.784558][T11040] CPU: 1 PID: 11040 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 468.784563][T11040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.784565][T11040] Call Trace: [ 468.784581][T11040] dump_stack+0x1d8/0x24e [ 468.784591][T11040] ? devkmsg_release+0x11c/0x11c [ 468.784601][T11040] ? show_regs_print_info+0x12/0x12 [ 468.784609][T11040] ? _raw_spin_lock+0xa3/0x1b0 [ 468.784621][T11040] should_fail+0x6f6/0x860 [ 468.784631][T11040] ? setup_fault_attr+0x3d0/0x3d0 [ 468.784640][T11040] ? mutex_lock+0xa6/0x110 [ 468.784648][T11040] ? mutex_trylock+0xb0/0xb0 [ 468.784658][T11040] ? __kernfs_new_node+0xdb/0x6d0 [ 468.784667][T11040] should_failslab+0x5/0x20 [ 468.784676][T11040] kmem_cache_alloc+0x36/0x290 [ 468.784689][T11040] __kernfs_new_node+0xdb/0x6d0 [ 468.784701][T11040] ? kernfs_add_one+0x49e/0x5c0 [ 468.784710][T11040] ? kernfs_new_node+0x160/0x160 [ 468.784720][T11040] ? __kernfs_create_file+0x1f1/0x260 [ 468.784730][T11040] ? sysfs_add_file_mode_ns+0x293/0x340 [ 468.784738][T11040] ? sysfs_add_file_mode_ns+0x2b4/0x340 [ 468.784749][T11040] kernfs_new_node+0x95/0x160 [ 468.784761][T11040] kernfs_create_link+0x9c/0x1f0 [ 468.784771][T11040] sysfs_do_create_link_sd+0x85/0x100 [ 468.784780][T11040] device_add+0x74b/0x18a0 [ 468.784792][T11040] ? get_device+0x30/0x30 [ 468.784801][T11040] ? virtual_device_parent+0x50/0x50 [ 468.784810][T11040] ? h4_open+0x4f/0x140 [ 468.784819][T11040] hci_register_dev+0x32e/0x710 [ 468.784830][T11040] hci_uart_tty_ioctl+0x89e/0xa10 [ 468.784839][T11040] ? hci_uart_tty_write+0x10/0x10 [ 468.784848][T11040] tty_ioctl+0xf68/0x1710 [ 468.784857][T11040] ? tty_do_resize+0x170/0x170 [ 468.784866][T11040] ? avc_ss_reset+0x3a0/0x3a0 [ 468.784875][T11040] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 468.784884][T11040] ? refcount_inc_checked+0x50/0x50 [ 468.784893][T11040] ? memcg_check_events+0x5c/0x5b0 [ 468.784904][T11040] ? proc_fail_nth_write+0x1d5/0x240 [ 468.784912][T11040] ? proc_fail_nth_read+0x1c0/0x1c0 [ 468.784921][T11040] ? __lru_cache_add+0x1c4/0x210 [ 468.784929][T11040] ? memset+0x1f/0x40 [ 468.784937][T11040] ? fsnotify+0x1332/0x13f0 [ 468.784945][T11040] ? tty_do_resize+0x170/0x170 [ 468.784954][T11040] do_vfs_ioctl+0x76a/0x1720 [ 468.784964][T11040] ? selinux_file_ioctl+0x72f/0x990 [ 468.784974][T11040] ? ioctl_preallocate+0x250/0x250 [ 468.784983][T11040] ? __fget+0x37b/0x3c0 [ 468.784990][T11040] ? vfs_write+0x422/0x4e0 [ 468.784999][T11040] ? fget_many+0x20/0x20 [ 468.785007][T11040] ? debug_smp_processor_id+0x20/0x20 [ 468.785016][T11040] ? security_file_ioctl+0x9d/0xb0 [ 468.785025][T11040] __x64_sys_ioctl+0xd4/0x110 [ 468.785035][T11040] do_syscall_64+0xcb/0x1e0 [ 468.785053][T11040] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 468.785061][T11040] RIP: 0033:0x4665f9 [ 468.785071][T11040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 468.785076][T11040] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 468.785085][T11040] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 468.785091][T11040] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 468.785096][T11040] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 468.785102][T11040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 468.785107][T11040] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 468.787693][T11040] Bluetooth: Can't register HCI device 16:17:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:33 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x4}}) 16:17:33 executing program 0 (fault-call:2 fault-nth:11): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 468.861418][T11017] selection: kmalloc() failed [ 470.098164][ T22] audit: type=1326 audit(1631031453.173:8616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11044 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 470.119543][T11048] FAULT_INJECTION: forcing a failure. [ 470.119543][T11048] name failslab, interval 1, probability 0, space 0, times 0 [ 470.119557][T11048] CPU: 1 PID: 11048 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 470.119562][T11048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.119565][T11048] Call Trace: [ 470.119581][T11048] dump_stack+0x1d8/0x24e [ 470.119591][T11048] ? devkmsg_release+0x11c/0x11c [ 470.119601][T11048] ? show_regs_print_info+0x12/0x12 [ 470.119613][T11048] should_fail+0x6f6/0x860 [ 470.119623][T11048] ? setup_fault_attr+0x3d0/0x3d0 [ 470.119633][T11048] ? apply_wqattrs_prepare+0x102/0x17e0 [ 470.119643][T11048] should_failslab+0x5/0x20 [ 470.119653][T11048] kmem_cache_alloc_trace+0x39/0x2b0 [ 470.119661][T11048] ? apply_wqattrs_prepare+0xcb/0x17e0 [ 470.119670][T11048] apply_wqattrs_prepare+0x102/0x17e0 [ 470.119678][T11048] ? alloc_workqueue+0x1cb/0x11d0 [ 470.119686][T11048] ? hci_register_dev+0x1f2/0x710 [ 470.119696][T11048] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 470.119704][T11048] ? tty_ioctl+0xf68/0x1710 [ 470.119714][T11048] ? do_vfs_ioctl+0x76a/0x1720 [ 470.119723][T11048] ? __x64_sys_ioctl+0xd4/0x110 [ 470.119731][T11048] ? do_syscall_64+0xcb/0x1e0 [ 470.119740][T11048] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.119751][T11048] ? format_decode+0xc5c/0x1ab0 [ 470.119760][T11048] ? cwt_wakefn+0x70/0x70 [ 470.119769][T11048] ? vsnprintf+0x1d60/0x1d60 [ 470.119779][T11048] ? string+0x280/0x2c0 [ 470.119786][T11048] ? widen_string+0x3a/0x340 [ 470.119794][T11048] ? string+0x280/0x2c0 [ 470.119803][T11048] apply_workqueue_attrs_locked+0x136/0x6d0 [ 470.119812][T11048] ? check_preemption_disabled+0x9e/0x330 [ 470.119820][T11048] ? apply_workqueue_attrs+0x40/0x40 [ 470.119829][T11048] ? mutex_lock+0xa6/0x110 [ 470.119838][T11048] ? mutex_trylock+0xb0/0xb0 [ 470.119847][T11048] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 470.119856][T11048] alloc_workqueue+0xcc4/0x11d0 [ 470.119865][T11048] ? sprintf+0xd6/0x120 [ 470.119875][T11048] ? idr_replace+0x230/0x230 [ 470.119884][T11048] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 470.119894][T11048] ? h4_open+0x4f/0x140 [ 470.119904][T11048] hci_register_dev+0x1f2/0x710 [ 470.119915][T11048] hci_uart_tty_ioctl+0x89e/0xa10 [ 470.119924][T11048] ? hci_uart_tty_write+0x10/0x10 [ 470.119933][T11048] tty_ioctl+0xf68/0x1710 [ 470.119942][T11048] ? tty_do_resize+0x170/0x170 [ 470.119951][T11048] ? avc_ss_reset+0x3a0/0x3a0 [ 470.119960][T11048] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 470.119968][T11048] ? refcount_inc_checked+0x50/0x50 [ 470.119977][T11048] ? memcg_check_events+0x5c/0x5b0 [ 470.119989][T11048] ? proc_fail_nth_write+0x1d5/0x240 [ 470.119998][T11048] ? proc_fail_nth_read+0x1c0/0x1c0 [ 470.120007][T11048] ? __lru_cache_add+0x1c4/0x210 [ 470.120015][T11048] ? memset+0x1f/0x40 [ 470.120023][T11048] ? fsnotify+0x1332/0x13f0 [ 470.120031][T11048] ? tty_do_resize+0x170/0x170 [ 470.120041][T11048] do_vfs_ioctl+0x76a/0x1720 [ 470.120050][T11048] ? selinux_file_ioctl+0x72f/0x990 [ 470.120061][T11048] ? ioctl_preallocate+0x250/0x250 [ 470.120072][T11048] ? __fget+0x37b/0x3c0 [ 470.120079][T11048] ? vfs_write+0x422/0x4e0 [ 470.120089][T11048] ? fget_many+0x20/0x20 [ 470.120097][T11048] ? debug_smp_processor_id+0x20/0x20 [ 470.120107][T11048] ? security_file_ioctl+0x9d/0xb0 [ 470.120117][T11048] __x64_sys_ioctl+0xd4/0x110 [ 470.120126][T11048] do_syscall_64+0xcb/0x1e0 [ 470.120136][T11048] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.120144][T11048] RIP: 0033:0x4665f9 [ 470.120154][T11048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 470.120159][T11048] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.120168][T11048] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 16:17:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c3068071525", 0xc3}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:33 executing program 3 (fault-call:2 fault-nth:22): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:33 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xb, {0x3}}) 16:17:33 executing program 0 (fault-call:2 fault-nth:12): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 470.120173][T11048] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 470.120178][T11048] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 470.120183][T11048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 470.120188][T11048] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 470.120314][T11048] Bluetooth: Can't register HCI device [ 470.135425][T11027] selection: kmalloc() failed 16:17:33 executing program 3 (fault-call:2 fault-nth:23): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:33 executing program 0 (fault-call:2 fault-nth:13): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:33 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xc, {0x3}}) 16:17:33 executing program 3 (fault-call:2 fault-nth:24): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:33 executing program 0 (fault-call:2 fault-nth:14): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 470.683040][T11057] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 470.683137][T11057] FAULT_INJECTION: forcing a failure. [ 470.683137][T11057] name failslab, interval 1, probability 0, space 0, times 0 [ 470.683149][T11057] CPU: 0 PID: 11057 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 470.683155][T11057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.683158][T11057] Call Trace: [ 470.683173][T11057] dump_stack+0x1d8/0x24e [ 470.683184][T11057] ? devkmsg_release+0x11c/0x11c [ 470.683193][T11057] ? show_regs_print_info+0x12/0x12 [ 470.683204][T11057] ? mutex_unlock+0x19/0x40 [ 470.683214][T11057] ? kernfs_xattr_get+0x81/0x90 [ 470.683224][T11057] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 470.683233][T11057] should_fail+0x6f6/0x860 [ 470.683243][T11057] ? setup_fault_attr+0x3d0/0x3d0 [ 470.683254][T11057] ? __kernfs_new_node+0x99/0x6d0 [ 470.683264][T11057] should_failslab+0x5/0x20 [ 470.683275][T11057] __kmalloc_track_caller+0x5d/0x2e0 [ 470.683287][T11057] kstrdup_const+0x51/0x90 [ 470.683296][T11057] __kernfs_new_node+0x99/0x6d0 [ 470.683306][T11057] ? mutex_lock+0xa6/0x110 [ 470.683318][T11057] ? kernfs_new_node+0x160/0x160 [ 470.683331][T11057] ? kernfs_activate+0x3fc/0x420 [ 470.683342][T11057] kernfs_new_node+0x95/0x160 [ 470.683353][T11057] kernfs_create_link+0x9c/0x1f0 [ 470.683363][T11057] sysfs_do_create_link_sd+0x85/0x100 [ 470.683371][T11057] device_add+0x989/0x18a0 [ 470.683381][T11057] ? get_device+0x30/0x30 [ 470.683389][T11057] ? virtual_device_parent+0x50/0x50 [ 470.683398][T11057] ? h4_open+0x4f/0x140 [ 470.683408][T11057] hci_register_dev+0x32e/0x710 [ 470.683418][T11057] hci_uart_tty_ioctl+0x89e/0xa10 [ 470.683428][T11057] ? hci_uart_tty_write+0x10/0x10 [ 470.683437][T11057] tty_ioctl+0xf68/0x1710 [ 470.683446][T11057] ? tty_do_resize+0x170/0x170 [ 470.683455][T11057] ? avc_ss_reset+0x3a0/0x3a0 [ 470.683464][T11057] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 470.683472][T11057] ? refcount_inc_checked+0x50/0x50 [ 470.683482][T11057] ? memcg_check_events+0x5c/0x5b0 [ 470.683493][T11057] ? proc_fail_nth_write+0x1d5/0x240 [ 470.683502][T11057] ? proc_fail_nth_read+0x1c0/0x1c0 [ 470.683510][T11057] ? __lru_cache_add+0x1c4/0x210 [ 470.683517][T11057] ? memset+0x1f/0x40 [ 470.683525][T11057] ? fsnotify+0x1332/0x13f0 [ 470.683534][T11057] ? tty_do_resize+0x170/0x170 [ 470.683543][T11057] do_vfs_ioctl+0x76a/0x1720 [ 470.683552][T11057] ? selinux_file_ioctl+0x72f/0x990 [ 470.683561][T11057] ? ioctl_preallocate+0x250/0x250 [ 470.683571][T11057] ? __fget+0x37b/0x3c0 [ 470.683578][T11057] ? vfs_write+0x422/0x4e0 [ 470.683589][T11057] ? fget_many+0x20/0x20 [ 470.683597][T11057] ? debug_smp_processor_id+0x20/0x20 [ 470.683606][T11057] ? security_file_ioctl+0x9d/0xb0 [ 470.683615][T11057] __x64_sys_ioctl+0xd4/0x110 [ 470.683625][T11057] do_syscall_64+0xcb/0x1e0 [ 470.683635][T11057] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.683643][T11057] RIP: 0033:0x4665f9 [ 470.683652][T11057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 470.683656][T11057] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.683665][T11057] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 470.683670][T11057] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 470.683675][T11057] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 470.683680][T11057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 470.683684][T11057] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 470.686091][T11057] Bluetooth: Can't register HCI device [ 470.702266][T11059] FAULT_INJECTION: forcing a failure. [ 470.702266][T11059] name failslab, interval 1, probability 0, space 0, times 0 [ 470.702279][T11059] CPU: 1 PID: 11059 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 470.702285][T11059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.702288][T11059] Call Trace: [ 470.702304][T11059] dump_stack+0x1d8/0x24e [ 470.702314][T11059] ? devkmsg_release+0x11c/0x11c [ 470.702324][T11059] ? show_regs_print_info+0x12/0x12 [ 470.702335][T11059] should_fail+0x6f6/0x860 [ 470.702345][T11059] ? setup_fault_attr+0x3d0/0x3d0 [ 470.702355][T11059] ? apply_wqattrs_prepare+0x1c0/0x17e0 [ 470.702366][T11059] should_failslab+0x5/0x20 [ 470.702382][T11059] kmem_cache_alloc_trace+0x39/0x2b0 [ 470.702390][T11059] ? apply_wqattrs_prepare+0x102/0x17e0 [ 470.702399][T11059] apply_wqattrs_prepare+0x1c0/0x17e0 [ 470.702406][T11059] ? alloc_workqueue+0x1cb/0x11d0 [ 470.702415][T11059] ? hci_uart_tty_ioctl+0x89e/0xa10 [ 470.702424][T11059] ? tty_ioctl+0xf68/0x1710 [ 470.702433][T11059] ? do_vfs_ioctl+0x76a/0x1720 [ 470.702441][T11059] ? __x64_sys_ioctl+0xd4/0x110 [ 470.702449][T11059] ? do_syscall_64+0xcb/0x1e0 [ 470.702457][T11059] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.702468][T11059] ? format_decode+0xc5c/0x1ab0 [ 470.702477][T11059] ? cwt_wakefn+0x70/0x70 [ 470.702486][T11059] ? vsnprintf+0x1d60/0x1d60 [ 470.702495][T11059] ? string+0x280/0x2c0 [ 470.702502][T11059] ? widen_string+0x3a/0x340 [ 470.702510][T11059] ? string+0x280/0x2c0 [ 470.702519][T11059] apply_workqueue_attrs_locked+0x136/0x6d0 [ 470.702528][T11059] ? check_preemption_disabled+0x9e/0x330 [ 470.702537][T11059] ? apply_workqueue_attrs+0x40/0x40 [ 470.702546][T11059] ? mutex_lock+0xa6/0x110 [ 470.702555][T11059] ? mutex_trylock+0xb0/0xb0 [ 470.702563][T11059] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 470.702572][T11059] alloc_workqueue+0xcc4/0x11d0 [ 470.702582][T11059] ? sprintf+0xd6/0x120 [ 470.702588][T11059] ? idr_replace+0x230/0x230 [ 470.702596][T11059] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 470.702605][T11059] ? h4_open+0x4f/0x140 [ 470.702614][T11059] hci_register_dev+0x1f2/0x710 [ 470.702625][T11059] hci_uart_tty_ioctl+0x89e/0xa10 [ 470.702634][T11059] ? hci_uart_tty_write+0x10/0x10 [ 470.702643][T11059] tty_ioctl+0xf68/0x1710 [ 470.702652][T11059] ? tty_do_resize+0x170/0x170 [ 470.702660][T11059] ? avc_ss_reset+0x3a0/0x3a0 [ 470.702668][T11059] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 470.702677][T11059] ? refcount_inc_checked+0x50/0x50 [ 470.702685][T11059] ? memcg_check_events+0x5c/0x5b0 [ 470.702697][T11059] ? proc_fail_nth_write+0x1d5/0x240 [ 470.702706][T11059] ? proc_fail_nth_read+0x1c0/0x1c0 [ 470.702715][T11059] ? __lru_cache_add+0x1c4/0x210 [ 470.702722][T11059] ? memset+0x1f/0x40 [ 470.702730][T11059] ? fsnotify+0x1332/0x13f0 [ 470.702738][T11059] ? tty_do_resize+0x170/0x170 [ 470.702747][T11059] do_vfs_ioctl+0x76a/0x1720 [ 470.702757][T11059] ? selinux_file_ioctl+0x72f/0x990 [ 470.702766][T11059] ? ioctl_preallocate+0x250/0x250 [ 470.702777][T11059] ? __fget+0x37b/0x3c0 [ 470.702784][T11059] ? vfs_write+0x422/0x4e0 [ 470.702794][T11059] ? fget_many+0x20/0x20 [ 470.702802][T11059] ? debug_smp_processor_id+0x20/0x20 [ 470.702812][T11059] ? security_file_ioctl+0x9d/0xb0 [ 470.702822][T11059] __x64_sys_ioctl+0xd4/0x110 [ 470.702830][T11059] do_syscall_64+0xcb/0x1e0 [ 470.702840][T11059] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.702847][T11059] RIP: 0033:0x4665f9 [ 470.702856][T11059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 470.702861][T11059] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.702871][T11059] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 470.702875][T11059] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 470.702880][T11059] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 470.702885][T11059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 470.702890][T11059] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 470.705255][ T22] audit: type=1326 audit(1631031453.783:8617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11053 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 470.706773][T11059] Bluetooth: Can't register HCI device [ 470.727018][T11064] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 470.727119][T11064] FAULT_INJECTION: forcing a failure. [ 470.727119][T11064] name failslab, interval 1, probability 0, space 0, times 0 [ 470.727131][T11064] CPU: 0 PID: 11064 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 470.727136][T11064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.727139][T11064] Call Trace: [ 470.727154][T11064] dump_stack+0x1d8/0x24e [ 470.727165][T11064] ? devkmsg_release+0x11c/0x11c [ 470.727174][T11064] ? show_regs_print_info+0x12/0x12 [ 470.727187][T11064] should_fail+0x6f6/0x860 [ 470.727198][T11064] ? setup_fault_attr+0x3d0/0x3d0 [ 470.727209][T11064] ? __kernfs_new_node+0xdb/0x6d0 [ 470.727218][T11064] should_failslab+0x5/0x20 [ 470.727228][T11064] kmem_cache_alloc+0x36/0x290 [ 470.727235][T11064] ? memcpy+0x38/0x50 [ 470.727246][T11064] __kernfs_new_node+0xdb/0x6d0 [ 470.727257][T11064] ? mutex_lock+0xa6/0x110 [ 470.727266][T11064] ? kernfs_new_node+0x160/0x160 [ 470.727277][T11064] ? kernfs_activate+0x3fc/0x420 [ 470.727287][T11064] kernfs_new_node+0x95/0x160 [ 470.727298][T11064] kernfs_create_link+0x9c/0x1f0 [ 470.727307][T11064] sysfs_do_create_link_sd+0x85/0x100 [ 470.727315][T11064] device_add+0x989/0x18a0 [ 470.727326][T11064] ? get_device+0x30/0x30 [ 470.727334][T11064] ? virtual_device_parent+0x50/0x50 [ 470.727342][T11064] ? h4_open+0x4f/0x140 [ 470.727351][T11064] hci_register_dev+0x32e/0x710 [ 470.727362][T11064] hci_uart_tty_ioctl+0x89e/0xa10 [ 470.727371][T11064] ? hci_uart_tty_write+0x10/0x10 [ 470.727380][T11064] tty_ioctl+0xf68/0x1710 [ 470.727389][T11064] ? tty_do_resize+0x170/0x170 [ 470.727397][T11064] ? avc_ss_reset+0x3a0/0x3a0 [ 470.727405][T11064] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 470.727414][T11064] ? refcount_inc_checked+0x50/0x50 [ 470.727422][T11064] ? memcg_check_events+0x5c/0x5b0 [ 470.727434][T11064] ? proc_fail_nth_write+0x1d5/0x240 [ 470.727444][T11064] ? proc_fail_nth_read+0x1c0/0x1c0 [ 470.727452][T11064] ? __lru_cache_add+0x1c4/0x210 [ 470.727460][T11064] ? memset+0x1f/0x40 [ 470.727468][T11064] ? fsnotify+0x1332/0x13f0 [ 470.727476][T11064] ? tty_do_resize+0x170/0x170 [ 470.727485][T11064] do_vfs_ioctl+0x76a/0x1720 [ 470.727494][T11064] ? selinux_file_ioctl+0x72f/0x990 [ 470.727504][T11064] ? ioctl_preallocate+0x250/0x250 [ 470.727515][T11064] ? __fget+0x37b/0x3c0 [ 470.727522][T11064] ? vfs_write+0x422/0x4e0 [ 470.727532][T11064] ? fget_many+0x20/0x20 [ 470.727540][T11064] ? debug_smp_processor_id+0x20/0x20 [ 470.727550][T11064] ? security_file_ioctl+0x9d/0xb0 [ 470.727559][T11064] __x64_sys_ioctl+0xd4/0x110 [ 470.727568][T11064] do_syscall_64+0xcb/0x1e0 [ 470.727578][T11064] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.727586][T11064] RIP: 0033:0x4665f9 [ 470.727595][T11064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 470.727600][T11064] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.727609][T11064] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 470.727614][T11064] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 470.727619][T11064] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 470.727624][T11064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 470.727629][T11064] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 470.729852][T11064] Bluetooth: Can't register HCI device [ 470.763344][T11069] FAULT_INJECTION: forcing a failure. [ 470.763344][T11069] name failslab, interval 1, probability 0, space 0, times 0 [ 470.763357][T11069] CPU: 1 PID: 11069 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 470.763362][T11069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.763365][T11069] Call Trace: [ 470.763388][T11069] dump_stack+0x1d8/0x24e [ 470.763400][T11069] ? devkmsg_release+0x11c/0x11c [ 470.763411][T11069] ? show_regs_print_info+0x12/0x12 [ 470.763423][T11069] should_fail+0x6f6/0x860 [ 470.763433][T11069] ? setup_fault_attr+0x3d0/0x3d0 [ 470.763444][T11069] ? apply_wqattrs_prepare+0x8a5/0x17e0 [ 470.763457][T11069] should_failslab+0x5/0x20 [ 470.763467][T11069] kmem_cache_alloc+0x36/0x290 [ 470.763477][T11069] apply_wqattrs_prepare+0x8a5/0x17e0 [ 470.763488][T11069] ? __x64_sys_ioctl+0xd4/0x110 [ 470.763499][T11069] ? format_decode+0xc5c/0x1ab0 [ 470.763507][T11069] ? cwt_wakefn+0x70/0x70 [ 470.763515][T11069] ? vsnprintf+0x1d60/0x1d60 [ 470.763524][T11069] ? string+0x280/0x2c0 [ 470.763530][T11069] ? widen_string+0x3a/0x340 [ 470.763538][T11069] ? string+0x280/0x2c0 [ 470.763547][T11069] apply_workqueue_attrs_locked+0x136/0x6d0 [ 470.763556][T11069] ? check_preemption_disabled+0x9e/0x330 [ 470.763564][T11069] ? apply_workqueue_attrs+0x40/0x40 [ 470.763573][T11069] ? mutex_lock+0xa6/0x110 [ 470.763582][T11069] ? mutex_trylock+0xb0/0xb0 [ 470.763592][T11069] ? kmem_cache_alloc_trace+0x139/0x2b0 [ 470.763600][T11069] alloc_workqueue+0xcc4/0x11d0 [ 470.763610][T11069] ? sprintf+0xd6/0x120 [ 470.763617][T11069] ? idr_replace+0x230/0x230 [ 470.763626][T11069] ? apply_workqueue_attrs_locked+0x6d0/0x6d0 [ 470.763637][T11069] ? h4_open+0x4f/0x140 [ 470.763646][T11069] hci_register_dev+0x1f2/0x710 [ 470.763657][T11069] hci_uart_tty_ioctl+0x89e/0xa10 [ 470.763667][T11069] ? hci_uart_tty_write+0x10/0x10 [ 470.763677][T11069] tty_ioctl+0xf68/0x1710 [ 470.763687][T11069] ? tty_do_resize+0x170/0x170 [ 470.763696][T11069] ? avc_ss_reset+0x3a0/0x3a0 [ 470.763704][T11069] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 470.763712][T11069] ? refcount_inc_checked+0x50/0x50 [ 470.763721][T11069] ? memcg_check_events+0x5c/0x5b0 [ 470.763733][T11069] ? proc_fail_nth_write+0x1d5/0x240 [ 470.763742][T11069] ? proc_fail_nth_read+0x1c0/0x1c0 [ 470.763750][T11069] ? __lru_cache_add+0x1c4/0x210 [ 470.763757][T11069] ? memset+0x1f/0x40 [ 470.763765][T11069] ? fsnotify+0x1332/0x13f0 [ 470.763773][T11069] ? tty_do_resize+0x170/0x170 [ 470.763783][T11069] do_vfs_ioctl+0x76a/0x1720 [ 470.763792][T11069] ? selinux_file_ioctl+0x72f/0x990 [ 470.763802][T11069] ? ioctl_preallocate+0x250/0x250 [ 470.763814][T11069] ? __fget+0x37b/0x3c0 [ 470.763820][T11069] ? vfs_write+0x422/0x4e0 [ 470.763830][T11069] ? fget_many+0x20/0x20 [ 470.763838][T11069] ? debug_smp_processor_id+0x20/0x20 [ 470.763847][T11069] ? security_file_ioctl+0x9d/0xb0 [ 470.763855][T11069] __x64_sys_ioctl+0xd4/0x110 [ 470.763864][T11069] do_syscall_64+0xcb/0x1e0 [ 470.763874][T11069] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.763883][T11069] RIP: 0033:0x4665f9 [ 470.763892][T11069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 470.763897][T11069] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.763906][T11069] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 470.763911][T11069] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 470.763916][T11069] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 470.763921][T11069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 470.763927][T11069] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 470.774129][T11073] debugfs: Directory 'hci1' with parent 'bluetooth' already present! [ 470.774247][T11073] FAULT_INJECTION: forcing a failure. [ 470.774247][T11073] name failslab, interval 1, probability 0, space 0, times 0 [ 470.774259][T11073] CPU: 0 PID: 11073 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 470.774264][T11073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.774267][T11073] Call Trace: [ 470.774290][T11073] dump_stack+0x1d8/0x24e [ 470.774302][T11073] ? devkmsg_release+0x11c/0x11c [ 470.774311][T11073] ? __kasan_kmalloc+0x1a3/0x1e0 [ 470.774321][T11073] ? show_regs_print_info+0x12/0x12 [ 470.774331][T11073] ? kmem_cache_alloc+0x115/0x290 [ 470.774341][T11073] ? __kernfs_new_node+0xdb/0x6d0 [ 470.774350][T11073] ? kernfs_new_node+0x95/0x160 [ 470.774358][T11073] ? sysfs_do_create_link_sd+0x85/0x100 [ 470.774370][T11073] should_fail+0x6f6/0x860 [ 470.774381][T11073] ? setup_fault_attr+0x3d0/0x3d0 [ 470.774390][T11073] ? mutex_unlock+0x19/0x40 [ 470.774400][T11073] ? kernfs_xattr_get+0x81/0x90 [ 470.774409][T11073] ? __kernfs_new_node+0xdb/0x6d0 [ 470.774419][T11073] should_failslab+0x5/0x20 [ 470.774429][T11073] kmem_cache_alloc+0x36/0x290 [ 470.774440][T11073] __kernfs_new_node+0xdb/0x6d0 [ 470.774450][T11073] ? kernfs_new_node+0x160/0x160 [ 470.774458][T11073] ? _raw_spin_lock+0xa3/0x1b0 [ 470.774469][T11073] ? security_kernfs_init_security+0x9a/0xb0 [ 470.774479][T11073] ? __kernfs_new_node+0x50b/0x6d0 [ 470.774489][T11073] kernfs_new_node+0x95/0x160 [ 470.774500][T11073] __kernfs_create_file+0x45/0x260 [ 470.774509][T11073] sysfs_add_file_mode_ns+0x293/0x340 [ 470.774518][T11073] sysfs_create_file_ns+0x18c/0x2b0 [ 470.774527][T11073] ? sysfs_add_file_mode_ns+0x340/0x340 [ 470.774537][T11073] ? device_create_file+0xe2/0x1a0 [ 470.774545][T11073] device_add+0xc44/0x18a0 [ 470.774555][T11073] ? virtual_device_parent+0x50/0x50 [ 470.774565][T11073] ? h4_open+0x4f/0x140 [ 470.774575][T11073] hci_register_dev+0x32e/0x710 [ 470.774586][T11073] hci_uart_tty_ioctl+0x89e/0xa10 [ 470.774595][T11073] ? hci_uart_tty_write+0x10/0x10 [ 470.774604][T11073] tty_ioctl+0xf68/0x1710 [ 470.774613][T11073] ? tty_do_resize+0x170/0x170 [ 470.774622][T11073] ? avc_ss_reset+0x3a0/0x3a0 [ 470.774631][T11073] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 470.774639][T11073] ? refcount_inc_checked+0x50/0x50 [ 470.774648][T11073] ? memcg_check_events+0x5c/0x5b0 [ 470.774660][T11073] ? proc_fail_nth_write+0x1d5/0x240 [ 470.774670][T11073] ? proc_fail_nth_read+0x1c0/0x1c0 [ 470.774679][T11073] ? __lru_cache_add+0x1c4/0x210 [ 470.774686][T11073] ? memset+0x1f/0x40 [ 470.774694][T11073] ? fsnotify+0x1332/0x13f0 [ 470.774703][T11073] ? tty_do_resize+0x170/0x170 [ 470.774712][T11073] do_vfs_ioctl+0x76a/0x1720 [ 470.774722][T11073] ? selinux_file_ioctl+0x72f/0x990 [ 470.774732][T11073] ? ioctl_preallocate+0x250/0x250 [ 470.774744][T11073] ? __fget+0x37b/0x3c0 [ 470.774751][T11073] ? vfs_write+0x422/0x4e0 [ 470.774761][T11073] ? fget_many+0x20/0x20 [ 470.774769][T11073] ? debug_smp_processor_id+0x20/0x20 [ 470.774777][T11073] ? security_file_ioctl+0x9d/0xb0 [ 470.774787][T11073] __x64_sys_ioctl+0xd4/0x110 [ 470.774797][T11073] do_syscall_64+0xcb/0x1e0 [ 470.774807][T11073] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.774816][T11073] RIP: 0033:0x4665f9 [ 470.774825][T11073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 470.774830][T11073] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.774839][T11073] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 470.774845][T11073] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 470.774850][T11073] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 470.774855][T11073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 470.774860][T11073] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 470.774933][T11069] Bluetooth: Can't register HCI device [ 470.779392][T11073] Bluetooth: Can't register HCI device [ 470.835578][T11078] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 470.835594][T11078] FAULT_INJECTION: forcing a failure. [ 470.835594][T11078] name failslab, interval 1, probability 0, space 0, times 0 [ 470.835606][T11078] CPU: 1 PID: 11078 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 470.835611][T11078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.835613][T11078] Call Trace: [ 470.835629][T11078] dump_stack+0x1d8/0x24e [ 470.835639][T11078] ? devkmsg_release+0x11c/0x11c [ 470.835649][T11078] ? show_regs_print_info+0x12/0x12 [ 470.835658][T11078] ? __irq_work_queue_local+0xd1/0xe0 [ 470.835666][T11078] ? irq_work_queue+0xfa/0x110 [ 470.835675][T11078] should_fail+0x6f6/0x860 [ 470.835685][T11078] ? setup_fault_attr+0x3d0/0x3d0 [ 470.835706][T11078] ? _raw_spin_lock+0xa3/0x1b0 [ 470.835715][T11078] ? __rcu_read_lock+0x50/0x50 [ 470.835724][T11078] ? __d_lookup+0x4b8/0x510 [ 470.835733][T11078] ? kobject_set_name_vargs+0x5d/0x110 [ 470.835743][T11078] should_failslab+0x5/0x20 [ 470.835752][T11078] __kmalloc_track_caller+0x5d/0x2e0 [ 470.835761][T11078] ? mntput_no_expire+0x32b/0xbd0 [ 470.835772][T11078] kstrdup_const+0x51/0x90 [ 470.835782][T11078] kobject_set_name_vargs+0x5d/0x110 [ 470.835791][T11078] dev_set_name+0xd1/0x120 [ 470.835800][T11078] ? mntput_no_expire+0x307/0xbd0 [ 470.835809][T11078] ? get_device+0x30/0x30 [ 470.835820][T11078] ? h4_open+0x4f/0x140 [ 470.835830][T11078] hci_register_dev+0x326/0x710 [ 470.835841][T11078] hci_uart_tty_ioctl+0x89e/0xa10 [ 470.835852][T11078] ? hci_uart_tty_write+0x10/0x10 [ 470.835864][T11078] tty_ioctl+0xf68/0x1710 [ 470.835874][T11078] ? tty_do_resize+0x170/0x170 [ 470.835883][T11078] ? avc_ss_reset+0x3a0/0x3a0 [ 470.835891][T11078] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 470.835899][T11078] ? refcount_inc_checked+0x50/0x50 [ 470.835907][T11078] ? memcg_check_events+0x5c/0x5b0 [ 470.835919][T11078] ? proc_fail_nth_write+0x1d5/0x240 [ 470.835929][T11078] ? proc_fail_nth_read+0x1c0/0x1c0 [ 470.835938][T11078] ? __lru_cache_add+0x1c4/0x210 [ 470.835944][T11078] ? memset+0x1f/0x40 [ 470.835952][T11078] ? fsnotify+0x1332/0x13f0 [ 470.835959][T11078] ? tty_do_resize+0x170/0x170 [ 470.835970][T11078] do_vfs_ioctl+0x76a/0x1720 [ 470.835980][T11078] ? selinux_file_ioctl+0x72f/0x990 [ 470.835991][T11078] ? ioctl_preallocate+0x250/0x250 [ 470.836002][T11078] ? __fget+0x37b/0x3c0 [ 470.836009][T11078] ? vfs_write+0x422/0x4e0 [ 470.836019][T11078] ? fget_many+0x20/0x20 [ 470.836027][T11078] ? debug_smp_processor_id+0x20/0x20 [ 470.836038][T11078] ? security_file_ioctl+0x9d/0xb0 [ 470.836048][T11078] __x64_sys_ioctl+0xd4/0x110 [ 470.836058][T11078] do_syscall_64+0xcb/0x1e0 [ 470.836068][T11078] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 470.836076][T11078] RIP: 0033:0x4665f9 [ 470.836085][T11078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 470.836090][T11078] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.836100][T11078] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 470.836105][T11078] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 470.836110][T11078] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 470.836115][T11078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 470.836121][T11078] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 470.836788][T11051] selection: kmalloc() failed 16:17:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:36 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xd, {0x3}}) 16:17:36 executing program 3 (fault-call:2 fault-nth:25): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 470.843047][T11078] Bluetooth: Can't register HCI device [ 473.281070][T11086] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 473.281193][T11086] FAULT_INJECTION: forcing a failure. [ 473.281193][T11086] name failslab, interval 1, probability 0, space 0, times 0 [ 473.281205][T11086] CPU: 1 PID: 11086 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 473.281210][T11086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.281213][T11086] Call Trace: [ 473.281229][T11086] dump_stack+0x1d8/0x24e [ 473.281241][T11086] ? devkmsg_release+0x11c/0x11c [ 473.281250][T11086] ? mutex_unlock+0x19/0x40 [ 473.281260][T11086] ? show_regs_print_info+0x12/0x12 [ 473.281270][T11086] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 473.281282][T11086] should_fail+0x6f6/0x860 [ 473.281292][T11086] ? setup_fault_attr+0x3d0/0x3d0 [ 473.281301][T11086] ? _raw_spin_lock+0xa3/0x1b0 [ 473.281311][T11086] ? __kernfs_new_node+0xdb/0x6d0 [ 473.281322][T11086] should_failslab+0x5/0x20 [ 473.281330][T11086] kmem_cache_alloc+0x36/0x290 [ 473.281341][T11086] __kernfs_new_node+0xdb/0x6d0 [ 473.281351][T11086] ? mutex_lock+0xa6/0x110 [ 473.281360][T11086] ? kernfs_new_node+0x160/0x160 [ 473.281368][T11086] ? _raw_spin_lock+0xa3/0x1b0 [ 473.281379][T11086] ? kernfs_activate+0x3fc/0x420 [ 473.281391][T11086] kernfs_create_dir_ns+0x90/0x220 [ 473.281401][T11086] internal_create_group+0x294/0xf10 [ 473.281413][T11086] ? sysfs_create_group+0x20/0x20 [ 473.281422][T11086] ? sysfs_add_file_mode_ns+0x340/0x340 [ 473.281431][T11086] ? bus_add_device+0x92/0x3f0 [ 473.281441][T11086] dpm_sysfs_add+0x59/0x260 [ 473.281449][T11086] device_add+0xde7/0x18a0 [ 473.281460][T11086] ? virtual_device_parent+0x50/0x50 [ 473.281470][T11086] ? h4_open+0x4f/0x140 [ 473.281480][T11086] hci_register_dev+0x32e/0x710 [ 473.281491][T11086] hci_uart_tty_ioctl+0x89e/0xa10 [ 473.281500][T11086] ? hci_uart_tty_write+0x10/0x10 [ 473.281509][T11086] tty_ioctl+0xf68/0x1710 [ 473.281519][T11086] ? tty_do_resize+0x170/0x170 [ 473.281527][T11086] ? avc_ss_reset+0x3a0/0x3a0 [ 473.281536][T11086] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 473.281549][T11086] ? refcount_inc_checked+0x50/0x50 [ 473.281557][T11086] ? memcg_check_events+0x5c/0x5b0 [ 473.281569][T11086] ? proc_fail_nth_write+0x1d5/0x240 [ 473.281579][T11086] ? proc_fail_nth_read+0x1c0/0x1c0 [ 473.281588][T11086] ? __lru_cache_add+0x1c4/0x210 [ 473.281595][T11086] ? memset+0x1f/0x40 [ 473.281603][T11086] ? fsnotify+0x1332/0x13f0 [ 473.281611][T11086] ? tty_do_resize+0x170/0x170 [ 473.281621][T11086] do_vfs_ioctl+0x76a/0x1720 [ 473.281630][T11086] ? selinux_file_ioctl+0x72f/0x990 [ 473.281640][T11086] ? ioctl_preallocate+0x250/0x250 [ 473.281652][T11086] ? __fget+0x37b/0x3c0 [ 473.281661][T11086] ? vfs_write+0x422/0x4e0 [ 473.281672][T11086] ? fget_many+0x20/0x20 [ 473.281681][T11086] ? debug_smp_processor_id+0x20/0x20 [ 473.281691][T11086] ? security_file_ioctl+0x9d/0xb0 [ 473.281700][T11086] __x64_sys_ioctl+0xd4/0x110 [ 473.281710][T11086] do_syscall_64+0xcb/0x1e0 [ 473.281720][T11086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 473.281727][T11086] RIP: 0033:0x4665f9 [ 473.281736][T11086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 473.281741][T11086] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.281750][T11086] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 473.281755][T11086] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 473.281761][T11086] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 473.281766][T11086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 473.281771][T11086] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 473.285194][T11086] Bluetooth: Can't register HCI device [ 473.301756][T11079] selection: kmalloc() failed [ 473.331620][ T22] audit: type=1326 audit(1631031456.403:8618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11081 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:17:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c3068071525", 0xc3}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:36 executing program 0 (fault-call:2 fault-nth:15): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:36 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x10}}) 16:17:36 executing program 3 (fault-call:2 fault-nth:26): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:36 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xe, {0x3}}) 16:17:36 executing program 0 (fault-call:2 fault-nth:16): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:36 executing program 3 (fault-call:2 fault-nth:27): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:36 executing program 3 (fault-call:2 fault-nth:28): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:36 executing program 0 (fault-call:2 fault-nth:17): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 473.806194][T11096] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 473.806216][T11096] FAULT_INJECTION: forcing a failure. [ 473.806216][T11096] name failslab, interval 1, probability 0, space 0, times 0 [ 473.806228][T11096] CPU: 0 PID: 11096 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 473.806233][T11096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.806236][T11096] Call Trace: [ 473.806251][T11096] dump_stack+0x1d8/0x24e [ 473.806262][T11096] ? devkmsg_release+0x11c/0x11c [ 473.806272][T11096] ? show_regs_print_info+0x12/0x12 [ 473.806284][T11096] should_fail+0x6f6/0x860 [ 473.806295][T11096] ? setup_fault_attr+0x3d0/0x3d0 [ 473.806303][T11096] ? refcount_add_checked+0x50/0x50 [ 473.806312][T11096] ? device_add+0x121/0x18a0 [ 473.806322][T11096] should_failslab+0x5/0x20 [ 473.806332][T11096] kmem_cache_alloc_trace+0x39/0x2b0 [ 473.806340][T11096] device_add+0x121/0x18a0 [ 473.806349][T11096] ? dev_set_name+0xd1/0x120 [ 473.806358][T11096] ? get_device+0x30/0x30 [ 473.806365][T11096] ? virtual_device_parent+0x50/0x50 [ 473.806376][T11096] ? h4_open+0x4f/0x140 [ 473.806386][T11096] hci_register_dev+0x32e/0x710 [ 473.806396][T11096] hci_uart_tty_ioctl+0x89e/0xa10 [ 473.806406][T11096] ? hci_uart_tty_write+0x10/0x10 [ 473.806415][T11096] tty_ioctl+0xf68/0x1710 [ 473.806425][T11096] ? tty_do_resize+0x170/0x170 [ 473.806433][T11096] ? avc_ss_reset+0x3a0/0x3a0 [ 473.806441][T11096] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 473.806449][T11096] ? refcount_inc_checked+0x50/0x50 [ 473.806458][T11096] ? memcg_check_events+0x5c/0x5b0 [ 473.806469][T11096] ? proc_fail_nth_write+0x1d5/0x240 [ 473.806477][T11096] ? proc_fail_nth_read+0x1c0/0x1c0 [ 473.806485][T11096] ? __lru_cache_add+0x1c4/0x210 [ 473.806492][T11096] ? memset+0x1f/0x40 [ 473.806499][T11096] ? fsnotify+0x1332/0x13f0 [ 473.806516][T11096] ? tty_do_resize+0x170/0x170 [ 473.806526][T11096] do_vfs_ioctl+0x76a/0x1720 [ 473.806536][T11096] ? selinux_file_ioctl+0x72f/0x990 [ 473.806546][T11096] ? ioctl_preallocate+0x250/0x250 [ 473.806558][T11096] ? __fget+0x37b/0x3c0 [ 473.806565][T11096] ? vfs_write+0x422/0x4e0 [ 473.806575][T11096] ? fget_many+0x20/0x20 [ 473.806584][T11096] ? debug_smp_processor_id+0x20/0x20 [ 473.806594][T11096] ? security_file_ioctl+0x9d/0xb0 [ 473.806603][T11096] __x64_sys_ioctl+0xd4/0x110 [ 473.806612][T11096] do_syscall_64+0xcb/0x1e0 [ 473.806622][T11096] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 473.806630][T11096] RIP: 0033:0x4665f9 [ 473.806639][T11096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 473.806644][T11096] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.806654][T11096] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 473.806659][T11096] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 473.806664][T11096] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 473.806670][T11096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 473.806675][T11096] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 473.806723][T11096] Bluetooth: Can't register HCI device [ 473.822202][ T22] audit: type=1326 audit(1631031456.893:8619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11092 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 473.836819][T11102] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 473.836947][T11102] FAULT_INJECTION: forcing a failure. [ 473.836947][T11102] name failslab, interval 1, probability 0, space 0, times 0 [ 473.836960][T11102] CPU: 0 PID: 11102 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 473.836965][T11102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.836969][T11102] Call Trace: [ 473.836984][T11102] dump_stack+0x1d8/0x24e [ 473.836995][T11102] ? devkmsg_release+0x11c/0x11c [ 473.837004][T11102] ? show_regs_print_info+0x12/0x12 [ 473.837015][T11102] ? mutex_unlock+0x19/0x40 [ 473.837026][T11102] should_fail+0x6f6/0x860 [ 473.837038][T11102] ? setup_fault_attr+0x3d0/0x3d0 [ 473.837048][T11102] ? selinux_path_notify+0x6c0/0x6c0 [ 473.837060][T11102] ? __kernfs_new_node+0xdb/0x6d0 [ 473.837070][T11102] should_failslab+0x5/0x20 [ 473.837080][T11102] kmem_cache_alloc+0x36/0x290 [ 473.837089][T11102] ? _raw_spin_lock+0xa3/0x1b0 [ 473.837098][T11102] __kernfs_new_node+0xdb/0x6d0 [ 473.837110][T11102] ? kernfs_new_node+0x160/0x160 [ 473.837119][T11102] ? mutex_lock+0xa6/0x110 [ 473.837128][T11102] ? mutex_trylock+0xb0/0xb0 [ 473.837138][T11102] ? kernfs_activate+0x3fc/0x420 [ 473.837148][T11102] kernfs_new_node+0x95/0x160 [ 473.837159][T11102] __kernfs_create_file+0x45/0x260 [ 473.837168][T11102] sysfs_add_file_mode_ns+0x293/0x340 [ 473.837178][T11102] sysfs_merge_group+0x204/0x440 [ 473.837188][T11102] ? sysfs_remove_groups+0xb0/0xb0 [ 473.837197][T11102] ? sysfs_add_file_mode_ns+0x340/0x340 [ 473.837207][T11102] ? bus_add_device+0x92/0x3f0 [ 473.837218][T11102] dpm_sysfs_add+0xbd/0x260 [ 473.837226][T11102] device_add+0xde7/0x18a0 [ 473.837237][T11102] ? virtual_device_parent+0x50/0x50 [ 473.837246][T11102] ? h4_open+0x4f/0x140 [ 473.837255][T11102] hci_register_dev+0x32e/0x710 [ 473.837267][T11102] hci_uart_tty_ioctl+0x89e/0xa10 [ 473.837276][T11102] ? hci_uart_tty_write+0x10/0x10 [ 473.837292][T11102] tty_ioctl+0xf68/0x1710 [ 473.837300][T11102] ? tty_do_resize+0x170/0x170 [ 473.837309][T11102] ? avc_ss_reset+0x3a0/0x3a0 [ 473.837317][T11102] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 473.837325][T11102] ? refcount_inc_checked+0x50/0x50 [ 473.837335][T11102] ? memcg_check_events+0x5c/0x5b0 [ 473.837347][T11102] ? proc_fail_nth_write+0x1d5/0x240 [ 473.837355][T11102] ? proc_fail_nth_read+0x1c0/0x1c0 [ 473.837364][T11102] ? __lru_cache_add+0x1c4/0x210 [ 473.837371][T11102] ? memset+0x1f/0x40 [ 473.837378][T11102] ? fsnotify+0x1332/0x13f0 [ 473.837386][T11102] ? tty_do_resize+0x170/0x170 [ 473.837396][T11102] do_vfs_ioctl+0x76a/0x1720 [ 473.837405][T11102] ? selinux_file_ioctl+0x72f/0x990 [ 473.837414][T11102] ? ioctl_preallocate+0x250/0x250 [ 473.837425][T11102] ? __fget+0x37b/0x3c0 [ 473.837432][T11102] ? vfs_write+0x422/0x4e0 [ 473.837441][T11102] ? fget_many+0x20/0x20 [ 473.837449][T11102] ? debug_smp_processor_id+0x20/0x20 [ 473.837459][T11102] ? security_file_ioctl+0x9d/0xb0 [ 473.837468][T11102] __x64_sys_ioctl+0xd4/0x110 [ 473.837477][T11102] do_syscall_64+0xcb/0x1e0 [ 473.837492][T11102] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 473.837499][T11102] RIP: 0033:0x4665f9 [ 473.837508][T11102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 473.837513][T11102] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.837522][T11102] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 473.837527][T11102] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 473.837532][T11102] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 473.837537][T11102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 473.837543][T11102] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 473.837823][T11102] Bluetooth: Can't register HCI device [ 473.869400][T11104] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 473.869431][T11104] FAULT_INJECTION: forcing a failure. [ 473.869431][T11104] name failslab, interval 1, probability 0, space 0, times 0 [ 473.869442][T11104] CPU: 1 PID: 11104 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 473.869447][T11104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.869450][T11104] Call Trace: [ 473.869464][T11104] dump_stack+0x1d8/0x24e [ 473.869475][T11104] ? devkmsg_release+0x11c/0x11c [ 473.869485][T11104] ? show_regs_print_info+0x12/0x12 [ 473.869497][T11104] should_fail+0x6f6/0x860 [ 473.869507][T11104] ? setup_fault_attr+0x3d0/0x3d0 [ 473.869516][T11104] ? _raw_spin_lock+0xa3/0x1b0 [ 473.869525][T11104] ? get_device_parent+0x327/0x430 [ 473.869535][T11104] should_failslab+0x5/0x20 [ 473.869547][T11104] kmem_cache_alloc_trace+0x39/0x2b0 [ 473.869555][T11104] ? device_add+0x121/0x18a0 [ 473.869564][T11104] get_device_parent+0x327/0x430 [ 473.869571][T11104] ? device_add+0x3a6/0x18a0 [ 473.869579][T11104] device_add+0x3b3/0x18a0 [ 473.869591][T11104] ? get_device+0x30/0x30 [ 473.869600][T11104] ? virtual_device_parent+0x50/0x50 [ 473.869611][T11104] ? h4_open+0x4f/0x140 [ 473.869621][T11104] hci_register_dev+0x32e/0x710 [ 473.869633][T11104] hci_uart_tty_ioctl+0x89e/0xa10 [ 473.869642][T11104] ? hci_uart_tty_write+0x10/0x10 [ 473.869652][T11104] tty_ioctl+0xf68/0x1710 [ 473.869661][T11104] ? tty_do_resize+0x170/0x170 [ 473.869670][T11104] ? avc_ss_reset+0x3a0/0x3a0 [ 473.869678][T11104] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 473.869687][T11104] ? refcount_inc_checked+0x50/0x50 [ 473.869696][T11104] ? memcg_check_events+0x5c/0x5b0 [ 473.869708][T11104] ? proc_fail_nth_write+0x1d5/0x240 [ 473.869717][T11104] ? proc_fail_nth_read+0x1c0/0x1c0 [ 473.869726][T11104] ? __lru_cache_add+0x1c4/0x210 [ 473.869734][T11104] ? memset+0x1f/0x40 [ 473.869742][T11104] ? fsnotify+0x1332/0x13f0 [ 473.869750][T11104] ? tty_do_resize+0x170/0x170 [ 473.869759][T11104] do_vfs_ioctl+0x76a/0x1720 [ 473.869769][T11104] ? selinux_file_ioctl+0x72f/0x990 [ 473.869779][T11104] ? ioctl_preallocate+0x250/0x250 [ 473.869791][T11104] ? __fget+0x37b/0x3c0 [ 473.869798][T11104] ? vfs_write+0x422/0x4e0 [ 473.869808][T11104] ? fget_many+0x20/0x20 [ 473.869816][T11104] ? debug_smp_processor_id+0x20/0x20 [ 473.869826][T11104] ? security_file_ioctl+0x9d/0xb0 [ 473.869836][T11104] __x64_sys_ioctl+0xd4/0x110 [ 473.869846][T11104] do_syscall_64+0xcb/0x1e0 [ 473.869856][T11104] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 473.869863][T11104] RIP: 0033:0x4665f9 [ 473.869872][T11104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 473.869877][T11104] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.869886][T11104] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 473.869891][T11104] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 473.869896][T11104] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 473.869901][T11104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 473.869906][T11104] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 473.878185][T11104] Bluetooth: Can't register HCI device [ 473.879112][T11106] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 473.879489][T11106] FAULT_INJECTION: forcing a failure. [ 473.879489][T11106] name failslab, interval 1, probability 0, space 0, times 0 [ 473.879501][T11106] CPU: 0 PID: 11106 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 473.879506][T11106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.879509][T11106] Call Trace: [ 473.879524][T11106] dump_stack+0x1d8/0x24e [ 473.879534][T11106] ? devkmsg_release+0x11c/0x11c [ 473.879550][T11106] ? mutex_unlock+0x19/0x40 [ 473.879560][T11106] ? show_regs_print_info+0x12/0x12 [ 473.879570][T11106] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 473.879582][T11106] should_fail+0x6f6/0x860 [ 473.879591][T11106] ? setup_fault_attr+0x3d0/0x3d0 [ 473.879601][T11106] ? _raw_spin_lock+0xa3/0x1b0 [ 473.879611][T11106] ? __kernfs_new_node+0xdb/0x6d0 [ 473.879621][T11106] should_failslab+0x5/0x20 [ 473.879631][T11106] kmem_cache_alloc+0x36/0x290 [ 473.879641][T11106] __kernfs_new_node+0xdb/0x6d0 [ 473.879651][T11106] ? mutex_lock+0xa6/0x110 [ 473.879659][T11106] ? kernfs_new_node+0x160/0x160 [ 473.879674][T11106] ? mutex_lock+0xa6/0x110 [ 473.879684][T11106] ? kernfs_activate+0x3fc/0x420 [ 473.879694][T11106] kernfs_new_node+0x95/0x160 [ 473.879704][T11106] __kernfs_create_file+0x45/0x260 [ 473.879712][T11106] sysfs_add_file_mode_ns+0x293/0x340 [ 473.879721][T11106] sysfs_merge_group+0x204/0x440 [ 473.879730][T11106] ? sysfs_remove_groups+0xb0/0xb0 [ 473.879739][T11106] ? sysfs_add_file_mode_ns+0x340/0x340 [ 473.879748][T11106] ? bus_add_device+0x92/0x3f0 [ 473.879757][T11106] dpm_sysfs_add+0xbd/0x260 [ 473.879765][T11106] device_add+0xde7/0x18a0 [ 473.879776][T11106] ? virtual_device_parent+0x50/0x50 [ 473.879787][T11106] ? h4_open+0x4f/0x140 [ 473.879798][T11106] hci_register_dev+0x32e/0x710 [ 473.879810][T11106] hci_uart_tty_ioctl+0x89e/0xa10 [ 473.879820][T11106] ? hci_uart_tty_write+0x10/0x10 [ 473.879831][T11106] tty_ioctl+0xf68/0x1710 [ 473.879841][T11106] ? tty_do_resize+0x170/0x170 [ 473.879850][T11106] ? avc_ss_reset+0x3a0/0x3a0 [ 473.879858][T11106] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 473.879865][T11106] ? refcount_inc_checked+0x50/0x50 [ 473.879872][T11106] ? memcg_check_events+0x5c/0x5b0 [ 473.879882][T11106] ? proc_fail_nth_write+0x1d5/0x240 [ 473.879892][T11106] ? proc_fail_nth_read+0x1c0/0x1c0 [ 473.879900][T11106] ? __lru_cache_add+0x1c4/0x210 [ 473.879913][T11106] ? memset+0x1f/0x40 [ 473.879921][T11106] ? fsnotify+0x1332/0x13f0 [ 473.879930][T11106] ? tty_do_resize+0x170/0x170 [ 473.879940][T11106] do_vfs_ioctl+0x76a/0x1720 [ 473.879950][T11106] ? selinux_file_ioctl+0x72f/0x990 [ 473.879959][T11106] ? ioctl_preallocate+0x250/0x250 [ 473.879971][T11106] ? __fget+0x37b/0x3c0 [ 473.879978][T11106] ? vfs_write+0x422/0x4e0 [ 473.879988][T11106] ? fget_many+0x20/0x20 [ 473.879997][T11106] ? debug_smp_processor_id+0x20/0x20 [ 473.880007][T11106] ? security_file_ioctl+0x9d/0xb0 [ 473.880020][T11106] __x64_sys_ioctl+0xd4/0x110 [ 473.880031][T11106] do_syscall_64+0xcb/0x1e0 [ 473.880041][T11106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 473.880049][T11106] RIP: 0033:0x4665f9 [ 473.880058][T11106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 473.880063][T11106] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.880072][T11106] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 473.880077][T11106] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 473.880082][T11106] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 473.880088][T11106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 473.880093][T11106] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 473.881484][T11106] Bluetooth: Can't register HCI device [ 473.893060][T11090] selection: kmalloc() failed [ 473.939299][T11112] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 473.941238][T11112] FAULT_INJECTION: forcing a failure. [ 473.941238][T11112] name failslab, interval 1, probability 0, space 0, times 0 [ 473.941251][T11112] CPU: 1 PID: 11112 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 473.941256][T11112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.941260][T11112] Call Trace: [ 473.941275][T11112] dump_stack+0x1d8/0x24e [ 473.941285][T11112] ? devkmsg_release+0x11c/0x11c [ 473.941295][T11112] ? mutex_unlock+0x19/0x40 [ 473.941306][T11112] ? show_regs_print_info+0x12/0x12 [ 473.941316][T11112] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 473.941327][T11112] should_fail+0x6f6/0x860 [ 473.941337][T11112] ? setup_fault_attr+0x3d0/0x3d0 [ 473.941347][T11112] ? _raw_spin_lock+0xa3/0x1b0 [ 473.941357][T11112] ? __kernfs_new_node+0xdb/0x6d0 [ 473.941368][T11112] should_failslab+0x5/0x20 [ 473.941377][T11112] kmem_cache_alloc+0x36/0x290 [ 473.941387][T11112] __kernfs_new_node+0xdb/0x6d0 [ 473.941398][T11112] ? mutex_lock+0xa6/0x110 [ 473.941407][T11112] ? kernfs_new_node+0x160/0x160 [ 473.941415][T11112] ? mutex_lock+0xa6/0x110 [ 473.941428][T11112] ? kernfs_activate+0x3fc/0x420 [ 473.941438][T11112] kernfs_new_node+0x95/0x160 [ 473.941449][T11112] __kernfs_create_file+0x45/0x260 [ 473.941458][T11112] sysfs_add_file_mode_ns+0x293/0x340 [ 473.941468][T11112] sysfs_merge_group+0x204/0x440 [ 473.941478][T11112] ? sysfs_remove_groups+0xb0/0xb0 [ 473.941486][T11112] ? sysfs_add_file_mode_ns+0x340/0x340 [ 473.941495][T11112] ? bus_add_device+0x92/0x3f0 [ 473.941505][T11112] dpm_sysfs_add+0xbd/0x260 [ 473.941513][T11112] device_add+0xde7/0x18a0 [ 473.941524][T11112] ? virtual_device_parent+0x50/0x50 [ 473.941534][T11112] ? h4_open+0x4f/0x140 [ 473.941543][T11112] hci_register_dev+0x32e/0x710 [ 473.941553][T11112] hci_uart_tty_ioctl+0x89e/0xa10 [ 473.941561][T11112] ? hci_uart_tty_write+0x10/0x10 [ 473.941571][T11112] tty_ioctl+0xf68/0x1710 [ 473.941579][T11112] ? tty_do_resize+0x170/0x170 [ 473.941587][T11112] ? avc_ss_reset+0x3a0/0x3a0 [ 473.941596][T11112] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 473.941604][T11112] ? refcount_inc_checked+0x50/0x50 [ 473.941614][T11112] ? memcg_check_events+0x5c/0x5b0 [ 473.941627][T11112] ? proc_fail_nth_write+0x1d5/0x240 [ 473.941637][T11112] ? proc_fail_nth_read+0x1c0/0x1c0 [ 473.941646][T11112] ? __lru_cache_add+0x1c4/0x210 [ 473.941654][T11112] ? memset+0x1f/0x40 [ 473.941663][T11112] ? fsnotify+0x1332/0x13f0 [ 473.941671][T11112] ? tty_do_resize+0x170/0x170 [ 473.941681][T11112] do_vfs_ioctl+0x76a/0x1720 [ 473.941690][T11112] ? selinux_file_ioctl+0x72f/0x990 [ 473.941700][T11112] ? ioctl_preallocate+0x250/0x250 [ 473.941711][T11112] ? __fget+0x37b/0x3c0 [ 473.941718][T11112] ? vfs_write+0x422/0x4e0 [ 473.941729][T11112] ? fget_many+0x20/0x20 [ 473.941737][T11112] ? debug_smp_processor_id+0x20/0x20 [ 473.941746][T11112] ? security_file_ioctl+0x9d/0xb0 [ 473.941756][T11112] __x64_sys_ioctl+0xd4/0x110 [ 473.941766][T11112] do_syscall_64+0xcb/0x1e0 [ 473.941776][T11112] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 473.941784][T11112] RIP: 0033:0x4665f9 [ 473.941793][T11112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 473.941798][T11112] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.941807][T11112] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 473.941812][T11112] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 473.941817][T11112] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 473.941822][T11112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 473.941828][T11112] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 473.959454][T11112] Bluetooth: Can't register HCI device [ 473.963913][T11114] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 473.963957][T11114] FAULT_INJECTION: forcing a failure. [ 473.963957][T11114] name failslab, interval 1, probability 0, space 0, times 0 [ 473.963969][T11114] CPU: 0 PID: 11114 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 473.963974][T11114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.963977][T11114] Call Trace: [ 473.963992][T11114] dump_stack+0x1d8/0x24e [ 473.964002][T11114] ? devkmsg_release+0x11c/0x11c [ 473.964012][T11114] ? show_regs_print_info+0x12/0x12 [ 473.964021][T11114] ? check_preemption_disabled+0x9e/0x330 [ 473.964029][T11114] ? __rcu_read_lock+0x50/0x50 [ 473.964036][T11114] ? __unwind_start+0x72f/0x8e0 [ 473.964044][T11114] ? debug_smp_processor_id+0x20/0x20 [ 473.964053][T11114] should_fail+0x6f6/0x860 [ 473.964062][T11114] ? setup_fault_attr+0x3d0/0x3d0 [ 473.964069][T11114] ? stack_trace_save+0x1f0/0x1f0 [ 473.964078][T11114] ? __kernel_text_address+0x93/0x100 [ 473.964086][T11114] ? unwind_get_return_address+0x48/0x80 [ 473.964096][T11114] ? __kernfs_new_node+0xdb/0x6d0 [ 473.964106][T11114] should_failslab+0x5/0x20 [ 473.964115][T11114] kmem_cache_alloc+0x36/0x290 [ 473.964126][T11114] __kernfs_new_node+0xdb/0x6d0 [ 473.964136][T11114] ? kernfs_new_node+0x160/0x160 [ 473.964144][T11114] ? stack_trace_save+0x120/0x1f0 [ 473.964152][T11114] ? stack_trace_snprint+0x150/0x150 [ 473.964161][T11114] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 473.964171][T11114] ? __kasan_kmalloc+0x1a3/0x1e0 [ 473.964181][T11114] kernfs_create_dir_ns+0x90/0x220 [ 473.964189][T11114] sysfs_create_dir_ns+0x181/0x390 [ 473.964197][T11114] ? sysfs_warn_dup+0xa0/0xa0 [ 473.964207][T11114] kobject_add_internal+0x595/0xbd0 [ 473.964221][T11114] kobject_add+0x14c/0x210 [ 473.964232][T11114] ? kobject_init+0x1d0/0x1d0 [ 473.964243][T11114] ? _raw_spin_lock+0xa3/0x1b0 [ 473.964254][T11114] ? kobject_init+0x7d/0x1d0 [ 473.964265][T11114] get_device_parent+0x3d5/0x430 [ 473.964275][T11114] device_add+0x3b3/0x18a0 [ 473.964288][T11114] ? get_device+0x30/0x30 [ 473.964299][T11114] ? virtual_device_parent+0x50/0x50 [ 473.964311][T11114] ? h4_open+0x4f/0x140 [ 473.964322][T11114] hci_register_dev+0x32e/0x710 [ 473.964334][T11114] hci_uart_tty_ioctl+0x89e/0xa10 [ 473.964345][T11114] ? hci_uart_tty_write+0x10/0x10 [ 473.964356][T11114] tty_ioctl+0xf68/0x1710 [ 473.964367][T11114] ? tty_do_resize+0x170/0x170 [ 473.964378][T11114] ? avc_ss_reset+0x3a0/0x3a0 [ 473.964389][T11114] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 473.964400][T11114] ? refcount_inc_checked+0x50/0x50 [ 473.964411][T11114] ? memcg_check_events+0x5c/0x5b0 [ 473.964422][T11114] ? proc_fail_nth_write+0x1d5/0x240 [ 473.964433][T11114] ? proc_fail_nth_read+0x1c0/0x1c0 [ 473.964444][T11114] ? __lru_cache_add+0x1c4/0x210 [ 473.964454][T11114] ? memset+0x1f/0x40 [ 473.964464][T11114] ? fsnotify+0x1332/0x13f0 [ 473.964474][T11114] ? tty_do_resize+0x170/0x170 [ 473.964486][T11114] do_vfs_ioctl+0x76a/0x1720 [ 473.964497][T11114] ? selinux_file_ioctl+0x72f/0x990 [ 473.964508][T11114] ? ioctl_preallocate+0x250/0x250 [ 473.964519][T11114] ? __fget+0x37b/0x3c0 [ 473.964529][T11114] ? vfs_write+0x422/0x4e0 [ 473.964540][T11114] ? fget_many+0x20/0x20 [ 473.964556][T11114] ? debug_smp_processor_id+0x20/0x20 [ 473.964568][T11114] ? security_file_ioctl+0x9d/0xb0 [ 473.964579][T11114] __x64_sys_ioctl+0xd4/0x110 [ 473.964591][T11114] do_syscall_64+0xcb/0x1e0 [ 473.964602][T11114] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 473.964613][T11114] RIP: 0033:0x4665f9 [ 473.964624][T11114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 473.964632][T11114] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.964648][T11114] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 473.964656][T11114] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 473.964664][T11114] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 473.964672][T11114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 473.964680][T11114] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 473.966002][T11114] kobject_add_internal failed for bluetooth (error: -12 parent: virtual) [ 473.966052][T11114] Bluetooth: Can't register HCI device 16:17:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:39 executing program 3 (fault-call:2 fault-nth:29): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:39 executing program 0 (fault-call:2 fault-nth:18): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c3068071525", 0xc3}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0xf, {0x3}}) 16:17:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x300}}) [ 476.347819][T11115] selection: kmalloc() failed [ 476.372385][ T22] audit: type=1326 audit(1631031459.443:8620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11123 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 476.404400][T11126] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 476.412652][T11126] FAULT_INJECTION: forcing a failure. [ 476.412652][T11126] name failslab, interval 1, probability 0, space 0, times 0 [ 476.430438][T11131] debugfs: Directory 'hci1' with parent 'bluetooth' already present! [ 476.432290][T11126] CPU: 0 PID: 11126 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 16:17:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x10, {0x3}}) [ 476.445503][ T22] audit: type=1326 audit(1631031459.503:8621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11130 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 476.450157][T11126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.450161][T11126] Call Trace: [ 476.450177][T11126] dump_stack+0x1d8/0x24e [ 476.450192][T11126] ? devkmsg_release+0x11c/0x11c [ 476.477564][T11131] FAULT_INJECTION: forcing a failure. [ 476.477564][T11131] name failslab, interval 1, probability 0, space 0, times 0 [ 476.483642][T11126] ? mutex_unlock+0x19/0x40 16:17:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x11, {0x3}}) 16:17:39 executing program 3 (fault-call:2 fault-nth:30): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 476.483654][T11126] ? show_regs_print_info+0x12/0x12 [ 476.483663][T11126] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 476.483673][T11126] should_fail+0x6f6/0x860 [ 476.483682][T11126] ? setup_fault_attr+0x3d0/0x3d0 [ 476.483696][T11126] ? _raw_spin_lock+0xa3/0x1b0 16:17:39 executing program 0 (fault-call:2 fault-nth:19): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:39 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x10}}) 16:17:39 executing program 3 (fault-call:2 fault-nth:31): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 476.538721][T11126] ? __kernfs_new_node+0xdb/0x6d0 [ 476.538732][T11126] should_failslab+0x5/0x20 [ 476.538742][T11126] kmem_cache_alloc+0x36/0x290 [ 476.538753][T11126] __kernfs_new_node+0xdb/0x6d0 [ 476.538765][T11126] ? mutex_lock+0xa6/0x110 [ 476.538775][T11126] ? kernfs_new_node+0x160/0x160 [ 476.538784][T11126] ? mutex_lock+0xa6/0x110 [ 476.538796][T11126] ? kernfs_activate+0x3fc/0x420 [ 476.538807][T11126] kernfs_new_node+0x95/0x160 [ 476.538818][T11126] __kernfs_create_file+0x45/0x260 [ 476.538832][T11126] sysfs_add_file_mode_ns+0x293/0x340 [ 476.538843][T11126] sysfs_merge_group+0x204/0x440 [ 476.538853][T11126] ? sysfs_remove_groups+0xb0/0xb0 [ 476.538862][T11126] ? sysfs_add_file_mode_ns+0x340/0x340 [ 476.538871][T11126] ? bus_add_device+0x92/0x3f0 [ 476.538882][T11126] dpm_sysfs_add+0xbd/0x260 [ 476.538891][T11126] device_add+0xde7/0x18a0 [ 476.538902][T11126] ? virtual_device_parent+0x50/0x50 [ 476.538913][T11126] ? h4_open+0x4f/0x140 [ 476.538924][T11126] hci_register_dev+0x32e/0x710 [ 476.538936][T11126] hci_uart_tty_ioctl+0x89e/0xa10 [ 476.538946][T11126] ? hci_uart_tty_write+0x10/0x10 [ 476.538955][T11126] tty_ioctl+0xf68/0x1710 [ 476.538966][T11126] ? tty_do_resize+0x170/0x170 [ 476.538974][T11126] ? avc_ss_reset+0x3a0/0x3a0 [ 476.538983][T11126] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 476.538992][T11126] ? refcount_inc_checked+0x50/0x50 [ 476.539001][T11126] ? memcg_check_events+0x5c/0x5b0 [ 476.539014][T11126] ? proc_fail_nth_write+0x1d5/0x240 [ 476.539023][T11126] ? proc_fail_nth_read+0x1c0/0x1c0 [ 476.539032][T11126] ? __lru_cache_add+0x1c4/0x210 [ 476.539040][T11126] ? memset+0x1f/0x40 [ 476.539048][T11126] ? fsnotify+0x1332/0x13f0 [ 476.539057][T11126] ? tty_do_resize+0x170/0x170 [ 476.539068][T11126] do_vfs_ioctl+0x76a/0x1720 [ 476.539077][T11126] ? selinux_file_ioctl+0x72f/0x990 [ 476.539088][T11126] ? ioctl_preallocate+0x250/0x250 [ 476.539100][T11126] ? __fget+0x37b/0x3c0 [ 476.539107][T11126] ? vfs_write+0x422/0x4e0 [ 476.539118][T11126] ? fget_many+0x20/0x20 [ 476.539126][T11126] ? debug_smp_processor_id+0x20/0x20 [ 476.539136][T11126] ? security_file_ioctl+0x9d/0xb0 [ 476.539147][T11126] __x64_sys_ioctl+0xd4/0x110 [ 476.539157][T11126] do_syscall_64+0xcb/0x1e0 [ 476.539167][T11126] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.539174][T11126] RIP: 0033:0x4665f9 [ 476.539183][T11126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 476.539188][T11126] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 476.539198][T11126] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 476.539203][T11126] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 476.539209][T11126] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 476.539214][T11126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 476.539219][T11126] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 476.541119][T11126] Bluetooth: Can't register HCI device [ 476.541200][T11131] CPU: 0 PID: 11131 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 476.541206][T11131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.541209][T11131] Call Trace: [ 476.541224][T11131] dump_stack+0x1d8/0x24e [ 476.541234][T11131] ? devkmsg_release+0x11c/0x11c [ 476.541245][T11131] ? show_regs_print_info+0x12/0x12 [ 476.541254][T11131] ? _raw_spin_lock+0xa3/0x1b0 [ 476.541267][T11131] should_fail+0x6f6/0x860 [ 476.541277][T11131] ? setup_fault_attr+0x3d0/0x3d0 [ 476.541287][T11131] ? mutex_lock+0xa6/0x110 [ 476.541297][T11131] ? mutex_trylock+0xb0/0xb0 [ 476.541308][T11131] ? __kernfs_new_node+0xdb/0x6d0 [ 476.541318][T11131] should_failslab+0x5/0x20 [ 476.541326][T11131] kmem_cache_alloc+0x36/0x290 [ 476.541335][T11131] __kernfs_new_node+0xdb/0x6d0 [ 476.541344][T11131] ? mutex_unlock+0x19/0x40 [ 476.541354][T11131] ? kernfs_new_node+0x160/0x160 [ 476.541363][T11131] ? kernfs_create_dir_ns+0x1df/0x220 [ 476.541377][T11131] ? sysfs_create_dir_ns+0x181/0x390 [ 476.541385][T11131] ? sysfs_create_dir_ns+0x1c7/0x390 [ 476.541393][T11131] ? sysfs_warn_dup+0xa0/0xa0 [ 476.541403][T11131] kernfs_new_node+0x95/0x160 [ 476.541414][T11131] __kernfs_create_file+0x45/0x260 [ 476.541423][T11131] sysfs_add_file_mode_ns+0x293/0x340 [ 476.541432][T11131] sysfs_create_file_ns+0x18c/0x2b0 [ 476.541441][T11131] ? sysfs_add_file_mode_ns+0x340/0x340 [ 476.541450][T11131] ? device_create_file+0xe2/0x1a0 [ 476.541458][T11131] device_add+0x64c/0x18a0 [ 476.541470][T11131] ? get_device+0x30/0x30 [ 476.541478][T11131] ? virtual_device_parent+0x50/0x50 [ 476.541488][T11131] ? h4_open+0x4f/0x140 [ 476.541498][T11131] hci_register_dev+0x32e/0x710 [ 476.541510][T11131] hci_uart_tty_ioctl+0x89e/0xa10 [ 476.541520][T11131] ? hci_uart_tty_write+0x10/0x10 [ 476.541530][T11131] tty_ioctl+0xf68/0x1710 [ 476.541545][T11131] ? tty_do_resize+0x170/0x170 [ 476.541556][T11131] ? avc_ss_reset+0x3a0/0x3a0 [ 476.541565][T11131] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 476.541574][T11131] ? refcount_inc_checked+0x50/0x50 [ 476.541582][T11131] ? memcg_check_events+0x5c/0x5b0 [ 476.541598][T11131] ? proc_fail_nth_write+0x1d5/0x240 [ 476.541608][T11131] ? proc_fail_nth_read+0x1c0/0x1c0 [ 476.541617][T11131] ? __lru_cache_add+0x1c4/0x210 [ 476.541625][T11131] ? memset+0x1f/0x40 [ 476.541634][T11131] ? fsnotify+0x1332/0x13f0 [ 476.541642][T11131] ? tty_do_resize+0x170/0x170 [ 476.541652][T11131] do_vfs_ioctl+0x76a/0x1720 [ 476.541678][T11131] ? selinux_file_ioctl+0x72f/0x990 [ 476.541689][T11131] ? ioctl_preallocate+0x250/0x250 [ 476.541701][T11131] ? __fget+0x37b/0x3c0 [ 476.541708][T11131] ? vfs_write+0x422/0x4e0 [ 476.541719][T11131] ? fget_many+0x20/0x20 [ 476.541728][T11131] ? debug_smp_processor_id+0x20/0x20 [ 476.541739][T11131] ? security_file_ioctl+0x9d/0xb0 [ 476.541749][T11131] __x64_sys_ioctl+0xd4/0x110 [ 476.541759][T11131] do_syscall_64+0xcb/0x1e0 [ 476.541770][T11131] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.541777][T11131] RIP: 0033:0x4665f9 [ 476.541785][T11131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 476.541791][T11131] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 476.541799][T11131] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 476.541810][T11131] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 476.541818][T11131] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 476.541829][T11131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 476.541834][T11131] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 476.546781][T11131] Bluetooth: Can't register HCI device [ 476.578103][T11144] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 476.578263][T11144] FAULT_INJECTION: forcing a failure. [ 476.578263][T11144] name failslab, interval 1, probability 0, space 0, times 0 [ 476.578275][T11144] CPU: 0 PID: 11144 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 476.578279][T11144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.578282][T11144] Call Trace: [ 476.578298][T11144] dump_stack+0x1d8/0x24e [ 476.578309][T11144] ? devkmsg_release+0x11c/0x11c [ 476.578318][T11144] ? mutex_unlock+0x19/0x40 [ 476.578327][T11144] ? show_regs_print_info+0x12/0x12 [ 476.578339][T11144] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 476.578349][T11144] should_fail+0x6f6/0x860 [ 476.578359][T11144] ? setup_fault_attr+0x3d0/0x3d0 [ 476.578367][T11144] ? _raw_spin_lock+0xa3/0x1b0 [ 476.578377][T11144] ? __kernfs_new_node+0xdb/0x6d0 [ 476.578387][T11144] should_failslab+0x5/0x20 [ 476.578396][T11144] kmem_cache_alloc+0x36/0x290 [ 476.578406][T11144] __kernfs_new_node+0xdb/0x6d0 [ 476.578416][T11144] ? mutex_lock+0xa6/0x110 [ 476.578425][T11144] ? kernfs_new_node+0x160/0x160 [ 476.578434][T11144] ? mutex_lock+0xa6/0x110 [ 476.578445][T11144] ? kernfs_activate+0x3fc/0x420 [ 476.578455][T11144] kernfs_new_node+0x95/0x160 [ 476.578465][T11144] __kernfs_create_file+0x45/0x260 [ 476.578474][T11144] sysfs_add_file_mode_ns+0x293/0x340 [ 476.578484][T11144] sysfs_merge_group+0x204/0x440 [ 476.578493][T11144] ? sysfs_remove_groups+0xb0/0xb0 [ 476.578502][T11144] ? sysfs_add_file_mode_ns+0x340/0x340 [ 476.578510][T11144] ? bus_add_device+0x92/0x3f0 [ 476.578520][T11144] dpm_sysfs_add+0xbd/0x260 [ 476.578528][T11144] device_add+0xde7/0x18a0 [ 476.578539][T11144] ? virtual_device_parent+0x50/0x50 [ 476.578549][T11144] ? h4_open+0x4f/0x140 [ 476.578558][T11144] hci_register_dev+0x32e/0x710 [ 476.578569][T11144] hci_uart_tty_ioctl+0x89e/0xa10 [ 476.578578][T11144] ? hci_uart_tty_write+0x10/0x10 [ 476.578588][T11144] tty_ioctl+0xf68/0x1710 [ 476.578597][T11144] ? tty_do_resize+0x170/0x170 [ 476.578607][T11144] ? avc_ss_reset+0x3a0/0x3a0 [ 476.578616][T11144] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 476.578624][T11144] ? refcount_inc_checked+0x50/0x50 [ 476.578633][T11144] ? memcg_check_events+0x5c/0x5b0 [ 476.578645][T11144] ? proc_fail_nth_write+0x1d5/0x240 [ 476.578654][T11144] ? proc_fail_nth_read+0x1c0/0x1c0 [ 476.578663][T11144] ? __lru_cache_add+0x1c4/0x210 [ 476.578671][T11144] ? memset+0x1f/0x40 [ 476.578679][T11144] ? fsnotify+0x1332/0x13f0 [ 476.578687][T11144] ? tty_do_resize+0x170/0x170 [ 476.578697][T11144] do_vfs_ioctl+0x76a/0x1720 [ 476.578707][T11144] ? selinux_file_ioctl+0x72f/0x990 [ 476.578717][T11144] ? ioctl_preallocate+0x250/0x250 [ 476.578728][T11144] ? __fget+0x37b/0x3c0 [ 476.578735][T11144] ? vfs_write+0x422/0x4e0 [ 476.578746][T11144] ? fget_many+0x20/0x20 [ 476.578754][T11144] ? debug_smp_processor_id+0x20/0x20 [ 476.578764][T11144] ? security_file_ioctl+0x9d/0xb0 [ 476.578773][T11144] __x64_sys_ioctl+0xd4/0x110 [ 476.578782][T11144] do_syscall_64+0xcb/0x1e0 [ 476.578792][T11144] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.578799][T11144] RIP: 0033:0x4665f9 [ 476.578808][T11144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 476.578813][T11144] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 476.578831][T11144] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 476.578836][T11144] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 476.578841][T11144] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 476.578846][T11144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 476.578852][T11144] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 476.579053][T11144] Bluetooth: Can't register HCI device [ 476.645183][T11151] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 476.645923][T11151] FAULT_INJECTION: forcing a failure. [ 476.645923][T11151] name failslab, interval 1, probability 0, space 0, times 0 [ 476.645935][T11151] CPU: 1 PID: 11151 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 476.645940][T11151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.645943][T11151] Call Trace: [ 476.645958][T11151] dump_stack+0x1d8/0x24e [ 476.645968][T11151] ? devkmsg_release+0x11c/0x11c [ 476.645977][T11151] ? mutex_unlock+0x19/0x40 [ 476.645989][T11151] ? show_regs_print_info+0x12/0x12 [ 476.646000][T11151] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 476.646010][T11151] should_fail+0x6f6/0x860 [ 476.646021][T11151] ? setup_fault_attr+0x3d0/0x3d0 [ 476.646029][T11151] ? _raw_spin_lock+0xa3/0x1b0 [ 476.646040][T11151] ? __kernfs_new_node+0xdb/0x6d0 [ 476.646050][T11151] should_failslab+0x5/0x20 [ 476.646058][T11151] kmem_cache_alloc+0x36/0x290 [ 476.646068][T11151] __kernfs_new_node+0xdb/0x6d0 [ 476.646078][T11151] ? mutex_lock+0xa6/0x110 [ 476.646087][T11151] ? kernfs_new_node+0x160/0x160 [ 476.646095][T11151] ? mutex_lock+0xa6/0x110 [ 476.646106][T11151] ? kernfs_activate+0x3fc/0x420 [ 476.646116][T11151] kernfs_new_node+0x95/0x160 [ 476.646126][T11151] __kernfs_create_file+0x45/0x260 [ 476.646134][T11151] sysfs_add_file_mode_ns+0x293/0x340 [ 476.646144][T11151] sysfs_merge_group+0x204/0x440 [ 476.646154][T11151] ? sysfs_remove_groups+0xb0/0xb0 [ 476.646162][T11151] ? sysfs_add_file_mode_ns+0x340/0x340 [ 476.646170][T11151] ? bus_add_device+0x92/0x3f0 [ 476.646179][T11151] dpm_sysfs_add+0xbd/0x260 [ 476.646187][T11151] device_add+0xde7/0x18a0 [ 476.646198][T11151] ? virtual_device_parent+0x50/0x50 [ 476.646208][T11151] ? h4_open+0x4f/0x140 [ 476.646220][T11151] hci_register_dev+0x32e/0x710 [ 476.646232][T11151] hci_uart_tty_ioctl+0x89e/0xa10 [ 476.646241][T11151] ? hci_uart_tty_write+0x10/0x10 [ 476.646251][T11151] tty_ioctl+0xf68/0x1710 [ 476.646260][T11151] ? tty_do_resize+0x170/0x170 [ 476.646269][T11151] ? avc_ss_reset+0x3a0/0x3a0 [ 476.646277][T11151] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 476.646286][T11151] ? refcount_inc_checked+0x50/0x50 [ 476.646293][T11151] ? memcg_check_events+0x5c/0x5b0 [ 476.646303][T11151] ? proc_fail_nth_write+0x1d5/0x240 [ 476.646319][T11151] ? proc_fail_nth_read+0x1c0/0x1c0 [ 476.646328][T11151] ? __lru_cache_add+0x1c4/0x210 [ 476.646336][T11151] ? memset+0x1f/0x40 [ 476.646343][T11151] ? fsnotify+0x1332/0x13f0 [ 476.646350][T11151] ? tty_do_resize+0x170/0x170 [ 476.646367][T11151] do_vfs_ioctl+0x76a/0x1720 [ 476.646376][T11151] ? selinux_file_ioctl+0x72f/0x990 [ 476.646387][T11151] ? ioctl_preallocate+0x250/0x250 [ 476.646398][T11151] ? __fget+0x37b/0x3c0 [ 476.646405][T11151] ? vfs_write+0x422/0x4e0 [ 476.646416][T11151] ? fget_many+0x20/0x20 [ 476.646424][T11151] ? debug_smp_processor_id+0x20/0x20 [ 476.646434][T11151] ? security_file_ioctl+0x9d/0xb0 [ 476.646445][T11151] __x64_sys_ioctl+0xd4/0x110 [ 476.646454][T11151] do_syscall_64+0xcb/0x1e0 [ 476.646464][T11151] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.646472][T11151] RIP: 0033:0x4665f9 [ 476.646481][T11151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 476.646487][T11151] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 476.646496][T11151] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 476.646501][T11151] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 476.646506][T11151] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 476.646511][T11151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 476.646516][T11151] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 476.648717][T11151] Bluetooth: Can't register HCI device [ 476.679947][T11153] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 476.680014][T11153] FAULT_INJECTION: forcing a failure. [ 476.680014][T11153] name failslab, interval 1, probability 0, space 0, times 0 [ 476.680026][T11153] CPU: 1 PID: 11153 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 476.680031][T11153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.680034][T11153] Call Trace: [ 476.680049][T11153] dump_stack+0x1d8/0x24e [ 476.680060][T11153] ? devkmsg_release+0x11c/0x11c [ 476.680070][T11153] ? show_regs_print_info+0x12/0x12 [ 476.680080][T11153] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 476.680092][T11153] should_fail+0x6f6/0x860 [ 476.680102][T11153] ? setup_fault_attr+0x3d0/0x3d0 [ 476.680110][T11153] ? _raw_spin_lock+0xa3/0x1b0 [ 476.680120][T11153] ? __kernfs_new_node+0x99/0x6d0 [ 476.680129][T11153] should_failslab+0x5/0x20 [ 476.680141][T11153] __kmalloc_track_caller+0x5d/0x2e0 [ 476.680151][T11153] ? security_kernfs_init_security+0x9a/0xb0 [ 476.680161][T11153] kstrdup_const+0x51/0x90 [ 476.680170][T11153] __kernfs_new_node+0x99/0x6d0 [ 476.680180][T11153] ? kernfs_new_node+0x160/0x160 [ 476.680189][T11153] ? kernfs_activate+0x3fc/0x420 [ 476.680199][T11153] ? mutex_unlock+0x19/0x40 [ 476.680207][T11153] ? kernfs_add_one+0x49e/0x5c0 [ 476.680218][T11153] ? kernfs_create_dir_ns+0x1df/0x220 [ 476.680228][T11153] kernfs_create_dir_ns+0x90/0x220 [ 476.680237][T11153] sysfs_create_dir_ns+0x181/0x390 [ 476.680246][T11153] ? sysfs_warn_dup+0xa0/0xa0 [ 476.680256][T11153] ? class_dir_child_ns_type+0x15/0x60 [ 476.680265][T11153] kobject_add_internal+0x595/0xbd0 [ 476.680275][T11153] kobject_add+0x14c/0x210 [ 476.680283][T11153] ? kobject_init+0x1d0/0x1d0 [ 476.680290][T11153] ? _raw_spin_lock+0xa3/0x1b0 [ 476.680298][T11153] ? kobject_init+0x1d0/0x1d0 [ 476.680306][T11153] ? get_device_parent+0x2cd/0x430 [ 476.680323][T11153] device_add+0x46a/0x18a0 [ 476.680335][T11153] ? get_device+0x30/0x30 [ 476.680350][T11153] ? virtual_device_parent+0x50/0x50 [ 476.680360][T11153] ? h4_open+0x4f/0x140 [ 476.680371][T11153] hci_register_dev+0x32e/0x710 [ 476.680382][T11153] hci_uart_tty_ioctl+0x89e/0xa10 [ 476.680392][T11153] ? hci_uart_tty_write+0x10/0x10 [ 476.680402][T11153] tty_ioctl+0xf68/0x1710 [ 476.680411][T11153] ? tty_do_resize+0x170/0x170 [ 476.680420][T11153] ? avc_ss_reset+0x3a0/0x3a0 [ 476.680429][T11153] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 476.680437][T11153] ? refcount_inc_checked+0x50/0x50 [ 476.680446][T11153] ? memcg_check_events+0x5c/0x5b0 [ 476.680457][T11153] ? proc_fail_nth_write+0x1d5/0x240 [ 476.680465][T11153] ? proc_fail_nth_read+0x1c0/0x1c0 [ 476.680472][T11153] ? __lru_cache_add+0x1c4/0x210 [ 476.680478][T11153] ? memset+0x1f/0x40 [ 476.680486][T11153] ? fsnotify+0x1332/0x13f0 [ 476.680494][T11153] ? tty_do_resize+0x170/0x170 [ 476.680504][T11153] do_vfs_ioctl+0x76a/0x1720 [ 476.680514][T11153] ? selinux_file_ioctl+0x72f/0x990 [ 476.680524][T11153] ? ioctl_preallocate+0x250/0x250 [ 476.680534][T11153] ? __fget+0x37b/0x3c0 [ 476.680542][T11153] ? vfs_write+0x422/0x4e0 [ 476.680552][T11153] ? fget_many+0x20/0x20 [ 476.680559][T11153] ? debug_smp_processor_id+0x20/0x20 [ 476.680569][T11153] ? security_file_ioctl+0x9d/0xb0 [ 476.680578][T11153] __x64_sys_ioctl+0xd4/0x110 [ 476.680587][T11153] do_syscall_64+0xcb/0x1e0 [ 476.680597][T11153] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 476.680604][T11153] RIP: 0033:0x4665f9 [ 476.680613][T11153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 476.680617][T11153] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 476.680627][T11153] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 476.680632][T11153] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 16:17:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:41 executing program 3 (fault-call:2 fault-nth:32): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:41 executing program 0 (fault-call:2 fault-nth:20): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 476.680637][T11153] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 476.680642][T11153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 476.680647][T11153] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 476.682001][T11153] kobject_add_internal failed for hci0 (error: -12 parent: bluetooth) [ 476.682046][T11153] Bluetooth: Can't register HCI device [ 476.687282][T11132] selection: kmalloc() failed [ 478.600483][T11133] selection: kmalloc() failed [ 478.606301][T11160] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 478.606380][T11160] FAULT_INJECTION: forcing a failure. [ 478.606380][T11160] name failslab, interval 1, probability 0, space 0, times 0 [ 478.606392][T11160] CPU: 0 PID: 11160 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 478.606397][T11160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.606400][T11160] Call Trace: [ 478.606417][T11160] dump_stack+0x1d8/0x24e [ 478.606428][T11160] ? devkmsg_release+0x11c/0x11c [ 478.606438][T11160] ? show_regs_print_info+0x12/0x12 [ 478.606448][T11160] ? mutex_unlock+0x19/0x40 [ 478.606458][T11160] ? kernfs_xattr_get+0x81/0x90 [ 478.606468][T11160] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 478.606478][T11160] should_fail+0x6f6/0x860 [ 478.606488][T11160] ? setup_fault_attr+0x3d0/0x3d0 [ 478.606498][T11160] ? __kernfs_new_node+0x99/0x6d0 [ 478.606507][T11160] should_failslab+0x5/0x20 [ 478.606517][T11160] __kmalloc_track_caller+0x5d/0x2e0 [ 478.606528][T11160] kstrdup_const+0x51/0x90 [ 478.606537][T11160] __kernfs_new_node+0x99/0x6d0 [ 478.606550][T11160] ? mutex_lock+0xa6/0x110 [ 478.606560][T11160] ? kernfs_new_node+0x160/0x160 [ 478.606571][T11160] ? kernfs_activate+0x3fc/0x420 [ 478.606582][T11160] kernfs_new_node+0x95/0x160 [ 478.606592][T11160] kernfs_create_link+0x9c/0x1f0 [ 478.606600][T11160] sysfs_do_create_link_sd+0x85/0x100 [ 478.606608][T11160] device_add+0x989/0x18a0 [ 478.606619][T11160] ? get_device+0x30/0x30 [ 478.606627][T11160] ? virtual_device_parent+0x50/0x50 [ 478.606637][T11160] ? h4_open+0x4f/0x140 [ 478.606647][T11160] hci_register_dev+0x32e/0x710 [ 478.606658][T11160] hci_uart_tty_ioctl+0x89e/0xa10 [ 478.606667][T11160] ? hci_uart_tty_write+0x10/0x10 [ 478.606676][T11160] tty_ioctl+0xf68/0x1710 [ 478.606686][T11160] ? tty_do_resize+0x170/0x170 [ 478.606694][T11160] ? avc_ss_reset+0x3a0/0x3a0 [ 478.606703][T11160] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 478.606711][T11160] ? refcount_inc_checked+0x50/0x50 [ 478.606720][T11160] ? memcg_check_events+0x5c/0x5b0 [ 478.606731][T11160] ? proc_fail_nth_write+0x1d5/0x240 [ 478.606741][T11160] ? proc_fail_nth_read+0x1c0/0x1c0 [ 478.606750][T11160] ? __lru_cache_add+0x1c4/0x210 [ 478.606757][T11160] ? memset+0x1f/0x40 [ 478.606765][T11160] ? fsnotify+0x1332/0x13f0 [ 478.606773][T11160] ? tty_do_resize+0x170/0x170 [ 478.606783][T11160] do_vfs_ioctl+0x76a/0x1720 [ 478.606792][T11160] ? selinux_file_ioctl+0x72f/0x990 [ 478.606802][T11160] ? ioctl_preallocate+0x250/0x250 [ 478.606813][T11160] ? __fget+0x37b/0x3c0 [ 478.606820][T11160] ? vfs_write+0x422/0x4e0 [ 478.606830][T11160] ? fget_many+0x20/0x20 [ 478.606838][T11160] ? debug_smp_processor_id+0x20/0x20 [ 478.606848][T11160] ? security_file_ioctl+0x9d/0xb0 [ 478.606857][T11160] __x64_sys_ioctl+0xd4/0x110 [ 478.606867][T11160] do_syscall_64+0xcb/0x1e0 [ 478.606877][T11160] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.606884][T11160] RIP: 0033:0x4665f9 [ 478.606894][T11160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 478.606899][T11160] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 478.606908][T11160] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 478.606913][T11160] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 478.606919][T11160] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 478.606923][T11160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 478.606929][T11160] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 478.609334][T11160] Bluetooth: Can't register HCI device [ 478.611646][T11162] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 478.611834][T11162] FAULT_INJECTION: forcing a failure. [ 478.611834][T11162] name failslab, interval 1, probability 0, space 0, times 0 [ 478.611846][T11162] CPU: 1 PID: 11162 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 478.611852][T11162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.611855][T11162] Call Trace: [ 478.611871][T11162] dump_stack+0x1d8/0x24e [ 478.611882][T11162] ? devkmsg_release+0x11c/0x11c [ 478.611892][T11162] ? show_regs_print_info+0x12/0x12 [ 478.611905][T11162] should_fail+0x6f6/0x860 [ 478.611916][T11162] ? setup_fault_attr+0x3d0/0x3d0 [ 478.611927][T11162] ? alloc_uevent_skb+0x73/0x220 [ 478.611936][T11162] should_failslab+0x5/0x20 [ 478.611947][T11162] __kmalloc_track_caller+0x5d/0x2e0 [ 478.611955][T11162] ? kmem_cache_alloc+0x115/0x290 [ 478.611965][T11162] ? mutex_lock+0xa6/0x110 [ 478.611973][T11162] ? alloc_uevent_skb+0x73/0x220 [ 478.611983][T11162] __alloc_skb+0xaf/0x4d0 [ 478.611993][T11162] alloc_uevent_skb+0x73/0x220 [ 478.612002][T11162] kobject_uevent_env+0xaee/0x1000 [ 478.612014][T11162] device_add+0xf42/0x18a0 [ 478.612025][T11162] ? virtual_device_parent+0x50/0x50 [ 478.612034][T11162] ? h4_open+0x4f/0x140 [ 478.612044][T11162] hci_register_dev+0x32e/0x710 [ 478.612055][T11162] hci_uart_tty_ioctl+0x89e/0xa10 [ 478.612065][T11162] ? hci_uart_tty_write+0x10/0x10 [ 478.612075][T11162] tty_ioctl+0xf68/0x1710 [ 478.612084][T11162] ? tty_do_resize+0x170/0x170 [ 478.612092][T11162] ? avc_ss_reset+0x3a0/0x3a0 [ 478.612101][T11162] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 478.612110][T11162] ? refcount_inc_checked+0x50/0x50 [ 478.612119][T11162] ? memcg_check_events+0x5c/0x5b0 [ 478.612131][T11162] ? proc_fail_nth_write+0x1d5/0x240 [ 478.612141][T11162] ? proc_fail_nth_read+0x1c0/0x1c0 [ 478.612150][T11162] ? __lru_cache_add+0x1c4/0x210 [ 478.612158][T11162] ? memset+0x1f/0x40 [ 478.612166][T11162] ? fsnotify+0x1332/0x13f0 [ 478.612174][T11162] ? tty_do_resize+0x170/0x170 [ 478.612184][T11162] do_vfs_ioctl+0x76a/0x1720 [ 478.612193][T11162] ? selinux_file_ioctl+0x72f/0x990 [ 478.612204][T11162] ? ioctl_preallocate+0x250/0x250 [ 478.612215][T11162] ? __fget+0x37b/0x3c0 [ 478.612222][T11162] ? vfs_write+0x422/0x4e0 [ 478.612232][T11162] ? fget_many+0x20/0x20 [ 478.612240][T11162] ? debug_smp_processor_id+0x20/0x20 [ 478.612250][T11162] ? security_file_ioctl+0x9d/0xb0 [ 478.612260][T11162] __x64_sys_ioctl+0xd4/0x110 [ 478.612269][T11162] do_syscall_64+0xcb/0x1e0 [ 478.612279][T11162] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 478.612287][T11162] RIP: 0033:0x4665f9 [ 478.612295][T11162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 478.612300][T11162] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 478.612309][T11162] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 478.612317][T11162] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 478.612323][T11162] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 478.612328][T11162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 478.612333][T11162] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 478.616869][ T22] audit: type=1326 audit(1631031461.693:8622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11163 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 479.387198][T11152] selection: kmalloc() failed 16:17:42 executing program 0 (fault-call:2 fault-nth:21): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:42 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:17:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:42 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 479.418212][T11167] selection: kmalloc() failed 16:17:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:42 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x2}}) [ 479.461345][ T22] audit: type=1326 audit(1631031462.533:8623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11172 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 479.464447][T11175] debugfs: Directory 'hci1' with parent 'bluetooth' already present! 16:17:42 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x2}}) [ 479.510808][T11175] FAULT_INJECTION: forcing a failure. [ 479.510808][T11175] name failslab, interval 1, probability 0, space 0, times 0 [ 479.518892][ T22] audit: type=1326 audit(1631031462.593:8624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11177 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 479.530083][T11175] CPU: 1 PID: 11175 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 16:17:42 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x3}}) 16:17:42 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x3}}) [ 479.558424][T11175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.558428][T11175] Call Trace: [ 479.558443][T11175] dump_stack+0x1d8/0x24e [ 479.558459][T11175] ? devkmsg_release+0x11c/0x11c [ 479.581074][T11175] ? show_regs_print_info+0x12/0x12 [ 479.581086][T11175] should_fail+0x6f6/0x860 [ 479.581096][T11175] ? setup_fault_attr+0x3d0/0x3d0 [ 479.581108][T11175] ? __kernfs_new_node+0xdb/0x6d0 [ 479.581117][T11175] should_failslab+0x5/0x20 [ 479.581126][T11175] kmem_cache_alloc+0x36/0x290 [ 479.581134][T11175] ? memcpy+0x38/0x50 [ 479.581144][T11175] __kernfs_new_node+0xdb/0x6d0 [ 479.581155][T11175] ? mutex_lock+0xa6/0x110 [ 479.581164][T11175] ? kernfs_new_node+0x160/0x160 [ 479.581176][T11175] ? kernfs_activate+0x3fc/0x420 [ 479.581186][T11175] kernfs_new_node+0x95/0x160 [ 479.581196][T11175] kernfs_create_link+0x9c/0x1f0 [ 479.581205][T11175] sysfs_do_create_link_sd+0x85/0x100 [ 479.581214][T11175] device_add+0x989/0x18a0 [ 479.581226][T11175] ? get_device+0x30/0x30 [ 479.581235][T11175] ? virtual_device_parent+0x50/0x50 [ 479.581245][T11175] ? h4_open+0x4f/0x140 [ 479.581255][T11175] hci_register_dev+0x32e/0x710 [ 479.581267][T11175] hci_uart_tty_ioctl+0x89e/0xa10 [ 479.581277][T11175] ? hci_uart_tty_write+0x10/0x10 [ 479.581286][T11175] tty_ioctl+0xf68/0x1710 [ 479.581296][T11175] ? tty_do_resize+0x170/0x170 [ 479.581305][T11175] ? avc_ss_reset+0x3a0/0x3a0 [ 479.581314][T11175] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 479.581323][T11175] ? refcount_inc_checked+0x50/0x50 [ 479.581332][T11175] ? memcg_check_events+0x5c/0x5b0 [ 479.581345][T11175] ? proc_fail_nth_write+0x1d5/0x240 [ 479.581355][T11175] ? proc_fail_nth_read+0x1c0/0x1c0 [ 479.581364][T11175] ? __lru_cache_add+0x1c4/0x210 [ 479.581372][T11175] ? memset+0x1f/0x40 [ 479.581403][T11175] ? fsnotify+0x1332/0x13f0 [ 479.581413][T11175] ? tty_do_resize+0x170/0x170 [ 479.581424][T11175] do_vfs_ioctl+0x76a/0x1720 [ 479.581434][T11175] ? selinux_file_ioctl+0x72f/0x990 [ 479.581444][T11175] ? ioctl_preallocate+0x250/0x250 [ 479.581456][T11175] ? __fget+0x37b/0x3c0 [ 479.581463][T11175] ? vfs_write+0x422/0x4e0 [ 479.581474][T11175] ? fget_many+0x20/0x20 [ 479.581482][T11175] ? debug_smp_processor_id+0x20/0x20 [ 479.581493][T11175] ? security_file_ioctl+0x9d/0xb0 [ 479.581502][T11175] __x64_sys_ioctl+0xd4/0x110 [ 479.581513][T11175] do_syscall_64+0xcb/0x1e0 [ 479.581523][T11175] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.581531][T11175] RIP: 0033:0x4665f9 [ 479.581540][T11175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 479.581545][T11175] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 479.581554][T11175] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 479.581559][T11175] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 479.581563][T11175] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 479.581568][T11175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 16:17:42 executing program 0 (fault-call:2 fault-nth:22): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 479.581574][T11175] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 479.595463][T11175] Bluetooth: Can't register HCI device [ 479.893091][T11185] selection: kmalloc() failed [ 479.897806][T11195] debugfs: Directory 'hci1' with parent 'bluetooth' already present! [ 479.897896][T11195] FAULT_INJECTION: forcing a failure. [ 479.897896][T11195] name failslab, interval 1, probability 0, space 0, times 0 [ 479.897908][T11195] CPU: 0 PID: 11195 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 479.897913][T11195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.897916][T11195] Call Trace: [ 479.897932][T11195] dump_stack+0x1d8/0x24e [ 479.897942][T11195] ? devkmsg_release+0x11c/0x11c [ 479.897951][T11195] ? __kasan_kmalloc+0x1a3/0x1e0 [ 479.897960][T11195] ? show_regs_print_info+0x12/0x12 [ 479.897970][T11195] ? kmem_cache_alloc+0x115/0x290 [ 479.897979][T11195] ? __kernfs_new_node+0xdb/0x6d0 [ 479.897988][T11195] ? kernfs_new_node+0x95/0x160 [ 479.897996][T11195] ? sysfs_do_create_link_sd+0x85/0x100 [ 479.898008][T11195] should_fail+0x6f6/0x860 [ 479.898019][T11195] ? setup_fault_attr+0x3d0/0x3d0 [ 479.898029][T11195] ? mutex_unlock+0x19/0x40 [ 479.898038][T11195] ? kernfs_xattr_get+0x81/0x90 [ 479.898048][T11195] ? __kernfs_new_node+0xdb/0x6d0 [ 479.898057][T11195] should_failslab+0x5/0x20 [ 479.898066][T11195] kmem_cache_alloc+0x36/0x290 [ 479.898077][T11195] __kernfs_new_node+0xdb/0x6d0 [ 479.898087][T11195] ? kernfs_new_node+0x160/0x160 [ 479.898095][T11195] ? _raw_spin_lock+0xa3/0x1b0 [ 479.898113][T11195] ? security_kernfs_init_security+0x9a/0xb0 [ 479.898123][T11195] ? __kernfs_new_node+0x50b/0x6d0 [ 479.898133][T11195] kernfs_new_node+0x95/0x160 [ 479.898146][T11195] __kernfs_create_file+0x45/0x260 [ 479.898155][T11195] sysfs_add_file_mode_ns+0x293/0x340 [ 479.898165][T11195] sysfs_create_file_ns+0x18c/0x2b0 [ 479.898174][T11195] ? sysfs_add_file_mode_ns+0x340/0x340 [ 479.898184][T11195] ? device_create_file+0xe2/0x1a0 [ 479.898192][T11195] device_add+0xc44/0x18a0 [ 479.898204][T11195] ? virtual_device_parent+0x50/0x50 [ 479.898214][T11195] ? h4_open+0x4f/0x140 [ 479.898225][T11195] hci_register_dev+0x32e/0x710 [ 479.898236][T11195] hci_uart_tty_ioctl+0x89e/0xa10 [ 479.898245][T11195] ? hci_uart_tty_write+0x10/0x10 [ 479.898255][T11195] tty_ioctl+0xf68/0x1710 [ 479.898265][T11195] ? tty_do_resize+0x170/0x170 [ 479.898274][T11195] ? avc_ss_reset+0x3a0/0x3a0 [ 479.898282][T11195] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 479.898291][T11195] ? refcount_inc_checked+0x50/0x50 [ 479.898300][T11195] ? memcg_check_events+0x5c/0x5b0 [ 479.898313][T11195] ? proc_fail_nth_write+0x1d5/0x240 [ 479.898321][T11195] ? proc_fail_nth_read+0x1c0/0x1c0 [ 479.898330][T11195] ? __lru_cache_add+0x1c4/0x210 [ 479.898337][T11195] ? memset+0x1f/0x40 [ 479.898345][T11195] ? fsnotify+0x1332/0x13f0 [ 479.898352][T11195] ? tty_do_resize+0x170/0x170 [ 479.898361][T11195] do_vfs_ioctl+0x76a/0x1720 [ 479.898371][T11195] ? selinux_file_ioctl+0x72f/0x990 [ 479.898381][T11195] ? ioctl_preallocate+0x250/0x250 [ 479.898392][T11195] ? __fget+0x37b/0x3c0 [ 479.898399][T11195] ? vfs_write+0x422/0x4e0 [ 479.898410][T11195] ? fget_many+0x20/0x20 [ 479.898419][T11195] ? debug_smp_processor_id+0x20/0x20 [ 479.898429][T11195] ? security_file_ioctl+0x9d/0xb0 [ 479.898440][T11195] __x64_sys_ioctl+0xd4/0x110 [ 479.898450][T11195] do_syscall_64+0xcb/0x1e0 [ 479.898461][T11195] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 479.898468][T11195] RIP: 0033:0x4665f9 [ 479.898477][T11195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 479.898482][T11195] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 479.898492][T11195] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 479.898497][T11195] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 479.898502][T11195] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 479.898508][T11195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 479.898513][T11195] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 479.900721][T11195] Bluetooth: Can't register HCI device [ 480.336738][T11192] selection: kmalloc() failed [ 480.693478][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 480.699663][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 482.773437][ T67] Bluetooth: hci0: command 0x1001 tx timeout [ 482.779467][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 484.853326][ T67] Bluetooth: hci0: command 0x1009 tx timeout 16:17:52 executing program 3 (fault-call:2 fault-nth:33): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:52 executing program 0 (fault-call:2 fault-nth:23): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x4}}) 16:17:52 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x4}}) 16:17:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:17:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 489.119533][T11211] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 489.127349][ T22] audit: type=1326 audit(1631031472.194:8625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11207 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 489.133838][T11208] debugfs: Directory 'hci1' with parent 'bluetooth' already present! [ 489.151421][T11211] FAULT_INJECTION: forcing a failure. 16:17:52 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x8}}) [ 489.151421][T11211] name failslab, interval 1, probability 0, space 0, times 0 [ 489.163347][T11208] FAULT_INJECTION: forcing a failure. [ 489.163347][T11208] name failslab, interval 1, probability 0, space 0, times 0 [ 489.172783][T11211] CPU: 0 PID: 11211 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 489.196115][T11211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 489.196119][T11211] Call Trace: 16:17:52 executing program 0 (fault-call:2 fault-nth:24): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 489.196134][T11211] dump_stack+0x1d8/0x24e [ 489.196144][T11211] ? devkmsg_release+0x11c/0x11c [ 489.196152][T11211] ? __kasan_kmalloc+0x1a3/0x1e0 [ 489.196161][T11211] ? show_regs_print_info+0x12/0x12 [ 489.196169][T11211] ? kmem_cache_alloc+0x115/0x290 [ 489.196178][T11211] ? __kernfs_new_node+0xdb/0x6d0 [ 489.196185][T11211] ? kernfs_new_node+0x95/0x160 [ 489.196193][T11211] ? sysfs_do_create_link_sd+0x85/0x100 16:17:52 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x10}}) [ 489.196202][T11211] should_fail+0x6f6/0x860 [ 489.196212][T11211] ? setup_fault_attr+0x3d0/0x3d0 [ 489.196220][T11211] ? mutex_unlock+0x19/0x40 [ 489.196228][T11211] ? kernfs_xattr_get+0x81/0x90 [ 489.196237][T11211] ? __kernfs_new_node+0xdb/0x6d0 [ 489.196245][T11211] should_failslab+0x5/0x20 [ 489.196253][T11211] kmem_cache_alloc+0x36/0x290 [ 489.196262][T11211] __kernfs_new_node+0xdb/0x6d0 [ 489.196272][T11211] ? kernfs_new_node+0x160/0x160 [ 489.196279][T11211] ? _raw_spin_lock+0xa3/0x1b0 [ 489.196291][T11211] ? security_kernfs_init_security+0x9a/0xb0 [ 489.196300][T11211] ? __kernfs_new_node+0x50b/0x6d0 [ 489.196309][T11211] kernfs_new_node+0x95/0x160 [ 489.196319][T11211] __kernfs_create_file+0x45/0x260 [ 489.196327][T11211] sysfs_add_file_mode_ns+0x293/0x340 [ 489.196336][T11211] sysfs_create_file_ns+0x18c/0x2b0 [ 489.196344][T11211] ? sysfs_add_file_mode_ns+0x340/0x340 [ 489.196352][T11211] ? device_create_file+0xe2/0x1a0 [ 489.196360][T11211] device_add+0xc44/0x18a0 [ 489.196370][T11211] ? virtual_device_parent+0x50/0x50 [ 489.196378][T11211] ? h4_open+0x4f/0x140 [ 489.196388][T11211] hci_register_dev+0x32e/0x710 [ 489.196398][T11211] hci_uart_tty_ioctl+0x89e/0xa10 [ 489.196407][T11211] ? hci_uart_tty_write+0x10/0x10 [ 489.196415][T11211] tty_ioctl+0xf68/0x1710 [ 489.196423][T11211] ? tty_do_resize+0x170/0x170 [ 489.196431][T11211] ? avc_ss_reset+0x3a0/0x3a0 [ 489.196439][T11211] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 489.196447][T11211] ? refcount_inc_checked+0x50/0x50 [ 489.196456][T11211] ? memcg_check_events+0x5c/0x5b0 [ 489.196467][T11211] ? proc_fail_nth_write+0x1d5/0x240 [ 489.196475][T11211] ? proc_fail_nth_read+0x1c0/0x1c0 [ 489.196483][T11211] ? __lru_cache_add+0x1c4/0x210 [ 489.196490][T11211] ? memset+0x1f/0x40 [ 489.196497][T11211] ? fsnotify+0x1332/0x13f0 [ 489.196505][T11211] ? tty_do_resize+0x170/0x170 [ 489.196514][T11211] do_vfs_ioctl+0x76a/0x1720 [ 489.196523][T11211] ? selinux_file_ioctl+0x72f/0x990 [ 489.196532][T11211] ? ioctl_preallocate+0x250/0x250 [ 489.196542][T11211] ? __fget+0x37b/0x3c0 [ 489.196549][T11211] ? vfs_write+0x422/0x4e0 [ 489.196558][T11211] ? fget_many+0x20/0x20 [ 489.196565][T11211] ? debug_smp_processor_id+0x20/0x20 [ 489.196574][T11211] ? security_file_ioctl+0x9d/0xb0 [ 489.196582][T11211] __x64_sys_ioctl+0xd4/0x110 [ 489.196591][T11211] do_syscall_64+0xcb/0x1e0 [ 489.196600][T11211] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.196607][T11211] RIP: 0033:0x4665f9 [ 489.196616][T11211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 489.196621][T11211] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 489.196631][T11211] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 489.196642][T11211] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 489.196648][T11211] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 489.196653][T11211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 489.196659][T11211] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 489.196677][T11208] CPU: 1 PID: 11208 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 489.196683][T11208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 489.196685][T11208] Call Trace: [ 489.196696][T11208] dump_stack+0x1d8/0x24e [ 489.196704][T11208] ? devkmsg_release+0x11c/0x11c [ 489.196713][T11208] ? show_regs_print_info+0x12/0x12 [ 489.196722][T11208] ? vsnprintf+0x1d60/0x1d60 [ 489.196731][T11208] should_fail+0x6f6/0x860 [ 489.196741][T11208] ? setup_fault_attr+0x3d0/0x3d0 [ 489.196750][T11208] ? vsnprintf+0x1cb4/0x1d60 [ 489.196760][T11208] ? skb_clone+0x1b2/0x360 [ 489.196769][T11208] should_failslab+0x5/0x20 [ 489.196778][T11208] kmem_cache_alloc+0x36/0x290 [ 489.196787][T11208] skb_clone+0x1b2/0x360 [ 489.196799][T11208] netlink_broadcast_filtered+0x5d1/0x10a0 [ 489.196813][T11208] netlink_broadcast+0x35/0x50 [ 489.196821][T11208] kobject_uevent_env+0xb1f/0x1000 [ 489.196831][T11208] device_add+0xf42/0x18a0 [ 489.196842][T11208] ? virtual_device_parent+0x50/0x50 [ 489.196849][T11208] ? h4_open+0x4f/0x140 [ 489.196858][T11208] hci_register_dev+0x32e/0x710 [ 489.196865][ T22] audit: type=1326 audit(1631031472.264:8626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11199 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 489.196873][T11208] hci_uart_tty_ioctl+0x89e/0xa10 [ 489.196882][T11208] ? hci_uart_tty_write+0x10/0x10 [ 489.196890][T11208] tty_ioctl+0xf68/0x1710 [ 489.196901][T11208] ? tty_do_resize+0x170/0x170 [ 489.196909][T11208] ? avc_ss_reset+0x3a0/0x3a0 [ 489.196917][T11208] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 489.196925][T11208] ? refcount_inc_checked+0x50/0x50 [ 489.196934][T11208] ? memcg_check_events+0x5c/0x5b0 [ 489.196946][T11208] ? proc_fail_nth_write+0x1d5/0x240 [ 489.196956][T11208] ? proc_fail_nth_read+0x1c0/0x1c0 [ 489.196964][T11208] ? __lru_cache_add+0x1c4/0x210 [ 489.196972][T11208] ? memset+0x1f/0x40 [ 489.196980][T11208] ? fsnotify+0x1332/0x13f0 [ 489.196988][T11208] ? tty_do_resize+0x170/0x170 [ 489.196998][T11208] do_vfs_ioctl+0x76a/0x1720 [ 489.197007][T11208] ? selinux_file_ioctl+0x72f/0x990 [ 489.197018][T11208] ? ioctl_preallocate+0x250/0x250 [ 489.197029][T11208] ? __fget+0x37b/0x3c0 [ 489.197036][T11208] ? vfs_write+0x422/0x4e0 [ 489.197046][T11208] ? fget_many+0x20/0x20 [ 489.197055][T11208] ? debug_smp_processor_id+0x20/0x20 [ 489.197065][T11208] ? security_file_ioctl+0x9d/0xb0 [ 489.197075][T11208] __x64_sys_ioctl+0xd4/0x110 [ 489.197084][T11208] do_syscall_64+0xcb/0x1e0 [ 489.197093][T11208] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.197099][T11208] RIP: 0033:0x4665f9 [ 489.197108][T11208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 489.197113][T11208] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 489.197122][T11208] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 16:17:53 executing program 0 (fault-call:2 fault-nth:25): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 489.197127][T11208] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 489.197137][T11208] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 489.197143][T11208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 489.197148][T11208] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 489.209266][ T90] Bluetooth: hci1: Frame reassembly failed (-84) [ 489.226770][T11211] Bluetooth: Can't register HCI device [ 489.259508][T11221] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:17:53 executing program 0 (fault-call:2 fault-nth:26): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:17:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 489.921655][T11221] FAULT_INJECTION: forcing a failure. [ 489.921655][T11221] name failslab, interval 1, probability 0, space 0, times 0 [ 489.921667][T11221] CPU: 1 PID: 11221 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 489.921671][T11221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 489.921674][T11221] Call Trace: [ 489.921690][T11221] dump_stack+0x1d8/0x24e [ 489.921700][T11221] ? devkmsg_release+0x11c/0x11c [ 489.921710][T11221] ? show_regs_print_info+0x12/0x12 [ 489.921721][T11221] ? mutex_unlock+0x19/0x40 [ 489.921732][T11221] should_fail+0x6f6/0x860 [ 489.921742][T11221] ? setup_fault_attr+0x3d0/0x3d0 [ 489.921752][T11221] ? selinux_path_notify+0x6c0/0x6c0 [ 489.921763][T11221] ? __kernfs_new_node+0xdb/0x6d0 [ 489.921773][T11221] should_failslab+0x5/0x20 [ 489.921783][T11221] kmem_cache_alloc+0x36/0x290 [ 489.921792][T11221] ? _raw_spin_lock+0xa3/0x1b0 [ 489.921802][T11221] __kernfs_new_node+0xdb/0x6d0 [ 489.921813][T11221] ? kernfs_new_node+0x160/0x160 [ 489.921822][T11221] ? mutex_lock+0xa6/0x110 [ 489.921832][T11221] ? mutex_trylock+0xb0/0xb0 [ 489.921844][T11221] ? kernfs_activate+0x3fc/0x420 [ 489.921854][T11221] kernfs_new_node+0x95/0x160 [ 489.921866][T11221] __kernfs_create_file+0x45/0x260 [ 489.921875][T11221] sysfs_add_file_mode_ns+0x293/0x340 [ 489.921885][T11221] sysfs_merge_group+0x204/0x440 [ 489.921896][T11221] ? sysfs_remove_groups+0xb0/0xb0 [ 489.921905][T11221] ? sysfs_add_file_mode_ns+0x340/0x340 [ 489.921914][T11221] ? bus_add_device+0x92/0x3f0 [ 489.921925][T11221] dpm_sysfs_add+0xbd/0x260 [ 489.921933][T11221] device_add+0xde7/0x18a0 [ 489.921945][T11221] ? virtual_device_parent+0x50/0x50 [ 489.921955][T11221] ? h4_open+0x4f/0x140 [ 489.921966][T11221] hci_register_dev+0x32e/0x710 [ 489.921977][T11221] hci_uart_tty_ioctl+0x89e/0xa10 [ 489.921987][T11221] ? hci_uart_tty_write+0x10/0x10 [ 489.921997][T11221] tty_ioctl+0xf68/0x1710 [ 489.922005][T11221] ? tty_do_resize+0x170/0x170 [ 489.922014][T11221] ? avc_ss_reset+0x3a0/0x3a0 [ 489.922022][T11221] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 489.922031][T11221] ? refcount_inc_checked+0x50/0x50 [ 489.922041][T11221] ? memcg_check_events+0x5c/0x5b0 [ 489.922054][T11221] ? proc_fail_nth_write+0x1d5/0x240 [ 489.922063][T11221] ? proc_fail_nth_read+0x1c0/0x1c0 [ 489.922072][T11221] ? __lru_cache_add+0x1c4/0x210 [ 489.922080][T11221] ? memset+0x1f/0x40 [ 489.922088][T11221] ? fsnotify+0x1332/0x13f0 [ 489.922097][T11221] ? tty_do_resize+0x170/0x170 [ 489.922107][T11221] do_vfs_ioctl+0x76a/0x1720 [ 489.922117][T11221] ? selinux_file_ioctl+0x72f/0x990 [ 489.922128][T11221] ? ioctl_preallocate+0x250/0x250 [ 489.922140][T11221] ? __fget+0x37b/0x3c0 [ 489.922148][T11221] ? vfs_write+0x422/0x4e0 [ 489.922158][T11221] ? fget_many+0x20/0x20 [ 489.922196][T11221] ? debug_smp_processor_id+0x20/0x20 [ 489.922208][T11221] ? security_file_ioctl+0x9d/0xb0 [ 489.922218][T11221] __x64_sys_ioctl+0xd4/0x110 [ 489.922229][T11221] do_syscall_64+0xcb/0x1e0 [ 489.922239][T11221] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.922247][T11221] RIP: 0033:0x4665f9 [ 489.922256][T11221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 489.922261][T11221] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 489.922270][T11221] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 489.922276][T11221] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 489.922281][T11221] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 489.922286][T11221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 489.922292][T11221] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 489.925731][T11221] Bluetooth: Can't register HCI device [ 489.953072][T11214] selection: kmalloc() failed [ 489.953974][T11229] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 489.954104][T11229] FAULT_INJECTION: forcing a failure. [ 489.954104][T11229] name failslab, interval 1, probability 0, space 0, times 0 [ 489.954117][T11229] CPU: 0 PID: 11229 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 489.954122][T11229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 489.954126][T11229] Call Trace: [ 489.954142][T11229] dump_stack+0x1d8/0x24e [ 489.954152][T11229] ? devkmsg_release+0x11c/0x11c [ 489.954161][T11229] ? mutex_unlock+0x19/0x40 [ 489.954171][T11229] ? show_regs_print_info+0x12/0x12 [ 489.954183][T11229] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 489.954193][T11229] should_fail+0x6f6/0x860 [ 489.954203][T11229] ? setup_fault_attr+0x3d0/0x3d0 [ 489.954212][T11229] ? _raw_spin_lock+0xa3/0x1b0 [ 489.954221][T11229] ? __kernfs_new_node+0xdb/0x6d0 [ 489.954230][T11229] should_failslab+0x5/0x20 [ 489.954239][T11229] kmem_cache_alloc+0x36/0x290 [ 489.954250][T11229] __kernfs_new_node+0xdb/0x6d0 [ 489.954259][T11229] ? mutex_lock+0xa6/0x110 [ 489.954268][T11229] ? kernfs_new_node+0x160/0x160 [ 489.954276][T11229] ? mutex_lock+0xa6/0x110 [ 489.954288][T11229] ? kernfs_activate+0x3fc/0x420 [ 489.954297][T11229] kernfs_new_node+0x95/0x160 [ 489.954308][T11229] __kernfs_create_file+0x45/0x260 [ 489.954316][T11229] sysfs_add_file_mode_ns+0x293/0x340 [ 489.954325][T11229] sysfs_merge_group+0x204/0x440 [ 489.954334][T11229] ? sysfs_remove_groups+0xb0/0xb0 [ 489.954343][T11229] ? sysfs_add_file_mode_ns+0x340/0x340 [ 489.954351][T11229] ? bus_add_device+0x92/0x3f0 [ 489.954361][T11229] dpm_sysfs_add+0xbd/0x260 [ 489.954369][T11229] device_add+0xde7/0x18a0 [ 489.954379][T11229] ? virtual_device_parent+0x50/0x50 [ 489.954389][T11229] ? h4_open+0x4f/0x140 [ 489.954399][T11229] hci_register_dev+0x32e/0x710 [ 489.954410][T11229] hci_uart_tty_ioctl+0x89e/0xa10 [ 489.954419][T11229] ? hci_uart_tty_write+0x10/0x10 [ 489.954428][T11229] tty_ioctl+0xf68/0x1710 [ 489.954437][T11229] ? tty_do_resize+0x170/0x170 [ 489.954445][T11229] ? avc_ss_reset+0x3a0/0x3a0 [ 489.954452][T11229] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 489.954460][T11229] ? refcount_inc_checked+0x50/0x50 [ 489.954468][T11229] ? memcg_check_events+0x5c/0x5b0 [ 489.954479][T11229] ? proc_fail_nth_write+0x1d5/0x240 [ 489.954488][T11229] ? proc_fail_nth_read+0x1c0/0x1c0 [ 489.954496][T11229] ? __lru_cache_add+0x1c4/0x210 [ 489.954503][T11229] ? memset+0x1f/0x40 [ 489.954510][T11229] ? fsnotify+0x1332/0x13f0 [ 489.954517][T11229] ? tty_do_resize+0x170/0x170 [ 489.954526][T11229] do_vfs_ioctl+0x76a/0x1720 [ 489.954535][T11229] ? selinux_file_ioctl+0x72f/0x990 [ 489.954545][T11229] ? ioctl_preallocate+0x250/0x250 [ 489.954556][T11229] ? __fget+0x37b/0x3c0 [ 489.954563][T11229] ? vfs_write+0x422/0x4e0 [ 489.954576][T11229] ? fget_many+0x20/0x20 [ 489.954584][T11229] ? debug_smp_processor_id+0x20/0x20 [ 489.954594][T11229] ? security_file_ioctl+0x9d/0xb0 [ 489.954603][T11229] __x64_sys_ioctl+0xd4/0x110 [ 489.954612][T11229] do_syscall_64+0xcb/0x1e0 [ 489.954622][T11229] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 489.954630][T11229] RIP: 0033:0x4665f9 [ 489.954639][T11229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 489.954643][T11229] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 489.954653][T11229] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 489.954658][T11229] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 489.954663][T11229] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 489.954669][T11229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 489.954674][T11229] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 489.959309][T11229] Bluetooth: Can't register HCI device [ 489.990873][T11232] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 490.017545][ T22] audit: type=1326 audit(1631031473.094:8627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11233 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 490.037172][T11232] FAULT_INJECTION: forcing a failure. [ 490.037172][T11232] name failslab, interval 1, probability 0, space 0, times 0 [ 490.793726][T11232] CPU: 1 PID: 11232 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 490.805441][T11232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 490.805446][T11232] Call Trace: [ 490.805466][T11232] dump_stack+0x1d8/0x24e [ 490.805475][T11232] ? devkmsg_release+0x11c/0x11c [ 490.805484][T11232] ? mutex_unlock+0x19/0x40 [ 490.805500][T11232] ? show_regs_print_info+0x12/0x12 [ 490.805510][T11232] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 490.805522][T11232] should_fail+0x6f6/0x860 [ 490.805533][T11232] ? setup_fault_attr+0x3d0/0x3d0 [ 490.805542][T11232] ? _raw_spin_lock+0xa3/0x1b0 [ 490.805553][T11232] ? __kernfs_new_node+0xdb/0x6d0 [ 490.805563][T11232] should_failslab+0x5/0x20 [ 490.805573][T11232] kmem_cache_alloc+0x36/0x290 [ 490.805584][T11232] __kernfs_new_node+0xdb/0x6d0 [ 490.805595][T11232] ? mutex_lock+0xa6/0x110 [ 490.805604][T11232] ? kernfs_new_node+0x160/0x160 [ 490.805613][T11232] ? mutex_lock+0xa6/0x110 [ 490.805625][T11232] ? kernfs_activate+0x3fc/0x420 [ 490.805636][T11232] kernfs_new_node+0x95/0x160 [ 490.805647][T11232] __kernfs_create_file+0x45/0x260 [ 490.805656][T11232] sysfs_add_file_mode_ns+0x293/0x340 [ 490.805667][T11232] sysfs_merge_group+0x204/0x440 [ 490.805677][T11232] ? sysfs_remove_groups+0xb0/0xb0 [ 490.805686][T11232] ? sysfs_add_file_mode_ns+0x340/0x340 [ 490.805694][T11232] ? bus_add_device+0x92/0x3f0 [ 490.805705][T11232] dpm_sysfs_add+0xbd/0x260 [ 490.805714][T11232] device_add+0xde7/0x18a0 [ 490.805725][T11232] ? virtual_device_parent+0x50/0x50 [ 490.805735][T11232] ? h4_open+0x4f/0x140 [ 490.805746][T11232] hci_register_dev+0x32e/0x710 [ 490.805758][T11232] hci_uart_tty_ioctl+0x89e/0xa10 [ 490.805768][T11232] ? hci_uart_tty_write+0x10/0x10 [ 490.805778][T11232] tty_ioctl+0xf68/0x1710 [ 490.805787][T11232] ? tty_do_resize+0x170/0x170 [ 490.805796][T11232] ? avc_ss_reset+0x3a0/0x3a0 [ 490.805805][T11232] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 490.805814][T11232] ? refcount_inc_checked+0x50/0x50 [ 490.805823][T11232] ? memcg_check_events+0x5c/0x5b0 [ 490.805835][T11232] ? proc_fail_nth_write+0x1d5/0x240 [ 490.805845][T11232] ? proc_fail_nth_read+0x1c0/0x1c0 [ 490.805854][T11232] ? __lru_cache_add+0x1c4/0x210 [ 490.805862][T11232] ? memset+0x1f/0x40 [ 490.805871][T11232] ? fsnotify+0x1332/0x13f0 [ 490.805880][T11232] ? tty_do_resize+0x170/0x170 [ 490.805890][T11232] do_vfs_ioctl+0x76a/0x1720 [ 490.805900][T11232] ? selinux_file_ioctl+0x72f/0x990 [ 490.805910][T11232] ? ioctl_preallocate+0x250/0x250 [ 490.805921][T11232] ? __fget+0x37b/0x3c0 [ 490.805929][T11232] ? vfs_write+0x422/0x4e0 [ 490.805940][T11232] ? fget_many+0x20/0x20 [ 490.805948][T11232] ? debug_smp_processor_id+0x20/0x20 [ 490.805959][T11232] ? security_file_ioctl+0x9d/0xb0 [ 490.805968][T11232] __x64_sys_ioctl+0xd4/0x110 [ 490.805978][T11232] do_syscall_64+0xcb/0x1e0 [ 490.805989][T11232] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 490.805998][T11232] RIP: 0033:0x4665f9 [ 490.806014][T11232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 490.806020][T11232] RSP: 002b:00007fc53716c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 490.806030][T11232] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 490.806036][T11232] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 490.806041][T11232] RBP: 00007fc53716c1d0 R08: 0000000000000000 R09: 0000000000000000 [ 490.806046][T11232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 490.806052][T11232] R13: 00007fff4cd0b6bf R14: 00007fc53716c300 R15: 0000000000022000 [ 490.808861][T11232] Bluetooth: Can't register HCI device [ 491.173021][T11225] selection: kmalloc() failed [ 491.212419][T11237] selection: kmalloc() failed [ 491.253021][ T67] Bluetooth: hci1: command 0x1003 tx timeout [ 491.259083][ T4171] Bluetooth: hci1: sending frame failed (-49) [ 493.332967][ T67] Bluetooth: hci1: command 0x1001 tx timeout [ 493.339121][ T4171] Bluetooth: hci1: sending frame failed (-49) [ 495.412866][ T67] Bluetooth: hci1: command 0x1009 tx timeout 16:18:02 executing program 3 (fault-call:2 fault-nth:34): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:18:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x10}}) 16:18:02 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x300}}) 16:18:02 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:18:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c699942afc6b043364ef35bd1b8bdda61", 0x86}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 499.356419][ T22] audit: type=1326 audit(1631031482.434:8628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11246 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 499.366213][T11252] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:18:02 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:18:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x300}}) [ 499.383595][ T22] audit: type=1326 audit(1631031482.464:8629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11248 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 499.401625][T11256] debugfs: Directory 'hci1' with parent 'bluetooth' already present! [ 499.432458][T11256] FAULT_INJECTION: forcing a failure. [ 499.432458][T11256] name failslab, interval 1, probability 0, space 0, times 0 [ 499.447303][T11256] CPU: 1 PID: 11256 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 499.447309][T11256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.447312][T11256] Call Trace: [ 499.447332][T11256] dump_stack+0x1d8/0x24e [ 499.447343][T11256] ? devkmsg_release+0x11c/0x11c [ 499.447353][T11256] ? vsnprintf+0x1cb4/0x1d60 [ 499.447363][T11256] ? show_regs_print_info+0x12/0x12 [ 499.447376][T11256] should_fail+0x6f6/0x860 [ 499.447386][T11256] ? setup_fault_attr+0x3d0/0x3d0 [ 499.447395][T11256] ? add_uevent_var+0x1c2/0x360 [ 499.447408][T11256] ? call_usermodehelper_setup+0x91/0x200 [ 499.447418][T11256] should_failslab+0x5/0x20 [ 499.447429][T11256] kmem_cache_alloc_trace+0x39/0x2b0 [ 499.447440][T11256] call_usermodehelper_setup+0x91/0x200 [ 499.447449][T11256] ? add_uevent_var+0x360/0x360 [ 499.447459][T11256] kobject_uevent_env+0xdd6/0x1000 [ 499.447471][T11256] device_add+0xf42/0x18a0 [ 499.447482][T11256] ? virtual_device_parent+0x50/0x50 [ 499.447492][T11256] ? h4_open+0x4f/0x140 [ 499.447503][T11256] hci_register_dev+0x32e/0x710 [ 499.447514][T11256] hci_uart_tty_ioctl+0x89e/0xa10 [ 499.447524][T11256] ? hci_uart_tty_write+0x10/0x10 [ 499.447534][T11256] tty_ioctl+0xf68/0x1710 [ 499.447544][T11256] ? tty_do_resize+0x170/0x170 [ 499.447554][T11256] ? avc_ss_reset+0x3a0/0x3a0 [ 499.447563][T11256] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 499.447571][T11256] ? refcount_inc_checked+0x50/0x50 [ 499.447581][T11256] ? memcg_check_events+0x5c/0x5b0 [ 499.447594][T11256] ? proc_fail_nth_write+0x1d5/0x240 [ 499.447604][T11256] ? proc_fail_nth_read+0x1c0/0x1c0 [ 499.447613][T11256] ? __lru_cache_add+0x1c4/0x210 [ 499.447621][T11256] ? memset+0x1f/0x40 [ 499.447630][T11256] ? fsnotify+0x1332/0x13f0 [ 499.447639][T11256] ? tty_do_resize+0x170/0x170 [ 499.447649][T11256] do_vfs_ioctl+0x76a/0x1720 [ 499.447657][T11256] ? selinux_file_ioctl+0x72f/0x990 [ 499.447666][T11256] ? ioctl_preallocate+0x250/0x250 [ 499.447677][T11256] ? __fget+0x37b/0x3c0 [ 499.447685][T11256] ? vfs_write+0x422/0x4e0 [ 499.447696][T11256] ? fget_many+0x20/0x20 [ 499.447704][T11256] ? debug_smp_processor_id+0x20/0x20 [ 499.447714][T11256] ? security_file_ioctl+0x9d/0xb0 [ 499.447724][T11256] __x64_sys_ioctl+0xd4/0x110 [ 499.447734][T11256] do_syscall_64+0xcb/0x1e0 [ 499.447746][T11256] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 499.447753][T11256] RIP: 0033:0x4665f9 [ 499.447762][T11256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 499.447767][T11256] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 499.447777][T11256] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 499.447782][T11256] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 499.447787][T11256] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 499.447792][T11256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 499.447798][T11256] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 499.448526][ T90] Bluetooth: hci1: Frame reassembly failed (-84) [ 499.466638][T11260] selection: kmalloc() failed [ 499.851198][T11263] selection: kmalloc() failed 16:18:03 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x2}}) 16:18:03 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:18:03 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x3}}) 16:18:03 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x2}}) [ 499.904651][T11266] selection: kmalloc() failed [ 501.412594][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 501.418751][T10454] Bluetooth: hci0: sending frame failed (-49) [ 501.492573][ T67] Bluetooth: hci1: command 0x1003 tx timeout [ 501.498702][T10454] Bluetooth: hci1: sending frame failed (-49) [ 503.492536][ T67] Bluetooth: hci0: command 0x1001 tx timeout [ 503.498663][T10454] Bluetooth: hci0: sending frame failed (-49) [ 503.572540][ T67] Bluetooth: hci1: command 0x1001 tx timeout [ 503.578558][T10454] Bluetooth: hci1: sending frame failed (-49) [ 505.572465][ T67] Bluetooth: hci0: command 0x1009 tx timeout [ 505.652473][ T67] Bluetooth: hci1: command 0x1009 tx timeout 16:18:12 executing program 3 (fault-call:2 fault-nth:35): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:18:12 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x4}}) 16:18:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x3}}) 16:18:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d", 0x43}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2, 0x0) 16:18:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x4}}) [ 509.598358][ T22] audit: type=1326 audit(1631031492.675:8630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11283 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 509.623645][T11284] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:18:12 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x10}}) 16:18:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4b47, 0x0) 16:18:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x8}}) 16:18:12 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x300}}) 16:18:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4b49, 0x0) [ 509.629070][ T22] audit: type=1326 audit(1631031492.675:8631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11282 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 509.662764][T11284] FAULT_INJECTION: forcing a failure. [ 509.662764][T11284] name failslab, interval 1, probability 0, space 0, times 0 [ 509.679004][T11284] CPU: 0 PID: 11284 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 509.679009][T11284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.679013][T11284] Call Trace: [ 509.679028][T11284] dump_stack+0x1d8/0x24e [ 509.679038][T11284] ? devkmsg_release+0x11c/0x11c [ 509.679048][T11284] ? vsnprintf+0x1cb4/0x1d60 [ 509.679061][T11284] ? show_regs_print_info+0x12/0x12 [ 509.679074][T11284] should_fail+0x6f6/0x860 [ 509.679084][T11284] ? setup_fault_attr+0x3d0/0x3d0 [ 509.679092][T11284] ? add_uevent_var+0x1c2/0x360 [ 509.679104][T11284] ? call_usermodehelper_setup+0x91/0x200 [ 509.679114][T11284] should_failslab+0x5/0x20 [ 509.679124][T11284] kmem_cache_alloc_trace+0x39/0x2b0 [ 509.679136][T11284] call_usermodehelper_setup+0x91/0x200 [ 509.679144][T11284] ? add_uevent_var+0x360/0x360 [ 509.679153][T11284] kobject_uevent_env+0xdd6/0x1000 [ 509.679165][T11284] device_add+0xf42/0x18a0 [ 509.679176][T11284] ? virtual_device_parent+0x50/0x50 [ 509.679186][T11284] ? h4_open+0x4f/0x140 [ 509.679196][T11284] hci_register_dev+0x32e/0x710 [ 509.679208][T11284] hci_uart_tty_ioctl+0x89e/0xa10 [ 509.679217][T11284] ? hci_uart_tty_write+0x10/0x10 [ 509.679227][T11284] tty_ioctl+0xf68/0x1710 [ 509.679237][T11284] ? tty_do_resize+0x170/0x170 [ 509.679246][T11284] ? avc_ss_reset+0x3a0/0x3a0 [ 509.679255][T11284] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 509.679263][T11284] ? refcount_inc_checked+0x50/0x50 [ 509.679272][T11284] ? memcg_check_events+0x5c/0x5b0 [ 509.679284][T11284] ? proc_fail_nth_write+0x1d5/0x240 [ 509.679294][T11284] ? proc_fail_nth_read+0x1c0/0x1c0 [ 509.679304][T11284] ? __lru_cache_add+0x1c4/0x210 [ 509.679312][T11284] ? memset+0x1f/0x40 [ 509.679321][T11284] ? fsnotify+0x1332/0x13f0 [ 509.679329][T11284] ? tty_do_resize+0x170/0x170 [ 509.679339][T11284] do_vfs_ioctl+0x76a/0x1720 [ 509.679347][T11284] ? selinux_file_ioctl+0x72f/0x990 [ 509.679357][T11284] ? ioctl_preallocate+0x250/0x250 [ 509.679369][T11284] ? __fget+0x37b/0x3c0 [ 509.679376][T11284] ? vfs_write+0x422/0x4e0 [ 509.679386][T11284] ? fget_many+0x20/0x20 [ 509.679394][T11284] ? debug_smp_processor_id+0x20/0x20 [ 509.679405][T11284] ? security_file_ioctl+0x9d/0xb0 [ 509.679415][T11284] __x64_sys_ioctl+0xd4/0x110 [ 509.679424][T11284] do_syscall_64+0xcb/0x1e0 [ 509.679435][T11284] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 509.679442][T11284] RIP: 0033:0x4665f9 [ 509.679451][T11284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 509.679456][T11284] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 509.679465][T11284] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 509.679471][T11284] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 509.679476][T11284] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 509.679481][T11284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 509.679486][T11284] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 509.744219][T11297] selection: kmalloc() failed [ 510.127158][T11312] selection: kmalloc() failed [ 510.149665][T11313] selection: kmalloc() failed [ 511.732109][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 511.738128][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 513.812088][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 513.818101][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 515.891990][ T17] Bluetooth: hci0: command 0x1009 tx timeout 16:18:22 executing program 3 (fault-call:2 fault-nth:36): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:18:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x0) 16:18:22 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:18:22 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x10}}) 16:18:22 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d", 0x43}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 519.835295][ T22] audit: type=1326 audit(1631031502.915:8632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11320 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 519.857132][T11331] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:18:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x0) 16:18:23 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x300}}) 16:18:23 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x2}}) [ 519.862397][ T22] audit: type=1326 audit(1631031502.915:8633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11322 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 519.876601][T11331] FAULT_INJECTION: forcing a failure. [ 519.876601][T11331] name failslab, interval 1, probability 0, space 0, times 0 16:18:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x0) 16:18:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x0) [ 519.925828][T11336] selection: kmalloc() failed [ 519.926497][T11331] CPU: 1 PID: 11331 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 519.926503][T11331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.926506][T11331] Call Trace: [ 519.926525][T11331] dump_stack+0x1d8/0x24e [ 519.926536][T11331] ? devkmsg_release+0x11c/0x11c [ 519.926546][T11331] ? show_regs_print_info+0x12/0x12 16:18:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x0) [ 519.926559][T11331] should_fail+0x6f6/0x860 [ 519.926569][T11331] ? setup_fault_attr+0x3d0/0x3d0 [ 519.926579][T11331] ? kobject_set_name_vargs+0x5d/0x110 [ 519.926589][T11331] should_failslab+0x5/0x20 [ 519.926600][T11331] __kmalloc_track_caller+0x5d/0x2e0 [ 519.926610][T11331] kvasprintf+0xd6/0x180 [ 519.926619][T11331] ? asan.module_ctor+0x10/0x10 [ 519.926629][T11331] ? kvasprintf_const+0x4d/0x170 [ 519.926639][T11331] kobject_set_name_vargs+0x5d/0x110 [ 519.926650][T11331] dev_set_name+0xd1/0x120 [ 519.926658][T11331] ? memset+0x1f/0x40 [ 519.926668][T11331] ? rfkill_register+0x53/0x720 [ 519.926677][T11331] ? get_device+0x30/0x30 [ 519.926686][T11331] ? mutex_lock+0xa6/0x110 [ 519.926695][T11331] ? device_initialize+0x1d3/0x3e0 [ 519.926705][T11331] rfkill_register+0xb8/0x720 [ 519.926716][T11331] hci_register_dev+0x398/0x710 [ 519.926729][T11331] hci_uart_tty_ioctl+0x89e/0xa10 [ 519.926739][T11331] ? hci_uart_tty_write+0x10/0x10 [ 519.926748][T11331] tty_ioctl+0xf68/0x1710 [ 519.926758][T11331] ? tty_do_resize+0x170/0x170 [ 519.926766][T11331] ? avc_ss_reset+0x3a0/0x3a0 [ 519.926775][T11331] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 519.926784][T11331] ? refcount_inc_checked+0x50/0x50 [ 519.926796][T11331] ? proc_fail_nth_write+0x1d5/0x240 [ 519.926806][T11331] ? proc_fail_nth_read+0x1c0/0x1c0 [ 519.926816][T11331] ? __lru_cache_add+0x1c4/0x210 [ 519.926822][T11331] ? memset+0x1f/0x40 [ 519.926830][T11331] ? fsnotify+0x1332/0x13f0 [ 519.926838][T11331] ? tty_do_resize+0x170/0x170 [ 519.926849][T11331] do_vfs_ioctl+0x76a/0x1720 [ 519.926858][T11331] ? selinux_file_ioctl+0x72f/0x990 [ 519.926868][T11331] ? ioctl_preallocate+0x250/0x250 [ 519.926880][T11331] ? __fget+0x37b/0x3c0 [ 519.926887][T11331] ? vfs_write+0x422/0x4e0 [ 519.926897][T11331] ? fget_many+0x20/0x20 [ 519.926906][T11331] ? debug_smp_processor_id+0x20/0x20 [ 519.926916][T11331] ? security_file_ioctl+0x9d/0xb0 [ 519.926925][T11331] __x64_sys_ioctl+0xd4/0x110 [ 519.926935][T11331] do_syscall_64+0xcb/0x1e0 [ 519.926945][T11331] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 519.926953][T11331] RIP: 0033:0x4665f9 [ 519.926962][T11331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 519.926967][T11331] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 519.926976][T11331] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 519.926981][T11331] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 519.926987][T11331] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 519.926992][T11331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 519.926997][T11331] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 519.927206][ T154] Bluetooth: hci0: Frame reassembly failed (-84) [ 520.309016][T11352] selection: kmalloc() failed [ 521.971727][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 521.978162][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 524.051743][ T67] Bluetooth: hci0: command 0x1001 tx timeout [ 524.057937][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 526.131646][ T67] Bluetooth: hci0: command 0x1009 tx timeout 16:18:33 executing program 3 (fault-call:2 fault-nth:37): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:18:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x0) 16:18:33 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:18:33 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x3}}) 16:18:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d", 0x43}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 530.082124][ T22] audit: type=1326 audit(1631031513.165:8634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11364 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 530.085890][T11373] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:18:33 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x4}}) 16:18:33 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x2}}) 16:18:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x0) [ 530.115506][ T22] audit: type=1326 audit(1631031513.195:8635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11365 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 530.145558][T11373] FAULT_INJECTION: forcing a failure. [ 530.145558][T11373] name failslab, interval 1, probability 0, space 0, times 0 [ 530.145572][T11373] CPU: 0 PID: 11373 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 530.145576][T11373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 16:18:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x0) [ 530.145585][T11373] Call Trace: [ 530.183343][T11373] dump_stack+0x1d8/0x24e [ 530.183354][T11373] ? devkmsg_release+0x11c/0x11c [ 530.183364][T11373] ? show_regs_print_info+0x12/0x12 [ 530.183375][T11373] should_fail+0x6f6/0x860 [ 530.183384][T11373] ? setup_fault_attr+0x3d0/0x3d0 [ 530.183395][T11373] ? kobject_set_name_vargs+0x5d/0x110 [ 530.183404][T11373] should_failslab+0x5/0x20 [ 530.183415][T11373] __kmalloc_track_caller+0x5d/0x2e0 [ 530.183424][T11373] kvasprintf+0xd6/0x180 [ 530.183433][T11373] ? asan.module_ctor+0x10/0x10 16:18:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x0) 16:18:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x0) [ 530.183443][T11373] ? kvasprintf_const+0x4d/0x170 [ 530.183452][T11373] kobject_set_name_vargs+0x5d/0x110 [ 530.183463][T11373] dev_set_name+0xd1/0x120 [ 530.183470][T11373] ? memset+0x1f/0x40 [ 530.183481][T11373] ? rfkill_register+0x53/0x720 [ 530.183490][T11373] ? get_device+0x30/0x30 [ 530.183500][T11373] ? mutex_lock+0xa6/0x110 [ 530.183509][T11373] ? device_initialize+0x1d3/0x3e0 [ 530.183516][T11373] rfkill_register+0xb8/0x720 [ 530.183531][T11373] hci_register_dev+0x398/0x710 [ 530.278408][T11373] hci_uart_tty_ioctl+0x89e/0xa10 [ 530.278419][T11373] ? hci_uart_tty_write+0x10/0x10 [ 530.278429][T11373] tty_ioctl+0xf68/0x1710 [ 530.278440][T11373] ? tty_do_resize+0x170/0x170 [ 530.278449][T11373] ? avc_ss_reset+0x3a0/0x3a0 [ 530.278458][T11373] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 530.278467][T11373] ? refcount_inc_checked+0x50/0x50 [ 530.278477][T11373] ? memcg_check_events+0x5c/0x5b0 [ 530.278490][T11373] ? proc_fail_nth_write+0x1d5/0x240 [ 530.278500][T11373] ? proc_fail_nth_read+0x1c0/0x1c0 [ 530.278509][T11373] ? __lru_cache_add+0x1c4/0x210 [ 530.278517][T11373] ? memset+0x1f/0x40 [ 530.278526][T11373] ? fsnotify+0x1332/0x13f0 [ 530.278534][T11373] ? tty_do_resize+0x170/0x170 [ 530.278545][T11373] do_vfs_ioctl+0x76a/0x1720 [ 530.278555][T11373] ? selinux_file_ioctl+0x72f/0x990 [ 530.278565][T11373] ? ioctl_preallocate+0x250/0x250 [ 530.278577][T11373] ? __fget+0x37b/0x3c0 [ 530.278585][T11373] ? vfs_write+0x422/0x4e0 [ 530.278596][T11373] ? fget_many+0x20/0x20 [ 530.278605][T11373] ? debug_smp_processor_id+0x20/0x20 [ 530.278615][T11373] ? security_file_ioctl+0x9d/0xb0 [ 530.278625][T11373] __x64_sys_ioctl+0xd4/0x110 [ 530.278636][T11373] do_syscall_64+0xcb/0x1e0 [ 530.278647][T11373] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 530.278655][T11373] RIP: 0033:0x4665f9 [ 530.278664][T11373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 530.278669][T11373] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 530.278679][T11373] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 530.278684][T11373] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 530.278690][T11373] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 530.278695][T11373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 530.278701][T11373] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 530.285349][ T392] Bluetooth: hci0: Frame reassembly failed (-84) [ 530.302956][T11378] selection: kmalloc() failed [ 530.550008][T11400] selection: kmalloc() failed [ 532.291284][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 532.297413][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 534.371220][ T67] Bluetooth: hci0: command 0x1001 tx timeout [ 534.377255][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 536.451406][ T67] Bluetooth: hci0: command 0x1009 tx timeout 16:18:43 executing program 3 (fault-call:2 fault-nth:38): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:18:43 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x10}}) 16:18:43 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x3}}) 16:18:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x0) 16:18:43 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de", 0x65}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:43 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x4}}) 16:18:43 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x300}}) 16:18:43 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:18:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x0) [ 540.325387][ T22] audit: type=1326 audit(1631031523.406:8636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11410 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 540.352555][T11417] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 540.369833][T11417] FAULT_INJECTION: forcing a failure. 16:18:43 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x2}}) 16:18:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5417, 0x0) [ 540.369833][T11417] name failslab, interval 1, probability 0, space 0, times 0 [ 540.390115][ T22] audit: type=1326 audit(1631031523.446:8637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11409 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 540.399947][T11417] CPU: 0 PID: 11417 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 540.425237][T11417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.435287][T11417] Call Trace: [ 540.435304][T11417] dump_stack+0x1d8/0x24e [ 540.435313][T11417] ? devkmsg_release+0x11c/0x11c [ 540.435327][T11417] ? stack_trace_save+0x1f0/0x1f0 [ 540.452813][T11417] ? show_regs_print_info+0x12/0x12 [ 540.452824][T11417] ? check_preemption_disabled+0x9e/0x330 [ 540.452833][T11417] ? __rcu_read_lock+0x50/0x50 [ 540.452842][T11417] ? __unwind_start+0x72f/0x8e0 [ 540.452852][T11417] should_fail+0x6f6/0x860 [ 540.452863][T11417] ? setup_fault_attr+0x3d0/0x3d0 [ 540.452872][T11417] ? stack_trace_save+0x1f0/0x1f0 [ 540.452881][T11417] ? __kernel_text_address+0x93/0x100 [ 540.452892][T11417] ? __kernfs_new_node+0x99/0x6d0 [ 540.452902][T11417] should_failslab+0x5/0x20 [ 540.452912][T11417] __kmalloc_track_caller+0x5d/0x2e0 [ 540.452924][T11417] kstrdup_const+0x51/0x90 [ 540.452933][T11417] __kernfs_new_node+0x99/0x6d0 [ 540.452943][T11417] ? __kasan_kmalloc+0x137/0x1e0 [ 540.452952][T11417] ? kernfs_new_node+0x160/0x160 [ 540.452962][T11417] ? number+0xea3/0x1300 [ 540.452972][T11417] ? __kasan_kmalloc+0x1a3/0x1e0 [ 540.452983][T11417] kernfs_create_dir_ns+0x90/0x220 [ 540.452993][T11417] sysfs_create_dir_ns+0x181/0x390 [ 540.453002][T11417] ? sysfs_warn_dup+0xa0/0xa0 [ 540.453014][T11417] kobject_add_internal+0x595/0xbd0 [ 540.453024][T11417] kobject_add+0x14c/0x210 [ 540.453035][T11417] ? refcount_inc_not_zero_checked+0x18d/0x280 [ 540.453043][T11417] ? kobject_init+0x1d0/0x1d0 [ 540.453051][T11417] ? device_add+0x121/0x18a0 [ 540.453060][T11417] ? get_device_parent+0x11a/0x430 [ 540.453068][T11417] device_add+0x46a/0x18a0 [ 540.453081][T11417] ? get_device+0x30/0x30 [ 540.453091][T11417] ? mutex_lock+0xa6/0x110 [ 540.453099][T11417] ? virtual_device_parent+0x50/0x50 [ 540.453108][T11417] ? device_initialize+0x1d3/0x3e0 [ 540.453119][T11417] rfkill_register+0x180/0x720 [ 540.453130][T11417] hci_register_dev+0x398/0x710 [ 540.453142][T11417] hci_uart_tty_ioctl+0x89e/0xa10 [ 540.453152][T11417] ? hci_uart_tty_write+0x10/0x10 [ 540.453162][T11417] tty_ioctl+0xf68/0x1710 [ 540.453172][T11417] ? tty_do_resize+0x170/0x170 [ 540.453181][T11417] ? avc_ss_reset+0x3a0/0x3a0 [ 540.453190][T11417] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 540.453199][T11417] ? refcount_inc_checked+0x50/0x50 [ 540.453208][T11417] ? memcg_check_events+0x1a2/0x5b0 [ 540.453221][T11417] ? proc_fail_nth_write+0x1d5/0x240 [ 540.453231][T11417] ? proc_fail_nth_read+0x1c0/0x1c0 [ 540.453240][T11417] ? __lru_cache_add+0x1c4/0x210 [ 540.453248][T11417] ? memset+0x1f/0x40 [ 540.453257][T11417] ? fsnotify+0x1332/0x13f0 [ 540.453265][T11417] ? tty_do_resize+0x170/0x170 [ 540.453276][T11417] do_vfs_ioctl+0x76a/0x1720 [ 540.453286][T11417] ? selinux_file_ioctl+0x72f/0x990 [ 540.453297][T11417] ? ioctl_preallocate+0x250/0x250 [ 540.453309][T11417] ? __fget+0x37b/0x3c0 [ 540.453316][T11417] ? vfs_write+0x422/0x4e0 [ 540.453327][T11417] ? fget_many+0x20/0x20 [ 540.453335][T11417] ? debug_smp_processor_id+0x20/0x20 [ 540.453346][T11417] ? security_file_ioctl+0x9d/0xb0 [ 540.453356][T11417] __x64_sys_ioctl+0xd4/0x110 [ 540.453366][T11417] do_syscall_64+0xcb/0x1e0 [ 540.453376][T11417] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 540.453384][T11417] RIP: 0033:0x4665f9 [ 540.453394][T11417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 540.453399][T11417] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 540.453408][T11417] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 540.453413][T11417] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 540.453419][T11417] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 540.453424][T11417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 540.453435][T11417] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 540.480664][T11417] kobject_add_internal failed for rfkill26 (error: -12 parent: hci0) [ 540.482793][ T392] Bluetooth: hci0: Frame reassembly failed (-84) [ 540.505355][T11431] selection: kmalloc() failed [ 540.938038][T11438] selection: kmalloc() failed [ 542.530841][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 542.536993][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 544.610842][ T67] Bluetooth: hci0: command 0x1001 tx timeout [ 544.617840][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 546.691060][ T67] Bluetooth: hci0: command 0x1009 tx timeout 16:18:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:53 executing program 3 (fault-call:2 fault-nth:39): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:18:53 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x8}}) 16:18:53 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x3}}) 16:18:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x0) 16:18:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de", 0x65}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:18:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x0) [ 550.556866][ T22] audit: type=1326 audit(1631031533.636:8638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11447 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 550.580600][T11454] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 550.580896][T11454] FAULT_INJECTION: forcing a failure. [ 550.580896][T11454] name failslab, interval 1, probability 0, space 0, times 0 16:18:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x0) 16:18:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x0) [ 550.580909][T11454] CPU: 0 PID: 11454 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 550.580914][T11454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 550.580917][T11454] Call Trace: [ 550.580934][T11454] dump_stack+0x1d8/0x24e [ 550.580944][T11454] ? devkmsg_release+0x11c/0x11c [ 550.580954][T11454] ? show_regs_print_info+0x12/0x12 [ 550.580966][T11454] should_fail+0x6f6/0x860 [ 550.580976][T11454] ? setup_fault_attr+0x3d0/0x3d0 16:18:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x0) 16:18:53 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x10}}) [ 550.580987][T11454] ? kobject_set_name_vargs+0x5d/0x110 [ 550.580996][T11454] should_failslab+0x5/0x20 [ 550.581006][T11454] __kmalloc_track_caller+0x5d/0x2e0 [ 550.581015][T11454] kvasprintf+0xd6/0x180 [ 550.581033][T11454] ? asan.module_ctor+0x10/0x10 [ 550.581043][T11454] ? kvasprintf_const+0x4d/0x170 [ 550.581052][T11454] kobject_set_name_vargs+0x5d/0x110 [ 550.581063][T11454] dev_set_name+0xd1/0x120 [ 550.581070][T11454] ? memset+0x1f/0x40 [ 550.581081][T11454] ? rfkill_register+0x53/0x720 [ 550.581090][T11454] ? get_device+0x30/0x30 16:18:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x0) [ 550.581099][T11454] ? mutex_lock+0xa6/0x110 [ 550.581107][T11454] ? device_initialize+0x1d3/0x3e0 [ 550.581117][T11454] rfkill_register+0xb8/0x720 [ 550.581127][T11454] hci_register_dev+0x398/0x710 [ 550.581139][T11454] hci_uart_tty_ioctl+0x89e/0xa10 [ 550.581148][T11454] ? hci_uart_tty_write+0x10/0x10 [ 550.581158][T11454] tty_ioctl+0xf68/0x1710 [ 550.581167][T11454] ? tty_do_resize+0x170/0x170 [ 550.581176][T11454] ? avc_ss_reset+0x3a0/0x3a0 [ 550.581185][T11454] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 550.581194][T11454] ? refcount_inc_checked+0x50/0x50 [ 550.581206][T11454] ? proc_fail_nth_write+0x1d5/0x240 [ 550.581218][T11454] ? proc_fail_nth_read+0x1c0/0x1c0 [ 550.581226][T11454] ? __lru_cache_add+0x1c4/0x210 [ 550.581234][T11454] ? memset+0x1f/0x40 [ 550.581242][T11454] ? fsnotify+0x1332/0x13f0 [ 550.581250][T11454] ? tty_do_resize+0x170/0x170 [ 550.581259][T11454] do_vfs_ioctl+0x76a/0x1720 [ 550.581268][T11454] ? selinux_file_ioctl+0x72f/0x990 [ 550.581278][T11454] ? ioctl_preallocate+0x250/0x250 [ 550.581289][T11454] ? __fget+0x37b/0x3c0 [ 550.581297][T11454] ? vfs_write+0x422/0x4e0 [ 550.581307][T11454] ? fget_many+0x20/0x20 [ 550.581315][T11454] ? debug_smp_processor_id+0x20/0x20 [ 550.581324][T11454] ? security_file_ioctl+0x9d/0xb0 [ 550.581333][T11454] __x64_sys_ioctl+0xd4/0x110 [ 550.581342][T11454] do_syscall_64+0xcb/0x1e0 [ 550.581352][T11454] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 550.581359][T11454] RIP: 0033:0x4665f9 [ 550.581368][T11454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 550.581373][T11454] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 550.581383][T11454] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 550.581388][T11454] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 550.581393][T11454] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 550.581398][T11454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 550.581404][T11454] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 550.586939][ T22] audit: type=1326 audit(1631031533.636:8639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11445 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 550.600628][ T392] Bluetooth: hci0: Frame reassembly failed (-84) [ 550.951938][T11468] selection: kmalloc() failed [ 550.984677][T11477] selection: kmalloc() failed [ 552.610438][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 552.616461][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 554.690357][ T67] Bluetooth: hci0: command 0x1001 tx timeout [ 554.696372][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 556.770316][ T67] Bluetooth: hci0: command 0x1009 tx timeout 16:19:03 executing program 3 (fault-call:2 fault-nth:40): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:19:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x0) 16:19:03 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x4}}) 16:19:03 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x300}}) 16:19:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {0x0}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de", 0x65}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:03 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x10}}) [ 560.793651][ T22] audit: type=1326 audit(1631031543.877:8640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11489 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 560.814271][T11498] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:19:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x0) [ 560.823326][ T22] audit: type=1326 audit(1631031543.907:8641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11488 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 560.828734][T11498] FAULT_INJECTION: forcing a failure. [ 560.828734][T11498] name failslab, interval 1, probability 0, space 0, times 0 16:19:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x0) 16:19:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x0) [ 560.865601][T11498] CPU: 1 PID: 11498 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 560.865607][T11498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 560.865610][T11498] Call Trace: [ 560.865626][T11498] dump_stack+0x1d8/0x24e [ 560.865637][T11498] ? devkmsg_release+0x11c/0x11c [ 560.865647][T11498] ? show_regs_print_info+0x12/0x12 16:19:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x0) 16:19:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x0) [ 560.865658][T11498] ? ptr_to_hashval+0x60/0x60 [ 560.865669][T11498] ? __kmalloc_track_caller+0x13a/0x2e0 [ 560.865680][T11498] should_fail+0x6f6/0x860 [ 560.865690][T11498] ? setup_fault_attr+0x3d0/0x3d0 [ 560.865699][T11498] ? refcount_add_checked+0x50/0x50 [ 560.865708][T11498] ? device_add+0x121/0x18a0 [ 560.865718][T11498] should_failslab+0x5/0x20 [ 560.865728][T11498] kmem_cache_alloc_trace+0x39/0x2b0 [ 560.865737][T11498] device_add+0x121/0x18a0 [ 560.865748][T11498] ? dev_set_name+0xd1/0x120 [ 560.865754][T11498] ? memset+0x1f/0x40 [ 560.865765][T11498] ? get_device+0x30/0x30 [ 560.865774][T11498] ? mutex_lock+0xa6/0x110 [ 560.865790][T11498] ? virtual_device_parent+0x50/0x50 [ 560.865799][T11498] ? device_initialize+0x1d3/0x3e0 [ 560.865810][T11498] rfkill_register+0x180/0x720 [ 560.865826][T11498] hci_register_dev+0x398/0x710 [ 560.865839][T11498] hci_uart_tty_ioctl+0x89e/0xa10 [ 560.865849][T11498] ? hci_uart_tty_write+0x10/0x10 [ 560.865859][T11498] tty_ioctl+0xf68/0x1710 [ 560.865868][T11498] ? tty_do_resize+0x170/0x170 [ 560.865878][T11498] ? avc_ss_reset+0x3a0/0x3a0 [ 560.865886][T11498] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 560.865895][T11498] ? refcount_inc_checked+0x50/0x50 [ 560.865905][T11498] ? memcg_check_events+0x5c/0x5b0 [ 560.865918][T11498] ? proc_fail_nth_write+0x1d5/0x240 [ 560.865928][T11498] ? proc_fail_nth_read+0x1c0/0x1c0 [ 560.865937][T11498] ? __lru_cache_add+0x1c4/0x210 [ 560.865945][T11498] ? memset+0x1f/0x40 [ 560.865954][T11498] ? fsnotify+0x1332/0x13f0 [ 560.865962][T11498] ? tty_do_resize+0x170/0x170 [ 560.865974][T11498] do_vfs_ioctl+0x76a/0x1720 [ 560.865984][T11498] ? selinux_file_ioctl+0x72f/0x990 [ 560.865994][T11498] ? ioctl_preallocate+0x250/0x250 [ 560.866006][T11498] ? __fget+0x37b/0x3c0 [ 560.866014][T11498] ? vfs_write+0x422/0x4e0 [ 560.866025][T11498] ? fget_many+0x20/0x20 [ 560.866033][T11498] ? debug_smp_processor_id+0x20/0x20 [ 560.866044][T11498] ? security_file_ioctl+0x9d/0xb0 [ 560.866053][T11498] __x64_sys_ioctl+0xd4/0x110 [ 560.866063][T11498] do_syscall_64+0xcb/0x1e0 [ 560.866075][T11498] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 560.866083][T11498] RIP: 0033:0x4665f9 [ 560.866092][T11498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 560.866097][T11498] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 560.866107][T11498] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 560.866112][T11498] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 560.866118][T11498] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 560.866123][T11498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 560.866128][T11498] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 560.881543][T11496] selection: kmalloc() failed [ 560.887361][ T90] Bluetooth: hci0: Frame reassembly failed (-84) [ 561.340427][T11504] selection: kmalloc() failed [ 561.363879][T11518] selection: kmalloc() failed [ 562.930075][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 562.936328][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 565.010020][ T3743] Bluetooth: hci0: command 0x1001 tx timeout [ 565.016036][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 567.089886][ T3743] Bluetooth: hci0: command 0x1009 tx timeout 16:19:14 executing program 3 (fault-call:2 fault-nth:41): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:19:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x0) 16:19:14 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:19:14 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x300}}) 16:19:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c", 0x76}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 571.027870][ T22] audit: type=1326 audit(1631031554.107:8642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11534 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 571.045128][T11544] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:19:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x0) 16:19:14 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, &(0x7f0000000040)) [ 571.061118][ T22] audit: type=1326 audit(1631031554.137:8643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11535 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 571.063802][T11544] FAULT_INJECTION: forcing a failure. [ 571.063802][T11544] name failslab, interval 1, probability 0, space 0, times 0 [ 571.110631][T11544] CPU: 0 PID: 11544 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 16:19:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x0) 16:19:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x0) 16:19:14 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x2}}) [ 571.122272][T11544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 571.122276][T11544] Call Trace: [ 571.122294][T11544] dump_stack+0x1d8/0x24e [ 571.122305][T11544] ? devkmsg_release+0x11c/0x11c [ 571.122316][T11544] ? show_regs_print_info+0x12/0x12 [ 571.122324][T11544] ? _raw_spin_lock+0xa3/0x1b0 [ 571.122336][T11544] should_fail+0x6f6/0x860 [ 571.122351][T11544] ? setup_fault_attr+0x3d0/0x3d0 [ 571.164373][T11544] ? mutex_lock+0xa6/0x110 [ 571.164385][T11544] ? mutex_trylock+0xb0/0xb0 16:19:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x0) [ 571.164396][T11544] ? __kernfs_new_node+0xdb/0x6d0 [ 571.164406][T11544] should_failslab+0x5/0x20 [ 571.164416][T11544] kmem_cache_alloc+0x36/0x290 [ 571.164427][T11544] __kernfs_new_node+0xdb/0x6d0 [ 571.164437][T11544] ? kernfs_add_one+0x49e/0x5c0 [ 571.164447][T11544] ? kernfs_new_node+0x160/0x160 [ 571.164457][T11544] ? __kernfs_create_file+0x1f1/0x260 [ 571.164466][T11544] ? sysfs_add_file_mode_ns+0x293/0x340 [ 571.164473][T11544] ? sysfs_add_file_mode_ns+0x2b4/0x340 [ 571.164483][T11544] kernfs_new_node+0x95/0x160 [ 571.164495][T11544] kernfs_create_link+0x9c/0x1f0 [ 571.164504][T11544] sysfs_do_create_link_sd+0x85/0x100 [ 571.164513][T11544] device_add+0x74b/0x18a0 [ 571.164526][T11544] ? get_device+0x30/0x30 [ 571.164534][T11544] ? mutex_lock+0xa6/0x110 [ 571.164543][T11544] ? virtual_device_parent+0x50/0x50 [ 571.164551][T11544] ? device_initialize+0x1d3/0x3e0 [ 571.164563][T11544] rfkill_register+0x180/0x720 [ 571.164574][T11544] hci_register_dev+0x398/0x710 [ 571.164586][T11544] hci_uart_tty_ioctl+0x89e/0xa10 [ 571.164596][T11544] ? hci_uart_tty_write+0x10/0x10 [ 571.164606][T11544] tty_ioctl+0xf68/0x1710 [ 571.164616][T11544] ? tty_do_resize+0x170/0x170 [ 571.164625][T11544] ? avc_ss_reset+0x3a0/0x3a0 [ 571.164635][T11544] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 571.164649][T11544] ? refcount_inc_checked+0x50/0x50 [ 571.164658][T11544] ? memcg_check_events+0x5c/0x5b0 [ 571.164671][T11544] ? proc_fail_nth_write+0x1d5/0x240 [ 571.164679][T11544] ? proc_fail_nth_read+0x1c0/0x1c0 [ 571.164687][T11544] ? __lru_cache_add+0x1c4/0x210 [ 571.164694][T11544] ? memset+0x1f/0x40 [ 571.164701][T11544] ? fsnotify+0x1332/0x13f0 [ 571.164708][T11544] ? tty_do_resize+0x170/0x170 [ 571.164718][T11544] do_vfs_ioctl+0x76a/0x1720 [ 571.164727][T11544] ? selinux_file_ioctl+0x72f/0x990 [ 571.164735][T11544] ? ioctl_preallocate+0x250/0x250 [ 571.164743][T11544] ? __fget+0x37b/0x3c0 [ 571.164749][T11544] ? vfs_write+0x422/0x4e0 [ 571.164756][T11544] ? fget_many+0x20/0x20 [ 571.164763][T11544] ? debug_smp_processor_id+0x20/0x20 [ 571.164770][T11544] ? security_file_ioctl+0x9d/0xb0 [ 571.164777][T11544] __x64_sys_ioctl+0xd4/0x110 [ 571.164785][T11544] do_syscall_64+0xcb/0x1e0 [ 571.164793][T11544] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 571.164799][T11544] RIP: 0033:0x4665f9 [ 571.164806][T11544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 571.164810][T11544] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 571.164817][T11544] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 571.164821][T11544] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 571.164824][T11544] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 571.164828][T11544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 571.164832][T11544] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 571.178737][ T154] Bluetooth: hci0: Frame reassembly failed (-84) [ 571.554814][T11548] selection: kmalloc() failed [ 571.599799][T11563] selection: kmalloc() failed [ 573.249562][ T3432] Bluetooth: hci0: command 0x1003 tx timeout [ 573.255677][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 575.329523][ T3432] Bluetooth: hci0: command 0x1001 tx timeout [ 575.335647][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 577.409811][ T3432] Bluetooth: hci0: command 0x1009 tx timeout 16:19:24 executing program 3 (fault-call:2 fault-nth:42): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:19:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x0) 16:19:24 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x80, 0x0, 0x0, 0x3, 0x10}}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$key(0xf, 0x3, 0x2) ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000040)={0x0, "96a6900f4b9952f39dd5d49dd5b5df4d"}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000001040)={{r1}, 0x0, 0x10, @unused=[0x1000, 0x5, 0x1, 0x8], @devid=r2}) 16:19:24 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x3}}) 16:19:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c", 0x76}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x0) 16:19:24 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x4}}) 16:19:24 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x2e, 0x3, 0x2}}) syz_open_dev$tty1(0xc, 0x4, 0x4) [ 581.278656][ T22] audit: type=1326 audit(1631031564.348:8644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11579 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 581.279573][ T22] audit: type=1326 audit(1631031564.358:8645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11577 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 16:19:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x0) 16:19:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x0) 16:19:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x0) [ 581.340193][T11586] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 581.340620][T11586] FAULT_INJECTION: forcing a failure. [ 581.340620][T11586] name failslab, interval 1, probability 0, space 0, times 0 [ 581.340632][T11586] CPU: 0 PID: 11586 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 581.340637][T11586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 581.340640][T11586] Call Trace: [ 581.340658][T11586] dump_stack+0x1d8/0x24e [ 581.340669][T11586] ? devkmsg_release+0x11c/0x11c [ 581.340679][T11586] ? mutex_unlock+0x19/0x40 [ 581.340689][T11586] ? show_regs_print_info+0x12/0x12 [ 581.340700][T11586] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 581.340710][T11586] should_fail+0x6f6/0x860 [ 581.340720][T11586] ? setup_fault_attr+0x3d0/0x3d0 [ 581.340729][T11586] ? _raw_spin_lock+0xa3/0x1b0 [ 581.340740][T11586] ? __kernfs_new_node+0xdb/0x6d0 [ 581.340749][T11586] should_failslab+0x5/0x20 [ 581.340759][T11586] kmem_cache_alloc+0x36/0x290 [ 581.340770][T11586] __kernfs_new_node+0xdb/0x6d0 [ 581.340781][T11586] ? mutex_lock+0xa6/0x110 [ 581.340791][T11586] ? kernfs_new_node+0x160/0x160 [ 581.340803][T11586] ? kernfs_activate+0x3fc/0x420 [ 581.340813][T11586] kernfs_new_node+0x95/0x160 [ 581.340824][T11586] kernfs_create_link+0x9c/0x1f0 [ 581.340833][T11586] sysfs_do_create_link_sd+0x85/0x100 [ 581.340842][T11586] device_add+0x873/0x18a0 [ 581.340853][T11586] ? get_device+0x30/0x30 [ 581.340862][T11586] ? mutex_lock+0xa6/0x110 [ 581.340870][T11586] ? virtual_device_parent+0x50/0x50 [ 581.340879][T11586] ? device_initialize+0x1d3/0x3e0 [ 581.340889][T11586] rfkill_register+0x180/0x720 [ 581.340900][T11586] hci_register_dev+0x398/0x710 [ 581.340912][T11586] hci_uart_tty_ioctl+0x89e/0xa10 [ 581.340922][T11586] ? hci_uart_tty_write+0x10/0x10 [ 581.340932][T11586] tty_ioctl+0xf68/0x1710 [ 581.340941][T11586] ? tty_do_resize+0x170/0x170 [ 581.340950][T11586] ? avc_ss_reset+0x3a0/0x3a0 [ 581.340958][T11586] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 581.340967][T11586] ? refcount_inc_checked+0x50/0x50 [ 581.340976][T11586] ? memcg_check_events+0x5c/0x5b0 [ 581.340988][T11586] ? proc_fail_nth_write+0x1d5/0x240 [ 581.340997][T11586] ? proc_fail_nth_read+0x1c0/0x1c0 [ 581.341006][T11586] ? __lru_cache_add+0x1c4/0x210 [ 581.341014][T11586] ? memset+0x1f/0x40 [ 581.341022][T11586] ? fsnotify+0x1332/0x13f0 [ 581.341031][T11586] ? tty_do_resize+0x170/0x170 [ 581.341041][T11586] do_vfs_ioctl+0x76a/0x1720 [ 581.341050][T11586] ? selinux_file_ioctl+0x72f/0x990 [ 581.341061][T11586] ? ioctl_preallocate+0x250/0x250 [ 581.341072][T11586] ? __fget+0x37b/0x3c0 [ 581.341079][T11586] ? vfs_write+0x422/0x4e0 [ 581.341090][T11586] ? fget_many+0x20/0x20 [ 581.341098][T11586] ? debug_smp_processor_id+0x20/0x20 [ 581.341109][T11586] ? security_file_ioctl+0x9d/0xb0 [ 581.341119][T11586] __x64_sys_ioctl+0xd4/0x110 [ 581.341128][T11586] do_syscall_64+0xcb/0x1e0 [ 581.341139][T11586] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 581.341147][T11586] RIP: 0033:0x4665f9 [ 581.341156][T11586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 581.341161][T11586] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 581.341171][T11586] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 581.341176][T11586] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 581.341182][T11586] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 581.341187][T11586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 581.341192][T11586] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 581.341551][ T90] Bluetooth: hci0: Frame reassembly failed (-84) [ 581.358234][T11592] selection: kmalloc() failed [ 581.832538][T11610] selection: kmalloc() failed [ 583.409133][ T3281] Bluetooth: hci0: command 0x1003 tx timeout [ 583.415160][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 585.489091][ T3432] Bluetooth: hci0: command 0x1001 tx timeout [ 585.495294][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 587.569010][ T3432] Bluetooth: hci0: command 0x1009 tx timeout 16:19:34 executing program 3 (fault-call:2 fault-nth:43): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:19:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x0) 16:19:34 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x8}}) 16:19:34 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000040)) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000080)=""/160) 16:19:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d21703fb318e9d3be6a7c", 0x76}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 591.513431][ T22] audit: type=1326 audit(1631031574.588:8646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11623 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 591.524801][T11631] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:19:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x0) [ 591.538353][ T22] audit: type=1326 audit(1631031574.598:8647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11622 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 591.549475][T11631] FAULT_INJECTION: forcing a failure. [ 591.549475][T11631] name failslab, interval 1, probability 0, space 0, times 0 [ 591.583351][T11631] CPU: 1 PID: 11631 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 591.583357][T11631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 16:19:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x0) 16:19:34 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x10}}) [ 591.583360][T11631] Call Trace: [ 591.583380][T11631] dump_stack+0x1d8/0x24e [ 591.583391][T11631] ? devkmsg_release+0x11c/0x11c [ 591.583401][T11631] ? show_regs_print_info+0x12/0x12 [ 591.583411][T11631] ? mutex_unlock+0x19/0x40 [ 591.583420][T11631] ? kernfs_xattr_get+0x81/0x90 [ 591.583431][T11631] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 591.583443][T11631] should_fail+0x6f6/0x860 [ 591.583452][T11631] ? setup_fault_attr+0x3d0/0x3d0 [ 591.583462][T11631] ? __kernfs_new_node+0x99/0x6d0 16:19:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x0) 16:19:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40087602, 0x0) [ 591.583472][T11631] should_failslab+0x5/0x20 [ 591.583482][T11631] __kmalloc_track_caller+0x5d/0x2e0 [ 591.583494][T11631] kstrdup_const+0x51/0x90 [ 591.583504][T11631] __kernfs_new_node+0x99/0x6d0 [ 591.583514][T11631] ? mutex_lock+0xa6/0x110 [ 591.583523][T11631] ? kernfs_new_node+0x160/0x160 [ 591.583534][T11631] ? kernfs_activate+0x3fc/0x420 [ 591.583543][T11631] kernfs_new_node+0x95/0x160 [ 591.583554][T11631] kernfs_create_link+0x9c/0x1f0 [ 591.583564][T11631] sysfs_do_create_link_sd+0x85/0x100 [ 591.583573][T11631] device_add+0x989/0x18a0 16:19:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x0) [ 591.583585][T11631] ? get_device+0x30/0x30 [ 591.583593][T11631] ? mutex_lock+0xa6/0x110 [ 591.583602][T11631] ? virtual_device_parent+0x50/0x50 [ 591.583609][T11631] ? device_initialize+0x1d3/0x3e0 [ 591.583619][T11631] rfkill_register+0x180/0x720 [ 591.583630][T11631] hci_register_dev+0x398/0x710 [ 591.583642][T11631] hci_uart_tty_ioctl+0x89e/0xa10 [ 591.583650][T11631] ? hci_uart_tty_write+0x10/0x10 [ 591.583659][T11631] tty_ioctl+0xf68/0x1710 [ 591.583668][T11631] ? tty_do_resize+0x170/0x170 [ 591.583677][T11631] ? avc_ss_reset+0x3a0/0x3a0 [ 591.583686][T11631] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 591.583695][T11631] ? refcount_inc_checked+0x50/0x50 [ 591.583704][T11631] ? memcg_check_events+0x5c/0x5b0 [ 591.583717][T11631] ? proc_fail_nth_write+0x1d5/0x240 [ 591.583726][T11631] ? proc_fail_nth_read+0x1c0/0x1c0 [ 591.583735][T11631] ? __lru_cache_add+0x1c4/0x210 [ 591.583743][T11631] ? memset+0x1f/0x40 [ 591.583751][T11631] ? fsnotify+0x1332/0x13f0 [ 591.583760][T11631] ? tty_do_resize+0x170/0x170 [ 591.583770][T11631] do_vfs_ioctl+0x76a/0x1720 [ 591.583779][T11631] ? selinux_file_ioctl+0x72f/0x990 [ 591.583790][T11631] ? ioctl_preallocate+0x250/0x250 [ 591.583801][T11631] ? __fget+0x37b/0x3c0 [ 591.583809][T11631] ? vfs_write+0x422/0x4e0 [ 591.583826][T11631] ? fget_many+0x20/0x20 [ 591.583835][T11631] ? debug_smp_processor_id+0x20/0x20 [ 591.583845][T11631] ? security_file_ioctl+0x9d/0xb0 [ 591.583855][T11631] __x64_sys_ioctl+0xd4/0x110 [ 591.583865][T11631] do_syscall_64+0xcb/0x1e0 [ 591.583876][T11631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 591.583884][T11631] RIP: 0033:0x4665f9 [ 591.583893][T11631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 591.583898][T11631] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 591.583908][T11631] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 591.583913][T11631] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 591.583919][T11631] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 591.583924][T11631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 591.583930][T11631] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 591.599288][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 591.969168][T11636] selection: kmalloc() failed [ 592.017471][T11664] selection: kmalloc() failed [ 593.968724][ T3743] Bluetooth: hci0: command 0x1003 tx timeout [ 593.974907][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 596.048652][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 596.054687][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 598.128585][ T17] Bluetooth: hci0: command 0x1009 tx timeout 16:19:44 executing program 3 (fault-call:2 fault-nth:44): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:19:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x0) 16:19:44 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x300}}) 16:19:44 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0xff61, 0xcf8, 0x822d, 0x4, 0xe9eac685ba2057a0}}) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:19:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6d", 0x66}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d", 0x43}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) [ 601.751169][ T22] audit: type=1326 audit(1631031584.828:8648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11672 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 601.763349][T11680] debugfs: Directory 'hci0' with parent 'bluetooth' already present! 16:19:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x0) 16:19:44 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x4, 0x0, 0x7ff, 0x0, 0x10}}) 16:19:44 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:19:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x0) [ 601.776588][ T22] audit: type=1326 audit(1631031584.828:8649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11670 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 601.785791][T11680] FAULT_INJECTION: forcing a failure. [ 601.785791][T11680] name failslab, interval 1, probability 0, space 0, times 0 [ 601.827578][T11680] CPU: 1 PID: 11680 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 601.839200][T11680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 16:19:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x0) 16:19:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x0) [ 601.849253][T11680] Call Trace: [ 601.849271][T11680] dump_stack+0x1d8/0x24e [ 601.849282][T11680] ? devkmsg_release+0x11c/0x11c [ 601.849292][T11680] ? show_regs_print_info+0x12/0x12 [ 601.849303][T11680] ? mutex_unlock+0x19/0x40 [ 601.849312][T11680] ? kernfs_xattr_get+0x81/0x90 [ 601.849324][T11680] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 601.849335][T11680] should_fail+0x6f6/0x860 [ 601.849346][T11680] ? setup_fault_attr+0x3d0/0x3d0 [ 601.849357][T11680] ? __kernfs_new_node+0x99/0x6d0 [ 601.849373][T11680] should_failslab+0x5/0x20 [ 601.849383][T11680] __kmalloc_track_caller+0x5d/0x2e0 [ 601.849396][T11680] kstrdup_const+0x51/0x90 [ 601.849406][T11680] __kernfs_new_node+0x99/0x6d0 [ 601.849417][T11680] ? mutex_lock+0xa6/0x110 [ 601.849426][T11680] ? kernfs_new_node+0x160/0x160 [ 601.849438][T11680] ? kernfs_activate+0x3fc/0x420 [ 601.849449][T11680] kernfs_new_node+0x95/0x160 [ 601.849461][T11680] kernfs_create_link+0x9c/0x1f0 [ 601.849470][T11680] sysfs_do_create_link_sd+0x85/0x100 [ 601.849480][T11680] device_add+0x989/0x18a0 [ 601.849492][T11680] ? get_device+0x30/0x30 [ 601.849501][T11680] ? mutex_lock+0xa6/0x110 [ 601.849509][T11680] ? virtual_device_parent+0x50/0x50 [ 601.849518][T11680] ? device_initialize+0x1d3/0x3e0 [ 601.849528][T11680] rfkill_register+0x180/0x720 [ 601.849539][T11680] hci_register_dev+0x398/0x710 [ 601.849551][T11680] hci_uart_tty_ioctl+0x89e/0xa10 [ 601.849561][T11680] ? hci_uart_tty_write+0x10/0x10 [ 601.849571][T11680] tty_ioctl+0xf68/0x1710 [ 601.849581][T11680] ? tty_do_resize+0x170/0x170 [ 601.849590][T11680] ? avc_ss_reset+0x3a0/0x3a0 [ 601.849599][T11680] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 601.849608][T11680] ? refcount_inc_checked+0x50/0x50 [ 601.849618][T11680] ? memcg_check_events+0x5c/0x5b0 [ 601.849630][T11680] ? proc_fail_nth_write+0x1d5/0x240 [ 601.849640][T11680] ? proc_fail_nth_read+0x1c0/0x1c0 [ 601.849649][T11680] ? __lru_cache_add+0x1c4/0x210 [ 601.849657][T11680] ? memset+0x1f/0x40 [ 601.849666][T11680] ? fsnotify+0x1332/0x13f0 [ 601.849675][T11680] ? tty_do_resize+0x170/0x170 [ 601.849686][T11680] do_vfs_ioctl+0x76a/0x1720 [ 601.849696][T11680] ? selinux_file_ioctl+0x72f/0x990 [ 601.849707][T11680] ? ioctl_preallocate+0x250/0x250 [ 601.849719][T11680] ? __fget+0x37b/0x3c0 [ 601.849726][T11680] ? vfs_write+0x422/0x4e0 [ 601.849737][T11680] ? fget_many+0x20/0x20 [ 601.849746][T11680] ? debug_smp_processor_id+0x20/0x20 [ 601.849757][T11680] ? security_file_ioctl+0x9d/0xb0 [ 601.849773][T11680] __x64_sys_ioctl+0xd4/0x110 [ 601.849784][T11680] do_syscall_64+0xcb/0x1e0 [ 601.849795][T11680] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 601.849803][T11680] RIP: 0033:0x4665f9 [ 601.849812][T11680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 601.849817][T11680] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 601.849827][T11680] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 601.849833][T11680] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 601.849838][T11680] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 601.849843][T11680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 601.849849][T11680] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 601.860020][ T90] Bluetooth: hci0: Frame reassembly failed (-84) [ 601.925031][T11683] selection: kmalloc() failed [ 602.329620][T11702] selection: kmalloc() failed [ 603.888325][ T67] Bluetooth: hci0: command 0x1003 tx timeout [ 603.894395][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 605.968250][ T67] Bluetooth: hci0: command 0x1001 tx timeout [ 605.974301][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 608.048239][ T67] Bluetooth: hci0: command 0x1009 tx timeout 16:19:55 executing program 3 (fault-call:2 fault-nth:45): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:19:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x0) 16:19:55 executing program 2: setrlimit(0x9, &(0x7f00000000c0)) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0) syz_io_uring_setup(0x3edb, &(0x7f0000000040)={0x0, 0x7cc6, 0x4, 0x0, 0x0, 0x0, r0}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000003000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000140)) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000100)={0xffff, 0x6, 0x7, 0x1, 0xb, "8a1ab94a382717cd"}) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0xffff, 0x0, 0x40, 0xfffe}}) 16:19:55 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x2}}) 16:19:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d", 0x43}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6d", 0x66}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:19:55 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x3}}) 16:19:55 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$KDFONTOP_GET(r1, 0x4b72, &(0x7f0000000440)={0x1, 0x0, 0x1c, 0x12, 0x1f7, &(0x7f0000000040)}) 16:19:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x0) [ 611.995770][T11720] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 611.995866][ T22] audit: type=1326 audit(1631031595.069:8650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11717 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 612.015719][T11720] FAULT_INJECTION: forcing a failure. [ 612.015719][T11720] name failslab, interval 1, probability 0, space 0, times 0 16:19:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x0) 16:19:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086601, 0x0) [ 612.066850][T11720] CPU: 1 PID: 11720 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 612.066855][T11720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.066859][T11720] Call Trace: [ 612.066876][T11720] dump_stack+0x1d8/0x24e [ 612.066886][T11720] ? devkmsg_release+0x11c/0x11c [ 612.066896][T11720] ? show_regs_print_info+0x12/0x12 16:19:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80087601, 0x0) [ 612.066909][T11720] should_fail+0x6f6/0x860 [ 612.066919][T11720] ? setup_fault_attr+0x3d0/0x3d0 [ 612.066931][T11720] ? __kernfs_new_node+0xdb/0x6d0 [ 612.066940][T11720] should_failslab+0x5/0x20 [ 612.066949][T11720] kmem_cache_alloc+0x36/0x290 [ 612.066956][T11720] ? memcpy+0x38/0x50 [ 612.066966][T11720] __kernfs_new_node+0xdb/0x6d0 [ 612.066977][T11720] ? mutex_lock+0xa6/0x110 [ 612.066985][T11720] ? kernfs_new_node+0x160/0x160 [ 612.066996][T11720] ? kernfs_activate+0x3fc/0x420 [ 612.067004][T11720] kernfs_new_node+0x95/0x160 [ 612.067015][T11720] kernfs_create_link+0x9c/0x1f0 [ 612.067025][T11720] sysfs_do_create_link_sd+0x85/0x100 [ 612.067034][T11720] device_add+0x989/0x18a0 [ 612.067047][T11720] ? get_device+0x30/0x30 [ 612.067055][T11720] ? mutex_lock+0xa6/0x110 [ 612.067062][T11720] ? virtual_device_parent+0x50/0x50 [ 612.067070][T11720] ? device_initialize+0x1d3/0x3e0 [ 612.067081][T11720] rfkill_register+0x180/0x720 [ 612.067092][T11720] hci_register_dev+0x398/0x710 [ 612.067104][T11720] hci_uart_tty_ioctl+0x89e/0xa10 [ 612.067114][T11720] ? hci_uart_tty_write+0x10/0x10 [ 612.067123][T11720] tty_ioctl+0xf68/0x1710 [ 612.067133][T11720] ? tty_do_resize+0x170/0x170 [ 612.067142][T11720] ? avc_ss_reset+0x3a0/0x3a0 [ 612.067151][T11720] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 612.067159][T11720] ? refcount_inc_checked+0x50/0x50 [ 612.067168][T11720] ? memcg_check_events+0x5c/0x5b0 [ 612.067179][T11720] ? proc_fail_nth_write+0x1d5/0x240 [ 612.067188][T11720] ? proc_fail_nth_read+0x1c0/0x1c0 [ 612.067199][T11720] ? __lru_cache_add+0x1c4/0x210 [ 612.067206][T11720] ? memset+0x1f/0x40 [ 612.067214][T11720] ? fsnotify+0x1332/0x13f0 [ 612.067223][T11720] ? tty_do_resize+0x170/0x170 [ 612.067234][T11720] do_vfs_ioctl+0x76a/0x1720 [ 612.067244][T11720] ? selinux_file_ioctl+0x72f/0x990 [ 612.067255][T11720] ? ioctl_preallocate+0x250/0x250 [ 612.067266][T11720] ? __fget+0x37b/0x3c0 [ 612.067274][T11720] ? vfs_write+0x422/0x4e0 [ 612.067285][T11720] ? fget_many+0x20/0x20 [ 612.067293][T11720] ? debug_smp_processor_id+0x20/0x20 [ 612.067304][T11720] ? security_file_ioctl+0x9d/0xb0 [ 612.067314][T11720] __x64_sys_ioctl+0xd4/0x110 [ 612.067324][T11720] do_syscall_64+0xcb/0x1e0 [ 612.067335][T11720] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 612.067343][T11720] RIP: 0033:0x4665f9 [ 612.067352][T11720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 612.067357][T11720] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 612.067367][T11720] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 612.067372][T11720] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 612.067377][T11720] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 612.067382][T11720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 612.067387][T11720] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 612.072882][ T22] audit: type=1326 audit(1631031595.109:8651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11716 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 612.077432][T11729] selection: kmalloc() failed [ 612.078479][ T154] Bluetooth: hci0: Frame reassembly failed (-84) [ 612.508411][T11753] selection: kmalloc() failed [ 614.127863][ T3432] Bluetooth: hci0: command 0x1003 tx timeout [ 614.133903][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 616.207834][ T3432] Bluetooth: hci0: command 0x1001 tx timeout [ 616.214039][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 618.287749][ T3432] Bluetooth: hci0: command 0x1009 tx timeout 16:20:05 executing program 3 (fault-call:2 fault-nth:46): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:20:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x0) 16:20:05 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x3, 0x10}}) 16:20:05 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x4}}) 16:20:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6d", 0x66}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:20:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d", 0x43}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:20:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x0) [ 622.255324][ T22] audit: type=1326 audit(1631031605.329:8653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11765 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 622.267005][T11767] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 622.296299][T11767] FAULT_INJECTION: forcing a failure. 16:20:05 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x8}}) 16:20:05 executing program 2: r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='devlink_health_report\x00'}, 0x10) sendfile(0xffffffffffffffff, r0, &(0x7f0000000140)=0x80000000, 0x7) syz_open_procfs(0x0, &(0x7f0000000540)='net/tcp\x00') r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x2c8, 0xffffffff, 0x0, 0x0, 0x98, 0xffffffff, 0xffffffff, 0x230, 0x230, 0x230, 0xffffffff, 0x4, &(0x7f0000000180), {[{{@ip={@local, @local, 0xffffffff, 0xff, 'bridge_slave_0\x00', 'syzkaller1\x00', {}, {}, 0x6c, 0x3, 0xe}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@ip={@private=0xa010101, @private=0xa010100, 0xff000000, 0xff, 'veth0_to_bond\x00', 'veth0_to_bridge\x00', {0xff}, {0xff}, 0x29, 0x0, 0x4}, 0x0, 0xb8, 0xe0, 0x0, {}, [@common=@socket0={{0x20}}, @common=@unspec=@state={{0x28}, {0x1}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x0, 0x5, 0x5}}}, {{@uncond, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x9e}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328) ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000080)={0x3, &(0x7f00000001c0)=[{}, {}, {}]}) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:20:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x0) [ 622.296299][T11767] name failslab, interval 1, probability 0, space 0, times 0 16:20:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x0) 16:20:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 622.318603][ T22] audit: type=1326 audit(1631031605.329:8652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11762 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 622.319008][T11767] CPU: 1 PID: 11767 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 622.319014][T11767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.319017][T11767] Call Trace: [ 622.319034][T11767] dump_stack+0x1d8/0x24e [ 622.319044][T11767] ? devkmsg_release+0x11c/0x11c [ 622.319053][T11767] ? mutex_unlock+0x19/0x40 [ 622.319062][T11767] ? show_regs_print_info+0x12/0x12 [ 622.319072][T11767] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 622.319086][T11767] should_fail+0x6f6/0x860 [ 622.319096][T11767] ? setup_fault_attr+0x3d0/0x3d0 [ 622.319105][T11767] ? _raw_spin_lock+0xa3/0x1b0 [ 622.319115][T11767] ? __kernfs_new_node+0xdb/0x6d0 [ 622.319124][T11767] should_failslab+0x5/0x20 [ 622.319135][T11767] kmem_cache_alloc+0x36/0x290 [ 622.319145][T11767] __kernfs_new_node+0xdb/0x6d0 [ 622.319155][T11767] ? mutex_lock+0xa6/0x110 [ 622.319164][T11767] ? kernfs_new_node+0x160/0x160 [ 622.319175][T11767] ? kernfs_activate+0x3fc/0x420 [ 622.319185][T11767] kernfs_new_node+0x95/0x160 [ 622.319195][T11767] __kernfs_create_file+0x45/0x260 [ 622.319203][T11767] sysfs_add_file_mode_ns+0x293/0x340 [ 622.319214][T11767] internal_create_group+0x560/0xf10 [ 622.319225][T11767] ? sysfs_create_group+0x20/0x20 [ 622.319236][T11767] sysfs_create_groups+0x5d/0x130 [ 622.319245][T11767] device_add+0xa51/0x18a0 [ 622.319257][T11767] ? get_device+0x30/0x30 [ 622.319265][T11767] ? mutex_lock+0xa6/0x110 [ 622.319273][T11767] ? virtual_device_parent+0x50/0x50 [ 622.319282][T11767] ? device_initialize+0x1d3/0x3e0 [ 622.319293][T11767] rfkill_register+0x180/0x720 [ 622.319305][T11767] hci_register_dev+0x398/0x710 [ 622.319317][T11767] hci_uart_tty_ioctl+0x89e/0xa10 [ 622.319326][T11767] ? hci_uart_tty_write+0x10/0x10 [ 622.319336][T11767] tty_ioctl+0xf68/0x1710 [ 622.319346][T11767] ? tty_do_resize+0x170/0x170 [ 622.319354][T11767] ? avc_ss_reset+0x3a0/0x3a0 [ 622.319363][T11767] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 622.319371][T11767] ? refcount_inc_checked+0x50/0x50 [ 622.319381][T11767] ? memcg_check_events+0x5c/0x5b0 [ 622.319393][T11767] ? proc_fail_nth_write+0x1d5/0x240 [ 622.319403][T11767] ? proc_fail_nth_read+0x1c0/0x1c0 [ 622.319412][T11767] ? __lru_cache_add+0x1c4/0x210 [ 622.319420][T11767] ? memset+0x1f/0x40 [ 622.319429][T11767] ? fsnotify+0x1332/0x13f0 [ 622.319437][T11767] ? tty_do_resize+0x170/0x170 [ 622.319449][T11767] do_vfs_ioctl+0x76a/0x1720 [ 622.319458][T11767] ? selinux_file_ioctl+0x72f/0x990 [ 622.319468][T11767] ? ioctl_preallocate+0x250/0x250 [ 622.319479][T11767] ? __fget+0x37b/0x3c0 [ 622.319486][T11767] ? vfs_write+0x422/0x4e0 [ 622.319496][T11767] ? fget_many+0x20/0x20 [ 622.319504][T11767] ? debug_smp_processor_id+0x20/0x20 [ 622.319514][T11767] ? security_file_ioctl+0x9d/0xb0 [ 622.319524][T11767] __x64_sys_ioctl+0xd4/0x110 [ 622.319534][T11767] do_syscall_64+0xcb/0x1e0 [ 622.319544][T11767] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 622.319551][T11767] RIP: 0033:0x4665f9 [ 622.319560][T11767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 622.319565][T11767] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 622.319574][T11767] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 622.319579][T11767] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 622.319584][T11767] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 622.319589][T11767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 622.319594][T11767] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 622.322151][ T90] Bluetooth: hci0: Frame reassembly failed (-84) [ 622.349785][T11777] selection: kmalloc() failed [ 622.801693][T11793] selection: kmalloc() failed [ 624.367452][ T3743] Bluetooth: hci0: command 0x1003 tx timeout [ 624.373573][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 626.447410][ T3743] Bluetooth: hci0: command 0x1001 tx timeout [ 626.453468][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 628.527310][ T3743] Bluetooth: hci0: command 0x1009 tx timeout 16:20:15 executing program 3 (fault-call:2 fault-nth:47): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:20:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:20:15 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x10}}) 16:20:15 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x18) fremovexattr(r0, &(0x7f0000000580)=@known='user.incfs.size\x00') mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x1090, r0, 0x43f09000) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00', 0x0, 0x18}, 0x10) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x3ff, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x8, &(0x7f0000000040)=@raw=[@alu={0x7, 0x1, 0x9, 0x8, 0xb, 0xfffffffffffffff4, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x19e, 0x0, 0x0, 0x0, 0x1f}, @btf_id={0x18, 0xf, 0x3, 0x0, 0x1}, @jmp={0x5, 0x1, 0xd, 0xb, 0xa, 0x50, 0x8}, @alu={0x7, 0x0, 0x3, 0x5, 0x0, 0xfffffffffffffffe, 0x10}, @generic={0x0, 0x7, 0x0, 0x3, 0x401}], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x4e, &(0x7f0000000140)=""/78, 0x41000, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0x8, 0x0, 0x7}, 0x10, r3}, 0x78) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xf, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x7a}, @alu={0x4, 0x0, 0x7, 0x4, 0x7, 0xfffffffffffffffc, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x401}, @map={0x18, 0x3, 0x1, 0x0, 0x1}, @generic={0x7, 0xa, 0x8, 0x7ff, 0x668afc25}, @ldst={0x3, 0x3, 0x0, 0xb, 0x5, 0x0, 0x10}, @map_val={0x18, 0xb, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}]}, &(0x7f0000000440)='syzkaller\x00', 0x2, 0x4a, &(0x7f0000000480)=""/74, 0x40f00, 0x4, '\x00', 0x0, 0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x2, 0x81, 0x1}, 0x10, r3}, 0x78) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000280)={0xf17, 0x0}, 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000002c0)=@bpf_lsm={0x1d, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0xffffffff}, [@btf_id={0x18, 0x7, 0x3, 0x0, 0x3}, @exit, @jmp={0x5, 0x0, 0x4, 0x8, 0xa, 0xf77c2959a2cd2e62, 0xfffffffffffffffc}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x1000, &(0x7f0000002440)=""/4096, 0x40f00, 0x1, '\x00', r4, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0xa, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0xb, 0x2, 0x4}, 0x10, r5}, 0x78) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) 16:20:15 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6dbe9b0e57b51d2170", 0x6e}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:20:15 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de", 0x65}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:20:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 16:20:15 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x0, 0x0, 0x300}}) [ 632.470980][ T22] audit: type=1326 audit(1631031615.550:8654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11808 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 632.504524][T11812] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 632.522611][T11812] FAULT_INJECTION: forcing a failure. [ 632.522611][T11812] name failslab, interval 1, probability 0, space 0, times 0 [ 632.539941][ T22] audit: type=1326 audit(1631031615.570:8655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11805 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 632.546482][T11823] debugfs: Directory 'hci1' with parent 'bluetooth' already present! 16:20:15 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000e80)={0xffffffffffffffff, 0xffffffffffffffff}) preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000000)=""/219, 0xdb}], 0x1, 0x8000, 0x1) r2 = dup(r0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$sock(r1, &(0x7f0000003800)=[{{&(0x7f0000000140)=@nfc_llcp={0x27, 0x1, 0x1, 0x6, 0x4, 0x0, "54ca210bb056f3048857fcd3fffe7252d663d103c82087a8e42297962e7f6305a9869d5a43d3592de45b0625c4c87d651def25606126bbe62c7079d9083da3", 0x18}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000001c0)="475590e51385b629304aab375cfafb55575c445b58042a825431e60171686692e76a850a1250d0f4c548dd0fd136b75f8aac9c4b70e2835c526885996edeb99fcb8bd3ae2c1bfd6d9050949259070dfcf5da2e90165503c432135698689ebb05a919e4c8b177ef1ebab7d34800454e34fe859d402558d782e7652150694dda561fb1d200604179964e5843644f9a9f280cda91f57640fa50e6cb2d57dd7c0f2cda6014f2da8719faf8cd75ffb2a5530b1b", 0xb1}, {&(0x7f0000000280)="084726560de0e49b4086e85ba0d85914e7c2fe4ca90eb40ef03afbb0e002947facbccd42156c57bdb25883ef1f774600006b095926a617832b500626e070f5483b392ff57e4a1532ea536ffac44c27065452cb83f06a9d9e1d3bf530ab8106552a0eac61c7cdb6339e7d2d4b87b73840f887ade221f626a9c989b38d48367acaff7037ae78514392b41ec539d29b14af359500cad502a5ec58e644e971504df9b608d414e943cd4e58d57b9076b22d4347b759a72065cb4250ecbefe7d342b51717956b212c3db7603bbff6a28436dd089aa74784b922cdecb6db8a886e79b56fa2435", 0xe3}, {&(0x7f0000000380)="9d8fbc7edd0433ef6dcc22daeed2e964e7a531d565a174b68b8ed5bb473dc29877e4afdd37425d4e7eb12fddd53131f65d9fbbfb53da588736473ba7c20695b0ec8f0be89ccddf279bba4b", 0x4b}, {&(0x7f0000000400)="0760dae5e45140c01b113ae5c010ef62fa2813be2ca14ab2938d33316ccc1313cded55c58475e066abfbadbf2da91dec8ea0c091a3a593f104ab7f79a800727e648fed3ddc82a0c4e1b6369b46a10e4a3d65ca80d6aee4", 0x57}, {&(0x7f0000000480)="fff72f1d5f5c0fda77ff78e08f", 0xd}, {&(0x7f0000000ec0)="d9b80b1df29f442a8c63dd44988c3f0235617f6c31045e947b2949532bd3edba0d8547713aadd807663dabb67ea669033e3da1416e1cfbefd2acacba1b8a17c48edeb20c07c7e0d02b9bbc850c83345a96c772f892c5f9b5def797ca7ad2de627f8422259e21e63ffc4f44edda0eba587e3c06c5da02f496e0772afe1236c7fb8fa409065fbc965346c7ec9651738c2b879689b43e115ed8153c29aa11a9a8701d11fb452cb22335b7b762f37d1b202f04156dd90be82f7027c56480ad66ce3c713c79932221f3b289964c6dd0803f050f95822cf6c6fb43afb0cb9e5573f3982a2c35754287ebbc4d9f966071c03c28b737064ffb35f155e8f5d0dcd4c52aa8563b315f13dda7240c6252e8da548b3ae12e0ad6a1e309e1c9aa9fd275430d4557606f2bcdf8d215c819a7779eb38b26fa060df4545ca4feb12fc75f43c6dde3cd3eaed8f0e66e3e8187cb72f4ed262c74c474b3d7dcc985bd8381016f7dd481534ccf460c7b09c60436cd135bf0850ca5c63c7bcdbf86b2824c3c02eb5842e6a9efb65c77ecc6cf0ce4332a683a7935cb184f7e7faa4ec3311234a53ed85a278282bbbe5d5f5cfc68d2ba07ae4599163d3febea1815160adae98cc795f1d1abbedad1b516ce80a754d7a39cc20bb44deea0194ec45417515145919f472908764d4a3c45338b77e8d2ba99686c359a8e53760801cd4ae8c6a231f1d6208dd2770d7748f6b2f55e041415971a8f68535ddac2074472e0cbfde991d7324f864f39f90fd727c22f84ca726d4f32c47aee8dbeff60e1aa3288c053a49c483b8069c2c140a81c3f91c16e7f87ddac19f6d4dddafd5b0e35ffc0e63dfa685ab106c8ffe47fe166521b0756e99bc8198dae7f09e2d2b8004b6b0f84f04e8af8e649ab9391ed387629a5c7ecf02e03baa9545b81234b31247972db987cb99f4eb480ff08137e245745607b7a5eee9841287232f0eff57a4d8457153af4ff9c34da8da7199a5f658a0bff55135a1fd667d6504950e8c4a0abb70b64611f7ed6b5d2890643f2f8a7780b5ba75e183edbe312d455900cd6ff7b5691648c24fc65aa1215a6b8a04fbc35b3f17f9f7d05256ef141bdd78c7b5053dfe16586ca789545815ea5c49a53562a656692559336fea8b38e8c5fcf7b3ccdeebe72337a3e0ca5a6b71219b9f375a36996efd560e9050e0877a820f9c890a35230e7aa644f64b271439f2a180b5c6eebdc24cd4890e242af3d40a92def55834a5cfdd101896d3e5d9bf3d76a52fe86f91d80d89e98c528ab726fa6999ee28dd2cda4781cb78d4781873829bfd223210be7b15d20472b933cdaac73cc8732fc330fe539fee0f007bffcf4863cbf3b87c88d1d1a71c112f7255f994de0d7db324a92b1d8609722c1bf1936f3409e2117987ddb714652a83fef4cbed25b427626235a1ed9714de319bc6dfbd712c8955ddab38ecc5edf0314efac2be3f78c39d54bc9fb5a880acdba60c2ed7bb25e3066215f88ba5d6d15575035ac9364b3a21b7e7db7e49a25d545d1bb04d9aa0cc06f5965a645ee14a678da4046668fc2f442ee515c910751bf259bdbefb69841bf4399b035fbbffc6af41ac4a17aed2050cf4fb7d90e5e1fc332c9ff773ab8041618b2ce266f3e50bc32b84b28b2d7cb34a9b882ded37d3ae001a9153431e642ba211e943c2300fa63a63e566413271ae05820cccdef5888a2dd9a04da90f2aeee85173b66cfd4c7fa7eb63f06d759f5c087f2d8120e69fbb9f940d0f22b3a194d04d8127ea1076351cb161b9a5a3e71c39a8a7416572be5a15dbfee54d2508099bc869fd47dc7098f0b8cef5debcc8d1619b4f0ee82cbfb14dda197c5c6435d1745d4a1dd56795f72a30baa12d540520ae87286c1a7393422e8e157789e8b0b2cad7625dccf227508e819264b11b0a9871701bdf2cb4153beb88d80f9e6b64bf8a8336df1da962cbfb06759b27c32e8949e24fe36ff745441eb53bf893bce434ab635e20c6c445cc777c0555e46b5f4d205d62502a1ae4af562e9cb65e2a64c6e9d3fa8573ebc8248e97952362dfa77e50c52063ea07364acd5eadd807c1e8389cc35449915803acb511bdbae077f473138e1140d675942055719a9177029577bbaa572b0b0a62e24656cb0768bc91ca620d27d8a9b5994aad3524e45592c6292ce813cd2369f5779de386b61205a827ccdcb6cd8d35db8114e0881759aaa0814dea7d20b5f43def2393c3be4a69d1f9061d8867a3ded9b2031bc419d5374626aa2664df807fae1731134a029d4e002324f0795fe4d1d058fc55515fe5eda460662ca8f8a51ab4468ae64b964f172f02044722fc87ae563e71f7354d465da634fb6fdadb8946c89ab9220ff52edee705fc833ecc6a6911aa29933c52f095376642b6a7d6af1b554c3cfa33032f4a59b8f5def9c395f8f7ca8e4c46809ce6fb9ba7ebd8701fd9ddd59c69a8c586e9c6f52d9830e53f734446d95509215660b965fe30708844cb71574bea3425cee3b5d01343c83462dea862fcd7aa0e15dce843ec5b50fa18a95bc3be82ab6616c740cbbb29a4f2c2abf423413e312fc53ce49079408313cac9b5736c78e0f58ce8f6b8f07b7b9e0745bfdd833092e661fbfeb246973572881a13f67374d579bdcc438fdf5167ca423ec9c3f320089727a5579beb9efdc12c657ac111cb4b201cbecf060bb52b812564cbf2109452a7fa74e8a36f5e54f8642d95707f2c9862a15b7e44bc13cbf55f1c88e718de9999edef91a1ed5ee0fbce81c9a02bcc07fd7e0b2da8e65e95d48ac45740d51509c16e8409d43c3cbe076d08b4f2c0f3d77e43bb70457df7df3877552dfc8ac8523c726b2e62587bb907b9754fcbb2deaafd9cb5bde9b360909a93297ad785e890825023baafb41dc94c103b03370a920b0cedbd5b39191cbf4b014ef429225c6ab3380effed8f0f73464ac648a934fef91197c9b0082e9a8169995eea0ae5071a57f82260a25347a686987a27f6344e380ba303b660cf6e7fef281154c13b98692b1c83f56067f31e8b3447a667a789e61aacdfcd2468926c7b06f7f69fa199d2a4dabd301cf078d5d1856343ff85e452ad01dc7dfeb0e7b5f8d74defa89c43467d99e782186b10f34c650d33ca0a62d136e7fe02b6a266bed5dd9eeab6058d2beddb126b93c58f573aef3f0ad23720ab48d89d861e1b5f3935a5b34736ea06312dcbe9e06ba558d3687f3fffe72e9acd810b69711af597482370cb1f695eef31ab82c42c00906b373fa5f875a7d1b8ebcfdca9dca07eadd16f3517f58173411297f3d9490324e18ccf14df249082cb21f19d0f042d85cfe4a2b99f0d11fe4e204f82513fae489f12d6251ab635f5192cd93bbdf283f61b8c096540ed24ddde5c5dd88b5792bc1058889883e51343d70e8ff26d5fa09a1ce5d127386af7a5d8b9bb5791604664fbb63744bc7b5308928f6f8dc17630886c06ed173530d72028cac499008eb485f65a3e02fb44531d61cd0439dd675179d2eb458b3ec136ea12f9f8dc3f89ee55a027eb3b486ffc7140bd389caa186758f1107c9fbb312b6699d895cdc140f56c70579d633b33c6538268e2793a3eac8f614e3285082718b5c824ab609d1b6e79d69306b53a7b4b3566ecafa6b07d025f364fc203fd394abcdb8a5a43d68e08ed3ca54e77fa0ac6754acf5643641ec70b0429f42442cbaf58e4f7946cbb715ca94ec79e28095acff0a94bcd05403af31ed939b5ff9fe23c1e959b8cfce66db691bf579c446877e7b6d8eb3a1b33c470af7b5b59d78cad077fbe8a468ef24adea01d6320a77fe1aff69eea518507998ee0f6554f963ec7505a22ea8781fe73c9782ee2af574f2b752568347dc85f614e2305d5824f67bc7ffb769cd9882f4ddf44886e2f8d219678c0d02d96d8a953f280b22b2ee321d8118653e587f5dcb718d02ed295efe3aac70fc936ea623bbff1dd22693eeb42d3c0099a0002c9fb5299cd72bda34fc8c2317b86ff0c997353cdc528ac70a59fe070c85144b7c212544291b6712f010ecf707b681452f7d9f4996816625af1cf20f4ccb6688b4033cfc41fde6ca9341429ea4a1666030dddc666f3e16238694772b9bf3254ce812140db5e5618efae6547c3f4fa556826d996ec54732e9cb439e9fb38c970df136436e9623c4a70390c1d2fc291a02745831fc0ae94c02cbfb491efee16ee7ca2b4b5d22df3cc7a5a4c64bc79870c2635847269e5043857e03473f94371c61cf92fe21d6e8b9e6e06347b005709f69f36d7dfd7fc2a699557f8293c417a9b852848ffc8fe36e96fdb5e84e0a415c373496c0d3f84e71bf9cb10cadaffda8ddfeaf0f045f837507c2a2fa5f131c6ae49d0315ccc7ca8c838e200ffbc44758fcb4c2361b96ded03e7c9059c61c18589e161ea89ad43a23310da323a360a43fdd22438cf6119bfb3d586358584873598e1c57ed05f255e10e1b15b2cdfa27ec1d6a0194c304d96e82762e482a8109be20b8f0e33a0119e281cece7b0049f7f54a94ea4d27418f9b19686bf006f45f82fc433322b31ed8c306ec304bb7614ca360cd2c6efc90f7632e8261a74928929d3e3bceda7c4bb57b9cc1a4c8883421504090ca33b14293c907cb0682c2ad23ebbd140bd909198c9e575faa33beabee140858181b68fe55f4b110539981fdb3bdc108cc1c7d0bf53868fae92beef038e9d4571cd25856e77866338e695f0332448562f4c4f134bddb9afe3d69f9167dea026791e109154dad8456a7889c09c621c5874a025e26b891bf719a11722c5a70d7fbe18f369dc1638130485094a0f312e601dd43aac8382ee9f1869f59f1e873862ed28189dd1e30150aa738ca866a18b5b5a03e70168fa079dc753655af96553a42dd340c55682cd292bbc583b6cb3d24c83434e3a9a8b54b355a7a3dd25be836ff802f64b105a356482eceef59c8add33eaa93de3aa71aeac2f98c433c4edf86514fdb9062ac437583152007d7d978d3ad2a38f9f8747d944b6aa5354f4431ddf3577a6f2ddd34a1e7217d30e8c6f089618a1525514a57c0ac5a7198626b9a88ec53293f5d48bdde0cc135f28761fa4d2d9e4270a8996cf76a7bcefe961f93141761169ad9eda4bcfe46ed6f6ab6e6dd70e48f61cbbce70304d83b4cb3b27e744916469142954f8f745ae81bb38892a56dbbb587840e8000333cf5ff9148d1119610e2a22d3e3ff08bebe5b3765ccc118a439f485469a2be361aa3fc12de67cc77ebbbd44fe7ce1c09353b526d07356b58ea78094678993a76b55e2528f6a95f67542a457fa4e50dae8db2c2b12ce9048eed8622b99213be6cfbfcc91645e617d5d26d97b7a92991190b230e4cfb6e97773489dcaa442d1244ff156affcd240cbefb527a89938de5003b709995d2407510160a9948f0e420d132d9df7d8b27bdb6d086a61db579da2154a49a2b00a9d656c7d075f5d8e57e82d5496913d8a18b176150850472a137fded3d7c2182dda71ff16b2f27784504673104995d7ebf3ef68c4c8eb6c06ef8569d59380071738741669352867afd4979a048d9549d5de9c140140b6efd75b48f9c9bf831d6ce33065a01176009d93e2ef5e5fc30605e33a36b4db49602eef866beb6adc334a4ee167949e28de1a63fb61aa768addedf304de82015caaaf9c982c649ff193bdcaa3caafff37dad8ed6944ee7a4ab25b218d70f776440eaa81e66a5c682342efb9bb713438427582205074f61d3a5a135b075ac40df45d616c0cd0982cc363cf1ec41f2dffb223edec3407b7943f47e0940f63f", 0x1000}], 0x6, &(0x7f0000000540)=[@timestamping={{0x14, 0x1, 0x25, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}], 0x30}}, {{&(0x7f0000000580)=@vsock={0x28, 0x0, 0xffffffff, @local}, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000600)="e90b87fa2532573221384e6994a3dc21438cab4eb6505a48f98106eca1a3238dc05360d1fe9a61980d5b192c25e562ed5f4d0820c80bb29ed90e801b52c836bca49bf960db6ba6f09a43590a0aae92cf3a4feb8a8803b1bca4daf4e02f5d9a3218c5eae6941cf5db0504c6d7841c644fb3173ecf1732cc19717d05f2d1a20b6a5f42a8ee045d0b8c78dc701b999f365bf040834dec0270a5244baa2c0678c6da48ea4c72bb1f4d2d32bd9e19c27a015d0077363c5c7657cccde2a9df380aa2d8619bfb738673e8926bf5742b3b43a1cfdbda0d8e9bedb58757df118d752c2fabc2", 0xe1}, {&(0x7f0000000700)="416b385ea0074b8d51f33e2a6fde83972e7c61344eb2aab4284b6a38788d413438d5e1666977c9b848f7bce4dc57a2fe2faf0f01764f4b9268aa0edbee67986a4908cae3dc87670728123cb96001c870e70934a989f17beb", 0x58}, {&(0x7f0000000780)="df78860abef04fb1cf5452e8a26ff66361bd4e714f27abe09bc980c2dbdf5318a6a8dbda03ecd888b62e4612f2cd6dd9bbb5f66c0ad7ff4c1c544a082d0989b5c1ce7255345b64c183dadf755c902bdb0cdbd3cae95598af92077625e9bbe2798af94d29448e000ddfa2990039c9a171f7b1161e52cdbd36ad370cfbcc0ea87732be5faadaa8a92aeecebcdb0f9eefb7650d068912ecd055757311352b46e2ab4fadba0b5a76bb037f3151a89454bf2b48e69f8bd803405fb50c2edee0db3897e94f21f6", 0xc4}, {&(0x7f0000000880)="e0a21ff7d01059eecd9e677329f9477b5908be8c7cd008a9cb6286110818aa6f8e54d88d0f189beb764518df54d95c2804ed21ba4aa782a25531376942beb062c4d295d01ec98b80316b09d6ec72089f0ffe06f48fbc5007d84c6c444897817ede01d417e9567fbc755b32532a9154462182383532b495f0fb9a0e15c76ba438985a776d762e126b76150ed7931e3f0d039a925afbc824c6e87fa7d433a554fb884ad56080", 0xa5}, {&(0x7f0000000940)="b2b3dae5d8b2483fbdb2ba9779309763d489bc9bfcb26fc2993bb1fde47fe972f72b49fc2ec20d75c39c6cd3aeacb1aa5916a8b6f48e6ff85dcd51e42dcfca7d3e9b8f3007f85ce76127cbdb7eaf", 0x4e}, {&(0x7f0000001ec0)="7333321246f7506e9272aa48a15adc959860865e53d0fe72ae85c8d6091afbc72f3a62e6af6d300ec5fd33b7b713aa78a63c93a0a3055ff6e633e91a8544cb963825b33895459487a5f46d489b9ac0ccc40fba00703b119712853f854614f6b9a9f94b0b2548e9067975d0add7b40debb4a40f427747918055511fa952008e9863c3cbbe739a1e2afd099f3c5bc6d2a95b9cd785af74d8e2214bf259d52cd64aee9c1995846df1dc57ed7afd6abf8828a5cd18245a51359652ca983b6083b0f45a8fb5e8c58ad1f6ebf8cc89479d711f898029a5d3b2bcdfed85ba2aed089e34c69d9f318a27cef89d7ce12f3fd78cb635e9739f4a261f8a644377cee8b1430838e9b97496f96ac604c1cb1547517d124b895185df032efda59e6e775649d20f53f80b6007fdfbed406a60d775f8d161d435c474d380c2a581d7325efe9abef9266048ee165f09df2837dc7d6e446f147dd7b08c3bd5a54a93d4d34d23d332a91ce60615a7161cb4b60a5650de35e294201c224552a0a1f2c405f2a0b5817f6f71c5ac27ede7d5e558e26037453d77d3b04217a51a9c9f0c4bb85447bffd1b03e1c4de95351238ab77f26abce4565d4253c5898c9e237df0e34b7c374d7297d595ea16b0a6d930366b69b4eebb1df80c27aeba463c0bac532e202b801e38990c2d9f4794490c4a16565afce93c597eb4429d31bd71972a688af877aa5405bf0c5d091d18f445af6960c4c4a7663664f7e21dc26bbcd5b61c809b3afbacaa2507cee68604f4a29d6aafa283ed60c941fd585027ce6d7cc0985914190c891f52e80a8a2a52e3cbdd90f7660402297cd95a895668404bfec030aa04b68b8a89dee347afe9f7838b4437bd3e1c74a80069cb0aa2455ae5a689ca397ee05f6bdafc12ce8302d2b282ae66f0f8bdaab35ffa25ac0466502d4cdebc1942fde67b11d4aff8647badebaf234400b800efe27fcae0139bc54fd147a94b30b777b0d1db0f073c9fd0aed4872af665b3f854eb5b5d4b79a42d8ef7375985878a1306ef49b55cd0f36c2de05b35a95dce5d8746f0e2f5a80525f70922ee6c6249b4d11613a36c515c33b52b6274815505f5e269dd2d65d9762d776a29dc0134f800252b172bbe87970587f68dcca2154c2482991dc9af87f88b5ab7b0818aef6acc70f6fffd089bf781b1f53c745e143b4458e416d587d27d2a7478035641d46e34ecb36d84114442cafe3ab5c4c4f17619fddd079b296d9935c9fbb289e9d62bb573be7b0fbdc316034c57e193ca35995656583d3bd14892f7d5527428303e2357bc4472592086f4f37daf362c06f3f6c06c2aeb255187a9f0b68390f9b618d40624c31429e6c71ab06c66edfc6055870755e6b46f30235ee4234f7579effc5854add66bcace1126cc1a75cd1db268e8c15944661c669fe89887ca7f678161b1151c8462f4c3ba879b5b0941cd665ecc0699277456f732dae8d1d9a95258cdd23d435401b2c34ff027d4519a60486be9e7bb432424526d41de4293a2e1fac241cd43ba3329f74fcf8dd56601c7d8e5ec5309ca74b440a5ccb5f2491fa4ff568ce5985ea4233391f0961fba286db70599169a221765672f06ae87d4f0d2445f2c71c6a8030f6a0ff39d296b981c398b5918163cff78670deae470c81879ecde4fa6e075ab26455b72e5dba130051f96422580381ecde376ef343e7b6f67d70baa824af508ce6c0171a07442c7c7b6f53548af252cdf34890c749613efb835de36e6732fe3c63eb3263096a6fedc69e7b902080dd09076d37776fa67548936f466cf3d6a181515ca1a958336edc4683a62a0f79c4f43075f7fd76ca3b38dfe1dd57dd774377b92970289bc5903a0b80bc527299eb14d2c677c7e1e0baa20e8d27fefd605f980f445da6fbe9dc94b3ec920c814349c28d2fd74c696f7556e292299bd691d6ee1059dd981e155bea1fa054b6f4f758c09fdaabf670049972aa2b006bf41b24dd6ecfe358ea415a192e79184ae0be472b296629b4d54daed220ca358ca0e163a07135f8f9bd9ac3d768e2822a78af74b33f8c386e75edef871d98eca2ed8eebd30112641ed6ef33f33584d24a85f5290323b05363a9b26cbb09ee2aba8072a34eaa24a8c59cc77a6b9edcf358c3fb06bb40fd1abfc830bce2e1a8d3e76477a66f1176ac6f42631935b7d2cb4d2f9288f699dbebbd0181430a4dd3c4186640cc6360a210fec3d5a9f13e385252b638ce3689ef07b25d832d3f29c105f73fd9468805e533496f4ec285c88d194d8333c225f1fddde61393e054aadefde3d4d77285fe25a98cfd0d8c5bbccf62832e5dd736513e085ab5b8aa7166ecd428ec350284f58edd193b99baadf958b97c10266d6a0442edc772147f69c55285fc8693e0e6a0165ef70b456a1c507f8f6629483cb7baddf1482e5f9513dcc1a0dbb062e1a7fc4e859a5a1864baf7772a46551f053245f17d4c9c25fc5849385bfeb506261fa422ea35fa63343043cf8fac2e506a39cf78d2ffd22e4f193983c751602ead6b01081b6869db410eec55db2bfae65474a68069f047095986a6628aefec802f7fc6b0e5f2f12e0dce7991285f1ab91ebfac01796a6ff2d12d5f21a6c985a4653221bc42111ccd60f3dda56136780ce25df54d6ca2ffe49765f51eea0d1434c52382a3973629827036d850f90d6d99cba30be623105728366c3d8a17300a61d5806fd166942055e2b602134f46b2d759e55b7d56cf09e64bb92b1157b6ec7fbe6cbe61e9d9b15ea92356576f073fc0566e067762c856809c4cbe7a0b6607f0264d0188761f5d7a39b4c4218895d3092371729845059ef39b0ed607e32e5179fc73f2295a579de63f2ad151733cacfc315f75ddd7cf83a93564fa794c209d81f0eb6fb872909aa605a7fbbbae4000d4e1ecf74966814659626e97c908b8aad6b955970aaf40ef8afc8f1b88bd00e5059343202a149fa56de907ac945bb8c1ce07b8e454c71621ea6e700a427a7ac49c5fb62f3c6c1a51c9a052aca18cd5ae2e7bf3c491acbf06092a4f48b05c19afad3b5f0f6e50a8c76c9cbe1a9c695f4e29fd2c552ce4f6f5f11964949fecdd78c8a85f7f6783c4275d851c77181a7f10095f6fda8ec6c60dcc7c1446446edaeabe95b06a8c47fd6da1a35402444b33dea2565493a0045fc5e2dc491c110d39b3ef36878b19d32bd7f7fb90a1985a74dae59e29005fb180af499184679f73f344bee3f0b6dff0cc7c0d50047d574e09d08dd2e175d4c4e304edc595e479ef7578da39abc9610090e02fc9d279ac875ea2e28cde2b8cd3c0a9bb0469d5c20f6dd7b008ff5704473b66dbd335c7677762170b2537661a501ef2e99e2cd72c407a093bf7c731c744a93460f397f3d193eaa971f760be4a94d5e592d88cb877cd87bbf2a312742e91f3b85f9fc0a1c3a048a9cf1cf20fe56141d6c52b065f42fb74186ce9a92dde8754e9c72e68864b597271edfaca0bc188a081884162b1e84e928bf25744ad3731b6aa953261233041731fafe2185401c2618fdde87ba4fb51b8cdaa55624ab6c05b880c4f19d33351079b897f9668f1be0371caadfdb3e0ef1d4c34cae996671ebb76eaf2cca5bf466073032b925290a9b21b1530b65bdc6e8dda36fbe968d8ad2b63a13a741fffdff765af174b243f805e0b19e48e03f2426a67d6640f76708262c434b9ea61c8e060e7c4240b28a16bd521a5f6b4973aa4246e585a9b154de9d3b8385e88a6135cedfc0a27678fa457df5f3a18ef439211a4bf8b5efeaa24cbeb2f57f17045c130785e75583a1d236f718eb4eebb596ec4955e3d124d2c248516afbfdcc7aabafbbd321015ddfdf4e4a93f583728bb00c61e0ed19429f677dbda7a31eafe144ecdecc0f7f61be659f637cfc4e47b217f49f1204b0ee186b4aa89ce1c9bf3180e5a9fe2cad6aa8f3fadb64c9170e3a9c000c9c033d8ef0decb5d55106d72505ce6fff26ab9495785d2d2c87e2ff3901049a311f18b3862eaa9e1753ce6932fa97104d30208b8f896d38630e4ffa46951d2993d6ac36a255076b6855f6ba96266e771d4ff60f745f27f121bc55b92189e5bc351fdbb4dadb297dd7e281aa741be54474b23139c07fea20eec18dde33029588c5b835a5e0d88035380f191c828bdaf0c4874c698a7b8df575a633b1d732552f08286774af4e645ed65d61fab612d0d0db90736488578c3387f03deca3e3fb2504f929e7479532ae291a22e02afa5eeb6f80064252649b4dc17d42be9375d1d679ef741a7a4a785dbe976f95963ed1b7e3c03d4d1ed6f7f6714ee922fb36038262fccc63f4890684977d7b0a072ef33282a7cafde4b0868d475da279991d5460ebf17df041ccaa13d7c1ba4412795287a9d101311787e10c1df53c3a1e2e5c5fdde78582d64649c8b07f4d59cd89e624b51d46329f94031aed22f3f46e77058bb3520aef95db7de3681cbf126ed0c0463f384b6e177b84db98ed133806507a731eabae1a92991d0594900bf1fe22e29cfe74df70da2058ee4051e3a72084ce3558aafb4beffb0de0b9aa601e139022b616dc5c62ad50aa49807c541681f0b6f53f23eb1e79d6316ffbc04ec692c740e9210f109176fbed11fd53231233cd1bf3aafaeef4fc7730866d197eb30454b65a34ff37ae379da9f9dc63861aeef4f3670610d28a79435c0ea6212bb0cdb621c0b48312aa61f96dbfc3efb493b507e51131644be4f45c8c60f77938a08de7db3121d3e799d69bc2d1d39ca6257581b343a7f4efe2b7cc327ada2a912f521c78ec32a8be301215e3f01551e020f38d8aafe4f8f635408c59e86be3fa290a3ce704a25ee69057f2f89a6b4b0bf813636af16547ebd19cb209ac3f57564632ad60b7a34f373da40fc18013d48a52871b4c7663aaab81d5e18bc134471c79cd8efbeb855eaa6fab07ec3fad1f6381a7f95c67d5e281374dc6ce722c0226d82277352ba7606dbb8e5407202179ae71c92850069156a5016a07312511067fb5ae0ebde07af75469708a7ca62c90cb45f55973be829c63d6fc9bfc70473e5e3c2dcfc5def789856ae1f576e3fee41dcfa4c8db26b9ee6a6a4fa4a786c9f6cfef9e13f354a137b69e499f9a5dee4a37dc166fbe551095fe61d45ee9717933323c644749a703e5420ec9afb2a3b9c35d9c65559eebe8ff1cb2b9189a7b7d805be75ff6b00d57aff6dae5d70991361e6d93465e9dc306104f286cf216d05c259f1e6175eb14d2667903598dce27a17b9164748efd4eaf28d20d83fdc881ff613e57dc6d300193b9ed4b25e8fc68e4283b7af0d30abf3d803e403b18eb544c5c21c252684f8b901140a8a2d292576f4f4a2d38acea43d7558af054ab699bb03d7b9c94abb55e7b70d78f31c2e5718704ad903a7c44168b663334547e6b26508cbeeee6180f8a9adf0f113796e57cfcab44e02ce4b4f4f2e2980f31235562a44daaa086e5a1fc35da7fe1563cb694e9ed08f3acaa07ae4f803ca3157a1607675cfd3c20ccb9e354484425ff7e48c5e50f5e213157ae5fc7e66fbb4225ae68d4d5741b428716536f0ba97ebc26c86e6b221410ff4517f161a394eb376248010a7ebeeb7b119fbfa6fdaa25c43fd3fa7d025b04a024b99319b25930cf9bf89852329ae380ed7b2ff76d68e41367fdddd3ef9221d5571d24fa89ef2dc77fc1685cee5145a7d7d7ad1e2420964333a356af48444535cd59a4d38be2ed5abc8ec1aec5857cca99549d930e932f00262b8d704a8ff2b7e11228f926f2bd60bd8419b8938e7b1f3667c96525d5de4c40a", 0x1000}, {&(0x7f00000009c0)="41e56d8327fd56d1c165cd7f619018f1373776762106c6550ae2663485386ec42cf73c8e6fc3352eadbd9e88751d7ab5992b7026a8a8295a3e9ad2d8220429832a2e295a48b3c7fc82f30b1ebfe9ff4333b7be10726a5d95d5141a", 0x5b}, {&(0x7f0000000a40)="d4ce2a528d41dbdd031d965e92353bd92552b11a224f2a9b9391831de8ac1b0264b424ad54b2976b055955f8e84ada15d3daf3ebf5bf9cbbd785bc122e0823fb26bafdf00392fd9642f0410120cbde36b6e3fc6f228956474d4e164c4f4c1010776ba7197a445aaddcd6d5c8d885a040f7c3e66a5bb20e22c1b4c8f4c7b18d4203d3039f9fbb7e803b6651c171cd8a82afeae926c6ff7e2b5d2d", 0x9a}, {&(0x7f0000000b00)="66d266841f41e8f4e29e59559937600f73794ea64678670bf17ce1ff6bdb4b93f6a4d8840c940ac1451a5e7c1e050f2c1dcd403b457ef641f8e3567b43a6a0d9ccdf8e8dc58f9dd23567115f8d8e84e2b98b870cf5711890aa53f161b8ed966d79768eb4b49236860a60c2998715c9275063bbdfaf7833c0e8619e3aaa1bacc15e9f8978f6e2ebe5c3ca", 0x8a}], 0x9, &(0x7f0000000c80)=[@mark={{0x14, 0x1, 0x24, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0x9}}, @mark={{0x14, 0x1, 0x24, 0x3}}, @mark={{0x14, 0x1, 0x24, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0xfffffffe}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}], 0xc0}}, {{&(0x7f0000000d40)=@phonet={0x23, 0x6, 0x80, 0x3}, 0x80, &(0x7f00000031c0)=[{&(0x7f0000002ec0)="c373cd21b8635a5fcb943f541cb778310bd6c447101c74306ca74b3fbee647d4ed863b12662d813cae776d7df611f493f8f1aa67c1a80d077c38d1cdd4fb1f4299867c583469339c65725d6f3c97a29b9449a8e3432a8acbc3e18cc91abd9ab1f75be3bfc5dd6460b4578ef38f6551f5118fd5a545e445a974531b72e8eb6e7dacb20d7b18c6ac419038b1fd64bceb7248ed9b0ee24edadf9cb8a8aac3221eba15cf0a8f80ebeb08aca7102618a3697cfdac88d1800ba6b5c12fab97cce868b935377b193f11215311", 0xc9}, {&(0x7f0000002fc0)="69d2312f8d978e3615a263b14102d318c9337da7d3afb6d67c997f7b1773db022e0f539c7cc523c38074d089f3f552fb511d5a1a62ff6677179af2475c8d0e9cfee4a48576df7632d5dd11ae1163ff44ad72af607be6ec972204076af0096322c57af876dc118262cd631d85ceab0daf6e3813155ed727614abe172f90d27f1e1cea486f8faa97f4c3dc83aee0c0203945115f7b2034899fa72995e67dd2044d7ee2b26163859ee792c87d041c33d7ca5ae027c3c29c12848f2e0b0ca8f37f78a04f0df9e37f18929a59aea1232e9206979b1dfae5c13b41545bb5e6d11999a7169f6eb1b1baa88f9b14f6ad4dc7068c451db395", 0xf4}, {&(0x7f0000003bc0)="c417fe02e8aea58627da7389428615c509deceaff488799fca81f75614e9181e9b2c87baf35b95f435d1b6c9ea214a3e6b8a0ecf05857836748a44d87aecdf800372f8a7917155938ca66cca1c790289de6dfa86d80a269ca3335b9a1a0f8471ee675dc4cbce6230afce4926a02d521f515fdf0b08da95a29d6046eb2dfecbc3cce0c91537fac6df94acf665d8a2b19c11386fca7ba3993fe0a5bab40be25ccb4f581d3b4e4220143df1be426b52e57c9abc1c5a028dc812c334c6b7a0e89f98041514042b7b89b1cedc4f731fb46d04d32d9d3587447ac15374bf91a6805fd74dfbcef61413809ece9e3a36b1", 0xed}, {&(0x7f0000000dc0)="7f6cdf2679c85de3b365b050660d94796d6d0075ab04dbbb95f29613c525707032a95ca8773cc9186f1249f036f49490decf8b0f3f2c397603876d6a9e01842701e9066757ab033fb758ef71deba2cd9be5776167cad969e4e18f3c1d52675b1000f18ae69c01dec60750f26ff53f41bc8f08f4d9866761a0575648a28b19eba8790ca0e06cea17bf9e34bf1fa4fe4289bebdf5b237cb698d1acb3e368f2228e4340b15208", 0xa5}], 0x4, &(0x7f0000003200)=[@mark={{0x14, 0x1, 0x24, 0x8}}, @mark={{0x14, 0x1, 0x24, 0x8}}], 0x30}}, {{&(0x7f0000003240)=@rxrpc=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e21, 0xa1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1ff}}, 0x80, &(0x7f0000003740)=[{&(0x7f00000032c0)='e', 0x1}, {&(0x7f0000003300)="d3d788391f07f064d2f6dcce4f9145ccc659c398dd3dbd2f205017539a297f7dd6d433bae4e0feb557e6ce2e4ca802c5a44bccab61961712b3ebab7c0c35ea0491dedca51575195ad66137f5ff60b468516abb42b8be1f42d3b50d262b387d2c336ebf400d9fa46850603dc67c5d9eed387045ab5557c6a1229962bc75d34d236443b322e36bcb895ba01339c8ff11015d0e4745c7d4fe51ac", 0x99}, {&(0x7f00000033c0)="fa979f83d51106409cfdcc787441d039e60f4bbd6a9bc2d74db0ac3612448e50b3a9bae5e09bb22a2216852ecf477225003ce742c45dc0d9679d7b238acb60e796ae3304c24ca55569995f6350af5c47f6fff1349ab0e2f2330bd6414d107190dc7da9cd61dfae8e4c1e295a3b607437e12e7d6a9399b61ce5156dc8068392ee07be5bc06f5f98a33d98f2c9117d1c67abb865cdc0f7e870aba32269083c6268ea680304536d5d8fdf284eb7fb5283b091213a167f1b8fab8264e8380f43650a229c953baccb2b0eb7784fc6c2328c5b21fa2e9140b40d8edf47d555acde05bc325b8417b59653f91006a72daeb712cf297549f9283ffe48147a7e90ae", 0xfd}, {&(0x7f00000034c0)="e324a7883d2626b65710c4344640a5f7cd86a7dfb00f880ac70a676b79f968d222ed76a3696ddb7a2f3c218bf13f1e4da72ac03692773a004315d75b5445f8733419eb5102", 0x45}, {&(0x7f0000003540)}, {&(0x7f0000003580)="7b777ee629d826fbcb6a3867abcacd248715ee6ae4d8c00ef7023c2cdcd57ffcd09032390c7bbbd8cd4a1777803b0001914d5eeeb87792808696e05ae7ceec27369f0fac469a337682c92295d66887d81eb46a0cbe941584b280025caa204cc3e0bb47b80007afef4d10435934cd0d65e3696654e819c4ba0ded0754aeb272c8ba2feb12b49b67695b946f64084c74a76f17da862784a0770565746ef16eddfd2c3b7b0c5265342128628241b59028185b185a331f051379dad704e513bd2dd554f2e5", 0xc3}, {&(0x7f0000003680)="978cf9f2f869df74775398ea5466d12f4ab3da4d6f5095a96b72b7cbb7bfe42fc1dbaf13ae1830d1f5dd432453fb9320f54e247a45991d6c0e9f32fb687ec072461a48604a2711f54dc87090907ce1c177a9d1dd717804a8974698c8e62751f3237e7893c413798c81b60f151e82edb636a0b968fc429a96c02ed1d8bf84eff45fd545e456b9c2844910b10100f743f5cd3738cf6f77ff70c8eb28cd10b203bd85491f6262f5", 0xa6}], 0x7, &(0x7f00000037c0)=[@timestamping={{0x14, 0x1, 0x25, 0xfffffff9}}, @mark={{0x14, 0x1, 0x24, 0xe2eb}}], 0x30}}], 0x4, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r3, 0x89f4, &(0x7f0000003980)={'syztnl1\x00', &(0x7f0000003900)={'ip6gre0\x00', 0x0, 0x4, 0x0, 0x7f, 0x4000, 0x2c, @dev={0xfe, 0x80, '\x00', 0x37}, @loopback, 0x80, 0x20, 0x2, 0xfffffc01}}) sendmsg$nl_route_sched(r2, &(0x7f0000003ac0)={&(0x7f0000003540)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000003a80)={&(0x7f0000003b00)=ANY=[@ANYBLOB="ac0000002400000428bd7000ffdbdf2500000000", @ANYRES32=r4, @ANYBLOB="040005000f0005000000f1ff680008800294000600000002000000f2cac06a944fa117eb55b00df9dbd0650b1a19da96fe08000000140002007f008000b3070800000000003c909b001c000100018401007f000000020000000000aa9f40f51f62076e00001800020008000200020067130600200003000001ff0fea0808000d000100000008000e003f00000006000500400000000600050004860000"], 0xac}, 0x1, 0x0, 0x0, 0x20000811}, 0x4000000) 16:20:15 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) r2 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) vmsplice(r2, &(0x7f0000001080)=[{&(0x7f00000013c0)="6168ae4a8ea060e55ed3d76d0f7b75f50ac5ba9a0c1c4bb2fe8feccd414621359de7fab7c8f2d8d72593a6917f35814316cf1df0c63b8b7060d9beac036e53b5d2eaf838a2ed066b876a1742aa5611d321caac23ebc99d781ca5eab7127b5c73e40e9a541846e98bae78e24b187327651dd555d2f8fab45d3f94d701fe5596841903fbad765aff4a29c7bfc0951a79bc334b35f21baed4b21ec4bf434d27d5f6b946ec67a8185d4548fdbfbb45bb8fde10bb8246dff51c8aecad370ca11da0b67ec2410f583a3f457f581f34d932c8e3cf0f2ad64d61df913bc041ae42ed68747e8d70b21bc987ed48a543ef7c8102173abc84ba91995b47be61ba28d71027ede24add5ce48cda3875f3dfc1b310fdffd12eeda8d63248226d6e0da1eff80ef45312b6957f4979a1ff829a849c70847171e72cf25e337b22076f410ea27bc26fda58ff88e437295e2b86878cebc5d39f0ef165a70ad978f89cac2b4e8ac7a780d67a252bb3dfb2fb8bff7e44ce2929085003b667ce568e81689f7d140b42ab08bd9dd364e8fa01a0ae95f96ccf1de3e655f2bd3278dc4bd765a437d309ef749bccd3f88dd5c4a0d2b760f31535ead8c12bdcf4bc768808420052daab011c892c593e46570fec4348b3ef8f433ae51ec75967d0fa70c3c542ed9c15b14b282441c09e9e66f1786b0b7bb510c8d551fe1f3eb3fa1ec844c728da90415272f075e86efe773408cd0c915984eb66fc2173fdc9d43d860548455f8b7d5d15a19c315b8a94444e4fbafe8e50b7d539aa88174ab5a9a88fe3e09f024feabf65b7e77621889127fd1e852971bc8a5946a9e900eb5dd6fde65fea42f3a8e5c112b540dd3508bd3cf4486bbed7cb741a3aca00bdb24690143147ff92b18a78ccc08aef5fc7ef4aba7f5aa72db4150f30fc4a8d85c2d8da8e9aa0736a617a6c41fddb22d2b5d04e2b5f1f7e47d2427ce7e1291ac3956678f6e456733cbc78a1180591915dbccfc5300c026013b7bbe39df21f2882a701af103e51c34982dc8af18d99d06a37cb541446556f0dee09ad5daaccc5e4578cf691b915c52a8ad03af95ef0ab47b8662b1ba237268a0f25994c860e01ce86a3f045572a2457f93f91918d849cd7f1bf0ae496c1448dc5b7abb237486a80006ab46a92af2f4c394e9265172713fc96d8265bc3586bcee8a893da3be6bafeb0dd0c4bb8967acce7d377b23056d0d7e2363a32e1723a23b8e787a77422b340af63f6661226908e2c45d9160933d8f410c5fd25947bc1a0913425fd69310f61d0ae1c3d18b2d5c93523561dd3780cfc601bd76372d1c9d196e801f92dc2afc2e1a635f535399877e47f6dcb71a9d19b990f8ba4aac3096ec8bcf7e6e62fba9aadbf862dff6391e27c5638f8a935cb313f44d514f8395363f717d6f7c0aa7cb7bf2a88878c23a04672934080669a4061b12a8483667eb598e1eac3502e48c86c73945ae8912b40688b6200454da2982e27c4ea4754436d6c0be8cfd4cc72a26431588f05545986877b61cc5dfd5f6cab409e091b5b0a1b3bc7ee5e5a3a6926323b49d24524082093a978e9e54c2b5ca26cae54415486a20c266cbfddae52c9ce05b773c13829b89aae36449d4911540eca43a844b5cd241edee31a13c0924b23a9ba6d8d09751bc4f07bf38ab550a731e961d5195c9ddb4786bf7c9cc7bd78f85a3618bec25d13bd7a7ba914ae6da0e4ca9ee2293ea1f76f435999a895726684e22924bdeca955baf84189b871d58f818af87a0587a69045f78b87354237ba8e091ad36fb46ca4b5dd6459d3d2e37d32870e55e7a70b6a7389ef7a22aa815dd5c72a2169dad9ba72118302c9e1c0a5843c38c567ebf13ef7246e00f26576243f30d7d42999178def4995d95c6e9cddd92f866dd65ac467759028bf7729c244c438372fc2302135a50b02e8bc4ae5b1de996764757c4a9230b943c570f44ef9e3465cf3ac6c78de9b4bb7fe4c614b29ba8daa9b0a827db77d525ae87be5b49155797fae3bf4e5195d6c7049323ad38ee2fbd01631e57443036d83552e716f4e580ef6ad8eb0d66ac21afd72acf298945b2e9569fa31fd80cca402221d3762ae4f48c005f550ce2f24b41c6fa3dc6e667749e04fb838ae49e6ef1e3ff2e981365f2fa63692b75d70c5694da95aad4f341aa9e17d45407e3e3a9ddf5e869681a55ed8bc048b203f824ff3f6bbeccc7b1cf6e552cecb2ce348832e0969e8f99c5a5344c266c4ca7cd3bb4e5d66aa2830a8648305ebcd62ed7b85071f8c9a07ea539d04b70df9f9fb0bd908d1a925116923f5efbdba9641e6ba168fcf52170413522473f34ff6a0bdb31d92b98913138c7d21a730a447efd9e5e9841a8ccabf03b05b131db0f063090432df1eb7e6db525fd1f3829a0a460f20e04ccbcb839b6006ca2ccd153a390608ed7c5769a259cd12ba076337021552e2902fd9db20ffbc663412a257a123e9982f03e99f6c2e8b717893f005bbc274ec0d07ce2f2f3528911031b66d582d54723962e2a8f44291b220c105c0923092a5f685e5ea701826488e51c29f40a3543bb8b546f30df4366670fdbbe6422c18aec5a88d9e515e33ffff200a0fbb74829e41c4b8c2dbbe891de54bbec8ed6a5bc2ca46d593a9e1e3beb17e57749f3a06a259ea60f35f7d851cdbab5a9fb505646f94c983f453a66e3feb1f11269570fb58cc9a929934d7aa988f5d385b3ae7dfb4d78c93acee8937cbadf87c5a3e5f7dc92e7e5e77fa679cdddfe180f40ab5ca7e945b9e95e0a91f1698092345cb2c7bb42be2348716694c3f9f3190439285cc36c13041c75df053b05817fa0fa37af3ee2e482d253c6c2976f4dfaeadd91fda67ea89eb658420bfe0ebf8412cf9a0dbd2587e50006903c40a8ce047e853cd7157e0bcb811196490e9c0166f9370699b55bff4f792dd08ac827723bbbcd03e2421e0bad8632a6fa285ae3103b036105c3c63e117317bbfc5aa49df70c34869be698d5f04aaab5cf5e84d8c82517f4bdb212b18ef3040f815fe6893fb9db51d78413f3848e689e123e4f597b0e6c0f587b4628b8470c0cec365253deedd5378b97f87d6037a93d132fddc51c3fc25b7bb9a0335f33dd41e329c4fb3e34abd2bda02d04d0bf87fe5bb39e297ef7aed05c0a4876604c4a74acd150655c3ba86b2e69244fb354b8c2abb71b2938086e44f38eac87ab954daea6d745889bc42ff7d5fdc7249d4f7e4401c848a118f9e10e3230d470940d240d78091d46d934b7209c0bc1e234ad49cca098f365af6822159d55fd437255a6be7774bf0234e71a9c34c2c8599cf1891996fe095197a5de0bad65324c9594592b6e11b189f36be72abfc694432114767a351d5dc004cc8f19cdcf7cc7007f9ec3d0e15aa524c148112f0d2a6110360486740a44f2a323b40095930f7862b55dbc04793e2b07ef213d8a44d5cef2ad5cff3cec3862f4da951d617fa433f98df391cee17499b19b167807986e1d9c89c1fb7dde31aa7278384c3cd33ec31416b75050296e43c36a47f5274556e0b5a576b158ab834177b592b820ab32cd6956a2336c24bceeaeeba6ec30410765c26a8de12b61b6cd4e4faa27c468d5bd1c1ce5e811efc650a059953db62b868e59f217c60ee189af8b35e78edbeec9f53ab603ee909a9c0c79e8807ee8f968f15fe824bbe98d063eb33f2ec9cb17b74b2bf0c84ba1063c043c6547cbb21c0dd102fde655196cc145acb305e4e7d55e895337b4a2baddeb624e8a09562f4bcb38482215d7d26cf2c1ae6bd7d1d68b0c69da30069f5eab7c80be70379642a39ebcfea56c57e46f5c5e561b4036f15072e7420a595949e17a2f6f295120f3fa55948e9433b2e053ba3cbec99fc42a1a59fd10a099535b546761644dca1fc050d6b3418cb4c99e9f72e9522f7990606d7e0f27c1a262f7baff623f5cfd1e40191893051283b55349f9d91e713712a5e07456a9afac711ae05ce501ea1267c7e17db67ca40b419ba00935484f39f1480e91e6daa466c4975f46d5eb33a115e7f03e8d49f388bfa5abb3c404e82d83fd85810496ad86db932f05a1f2e326f4c7924c448a9a44ca13e9a754fe1d738a0c868c91ee26fb6e5e36b3aa7a63d3a1f0a9b79326acf4553bae439ada60af96bc1c8f3d9dfed09d5c917f37a8c8f81ca49ed4a96b5347ad8d67fd14369c7bd4fb84e0345157c0ca6995f94fba3d45fffd95a3940bb8748e66a7a17efbfe332ef070b166141d6804a44af8ef0df6eabed1448b6a2315370d5da0570a95184e6fa2cfc94978af38b932ccba8ac8736d03d5363c70ac84b0ef5f201df44cd46a5e9df45d0210f8b442a6d7d3bb7434e94ebb03fe10d06b9b1a5f4c9adf6d3a265f4b06b491dd24045b6af9f3dcaf90446146aeff578c4155cf602aa0ce9b7debd1b12acda7d3fc26f4d4528a62bfbbc46dd504fb436f249eb23d49fc53e1ad0aeb6dad4f6851708256b9ea3a57be935b39a58314e683f5ecfa4fe7d63ee061e2bf80caaef2593a8b84efd7babd736adf8880151def15c2baca1a52d02266c782c3245bda00aa23aee8a3b96c29897e582df10955e32237acea272adb95f2c0222dd55c1f06cbb05b3f6c4219fff8f554626abbb9098839f54a71a70ca74ae5d8b149edae55a839a485b8da21057accbe9113318cb7fed4f71d188f1b00a618aa5e54582d7e8b05de0ad0c95f8d2d9e056e48e388dba654bb9496511482750409136914f11eb169cef67eb6bdff1d3749f6a011c9f61e81ed92faedd3460c1920b4dec4be27193eb45d7a5f8cd01b889c3bead9cdc2ca57a18a3ece2ba8e3f6de7a5e596ba4e31b95a9a29a3f0e4df404d2dceb53cc0c6cc21e06b32f82a6e894a3484769ef9aeaba845986bdb1628177dabfbf47e8e5d1ea2130a39bcfa5a0eedd1e0119b49cac9e4df92ff4c3159dbc5a55709064aaeefdc2c25b0e6a470d0864b48d9b341a2da60b10ead555f9d67212d78cef45a3b00596edbfece450989c008ef9f946f868c741ebe0dea56032f28d401e9709b8efd731eda5fe57a1e6a1ba15f375de1fcf9f50b301ced54dec18a7e407ec2926ff8444a282484b8b60ccf5ef0a49acf91e695fdf9f3012896fc2da57e48f2423e8771c96c5b153176b96fcc6696b3295573b105fb578abb9691d05eb0b356aabca2e037d9853c9a485d72a2047ebdebb7eaa486202799fdddd35897e5c6a4c008e25e4f63d699c4874534fd9817d30e000c82d17fa9fcf12eb59eb42379ef630f0aa1aaefa55593f5e5328f57d671bd51cc6ce83cb164b7b6a1ec3e2095488e93b6ecb97e583d670108929f7a4d8f1d52d45a7ad0ca2bcfd9236ade7c9742f3a0727e5e2f719b5b7ec95f2dd868f38703f44e56ea86d605f30212c25ace90f09a322e194bc13457cf30626d92a1f313d57d88aeb59df87d60a14a2b37be69815bca9c68b9ea7c1a56019edf3f31ea7d9723ef096cc724140dfc337a19803d1e6ee68eb06ec468af862210cc8064a275dd86e2ff6b7db3c1fd5fcaa2e43215a179c74539f7ab61eb463b7715e1879b06089c4fedccd157167b9f4201db9238233671340a97694fe93d6e0aeae7f6b1bb5cf74a49bb42c76c3926af36193879bb2cd93c30afb409be8439028aff05eb834f54e247a3bda70d1cb8a4e02b330217386a6f58caf63fa4259e47d1d4dbe37947ee50155d6f3d1da74f356055b60d56e974b4c6acc8f59a592458ee541a90f09e48b717ca0a88c372fb755b2256f751a6a6075990a6813114e0d3f2d3f6175bba7f11c11998f28d", 0x1000}], 0x1, 0xa) mmap(&(0x7f00001ce000/0x3000)=nil, 0x3000, 0x6, 0x8010, r0, 0x4b5cd000) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x280000a, 0x80010, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCL_PASTESEL(r1, 0x541c, &(0x7f0000000040)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000080)={0x2, {0x3, 0x2, 0x86, 0x0, 0x1000, 0x10}}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000e80)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r4, 0x8912, 0x400308) preadv(r4, &(0x7f0000001340)=[{&(0x7f00000010c0)=""/157, 0x9d}, {&(0x7f0000001180)}, {&(0x7f00000011c0)=""/211, 0xd3}, {&(0x7f00000012c0)=""/14, 0xe}, {&(0x7f0000001300)=""/56, 0x38}], 0x5, 0x512, 0x1000) [ 632.572593][T11812] CPU: 1 PID: 11812 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 632.572599][T11812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 632.572602][T11812] Call Trace: [ 632.572623][T11812] dump_stack+0x1d8/0x24e [ 632.572634][T11812] ? devkmsg_release+0x11c/0x11c [ 632.572644][T11812] ? mutex_unlock+0x19/0x40 [ 632.572653][T11812] ? show_regs_print_info+0x12/0x12 [ 632.572663][T11812] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 632.572673][T11812] should_fail+0x6f6/0x860 [ 632.572682][T11812] ? setup_fault_attr+0x3d0/0x3d0 [ 632.572691][T11812] ? _raw_spin_lock+0xa3/0x1b0 [ 632.572702][T11812] ? __kernfs_new_node+0xdb/0x6d0 [ 632.572710][T11812] should_failslab+0x5/0x20 [ 632.572718][T11812] kmem_cache_alloc+0x36/0x290 [ 632.572729][T11812] __kernfs_new_node+0xdb/0x6d0 [ 632.572740][T11812] ? mutex_lock+0xa6/0x110 [ 632.572749][T11812] ? kernfs_new_node+0x160/0x160 [ 632.572761][T11812] ? kernfs_activate+0x3fc/0x420 [ 632.572772][T11812] kernfs_new_node+0x95/0x160 [ 632.572784][T11812] __kernfs_create_file+0x45/0x260 [ 632.572793][T11812] sysfs_add_file_mode_ns+0x293/0x340 [ 632.572804][T11812] internal_create_group+0x560/0xf10 [ 632.572815][T11812] ? sysfs_create_group+0x20/0x20 [ 632.572826][T11812] sysfs_create_groups+0x5d/0x130 [ 632.572834][T11812] device_add+0xa51/0x18a0 [ 632.572846][T11812] ? get_device+0x30/0x30 [ 632.572856][T11812] ? mutex_lock+0xa6/0x110 [ 632.572864][T11812] ? virtual_device_parent+0x50/0x50 [ 632.572872][T11812] ? device_initialize+0x1d3/0x3e0 [ 632.572883][T11812] rfkill_register+0x180/0x720 [ 632.572894][T11812] hci_register_dev+0x398/0x710 [ 632.572906][T11812] hci_uart_tty_ioctl+0x89e/0xa10 [ 632.572916][T11812] ? hci_uart_tty_write+0x10/0x10 [ 632.572926][T11812] tty_ioctl+0xf68/0x1710 [ 632.572936][T11812] ? tty_do_resize+0x170/0x170 [ 632.572945][T11812] ? avc_ss_reset+0x3a0/0x3a0 [ 632.572955][T11812] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 632.572963][T11812] ? refcount_inc_checked+0x50/0x50 [ 632.572973][T11812] ? memcg_check_events+0x5c/0x5b0 [ 632.572984][T11812] ? proc_fail_nth_write+0x1d5/0x240 [ 632.572994][T11812] ? proc_fail_nth_read+0x1c0/0x1c0 [ 632.573003][T11812] ? __lru_cache_add+0x1c4/0x210 [ 632.573011][T11812] ? memset+0x1f/0x40 [ 632.573019][T11812] ? fsnotify+0x1332/0x13f0 [ 632.573027][T11812] ? tty_do_resize+0x170/0x170 [ 632.573037][T11812] do_vfs_ioctl+0x76a/0x1720 [ 632.573047][T11812] ? selinux_file_ioctl+0x72f/0x990 [ 632.573057][T11812] ? ioctl_preallocate+0x250/0x250 [ 632.573068][T11812] ? __fget+0x37b/0x3c0 [ 632.573075][T11812] ? vfs_write+0x422/0x4e0 [ 632.573094][T11812] ? fget_many+0x20/0x20 [ 632.573103][T11812] ? debug_smp_processor_id+0x20/0x20 [ 632.573114][T11812] ? security_file_ioctl+0x9d/0xb0 [ 632.573124][T11812] __x64_sys_ioctl+0xd4/0x110 [ 632.573134][T11812] do_syscall_64+0xcb/0x1e0 [ 632.573144][T11812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 632.573152][T11812] RIP: 0033:0x4665f9 [ 632.573161][T11812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 632.573166][T11812] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 632.573176][T11812] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 632.573181][T11812] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 632.573186][T11812] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 632.573192][T11812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 16:20:16 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) sendto(r1, &(0x7f00000011c0)="17eaf7b518bc9ad5a13713b9cecfd7d3f67898ffcba2007c07b28d6cf916c3333e752716bb428d6abd02b6424529370eaca39fb3fd6dbcfc2b4088d986ea94a78176c79ec053b7b9cc08242b10fe718ca42dd74b552097f14102f2dc51d50502253f598fecede50835ce4eecf11aae5d960bc484de0a1cb2b4c77c13a185c8350683fdd029751e2d984929b5c9f2471a1c8d76b4df6590fd94e39c42e6b0152bfaad8df7", 0xa4, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000a, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0xeffd, 0x0, 0x1, 0x1}}) openat(r1, &(0x7f0000001280)='./file0\x00', 0x4262, 0xa) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000080)={{0x0, 0xaaec, 0x7, 0x81, 0x57, 0x81, 0x1, 0x9, 0x3, 0x100, 0x4, 0x5, 0x1, 0x4, 0x3}}) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000001080)={[0x1000]}, 0x8, 0x0) preadv(r2, &(0x7f0000001180)=[{&(0x7f00000010c0)=""/59, 0x3b}, {&(0x7f0000001100)=""/94, 0x5e}], 0x2, 0x7, 0xfbd) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x8, 0x3, 0x2, 0x4}}) [ 632.573197][T11812] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 632.574835][ T90] Bluetooth: hci0: Frame reassembly failed (-84) [ 632.607971][ T90] Bluetooth: hci1: Frame reassembly failed (-84) [ 632.635611][T11824] selection: kmalloc() failed 16:20:16 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 633.084403][T11828] selection: kmalloc() failed [ 634.607027][ T3432] Bluetooth: hci0: command 0x1003 tx timeout [ 634.613089][T10454] Bluetooth: hci0: sending frame failed (-49) [ 634.687090][ T3743] Bluetooth: hci1: command 0x1003 tx timeout [ 634.693127][T10454] Bluetooth: hci1: sending frame failed (-49) [ 636.687130][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 636.693148][T10454] Bluetooth: hci0: sending frame failed (-49) [ 636.767023][ T17] Bluetooth: hci1: command 0x1001 tx timeout [ 636.773144][T10454] Bluetooth: hci1: sending frame failed (-49) [ 638.766957][ T17] Bluetooth: hci0: command 0x1009 tx timeout [ 638.847205][ T17] Bluetooth: hci1: command 0x1009 tx timeout 16:20:25 executing program 3 (fault-call:2 fault-nth:48): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:20:25 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x200000004000) 16:20:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000180)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000140)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de", 0x65}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:20:25 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000180), 0x0) getpid() sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x2, 0x1, 0x0, 0x6}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000280)}, {&(0x7f0000000080)="0df1cb01c86d25b66d569bc0f7bc9ad896f98d0b50a4", 0x16}, {&(0x7f0000000340)="565d65115a296c959a6257d7ee2eae984603df871c7a0edfed4f30e23c68058db86df60a55f4b411a46626c8befe6e06af6947f84ee9ed11676d28eda0a32696082b7d7b8264ef4b2e2d27c357c532e7f42c46d83d7cd5b64f705a073f7c501af6de1e06de6d", 0x66}, {0x0}, {&(0x7f0000000500)="1fe08078addc6c928c364f3dd7587a47f8ecb8e207f581f1b89f30b2ac8e1082b4580fbf1e0d4e4950ad5432788d7a0fc7f4ac7b45beb6d7d947d1eaf07a451cf9d71649b24055e4574b93d141ddf6afcd3f9af9da0c27ec29af5c7abfae97e0d89a1e1278acf851e2d0de11f71f1703d6ac307a72d9d87061d3d25b932a7f0b213c8689b93339f6b18690d47154475f3341a87b4ed800bf5c46a4ccb473ad67be6e4eb25ae7684950f7a72503d218c518dbe110d13c725d3d5663b9a91c306807152573", 0xc4}], 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x3, 0x0, 0x0, 0x400}}) 16:20:25 executing program 2: ioctl$TIOCGRS485(0xffffffffffffffff, 0x542e, &(0x7f0000000040)) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000440)={@local, @mcast1, @mcast2, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x18c0100}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000004c0)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f00000002c0)={r2}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000055580)={0x7d6c, [{}, {}, {}, {}, {}, {r1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {0x0, 0x0}], 0x0, "3aaecd433d1656"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000049fc0)=ANY=[@ANYRES64=0x0, @ANYBLOB="d90d000000000000db0d0000000000000396035300000000ff000000001f0000190000000000000009000000000004000900000001800000040000003f000000010000000000000002000000000000001e0c000000100000ff07000000000000200000004a0000000000000000000000001800"/136]) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000004a080)={0x0, 0x0, "67f6139d82722475098c9532253c862862fe07e84efb583dd9551ba5f410232c97a240d9b53402104a1e623289afc13501336c64e8f752558c071e8d6810e46bde717c77829b976576aacf6f7000c6af9d2ed03ece02969028a8d3eeaf80d6a220b59f622a0001ab738691d39db424e1ef70cfbd8e0b151039c8029e823f7a0200b3c3fc451f2552dcd8c1dd32561eecff21fb8369253aa5415e00927ddb91a3960826178dd9a437b140bebd95802bd376b90d269be91103b9a503100320a8f199b32321e5427ae303f9be6ad9392a26f4138bcda31df8f28a942a0237967535c786ffce3105ec7682299bbe1f84193dd7c4e74e9c3077185dc96ad4810a7ff4", "875bf1799eb69e2b94a2c280abafbc5c3770084d1e8f3476a1428f87e840bd1128f66716b483e92677239f8841c51b3a5a8c9038a3e510f3c52daf2f9f3f6a33ebd1d19f2015ea7a95a149f7dc041cffe0c74f9a41ad0b40ad4f2452fda73d5c5d80cb71e549a5c985856fccaf9bc5228a23dc32c50947507cf0e8fe27953954a2d9d39a07152ef7304877a6d6b25ccb0aeaf1a3f0a48ba192d6727893a587e9af2286e35f2a25e144495c65333f0037c56a7a08494300d177f924b44108426e3c3526718470692b6218e4d4f9a2d769eb2ce4b1dd96c54601dd4dfb42c024c70b2f8d2ba74a35c8bcf02df57f079bfd9b9fb186ae9ce70cdd2392e9827abfb99f45b484220f18b7cc245e7f60e2639e0b3aca62177e905ea38bf362cafe1cd49fcfafc623375a0158b4396f879e3a9d7704e21f47b0a4a322f70e29f464fbc2a0d8d31cdee188f0eb67ef16faeeacfaec9f8c69333995fd1fb039185fd217b98253ecc5a3cd433e66ead54db4fbaf26aa58d9084a3a644abe95a99c6351dc9fd7be25ec7de46c79d92bb21eff5a029e3d9a2b29260e34bb5f402ce284482fd34da68157199a73fa12939c2216c176c6b7b1b8160c08fd1490c520ff85e9de6261c56c257bd0d4d36f2c1d06a4b1d700fd474a36aa4d7207ada292e6d5ac65d4af0b52378eb557a27857fb3afa63bca8303069326c064bc8469882d08b882db38b7444e937ee5ba5a25e4f65603b87e5548857b73dc71329bbedcc4f18130585844db5ad65103cfa38ddb61a56dd89e978bcc8a150b7625d39ef2a6e360e9e08ce7df059a1714b63c2a6104b01b94b4a5fd050ec79a84b5c71f6e7e3f4b0233356de192b20d165299fe230e4c81b2e4f2a8aa00b55d843e481f572bd8d710dd81c126f8d8c3460db6e5d1eeb617f8b372c68f6c9d28ed732a7885b515d698ded6f0e394b3e1188c95ca83808e7a1480f9b9d40c20525da214937e59aca531ed34783239d5fb1d1839a0091cf9a4b0b68863df8312fc32051c4582a459bde067ad9d0e1514cd845a25025486999327770bea1ae42db1956ea78ebcf8fdf814d6ccbb613c95c92e79012a3fdb5108cbff31e057c8e2c38c0d39ec713906da3aac31b7afadc27a7f276419fc1c5f1f07df1b268ff92442b563dd785d8f8db7ba5951906e76fec86801e4e67e4aa76d20b39a880049ff5897d2987549093c5c072eb90135473fc92601880cf7547c6584f2f6d204030a9b03009b59344fae3e5f0ce1ed950c443afd99c99ba65f95cc70e85dcff32b73d30d783d37c87124f5d412c0fff84d5aa5a7ec399969f553f09647a8dfc786d85d40ea77995c197dbff5aca628862e4904864400c1e849995797ac92c208b6dd8c3fc8f18439cf52177eae327ac2a76169b3cfa7d7776299f9d7c431405fa08608093a4e27c08ccb1c805c41640f8c8dd4f13687d150de5505647051e83cd1fd15aa6785532a2839eeeef21b98a2bf85e010c30ffbccdb84245a3a70b65b1a4299aafa018d486977256c52dfd05a08d479bcdcf95d3bfd35c9723d6c583385475374ec7b7d0387032a48597adec693b8d512e2088d6baf0cf4da6c774e7cb923a0fbb1b054d1f8e5bccddd37d22cea640e6ab68e66bae9ad86dcf698ae67ba17ba50d138bc3299b07fbcfdd02cd58d32889939a2ae4c888cc9ba7a1fc60ecfd7ef6b6f0b9817a9306623cba58a627983feafdae8aa97a8ab3094e85550393b7bcd32de5367edc110ba35196dc9cad17a1399f6aed372ffe74acae164b1e75fc04edcde483d9c8d3932c8beb524d503819e84aef4d1a85f06df9d7a1615703fdedb8705d9f63afd7396f2a8e8841212cd1a3dd4178e7023dceaa57755fb2bc5abb7f53d1882901689649c07d78edb7fe7c6f3dffc6613e1fc9e9c784ceac477ca79e8646ba64629f54a903ee8dd94c95e65dc8606ab58648fdf298a49c297a95734e24cce79b6728937a11c1426ec3f3392d85fdbbc713107fd9be903c7cb512d1972383edbf6389167d02e86f72566728fcc45b7a706da06d1334775d066c4e5da6b31aeeba788d483f8637b451d3e890de0e37bf2ec841eb5591aada99d6d1486ff3b242cea45e6fa4d76d5fa6c7d667966fc6a09b7739d819282e950e53eb4878bd72e7744a7e5bb6d8be16d0f3205782b0677b222e08ddf7a718e7cabad60c2890c3850fb260efc8c43a29c43b934652f97c7c24fc4550b33856af14aefaefcd32f68515dc23b4b98e7e218928d2f6f87ad048ff53a006128dd48272f6187f10131f7bce2eefe7cfaeddc4c77525cbbb07045cc74ab3f59caf22725af91df08dd61d930c382536ec13512ec721d996807f2388b453a96e37211d27f412ed8de8ce9ed1425e85674406bb95dd0afcae9f66b857ad92c0213a54c76ba8c7cc9f77c37b2cb2e0a045f3aae264c742fa9f8bc63bf1a9ab47dbef07fa1f7fe30ef74bfa1385debd240dc9290fcda93f16b7f4d7da1df0697ccb3f0e6254da48437b75a9fb89ca377e34a8f72bfbeee27b75dc13e757affc161a0358d51e02ce72160e726ae8f6b6346a19b2ffbe0f62fac10ad71a6d0099656a3e4e193dbc7cf76773372ffa583507e8a24a14f35c2c50338f371f2eb41351d062cfda9c97862cc0c4dcfdaa10d2e6cd91fedf22d3ab0f00c900613a00bf9ce9bf701034c8c562dd3b18a7670b9e84221f2b37639486cac1cdce4e04964907cf8d617303eb22dd59ea51084d891deaf22eb49a0adff38f5ccae794ff0f61286f2ec9d568dd59b29b35e6211db94ce7692528e1a1b83dad2967d82e30b2fade92dd97460cdf5cb648c358add758d13ec1edb04968e2721c3c7d48b5da98ef3cfdcb59658b82bc11aedb77c599817a7fface277dd5ab42703f40d0236bf76aa59169205532683c3f2128f601a2cf3d4555a03b0c26f2ea5e5024463298b137a18afcc48d9894e0ab69b5bd19e8115e090942acadbf0593e38ed739d8cb72920e2111d0e023464874c9f0021f9478336f08a920e5aa90b7deaf712b581fd818b0de74a9e6a9dda9b838908d8670ec61ae64adfa99d4705c0bb5d6b895cb6451ef385b76da4b128e7698f3c45363e1b9fec05e0b83fd2bbd18d5d3bb9907a12a23fd8002360d00f7729f6fea63632eff49f81d0b8d9cdd02256da23942e8686d428418479b3b9ad62d3a00856b3a68d731caa62ec60e2db9f336c8e7e1612b013f75e30ad83e7bcf00050a1c1af7391d56810487ef42967f6bb01494ce722c419bba4e9693269c77e1e703bbfdd64c97af983c4b851c7562dbcbe763e7ab4d1718345c9b5a8c0a01e2aa4a38cb1156d6446bb30b9136d8ab98a0418fdb09528e2a4817a4008808480e5937d2c3a202f0c6b7193cccce05c2bd50dcd859ce908f4d72607e3fe77802cded21db144ed60d83c9907468f50cd76bc30fabfb860a52cbedb3c738565168c37fec05b3ed016c399282706a377763c205d013f20777338a608f38a81a84577edcb1d065a9d987f7b4fb5f2409b910f83ca0d1256422cae808682d40566240df61864aa04e87ed8f62af50aa30c16597fb094e8a018470a7be2c1a31b2300b12dd87d0356a7e15f46e2a7e15b7310a2bcaec9f1c2a59628d854ad9efcc9c481aa09735b288bf14abc0e230374b634aa149bf31ebb0d02a2a8c30835764792bab9f23953b3f7d8cd905e4a6043cfe273d60f3ff13630093d310c5199714f2ea59731806295c84d289f870957aabca78884e295b3dba0da7822fd76f6f340a44e3e547de7a280bd5e5eeae6ca532d2d752f1335474c6857798808e1d0dfcd6b840208028940ce5145b0d9960873de934f69bb8c4d125800f8e4a626393b07fec2cb307efa76b3ae63b338175e338d16206ef080af03dc289666c5de10901b3714989c9264212c5d12f96030202b0b26ef5b5191b15049f7725ebd98a9cbcbe37fd8ac05cb26cbb823006caaf175d7049e0e59920d7d695a1127470608b16afa3aa9bb54f034a29a25aaa91d876cdcec1b5bdd9d91e1bf50198c4077e6bd1219185a1cf2b6c548801f4d1bbf791851d6d62738604f76641bc02bc10bde57f0bff2c477c0df74c815714d797b45c2e935d9b6e08e679569e1f8cd88e03bb1723ab5f8b0a27318a52bd40bf7b5c8ce497e60fcb492f8ac8402409418908f9b033b4819c2afe65ca9ccae34b8c1f54e6a86e5881b05b32e69b0f5d73b29ae88f85f88d2e6d7c67d31646c7a7872f3198723d3d098b61bd38fa88599bb2c05c5c3a9f4f28cb1c58c64b4653f7e0c5d716d81e355834c5ac4c6491bfe25e3b59531876ede2bbcc091671d809a85b43c21320813dcd9eb3642a9f45e3c03e72ca9bb5ee2592b6fecab15e8c560ed4956a4426a7e04a6cdab4251412abc3d8d12fd80ead223c077a28a60885634814b2ae2c37b88d8ef05a2df0c52fc020ebedaac290304bea43bc6f757b362b2c3b2575168a37c919e7983750ae0edc5fb18780f876aefe32a4ba6f396a49e06f08c54f1f62c4f51fbcf6d702b47c4a7142d3c1051043853361846f0754192aeee88e44f7d77014749c3d62665e70daa865243447d002e27088d9b8b6b92507cd082c46b2070d47b789ab36747b99769e16f7643cdd562384e8068ac90de076070857f32f338d90837c3fe3de3ee3c6e214eec2adce193eb681c8d19161bf9e5942e57842880e11a6a78cf28926ff236c0beef341004c3444bc461e9f10da78643622ab9cfebcde2d9ca73c8c3bc4f9b4efdd971db67030aa70aeec79f743a9aec5db82e14603633c571d7fc71e2d713dd3b06f6d6434434deba3c6e872f5368bd0024b1a0b7116e40b1b9204178eab9b8dc63b24ba34d27f69eae361f308b96e3827544fba2c6cd70cc3d5653a020de8ed739770b1e765c54a284a5f04a94d0569d358df7372b60c3758ebb1c457d53aabcd0d50f603b891829489e3be7248725cc152c7a46b70ea57023056d645fd96d1c344695e679951dfbb358931bb58f2fba2dbfc22ed226cb372cecaed1722000f010826e3b52abb81e20a7fa9212f520169d46b1b279bef11b4af6da1be3250f32b75fe3a163d7f220e5f08d0eda6ab9c3d87667e3d56c0a67a7e192769762b25927ee63b4de4a94af46e87d28fbbda7ac7f36f3becc8646f1dfb500ab62507ea1e2f9a5834e61e096134f0a028d6cc8095c48feea102e1004fcd652e56b675fe9b9d00083103cde2d5ccf0916e9c8031f70b62cb9a7e3f591d10f7749fcb923f670062fddd687352346adeeb9e4b229b9ca0ce283e75561f7719108fc5ca39f21395e90fbe5dfac8a7ce66e7ef83106020e49888c01d9f2abae538f29bd2f9f9ddbac876a39e14a5c73b9a9fb6b5065c20e3a62e54865547b6beea067b2d9ac5bca8"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004b080)={0x3e50121e, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {r5}, {0x0, r6}], 0x7, "4968f084ca9477"}) r7 = perf_event_open(&(0x7f000001d000)={0x2, 0x80, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 642.686874][T11817] BUG: scheduling while atomic: syz-executor.0/11817/0x00000002 [ 642.694589][T11817] Modules linked in: [ 642.698512][T11817] Preemption disabled at: [ 642.698523][T11817] [<0000000000000000>] 0x0 [ 642.707307][T11817] CPU: 1 PID: 11817 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 642.718916][T11817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000054380)={0x0, 0x0, "98b2d19d9c2c228cf3e817c8089d2d12dda8f36ec589a8c39daf3af99047843c3d648971a602011257de0ee8ccd5656bb0dea5857243a6a33129bdf63285682ef54a1ea80048c0e3ea18eb807ea5cdfd4af914efc922a140c54046e7d8e841d929cc1fb0717e4c0456baaf56dd496c07eff76cdca1c0f7663bbd782f13dc40954008de88f3719dabe3d80d598f19c0d6b4aba0937eb8b80ab8e4f89c8679a74d0731d32555cd3eca27ede714feec399c2e70da86c6024c3dc901ad7ca354be6c6f5cc1f86e5597400eddea8773ddec33a2c5056cad878544847ab22f481ae6d1d9c5ff6cd6ffbfadfd60ce4da6d9ad49a1134472e24f220a853572a849c09559", "53c7681156b52fac423aaf80eec3ce2cdf04e487df9a540b994636eae2d3ad20112a48b781d00479d8f00c1309a7121f51a97e84aa554376751ac8ae3bc006e09b9df064d6285424f0400dd4be64b9edf7b9062bbab590f9b8ad22acf350193e3b36746c2493b6a534b6501d88d596f96bd3363d61865c5880376a4650e8c439db6aad24aff916e82d78979e858b6a540e3923f6467580b03c915a3917f37ca5fe5a8c11554bd9fd194db035dd75793f1744b30734a3de14b265ff68044e3444e60b021175303d532e756fc53f8ee29eef06d2a093e76739779fcd44444feb7020e67fbb7588c8d57a4ef91e3415ca20dc16c48ce700f092e2b7f6768a30558483d3cbf1a351e1b2e9f309ffd61eccb37a4ea839331f147f60eb14e1c5197db0aa1bed927e52174a888ddbb64df2985459e96015da03f76b0c4f8278ea1d111a5cd6336189e46d1b9480edc189fd6f6851b1f442df4092d3ecd6b2496c7136568923dc931ea2cd590256db348a9b438703c5df370ad3cdaf357b3b8c5bec5f079f6ed4489540944524559cd5f72e8e49ac1e105055d8b60d1bb3e0c594d0aa135456f906e15f60002ee25f578310086c6e20fcccd69692c1d6018f895fa9942ab19590b85eef5334f2fcd20758fcba10e6a602684c32a86c670bb50406476d6a9160a37d846cf5c1c8915fa3f9efef7eeed89f89735a80655cf3f6472565e8f075aa558fb3d4e70491cff092a5fb0bdc4a862009bba4ff5d563eb1756e33e0c522d0e5e847100a9bf23dd747838a1fe95e31a03116f9054693a273ac8f12f1042a59a90d133ad24412e6fccc19fe6183fdabf83de6bf57166555154764e7fcc22fb9c34af70fedd40e9c56a10c3b9d155b6eabbb2d73ae669f3840bd0838bc55b24c7c60080e4da6a0418f44346e0cb0b11df27f9dd8b70a60ec04d896fd0f29e79c83e679a9fda74d28879f2a4dbda2cc5b82b3bc715919ae518f52a79c4e44a3e28d205f8d3bc778261e175ff6a200fde7d3f23fbb47d36b5c4323f01c35967b93cbb162621bd6e4feaa3b90709c7ba4b457eaf3041c325222ca76977594edd97beaf4d54d5799b30c29d3bc9fa5003429b1893291e99a6a9138f5e1da3ff1e74c979639f8f82ed2c504f10450d1d0cbf47179d0af4a813abf811b966ffa3fd0deed15badfcf7f948dc1a7c15a33ce1befe6910e03cdb4fc085c87fd6f82e557c99d9b8fc77140096f54eb66319a7710d7f2f66a0b8e4dbf227e1bba89ec473148002a0e45be36f47bef8dafa18c163e12625663007a59f622b97a6245886886e47f7c640bf44c8a4ead8dd5056561dbdbdf62270b7dea7d0072f41060a447c5a9eea15689ca5b6f8a861aeeeb235209821a98f32d3c7143b3b37904befe426ed22f6932d4006b2908323a517e66e1b48be4208a196f3689c5c33e0b3b84f1d29ebb384953054a14b27a4e87a0e2020ed547c18b680e2e9a4296897d51c95696c5e10f7985c5dc963d9890f19beb2598eab5e4c8e2645f3988ca0a3872bb63316e72f5e5c57013139a637a0b86eee9186f6860703a442c738bd4e60daa4ba978707e9965f5085e84ed9a0182084bcc6b77d258408e25c87ebae5c21e46f6bd48f6c03a0774a7808a976a01a6da734a79d17a1724138b51d967277fa0a1a6b76fe820759136458c40f3eed378c3c886137f21663bbb2159a1a0951275d2c8951a9f26d67114e08c86d3a17f2fad75ffb570651c1404f06a94b0478f52aa40d59f86e322a641d3dcb3d3f8e8e8106faf606152cd42eade61582de0c93761a84d7e38725dca87c0bd5f1164ee8cc9dd504c555278a9a36db49ca30522ead6e486e59cf6a74ec62f8654b95af57f2051c73d69b820cac0593139da6089ac263266b8639c1846e4b8495ee3c45a7bd4ed5f18885965fa01f7c335de11fbf09f74c76403633daec7d3f8389c5f9086b2aa80d229fab12b4f8f72f0bce27cdcc2fa3319030d0b5038bcf78d82abe913f017c1b2b96f90e951f6e1400cb30071a019432866e734f6f39220de9a0fe9d9d36fc1a655792e795eeb41949c7aeb42faa9204fb01bb12eadfc2ac8f58bfb431049d86c0d9690e20061a0ae05ee5c091bf5a748b69b7361d23be4e5843df730dec07fe801dc4722219bc9fe6d4d5a2d7079f694dfdeb6d8363668af05bbb6ce9dc284295d9b996848713dbed105744e3010a3fa3af7a80274fedd3e22bef30d0e29ee08ff34e9d48a38723908335eb47d63c09a6dd3ebf4cb2c823a6c14b2071208e6f19c842631b61a410e2221d095ffc5c0fed4c1a3b9004c0c75b02c989bd3a2839dacc4eea5bcf56d3acf26dce24f094046b3397336f12c26af884dd418c7e7921dcfe7d6eeb598f580588de45ccf54483025af54555964097ca387be875f8a32b290c7576e3b1f06abb3811d94257ce83225efdf2381bc6f2e2f9efdf48ec7149721095b3f53767be5adb8aa4239cd92ce2d489d048980eb37190694367c666f78c2cdbf86ec24144c0c03de98d696306809776e7d67addbbced40c51df6f78d75b5451a72f990d808451830899632dd234f330cad49d4f8115f513522c430c61360570badf2de938d86b1109e4ee4c974eb21db2ba867eb4531f01b6f232dc322ec3a15d5d32c84af1b354c13af5f861f64fa4fadf27479537210ad9973501215504c6a4627b4e8b07ad2176f8059881f935312b5d5434a2794c4a5fd331647aafed40433902265000f11f9fb4a2da0f6b9e72ebaa6fef6d944b209b9492f6cd1898baa564d1d9ae78d9f775efb27ef3516ce761f413358a20b4407d03ea54f112cd61a2fb3f3ad2c10ab7abfeec1e118a52d5a93fb4b04fe9197cc9b59fb804c3ebd31effa6bc1f7eb1a783550c08fd660f6c4b2190d03af5cf6ddb108983c86e238f0cc68a9427737d983c0c616463e906773c86e2459cd94405b40d36f9feabadf160d0ee983fdffbc5a51186b787caed3b8dee9d7c317cb7de2ef5fcecdca513244fcc6716658938b1e8ce81ac1a300a3124c0b3bdc8a6ad104ead63489e4bafd63971f2f324b58e75fdea9164b4c0cf94edf4404f30b6e6edf26996e6187547d289dee487d525af3792360f4b1b47ee9c9cf5f125dd115c2190c03311f3d7be019e5d5e80c18fb1448087f0a2d41922c45aaa259924a14253a4b017ec49cf905743215af6e27c8e72657d97fec024b9f0d0b5bd9a33579e5c341a681deb0007b1b0f2bf1cb5c8b76f39befa22ca5fb92138b5403e7647ea9a1d7c08273209eb765ffd21fb9b630798a022ef0ca6276c15c7189d7d7721634cd1187dbae6847eba6c73ee90a07863f83950e653ecc3257e49f8df9219c0494f2d7b787e43b496e5aa503fd24d01ba916b9859036d642bfb0acaaa12e539958a91583758f77e91b150cdde34421a29a5a9b1cb358d818c7aaac6c1740929c8d0a230f6f2aaba418a741bdd89279bc7f0d2e0b62e24da930a8d004d98eaf4376629c5024169def93be9cfce4c1780762d5c96c8a508337ca8d0b594e3b7f28a9aebc59911f7d8dfd736c5f8b090c1d2b95bba4899e58ef0bbb4a765fd703ec6ee55a6e202aead74fd39d2ec0d9b34773e00e6f477798982e36c20e21cb100f942f3dca5c73b631a5e860a8eeeb7404f6089dfeb0b78aee14d7a7332bc2c4fa3849c9a87d02f63890f00f653604e81d91f3bbd269f45395a27fa21242e89b9f52dbdd908eb17c896447de0b4ef10cb77cca4398465e44310d2174b207ac80c6f85b1e51c217180f328b1855ec18662c1c18702bc9b320de5de3843036b1d962feda2d0abc9e12b82ed4b995ef15404ef7df228f87ecd97e5cf7901881f05ef79f6e6cfcd82d3380ee2c6e426a32213b61024ab612c7174002e0cad8d96f2c4a0b4cabfdf56e0a809a62ad3b8b9a9467888757d2a4de2c77dcdcb8705396787bfd522e290611f3d518a9a992f3b231f66591454e1fd5a8d4a11f33b08b92ef75617fe33f8e84f278b2130baa1b3ac624589daf48f79d05e276508bba3a39ff9a3f41091cc34cb08f6347ec57a1538bac218f224895804d96469c4ce8096c7dcde1d29a3cb11af4cfb1b2ab93de9e731293eeca7fbd34ad0f9def9be2f2b36fb658548bc50b66fcfc970df3946bbdddf951fb8a0f1b248dda6ba415f02d5e2f9afa2ea04cda31fb0c8424216e3b3d3819e593e8934988d16a9ccd62b3b78c1ad541cf96aa73c23547d901fb8e3c520b070d58f4fd33af6ff3309ad70f71becb79e47685bf4689b032560ebdae1dfa11c6a5a6695f55cd86d22b47cec57c1d372171ab97c7fc4f82451e1d999003cc53f7882b5d900c54ba237de8ad8220a2f5a75802e26965bcc43c923d1c18710499514b2aeb6e8f11bcbd06bd6d5ae69a636fd214f74068752b0356e2b016c447562b2ffae593ba1b3bbc4badbd4c2ea43ff9917bfd43737f589d69e4cb0cc2bcb4f1adef41e1b44ab2230673c0cc5feead0842d0b827f3736552f8fd988acd67b866bef6533b7c965511d43f401f562fb815421aa40811125d1ecb7a0a4bf4157cc08eb50009402dc79d8c26376356d7dd8af4c2247744c51235b17bd9b1a4c34396a08467dd08b8f443684db4023bbd1903632ba9b6144cbea27f49f0c328d7ebe89255a24f7367670e16da3ff45ff75d10a1d3b125fd6885b5a6e4dcbedabc6c2e01943b1eb3d6cede3cae361b8061c3f265f42835bd40d4a850ec2b18b542dd57aaa2b8f4317cfdc61c5d16f5879d4ea49df628e0dd9a92571fb3f9f9f57a02ebf72ae69b1f94ed07df0e5303ad3cc2537d5e23eba4aef15465f43fb1ff609ba48bd6c91d181b54f9bc9d94579fb1321570912ecf66a6c26436111edb07251305a6f118b0c4f956dba383b8d2c3cd01f7a7c81217872d26b958c096e272e1dbdaa5656239885fa8a3bb176313b872e35e9228f2b22435fd794f37ba1502cae97078bf42e1abf1d4af254d5dcb6514799ceb2b49734405b58c505ce120c018b66affed3ac5dba1262a4694391d225772e51633a17c816e73ec3237487a32981042a38a66faadced222830897944af592adfe973faee1e91da7e0383c736d8b69d14a5af15be52c33054327fb9cd781bbc2ce3062ff7ee2af53d5da0b33f09964f34b07567dad636cbd9eee7975162c9c74968ef2e3eba1da0b24799e56d000334b7fdaee30405fd16f3d13776054f508f3a66e402fdadd58e637d9b5065b38037d3f5b00bee12263c922a46c04766a95e61a9d328026effcacbd539a7c1a1af831f18d5bcd32c3e97166160dc586b1db6d55a3a8d6b9e1fc1288862426d06c63914ed40aa6fcd65803ed0f041903b0d22b4131e635541044ccadbdd72b321d7a37923f66c6099a1689cb917b374f792ef984a3f54cd739"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000012c0)={0x0, ""/256, 0x0, 0x0}) r10 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCADDRT(r10, 0x89a0, &(0x7f0000000440)={@local, @mcast1, @mcast2, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x18c0100}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r10, 0x81f8943c, &(0x7f00000004c0)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f00000002c0)={r11}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r7, 0xd000943d, &(0x7f0000055580)={0x7d6c, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {0x0, r9}], 0x0, "3aaecd433d1656"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000050400)={0x6, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2, r9}], 0x6, "c73a103e52e79e"}) r12 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r12, 0x541c, &(0x7f0000000000)={0x2, {0x3}}) [ 642.723775][T11846] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 642.728973][T11817] Call Trace: [ 642.728990][T11817] dump_stack+0x1d8/0x24e [ 642.728999][T11817] ? devkmsg_release+0x11c/0x11c [ 642.729007][T11817] ? show_regs_print_info+0x12/0x12 [ 642.729021][T11817] ? check_preemption_disabled+0x9e/0x330 [ 642.739844][T11846] FAULT_INJECTION: forcing a failure. [ 642.739844][T11846] name failslab, interval 1, probability 0, space 0, times 0 [ 642.740580][T11817] ? debug_smp_processor_id+0x20/0x20 [ 642.780411][T11817] ? slab_free_freelist_hook+0x7b/0x150 [ 642.785940][T11817] ? kmem_cache_free+0xb8/0x5f0 [ 642.790768][T11817] __schedule_bug+0x1af/0x240 [ 642.795424][T11817] ? __migrate_task+0x160/0x160 [ 642.800251][T11817] ? _raw_spin_lock_irqsave+0xf8/0x210 [ 642.805705][T11817] ? _raw_spin_lock+0x1b0/0x1b0 [ 642.810561][T11817] __schedule+0xa42/0x1170 [ 642.814954][T11817] ? __pv_queued_spin_unlock_slowpath+0x290/0x290 [ 642.821347][T11817] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 642.827134][T11817] ? is_mmconf_reserved+0x420/0x420 [ 642.832318][T11817] ? check_preemption_disabled+0x9e/0x330 [ 642.837139][ T22] audit: type=1326 audit(1631031625.920:8656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11849 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 642.838127][T11817] ? debug_smp_processor_id+0x20/0x20 [ 642.838137][T11817] schedule+0x13b/0x1d0 [ 642.838152][T11817] lock_sock_nested+0x1ed/0x310 [ 642.876267][T11817] ? slab_free_freelist_hook+0x7b/0x150 [ 642.881787][T11817] ? sock_def_destruct+0x10/0x10 [ 642.886783][T11817] ? init_wait_entry+0xd0/0xd0 [ 642.891519][T11817] ? hci_send_to_sock+0x709/0x720 [ 642.896511][T11817] ? hci_sock_dev_event+0x274/0x570 [ 642.901681][T11817] hci_sock_dev_event+0x2da/0x570 [ 642.907043][T11817] hci_unregister_dev+0x2a5/0x13f0 [ 642.912213][T11817] ? rcu_sync_exit+0xc6/0x1a0 [ 642.916869][T11817] hci_uart_tty_close+0x1a2/0x220 [ 642.921864][T11817] ? hci_uart_tty_open+0x2d0/0x2d0 [ 642.926950][T11817] tty_ldisc_release+0x272/0x600 [ 642.931863][T11817] tty_release_struct+0x27/0xd0 [ 642.936687][T11817] tty_release+0xdd7/0x10a0 [ 642.941161][T11817] ? tty_release_struct+0xd0/0xd0 [ 642.946157][T11817] __fput+0x27d/0x6c0 [ 642.950114][T11817] task_work_run+0x186/0x1b0 [ 642.954676][T11817] prepare_exit_to_usermode+0x2b0/0x310 [ 642.960458][T11817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 642.966323][T11817] RIP: 0033:0x41940b [ 642.970194][T11817] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 642.989774][T11817] RSP: 002b:00007fff4cd0b720 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 642.998160][T11817] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000041940b [ 643.006106][T11817] RDX: 0000000000000000 RSI: ffffffff814e8f75 RDI: 0000000000000003 [ 643.014051][T11817] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b31220ef8 [ 643.021995][T11817] R10: 0000000000001929 R11: 0000000000000293 R12: 000000000056cb00 [ 643.030028][T11817] R13: 000000000056cb00 R14: 000000000056bf80 R15: 000000000009a6ed [ 643.037982][T11817] ? vprintk_emit+0x2f5/0x4c0 [ 643.045362][T11846] CPU: 1 PID: 11846 Comm: syz-executor.3 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 643.052673][T11817] ------------[ cut here ]------------ [ 643.056976][T11846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.056979][T11846] Call Trace: [ 643.056997][T11846] dump_stack+0x1d8/0x24e [ 643.057013][T11846] ? devkmsg_release+0x11c/0x11c [ 643.062473][T11817] DEBUG_LOCKS_WARN_ON(val > preempt_count()) [ 643.062511][T11817] WARNING: CPU: 0 PID: 11817 at kernel/sched/core.c:4019 preempt_count_sub+0x9c/0x160 [ 643.072494][T11846] ? show_regs_print_info+0x12/0x12 [ 643.075740][T11817] Modules linked in: [ 643.080223][T11846] ? selinux_kernfs_init_security+0x1b2/0x7e0 [ 643.085121][T11817] CPU: 0 PID: 11817 Comm: syz-executor.0 Tainted: G W 5.4.125-syzkaller-00016-gae94e015273b #0 [ 643.091068][T11846] should_fail+0x6f6/0x860 [ 643.100565][T11817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.105733][T11846] ? setup_fault_attr+0x3d0/0x3d0 [ 643.109596][T11817] RIP: 0010:preempt_count_sub+0x9c/0x160 [ 643.115627][T11846] ? _raw_spin_lock+0xa3/0x1b0 [ 643.127213][T11817] Code: 42 8a 04 30 84 c0 0f 85 89 00 00 00 83 3d 9f af 00 05 00 75 d3 48 c7 c7 80 cb aa 84 48 c7 c6 20 cc aa 84 31 c0 e8 54 33 f6 ff <0f> 0b eb ba e8 fb fe de 00 85 c0 74 b1 48 c7 c0 94 46 47 86 48 c1 [ 643.131601][T11846] ? __kernfs_new_node+0xdb/0x6d0 [ 643.141617][T11817] RSP: 0018:ffff888179897c48 EFLAGS: 00010246 [ 643.146634][T11846] should_failslab+0x5/0x20 [ 643.152254][T11817] RAX: 2210396074ba8300 RBX: 0000000000000001 RCX: ffff8881e6fecec0 [ 643.157077][T11846] kmem_cache_alloc+0x36/0x290 [ 643.176657][T11817] RDX: 0000000000000000 RSI: 00000000000020f0 RDI: 0000000000000001 [ 643.181741][T11846] __kernfs_new_node+0xdb/0x6d0 [ 643.187767][T11817] RBP: 0000000000000001 R08: ffffffff814e8e0f R09: fffffbfff0dcd2da [ 643.192250][T11846] ? mutex_lock+0xa6/0x110 [ 643.200184][T11817] R10: fffffbfff0dcd2da R11: 0000000000000000 R12: ffff88819ce59800 [ 643.204915][T11846] ? kernfs_new_node+0x160/0x160 [ 643.212849][T11817] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff8881e4728000 [ 643.217669][T11846] ? kernfs_activate+0x3fc/0x420 [ 643.225608][T11817] FS: 00000000016db400(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 643.229991][T11846] kernfs_new_node+0x95/0x160 [ 643.237937][T11817] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 643.242844][T11846] __kernfs_create_file+0x45/0x260 [ 643.250780][T11817] CR2: 0000001b2e322000 CR3: 000000019ae65000 CR4: 00000000001406f0 [ 643.255684][T11846] sysfs_add_file_mode_ns+0x293/0x340 [ 643.264577][T11817] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 643.269311][T11846] internal_create_group+0x560/0xf10 [ 643.275874][T11817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 643.280956][T11846] ? sysfs_create_group+0x20/0x20 [ 643.288896][T11817] Call Trace: [ 643.294240][T11846] sysfs_create_groups+0x5d/0x130 [ 643.302190][T11817] _raw_read_unlock+0x21/0x40 [ 643.307444][T11846] device_add+0xa51/0x18a0 [ 643.315392][T11817] hci_unregister_dev+0x2a5/0x13f0 [ 643.320471][T11846] ? get_device+0x30/0x30 [ 643.323842][T11817] ? rcu_sync_exit+0xc6/0x1a0 [ 643.328834][T11846] ? mutex_lock+0xa6/0x110 [ 643.333477][T11817] hci_uart_tty_close+0x1a2/0x220 [ 643.337856][T11846] ? virtual_device_parent+0x50/0x50 [ 643.343020][T11817] ? hci_uart_tty_open+0x2d0/0x2d0 [ 643.347316][T11846] ? device_initialize+0x1d3/0x3e0 [ 643.351961][T11817] tty_ldisc_release+0x272/0x600 [ 643.356452][T11846] rfkill_register+0x180/0x720 [ 643.361442][T11817] tty_release_struct+0x27/0xd0 [ 643.366699][T11846] hci_register_dev+0x398/0x710 [ 643.371789][T11817] tty_release+0xdd7/0x10a0 [ 643.376866][T11846] hci_uart_tty_ioctl+0x89e/0xa10 [ 643.381783][T11817] ? tty_release_struct+0xd0/0xd0 [ 643.386514][T11846] ? hci_uart_tty_write+0x10/0x10 [ 643.391337][T11817] __fput+0x27d/0x6c0 [ 643.396155][T11846] tty_ioctl+0xf68/0x1710 [ 643.400627][T11817] task_work_run+0x186/0x1b0 [ 643.405618][T11846] ? tty_do_resize+0x170/0x170 [ 643.410610][T11817] prepare_exit_to_usermode+0x2b0/0x310 [ 643.415598][T11846] ? avc_ss_reset+0x3a0/0x3a0 [ 643.419548][T11817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 643.423843][T11846] ? refcount_sub_and_test_checked+0x1b6/0x290 [ 643.428397][T11817] RIP: 0033:0x41940b [ 643.433142][T11846] ? refcount_inc_checked+0x50/0x50 [ 643.438669][T11817] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 643.443316][T11846] ? memcg_check_events+0x5c/0x5b0 [ 643.449171][T11817] RSP: 002b:00007fff4cd0b720 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 643.455298][T11846] ? proc_fail_nth_write+0x1d5/0x240 [ 643.459154][T11817] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000041940b [ 643.464324][T11846] ? proc_fail_nth_read+0x1c0/0x1c0 [ 643.483982][T11817] RDX: 0000000000000000 RSI: ffffffff814e8f75 RDI: 0000000000000003 [ 643.489062][T11846] ? __lru_cache_add+0x1c4/0x210 [ 643.497447][T11817] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b31220ef8 [ 643.502873][T11846] ? memset+0x1f/0x40 16:20:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) [ 643.510813][T11817] R10: 0000000000001929 R11: 0000000000000293 R12: 000000000056cb00 [ 643.515992][T11846] ? fsnotify+0x1332/0x13f0 [ 643.523935][T11817] R13: 000000000056cb00 R14: 000000000056bf80 R15: 000000000009a6ed [ 643.528841][T11846] ? tty_do_resize+0x170/0x170 [ 643.536797][T11817] ? vprintk_emit+0x2f5/0x4c0 [ 643.540751][T11846] do_vfs_ioctl+0x76a/0x1720 [ 643.548690][T11817] ---[ end trace 29ff4953ee019012 ]--- [ 643.553182][T11846] ? selinux_file_ioctl+0x72f/0x990 16:20:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6) 16:20:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) 16:20:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8) [ 643.586132][T11846] ? ioctl_preallocate+0x250/0x250 [ 643.586144][T11846] ? __fget+0x37b/0x3c0 [ 643.586152][T11846] ? vfs_write+0x422/0x4e0 [ 643.586163][T11846] ? fget_many+0x20/0x20 [ 643.586177][T11846] ? debug_smp_processor_id+0x20/0x20 [ 643.586189][T11846] ? security_file_ioctl+0x9d/0xb0 [ 643.586199][T11846] __x64_sys_ioctl+0xd4/0x110 16:20:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 643.586211][T11846] do_syscall_64+0xcb/0x1e0 [ 643.586222][T11846] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 643.586230][T11846] RIP: 0033:0x4665f9 [ 643.586239][T11846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 643.586244][T11846] RSP: 002b:00007fe7063c1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 16:20:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xa) 16:20:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) [ 643.586253][T11846] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 [ 643.586259][T11846] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 643.586264][T11846] RBP: 00007fe7063c11d0 R08: 0000000000000000 R09: 0000000000000000 [ 643.586269][T11846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 643.586275][T11846] R13: 00007ffdc42f8e5f R14: 00007fe7063c1300 R15: 0000000000022000 [ 643.589210][ T22] audit: type=1326 audit(1631031626.660:8657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=11850 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4665f9 code=0x0 [ 643.618433][T11854] selection: kmalloc() failed [ 643.840808][T11884] selection: kmalloc() failed [ 645.646627][ T3432] Bluetooth: hci0: command 0x1003 tx timeout [ 645.652798][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 647.726541][ T3432] Bluetooth: hci0: command 0x1001 tx timeout [ 647.732560][ T4171] Bluetooth: hci0: sending frame failed (-49) [ 649.806523][ T3281] Bluetooth: hci0: command 0x1009 tx timeout