d9ef0ee3bfd04446fd066f09ffd6a128c1f531e35d9102") ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) syslog(0x9, &(0x7f0000000100)=""/202, 0xca) [ 1117.290272] Bluetooth: hci11 sending frame failed (-49) [ 1117.727062] kauditd_printk_skb: 24400 callbacks suppressed [ 1117.727071] audit: type=1326 audit(1599173860.125:1153450): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30695 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1117.755104] audit: type=1326 audit(1599173860.125:1153451): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30695 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1117.779128] audit: type=1326 audit(1599173860.125:1153452): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30695 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1117.801233] audit: type=1326 audit(1599173860.125:1153453): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30695 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:57:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0x2}], 0x58) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000280)={0x1, 0x2, 0x0, 'queue1\x00', 0x80}) read$sequencer(r1, &(0x7f0000000100)=""/215, 0xd7) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1117.842067] audit: type=1326 audit(1599173860.125:1153454): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30695 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1117.865314] audit: type=1326 audit(1599173860.125:1153455): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30695 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1117.890655] audit: type=1326 audit(1599173860.125:1153456): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30695 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1117.915222] audit: type=1326 audit(1599173860.125:1153457): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30654 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1117.940674] Bluetooth: hci12: Frame reassembly failed (-84) [ 1117.953466] Bluetooth: hci12: Frame reassembly failed (-84) [ 1117.953508] audit: type=1326 audit(1599173860.125:1153458): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30654 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1117.981582] audit: type=1326 audit(1599173860.125:1153459): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30654 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:57:40 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, 0x0}) [ 1118.216686] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1118.216699] Bluetooth: hci9 command 0xfc11 tx timeout [ 1118.223415] Bluetooth: hci3 command 0xfc11 tx timeout [ 1118.228690] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1118.233936] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:57:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDGKBENT(r2, 0x4b46, &(0x7f0000000240)={0x0, 0xb7, 0x101}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f0000000000)='./file0\x00', r4, 0x0) mount$9p_rdma(&(0x7f0000000100)='127.0.0.1\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xe4, &(0x7f00000001c0)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@rq={'rq'}}], [{@fowner_lt={'fowner<', r4}}, {@dont_hash='dont_hash'}]}}) [ 1118.298658] Bluetooth: hci10 command 0x1003 tx timeout [ 1118.324812] Bluetooth: hci10 sending frame failed (-49) [ 1118.348915] Bluetooth: hci3: Frame reassembly failed (-84) [ 1118.411284] Bluetooth: hci8: Frame reassembly failed (-84) [ 1118.417340] Bluetooth: hci8: Frame reassembly failed (-84) 22:57:41 executing program 4: sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000000c06030000000000000000000a0000060900020073797a310500010007000000050001000700000005000100070000000900020073397a3100000000"], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x85) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1119.336687] Bluetooth: hci11 command 0xfc11 tx timeout [ 1119.342142] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1119.452088] Bluetooth: hci9 sending frame failed (-49) [ 1119.979235] Bluetooth: hci12 command 0xfc11 tx timeout [ 1119.984571] Bluetooth: hci12: Entering manufacturer mode failed (-110) 22:57:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) [ 1120.376644] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1120.376655] Bluetooth: hci3 command 0xfc11 tx timeout [ 1120.383573] Bluetooth: hci10 command 0x1001 tx timeout 22:57:42 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r1}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000200)={'ip_vti0\x00', &(0x7f0000000100)={'gretap0\x00', 0x0, 0x40, 0x40, 0x4, 0x0, {{0x25, 0x4, 0x2, 0x6, 0x94, 0x65, 0x0, 0x4, 0x4, 0x0, @multicast2, @rand_addr=0x64010102, {[@ssrr={0x89, 0xb, 0x8e, [@loopback, @dev={0xac, 0x14, 0x14, 0xf}]}, @end, @timestamp_prespec={0x44, 0x1c, 0x70, 0x3, 0x2, [{@multicast1, 0xab}, {@local, 0x100}, {@local, 0xfffffffa}]}, @rr={0x7, 0x17, 0xf7, [@rand_addr=0x64010100, @empty, @local, @dev={0xac, 0x14, 0x14, 0x34}, @local]}, @generic={0x7, 0x8, "882ae093f0ae"}, @rr={0x7, 0x27, 0x9d, [@multicast2, @multicast1, @private=0xa010102, @loopback, @rand_addr=0x64010101, @rand_addr=0x64010100, @empty, @rand_addr=0x64010102, @broadcast]}, @lsrr={0x83, 0xf, 0x41, [@multicast1, @remote, @private=0xa010102]}]}}}}}) r5 = socket(0x11, 0x800000003, 0x0) bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) r8 = socket(0x11, 0x800000003, 0x0) bind(r8, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r8, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000340)={'wg0\x00', 0x0}) sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f0000000540)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)={0x148, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x40000}, 0x8810) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f00000001c0)='reiserfs\x00', &(0x7f0000000280)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="6572528372733d636f6e74696e75652c005bd88272a6b93488e6cf5898705d70ccd74f35c35c42d7de31b1b7a54d128f53c3774906340a76a38d7e75a8325a11fff3994a37179a7f3b00129a29ce11b2b23405fbb09841df8cf4654ab635ee9e4d1406569e8db2483e970defb9a32982e2f7a225d8113d5e77234b59e0255399f1368ca845c024cce3"]) ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000000)={0x10001, 0x4, 0x9, 0x6, 0x13de08dc, 0x400}) 22:57:42 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDGKBENT(r2, 0x4b46, &(0x7f0000000240)={0x0, 0xb7, 0x101}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f0000000000)='./file0\x00', r4, 0x0) mount$9p_rdma(&(0x7f0000000100)='127.0.0.1\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0xe4, &(0x7f00000001c0)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@rq={'rq'}}], [{@fowner_lt={'fowner<', r4}}, {@dont_hash='dont_hash'}]}}) [ 1120.435260] Bluetooth: hci10 sending frame failed (-49) [ 1120.456655] Bluetooth: hci8 command 0xfc11 tx timeout [ 1120.456755] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1120.503272] Bluetooth: hci3: Frame reassembly failed (-84) [ 1120.564089] Bluetooth: hci8: Frame reassembly failed (-84) [ 1120.595397] REISERFS warning (device loop3): super-6502 reiserfs_getopt: unknown mount option "erRƒrs=continue" 22:57:43 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r1}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000200)={'ip_vti0\x00', &(0x7f0000000100)={'gretap0\x00', 0x0, 0x40, 0x40, 0x4, 0x0, {{0x25, 0x4, 0x2, 0x6, 0x94, 0x65, 0x0, 0x4, 0x4, 0x0, @multicast2, @rand_addr=0x64010102, {[@ssrr={0x89, 0xb, 0x8e, [@loopback, @dev={0xac, 0x14, 0x14, 0xf}]}, @end, @timestamp_prespec={0x44, 0x1c, 0x70, 0x3, 0x2, [{@multicast1, 0xab}, {@local, 0x100}, {@local, 0xfffffffa}]}, @rr={0x7, 0x17, 0xf7, [@rand_addr=0x64010100, @empty, @local, @dev={0xac, 0x14, 0x14, 0x34}, @local]}, @generic={0x7, 0x8, "882ae093f0ae"}, @rr={0x7, 0x27, 0x9d, [@multicast2, @multicast1, @private=0xa010102, @loopback, @rand_addr=0x64010101, @rand_addr=0x64010100, @empty, @rand_addr=0x64010102, @broadcast]}, @lsrr={0x83, 0xf, 0x41, [@multicast1, @remote, @private=0xa010102]}]}}}}}) r5 = socket(0x11, 0x800000003, 0x0) bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) r8 = socket(0x11, 0x800000003, 0x0) bind(r8, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r8, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000340)={'wg0\x00', 0x0}) sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f0000000540)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)={0x148, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x40000}, 0x8810) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f00000001c0)='reiserfs\x00', &(0x7f0000000280)='./bus\x00', 0x0, 0x0, &(0x7f00000006c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="6572528372733d636f6e74696e75652c005bd88272a6b93488e6cf5898705d70ccd74f35c35c42d7de31b1b7a54d128f53c3774906340a76a38d7e75a8325a11fff3994a37179a7f3b00129a29ce11b2b23405fbb09841df8cf4654ab635ee9e4d1406569e8db2483e970defb9a32982e2f7a225d8113d5e77234b59e0255399f1368ca845c024cce3"]) ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000000)={0x10001, 0x4, 0x9, 0x6, 0x13de08dc, 0x400}) 22:57:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x3f, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff8000000008003950323030302e4c82cc0b115180b7697966146d08e431c419b558906d16cd961a2bb8af6df853f4ec1315dd4504aa415fb06373a4581a960cc8929f1cde03568f2118e65e32dc2e24e565d6c989f593961ce8f81ca6210ddd8dce5d36aacfacb852da32b5b56094953985e3775dadca2faba238400c1aeec61b0322b9308baf38c120d834fae1c52a2da0e543440a6dda8ef6166325a400"/174], 0x15) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xe) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1120.833884] REISERFS warning (device loop3): super-6502 reiserfs_getopt: unknown mount option "erRƒrs=continue" [ 1120.940508] Bluetooth: hci11: Frame reassembly failed (-84) [ 1120.978561] Bluetooth: hci12: Frame reassembly failed (-84) [ 1121.496618] Bluetooth: hci9 command 0xfc11 tx timeout [ 1121.501941] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1122.456736] Bluetooth: hci10 command 0x1009 tx timeout [ 1122.536661] Bluetooth: hci3 command 0xfc11 tx timeout [ 1122.536689] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1122.616629] Bluetooth: hci8 command 0xfc11 tx timeout [ 1122.620444] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1122.936704] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1122.936761] Bluetooth: hci11 command 0xfc11 tx timeout [ 1123.016961] Bluetooth: hci12 command 0xfc11 tx timeout [ 1123.027614] Bluetooth: hci12: Entering manufacturer mode failed (-110) 22:57:49 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 22:57:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0x2}], 0x58) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000280)={0x1, 0x2, 0x0, 'queue1\x00', 0x80}) read$sequencer(r1, &(0x7f0000000100)=""/215, 0xd7) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:57:49 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x141c01, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ttyprintk\x00', 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x0) 22:57:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) 22:57:49 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc1004111, &(0x7f0000000440)={0x2, [0x9, 0x1, 0x6], [{0xffff, 0x840, 0x1, 0x0, 0x0, 0x1}, {0x10001, 0xc2b1, 0x1, 0x0, 0x0, 0x1}, {0x7, 0x0, 0x0, 0x0, 0x1, 0x1}, {0xa8, 0x1, 0x0, 0x1, 0x1}, {0x10000, 0x7f0f, 0x1}, {0x7, 0x80000001, 0x1, 0x1, 0x1, 0x1}, {0x5, 0xdd, 0x1, 0x1}, {0x101, 0x4, 0x1}, {0x3, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x2, 0x5, 0x1}, {0x0, 0x2a8, 0x0, 0x1, 0x1}, {0x9, 0x6, 0x0, 0x0, 0x1}], 0x6}) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:57:49 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) semop(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x80ffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1126.913492] Bluetooth: hci8: Frame reassembly failed (-84) [ 1126.929131] Bluetooth: hci9: Frame reassembly failed (-84) [ 1126.935090] Bluetooth: hci9: Frame reassembly failed (-84) [ 1126.946621] Bluetooth: hci10 sending frame failed (-49) [ 1127.004729] kauditd_printk_skb: 26736 callbacks suppressed [ 1127.004738] audit: type=1326 audit(1599173869.415:1180196): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1127.049500] audit: type=1326 audit(1599173869.415:1180197): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1127.072334] audit: type=1326 audit(1599173869.415:1180198): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1127.101027] audit: type=1326 audit(1599173869.415:1180199): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1127.167051] audit: type=1326 audit(1599173869.415:1180200): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1127.355485] audit: type=1326 audit(1599173869.415:1180201): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1127.441307] audit: type=1326 audit(1599173869.415:1180202): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1127.469402] audit: type=1326 audit(1599173869.415:1180203): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1127.497869] audit: type=1326 audit(1599173869.415:1180204): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1127.526098] audit: type=1326 audit(1599173869.415:1180205): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30828 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:57:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) semop(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x80ffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1127.785499] Bluetooth: hci13 sending frame failed (-49) [ 1128.936651] Bluetooth: hci3 command 0x1003 tx timeout [ 1128.936935] Bluetooth: hci9 command 0xfc11 tx timeout [ 1128.941914] Bluetooth: hci3 sending frame failed (-49) [ 1128.947143] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1128.947232] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1128.952475] Bluetooth: hci9: Entering manufacturer mode failed (-110) 22:57:51 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) [ 1129.016645] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1129.021719] Bluetooth: hci11 command 0xfc11 tx timeout [ 1129.100248] Bluetooth: hci8: Frame reassembly failed (-84) 22:57:52 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="2e0000000600000000000000000000000500000000000000010000000000000005000000000000005c5c2a5e5d00"], 0x2e) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000140)={[], 0x3, 0x80000001, 0x47a, 0x0, 0x5, 0xffffffffffffffff}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1129.736581] Bluetooth: hci12 command 0xfc11 tx timeout [ 1129.740403] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1129.816609] Bluetooth: hci13 command 0xfc11 tx timeout [ 1129.822013] Bluetooth: hci13: Entering manufacturer mode failed (-110) [ 1129.851391] Bluetooth: hci9: Frame reassembly failed (-84) 22:57:52 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) semop(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x80ffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:57:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0x2}], 0x58) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000280)={0x1, 0x2, 0x0, 'queue1\x00', 0x80}) read$sequencer(r1, &(0x7f0000000100)=""/215, 0xd7) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1130.222008] Bluetooth: hci10: Frame reassembly failed (-84) [ 1130.248870] Bluetooth: hci11: Frame reassembly failed (-84) 22:57:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) semop(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x80ffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1131.024754] Bluetooth: hci3 command 0x1001 tx timeout [ 1131.033200] Bluetooth: hci3 sending frame failed (-49) [ 1131.041133] print_req_error: I/O error, dev loop1, sector 0 [ 1131.083144] Bluetooth: hci12: Frame reassembly failed (-84) [ 1131.177506] Bluetooth: hci8 command 0xfc11 tx timeout [ 1131.182810] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1131.896679] Bluetooth: hci9 command 0xfc11 tx timeout [ 1131.896683] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1132.008760] kauditd_printk_skb: 20117 callbacks suppressed [ 1132.008769] audit: type=1326 audit(1599173874.415:1200323): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30915 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.036272] audit: type=1326 audit(1599173874.415:1200324): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30904 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.059276] audit: type=1326 audit(1599173874.415:1200325): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30915 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.081286] audit: type=1326 audit(1599173874.415:1200326): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30904 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.103177] audit: type=1326 audit(1599173874.415:1200327): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30915 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.125112] audit: type=1326 audit(1599173874.415:1200328): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30904 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.147103] audit: type=1326 audit(1599173874.415:1200329): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30915 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.169026] audit: type=1326 audit(1599173874.415:1200330): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30904 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.191441] audit: type=1326 audit(1599173874.415:1200331): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30915 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.213348] audit: type=1326 audit(1599173874.415:1200332): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30904 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1132.306582] Bluetooth: hci11 command 0xfc11 tx timeout [ 1132.311992] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1132.317313] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1132.320727] Bluetooth: hci10 command 0xfc11 tx timeout [ 1133.096725] Bluetooth: hci3 command 0x1009 tx timeout [ 1133.096864] Bluetooth: hci12 command 0xfc11 tx timeout [ 1133.102025] Bluetooth: hci12: Entering manufacturer mode failed (-110) 22:57:59 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 22:57:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x50000}]}) 22:57:59 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_S_PARM(r2, 0xc0cc5616, &(0x7f0000000100)={0x2, @capture={0x0, 0x0, {0x1ff}, 0x4, 0x7f}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:57:59 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0x2}], 0x58) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000280)={0x1, 0x2, 0x0, 'queue1\x00', 0x80}) read$sequencer(r1, &(0x7f0000000100)=""/215, 0xd7) 22:57:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) semop(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x80ffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:57:59 executing program 1 (fault-call:19 fault-nth:0): socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1137.153272] Bluetooth: hci8: Frame reassembly failed (-84) [ 1137.161091] Bluetooth: hci9: Frame reassembly failed (-84) [ 1137.170078] Bluetooth: hci3: Frame reassembly failed (-84) [ 1137.220609] kauditd_printk_skb: 9005 callbacks suppressed [ 1137.220617] audit: type=1326 audit(1599173879.635:1209338): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1137.290931] audit: type=1326 audit(1599173879.635:1209339): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.315433] audit: type=1326 audit(1599173879.635:1209340): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.468503] audit: type=1326 audit(1599173879.635:1209341): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.550399] audit: type=1326 audit(1599173879.635:1209342): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.574616] audit: type=1326 audit(1599173879.635:1209343): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.602239] audit: type=1326 audit(1599173879.635:1209344): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.627911] audit: type=1326 audit(1599173879.635:1209345): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.655606] audit: type=1326 audit(1599173879.635:1209346): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.702612] audit: type=1326 audit(1599173879.635:1209347): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=30983 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1137.937262] FAULT_INJECTION: forcing a failure. [ 1137.937262] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1137.949083] CPU: 0 PID: 31015 Comm: syz-executor.1 Not tainted 4.14.196-syzkaller #0 [ 1137.956960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1137.966303] Call Trace: [ 1137.968886] dump_stack+0x1b2/0x283 [ 1137.972532] should_fail.cold+0x10a/0x154 [ 1137.976677] get_futex_key+0x82a/0x1160 [ 1137.980654] ? futex_lock_pi_atomic+0x2e0/0x2e0 [ 1137.985315] futex_wake+0xc6/0x3c0 [ 1137.988845] ? get_futex_key+0x1160/0x1160 [ 1137.993068] ? kernel_text_address+0xbd/0xf0 [ 1137.997471] do_futex+0x287/0x1930 [ 1138.001017] ? __lock_acquire+0x5fc/0x3f20 [ 1138.005265] ? futex_exit_release+0x220/0x220 [ 1138.009768] ? lock_acquire+0x170/0x3f0 [ 1138.013731] ? futex_exit_release+0x26/0x220 [ 1138.018136] ? trace_hardirqs_on+0x10/0x10 [ 1138.022362] ? futex_exit_release+0x26/0x220 [ 1138.026778] ? __mutex_lock+0x360/0x1310 [ 1138.030826] ? __delayacct_add_tsk+0x4b1/0x5b0 [ 1138.035394] ? __might_fault+0x104/0x1b0 [ 1138.039472] ? exit_mm_release+0x16/0x30 [ 1138.043523] ? lock_downgrade+0x740/0x740 [ 1138.047661] SyS_futex+0x1da/0x290 [ 1138.051190] ? lock_acquire+0x170/0x3f0 [ 1138.055154] ? do_futex+0x1930/0x1930 [ 1138.058951] mm_release+0x250/0x2d0 [ 1138.062579] do_exit+0x56f/0x27f0 [ 1138.066049] ? mm_update_next_owner+0x5b0/0x5b0 [ 1138.070808] ? get_signal+0x323/0x1ca0 [ 1138.074686] ? lock_acquire+0x170/0x3f0 [ 1138.078652] ? lock_downgrade+0x740/0x740 [ 1138.082791] do_group_exit+0x100/0x2e0 [ 1138.086666] get_signal+0x38d/0x1ca0 [ 1138.090371] ? get_pid_task+0xb8/0x130 [ 1138.094270] do_signal+0x7c/0x1550 [ 1138.097814] ? fsnotify+0x8c5/0x1140 [ 1138.101524] ? __vfs_write+0xec/0x630 [ 1138.105317] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1138.110234] ? SyS_write+0x1b7/0x210 [ 1138.113936] ? setup_sigcontext+0x820/0x820 [ 1138.118248] ? compat_poll_select_copy_remaining+0x2c0/0x2c0 [ 1138.124035] ? lock_downgrade+0x740/0x740 [ 1138.128175] ? vfs_write+0x35d/0x4d0 [ 1138.131884] ? SyS_pselect6+0x2dd/0x3c0 [ 1138.135846] ? SyS_select+0x170/0x170 [ 1138.139642] ? fput+0xb/0x140 [ 1138.142741] ? exit_to_usermode_loop+0x41/0x200 [ 1138.147401] exit_to_usermode_loop+0x160/0x200 [ 1138.151973] do_syscall_64+0x4a3/0x640 [ 1138.155855] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1138.161039] RIP: 0033:0x45d5b9 [ 1138.164216] RSP: 002b:00007f2f3caa8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1138.171908] RAX: fffffffffffffdfe RBX: 0000000000025a00 RCX: 000000000045d5b9 [ 1138.179166] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040 [ 1138.186440] RBP: 00007f2f3caa8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1138.193715] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000000 [ 1138.200969] R13: 00007ffc409a32ff R14: 00007f2f3caa99c0 R15: 000000000118d12c 22:58:00 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x54, 0xfa00, {&(0x7f0000000100), 0x8, {0xa, 0x4e23, 0x5, @ipv4={[], [], @broadcast}, 0x420}}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:01 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0xbfe2, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0) [ 1139.176666] Bluetooth: hci3 command 0xfc11 tx timeout [ 1139.186613] Bluetooth: hci9 command 0x1003 tx timeout [ 1139.191968] Bluetooth: hci8 command 0xfc11 tx timeout [ 1139.191994] Bluetooth: hci9 sending frame failed (-49) [ 1139.197228] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1139.204930] Bluetooth: hci8: Entering manufacturer mode failed (-110) 22:58:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0x2}], 0x58) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000280)={0x1, 0x2, 0x0, 'queue1\x00', 0x80}) read$sequencer(r1, &(0x7f0000000100)=""/215, 0xd7) [ 1139.256736] Bluetooth: hci10 command 0xfc11 tx timeout [ 1139.262553] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1139.266630] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1139.272301] Bluetooth: hci11 command 0xfc11 tx timeout 22:58:01 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x50000}]}) 22:58:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x50000}]}) [ 1139.682514] Bluetooth: hci8: Frame reassembly failed (-84) [ 1139.688438] Bluetooth: hci8: Frame reassembly failed (-84) 22:58:02 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) getsockname$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, @multicast1}, &(0x7f00000003c0)=0x10) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x59, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1141.256650] Bluetooth: hci9 command 0x1001 tx timeout [ 1141.261984] Bluetooth: hci9 sending frame failed (-49) [ 1141.336550] Bluetooth: hci3 command 0xfc11 tx timeout [ 1141.346569] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1141.736538] Bluetooth: hci8 command 0xfc11 tx timeout [ 1141.736543] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1143.336605] Bluetooth: hci9 command 0x1009 tx timeout 22:58:09 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0xc0000, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000140)={0x1ff, 0x8008, 0x3, 0x9}, &(0x7f0000000180)=0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:09 executing program 3: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0xbfe2, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0) 22:58:09 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x6}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:09 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0x2}], 0x58) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000280)={0x1, 0x2, 0x0, 'queue1\x00', 0x80}) read$sequencer(r1, &(0x7f0000000100)=""/215, 0xd7) 22:58:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}) 22:58:09 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x50000}]}) [ 1147.416620] Bluetooth: hci8 sending frame failed (-49) [ 1147.422330] Bluetooth: hci3 sending frame failed (-49) [ 1147.475392] Bluetooth: hci10: Frame reassembly failed (-84) [ 1147.489374] kauditd_printk_skb: 6433 callbacks suppressed [ 1147.489787] audit: type=1326 audit(1599173889.885:1215781): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31105 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x0 [ 1147.859498] audit: type=1326 audit(1599173889.945:1215782): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31105 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x0 [ 1147.881466] audit: type=1326 audit(1599173890.225:1215783): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31102 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1147.903795] audit: type=1326 audit(1599173890.225:1215784): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31102 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1147.925736] audit: type=1326 audit(1599173890.225:1215785): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31102 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1147.947759] audit: type=1326 audit(1599173890.225:1215786): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31102 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1147.969796] audit: type=1326 audit(1599173890.225:1215788): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31102 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1147.992320] audit: type=1326 audit(1599173890.225:1215789): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31102 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1148.014354] audit: type=1326 audit(1599173890.225:1215787): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31102 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1148.036433] audit: type=1326 audit(1599173890.225:1215790): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31102 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 22:58:10 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x9, &(0x7f0000000280)={0xb, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000380)={0x38, 0x2, 0x2, 0x0, 0x5, 0x3ff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e22, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:10 executing program 3 (fault-call:5 fault-nth:0): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1148.271208] FAULT_INJECTION: forcing a failure. [ 1148.271208] name failslab, interval 1, probability 0, space 0, times 0 [ 1148.284686] CPU: 1 PID: 31142 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1148.292572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.301922] Call Trace: [ 1148.304513] dump_stack+0x1b2/0x283 [ 1148.308147] should_fail.cold+0x10a/0x154 [ 1148.312297] should_failslab+0xd6/0x130 [ 1148.316271] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1148.320946] hci_alloc_dev+0x3e/0x1c60 [ 1148.324844] hci_uart_tty_ioctl+0x274/0xa00 [ 1148.329170] tty_ioctl+0x5af/0x13c0 [ 1148.332803] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1148.337473] ? tty_fasync+0x2c0/0x2c0 [ 1148.341274] ? proc_fail_nth_write+0x7b/0x180 [ 1148.345768] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1148.350707] ? trace_hardirqs_on+0x10/0x10 [ 1148.354970] ? fsnotify+0x8c5/0x1140 [ 1148.358686] ? __vfs_write+0xec/0x630 [ 1148.362494] ? tty_fasync+0x2c0/0x2c0 [ 1148.366296] do_vfs_ioctl+0x75a/0xff0 [ 1148.370096] ? selinux_inode_setxattr+0x730/0x730 [ 1148.374934] ? ioctl_preallocate+0x1a0/0x1a0 [ 1148.379339] ? lock_downgrade+0x740/0x740 [ 1148.383492] ? __fget+0x225/0x360 [ 1148.386963] ? security_file_ioctl+0x83/0xb0 [ 1148.391371] SyS_ioctl+0x7f/0xb0 [ 1148.394738] ? do_vfs_ioctl+0xff0/0xff0 [ 1148.398714] do_syscall_64+0x1d5/0x640 [ 1148.402609] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1148.407793] RIP: 0033:0x45d5b9 [ 1148.410978] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 22:58:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000002c0), 0x0, 0x40001061, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x10050, 0x200009f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000380)={0x0, 0x61, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x4, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x500, 0x0, 0x0, 0x3, 0x0, 0x1}, 0x0, 0x0) [ 1148.418688] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1148.425952] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1148.433217] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1148.440502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1148.447769] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c 22:58:10 executing program 3 (fault-call:5 fault-nth:1): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1148.524997] Bluetooth: Can't allocate HCI device [ 1148.576408] FAULT_INJECTION: forcing a failure. [ 1148.576408] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1148.588248] CPU: 1 PID: 31151 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1148.596122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.605463] Call Trace: [ 1148.608053] dump_stack+0x1b2/0x283 [ 1148.611693] should_fail.cold+0x10a/0x154 [ 1148.615843] __alloc_pages_nodemask+0x22c/0x2720 [ 1148.620600] ? __lock_acquire+0x5fc/0x3f20 [ 1148.624835] ? trace_hardirqs_on+0x10/0x10 [ 1148.629071] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1148.633908] ? trace_hardirqs_on+0x10/0x10 [ 1148.638145] ? avc_has_extended_perms+0x5c1/0xbf0 [ 1148.643015] ? lock_acquire+0x170/0x3f0 [ 1148.647111] cache_grow_begin+0x8f/0x420 [ 1148.651174] cache_alloc_refill+0x273/0x350 [ 1148.655496] kmem_cache_alloc_trace+0x340/0x3d0 [ 1148.660165] hci_alloc_dev+0x3e/0x1c60 [ 1148.664074] hci_uart_tty_ioctl+0x274/0xa00 [ 1148.668399] tty_ioctl+0x5af/0x13c0 [ 1148.672028] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1148.676703] ? tty_fasync+0x2c0/0x2c0 [ 1148.680501] ? proc_fail_nth_write+0x7b/0x180 [ 1148.684997] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1148.689924] ? trace_hardirqs_on+0x10/0x10 [ 1148.694160] ? fsnotify+0x8c5/0x1140 [ 1148.697867] ? __vfs_write+0xec/0x630 [ 1148.701671] ? tty_fasync+0x2c0/0x2c0 [ 1148.705502] do_vfs_ioctl+0x75a/0xff0 [ 1148.709300] ? selinux_inode_setxattr+0x730/0x730 [ 1148.714136] ? ioctl_preallocate+0x1a0/0x1a0 [ 1148.718541] ? lock_downgrade+0x740/0x740 [ 1148.722695] ? __fget+0x225/0x360 [ 1148.726151] ? security_file_ioctl+0x83/0xb0 [ 1148.730560] SyS_ioctl+0x7f/0xb0 [ 1148.733919] ? do_vfs_ioctl+0xff0/0xff0 [ 1148.737895] do_syscall_64+0x1d5/0x640 [ 1148.741786] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1148.746966] RIP: 0033:0x45d5b9 [ 1148.750147] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1148.757849] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1148.765133] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1148.772392] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1148.779657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1148.786928] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1149.136800] Bluetooth: hci11 sending frame failed (-49) 22:58:11 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0) [ 1149.496586] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1149.503422] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1149.510172] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1149.510251] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1149.512332] Bluetooth: hci9 command 0xfc11 tx timeout [ 1149.529010] Bluetooth: hci10 command tx timeout [ 1149.535371] Bluetooth: hci3 command 0xfc11 tx timeout 22:58:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}) 22:58:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0x2}], 0x58) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000280)={0x1, 0x2, 0x0, 'queue1\x00', 0x80}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:12 executing program 0 (fault-call:3 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:12 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x6, 0x23, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000440)="b64d06410da0f9ec8338e53acce3fdac4c841ddd3949481aa9f5761dc5610484937e2eeec8e188d7c2e4ccef7a326440da774e8c5807c520f3aa3b06bb0ceeb79e7dcb569522bae81be1e4683d3cafa8e7a913c2eee4e6b2d244127d4d5d0d54e0aab1136d28da719758fa54af317b8704d827197d463a6ebbd96c9a30594c09c3cf3102ed53ffc8d5cf9f5bdfffdda479daff145f81b8964de299e2a91b2be7e0315e7862bce9c516aae770020ecee3fe25520c9bc1e5174efc86d2099da4fd5e2b8d1037aff3ecc3d58d36ecd4d1966f6916a814540ad255f39bc145a4ccde6ef7759883bca5b69acbda9f212f5c3dca6fdd1a9b1f204801f163b1", 0xfc}], 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1150.389748] Bluetooth: hci8: Frame reassembly failed (-84) [ 1150.409604] Bluetooth: hci9: Frame reassembly failed (-84) [ 1150.422246] Bluetooth: hci10: Frame reassembly failed (-84) 22:58:13 executing program 3 (fault-call:5 fault-nth:2): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1151.176536] Bluetooth: hci11 command 0xfc11 tx timeout [ 1151.176894] Bluetooth: hci11: Entering manufacturer mode failed (-110) 22:58:13 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10320, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000380)=[{&(0x7f0000000500)}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(0xffffffffffffffff) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1151.329039] FAULT_INJECTION: forcing a failure. [ 1151.329039] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1151.340871] CPU: 0 PID: 31226 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1151.348753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.358107] Call Trace: [ 1151.360700] dump_stack+0x1b2/0x283 [ 1151.364353] should_fail.cold+0x10a/0x154 [ 1151.368546] __alloc_pages_nodemask+0x22c/0x2720 [ 1151.373305] ? __lock_acquire+0x5fc/0x3f20 [ 1151.377538] ? trace_hardirqs_on+0x10/0x10 [ 1151.381769] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1151.386609] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1151.391451] ? trace_hardirqs_on+0x10/0x10 [ 1151.395698] ? avc_has_extended_perms+0x5c1/0xbf0 [ 1151.400541] ? ____cache_alloc_node+0x156/0x1d0 [ 1151.405230] ? lock_acquire+0x170/0x3f0 [ 1151.409212] cache_grow_begin+0x8f/0x420 [ 1151.413272] ? do_raw_spin_unlock+0x164/0x220 [ 1151.417766] ____cache_alloc_node+0x170/0x1d0 [ 1151.422272] ? check_preemption_disabled+0x35/0x240 [ 1151.427287] kmem_cache_alloc_trace+0x1f1/0x3d0 [ 1151.431961] hci_alloc_dev+0x3e/0x1c60 [ 1151.435846] hci_uart_tty_ioctl+0x274/0xa00 [ 1151.440170] tty_ioctl+0x5af/0x13c0 [ 1151.443792] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1151.448462] ? tty_fasync+0x2c0/0x2c0 [ 1151.452262] ? proc_fail_nth_write+0x7b/0x180 [ 1151.456753] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1151.461686] ? trace_hardirqs_on+0x10/0x10 [ 1151.465922] ? fsnotify+0x8c5/0x1140 [ 1151.469628] ? __vfs_write+0xec/0x630 [ 1151.473431] ? tty_fasync+0x2c0/0x2c0 [ 1151.477231] do_vfs_ioctl+0x75a/0xff0 [ 1151.481032] ? selinux_inode_setxattr+0x730/0x730 [ 1151.485878] ? ioctl_preallocate+0x1a0/0x1a0 [ 1151.490281] ? lock_downgrade+0x740/0x740 [ 1151.494429] ? __fget+0x225/0x360 [ 1151.497884] ? security_file_ioctl+0x83/0xb0 [ 1151.502289] SyS_ioctl+0x7f/0xb0 [ 1151.505652] ? do_vfs_ioctl+0xff0/0xff0 [ 1151.509657] do_syscall_64+0x1d5/0x640 [ 1151.513554] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1151.518740] RIP: 0033:0x45d5b9 [ 1151.521923] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1151.529627] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1151.536894] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1151.544159] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1151.551423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1151.558690] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1151.592026] Bluetooth: hci11: Frame reassembly failed (-84) [ 1151.896637] Bluetooth: hci3 command 0xfc11 tx timeout [ 1151.901996] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1151.980141] Bluetooth: hci3: Frame reassembly failed (-84) 22:58:14 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}) 22:58:14 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000380)={0x38, 0x2, 0x0, 0x0, 0x200, 0x100000000000003, 0x4000, 0x1, 0x0, 0x4}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(r0, &(0x7f0000000400)={0x38, 0x1, 0x28, 0x0, 0x3, 0x5, 0x4, 0x9, 0xfffffff9}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e20, 0x5, @private2, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0) [ 1152.456661] Bluetooth: hci10 command 0xfc11 tx timeout [ 1152.456868] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1152.462027] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1152.468588] Bluetooth: hci8 command 0xfc11 tx timeout [ 1152.468626] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1152.486671] Bluetooth: hci9 command 0xfc11 tx timeout [ 1152.502623] kauditd_printk_skb: 22265 callbacks suppressed [ 1152.502631] audit: type=1326 audit(1599173894.865:1238055): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31199 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1152.534981] FAULT_INJECTION: forcing a failure. [ 1152.534981] name failslab, interval 1, probability 0, space 0, times 0 [ 1152.554977] CPU: 0 PID: 31198 Comm: syz-executor.0 Not tainted 4.14.196-syzkaller #0 [ 1152.562867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1152.572215] Call Trace: [ 1152.574805] dump_stack+0x1b2/0x283 [ 1152.578457] should_fail.cold+0x10a/0x154 [ 1152.582609] ? __cancel_work_timer+0x225/0x460 [ 1152.587193] should_failslab+0xd6/0x130 [ 1152.591165] kmem_cache_alloc_node+0x54/0x410 [ 1152.595676] __alloc_skb+0x5c/0x510 [ 1152.599309] hci_sock_dev_event+0x11f/0x540 [ 1152.603628] ? lock_downgrade+0x740/0x740 [ 1152.607775] ? hci_send_monitor_ctrl_event+0x500/0x500 [ 1152.613051] hci_unregister_dev+0x223/0x7a0 [ 1152.617477] hci_uart_tty_close+0x1ca/0x220 [ 1152.621796] ? hci_uart_close+0x50/0x50 [ 1152.625772] tty_ldisc_close+0x8c/0xc0 [ 1152.629652] tty_set_ldisc+0x1b3/0x5d0 [ 1152.633539] tty_ioctl+0xa2a/0x13c0 [ 1152.637161] ? tty_fasync+0x2c0/0x2c0 [ 1152.640958] ? proc_fail_nth_write+0x7b/0x180 [ 1152.645456] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1152.650469] ? trace_hardirqs_on+0x10/0x10 [ 1152.654700] ? fsnotify+0x8c5/0x1140 [ 1152.658406] ? __vfs_write+0xec/0x630 [ 1152.662210] ? tty_fasync+0x2c0/0x2c0 [ 1152.666006] do_vfs_ioctl+0x75a/0xff0 [ 1152.669804] ? selinux_inode_setxattr+0x730/0x730 [ 1152.674644] ? ioctl_preallocate+0x1a0/0x1a0 [ 1152.679046] ? lock_downgrade+0x740/0x740 [ 1152.683212] ? __fget+0x225/0x360 [ 1152.686684] ? security_file_ioctl+0x83/0xb0 [ 1152.691090] SyS_ioctl+0x7f/0xb0 [ 1152.694451] ? do_vfs_ioctl+0xff0/0xff0 [ 1152.698424] do_syscall_64+0x1d5/0x640 [ 1152.702317] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1152.707498] RIP: 0033:0x45d5b9 [ 1152.710680] RSP: 002b:00007fe5cfd32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1152.718394] RAX: ffffffffffffffda RBX: 0000000000019740 RCX: 000000000045d5b9 [ 1152.725655] RDX: 0000000020000000 RSI: 0000000000005423 RDI: 0000000000000003 [ 1152.732918] RBP: 00007fe5cfd32ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1152.740178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1152.747461] R13: 00007fffe380934f R14: 00007fe5cfd339c0 R15: 000000000118cf4c [ 1152.767238] audit: type=1326 audit(1599173894.865:1238057): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31199 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1152.796350] audit: type=1326 audit(1599173894.865:1238058): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31193 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1152.818858] audit: type=1326 audit(1599173894.865:1238059): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31199 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1152.841768] audit: type=1326 audit(1599173894.865:1238060): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31193 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1152.864941] audit: type=1326 audit(1599173894.865:1238061): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31199 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1152.887165] audit: type=1326 audit(1599173894.865:1238062): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31193 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1152.911306] audit: type=1326 audit(1599173894.865:1238063): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31199 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1152.933818] audit: type=1326 audit(1599173894.865:1238064): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31193 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 22:58:15 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1152.956417] audit: type=1326 audit(1599173894.865:1238065): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31199 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1153.594969] Bluetooth: hci8: Frame reassembly failed (-84) 22:58:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x21a) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:16 executing program 3 (fault-call:5 fault-nth:3): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1153.656498] Bluetooth: hci11 command 0xfc11 tx timeout [ 1153.656510] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1153.771165] FAULT_INJECTION: forcing a failure. [ 1153.771165] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1153.833538] CPU: 1 PID: 31288 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1153.841436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1153.850780] Call Trace: [ 1153.853360] dump_stack+0x1b2/0x283 [ 1153.856982] should_fail.cold+0x10a/0x154 [ 1153.861133] __alloc_pages_nodemask+0x22c/0x2720 [ 1153.865939] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1153.871033] ? __alloc_pages_nodemask+0x1a6e/0x2720 [ 1153.876045] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1153.880873] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1153.885702] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1153.890545] ? trace_hardirqs_on+0x10/0x10 [ 1153.894776] ? mark_held_locks+0xa6/0xf0 [ 1153.898824] ? cache_grow_begin+0x3f/0x420 [ 1153.903046] cache_grow_begin+0x8f/0x420 [ 1153.907108] ? mempolicy_slab_node+0x100/0x320 [ 1153.911689] fallback_alloc+0x207/0x2c0 [ 1153.915664] kmem_cache_alloc_trace+0x1f1/0x3d0 [ 1153.921456] hci_alloc_dev+0x3e/0x1c60 [ 1153.925336] hci_uart_tty_ioctl+0x274/0xa00 [ 1153.929650] tty_ioctl+0x5af/0x13c0 [ 1153.933267] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1153.937944] ? tty_fasync+0x2c0/0x2c0 [ 1153.941732] ? proc_fail_nth_write+0x7b/0x180 [ 1153.946213] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1153.951134] ? trace_hardirqs_on+0x10/0x10 [ 1153.955357] ? fsnotify+0x8c5/0x1140 [ 1153.959059] ? __vfs_write+0xec/0x630 [ 1153.962855] ? tty_fasync+0x2c0/0x2c0 [ 1153.966646] do_vfs_ioctl+0x75a/0xff0 [ 1153.970437] ? selinux_inode_setxattr+0x730/0x730 [ 1153.975268] ? ioctl_preallocate+0x1a0/0x1a0 [ 1153.979663] ? lock_downgrade+0x740/0x740 [ 1153.983800] ? __fget+0x225/0x360 [ 1153.987242] ? security_file_ioctl+0x83/0xb0 [ 1153.991639] SyS_ioctl+0x7f/0xb0 [ 1153.995008] ? do_vfs_ioctl+0xff0/0xff0 [ 1153.998986] do_syscall_64+0x1d5/0x640 [ 1154.002885] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1154.008062] RIP: 0033:0x45d5b9 [ 1154.011237] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1154.018933] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1154.026196] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 22:58:16 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1154.033453] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1154.040747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1154.048022] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1154.056514] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1154.056839] Bluetooth: hci3 command 0xfc11 tx timeout [ 1154.070962] Bluetooth: Can't allocate HCI device 22:58:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e22, @private=0xa010101}, @in6={0xa, 0x4e21, 0x7f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x9}, @in6={0xa, 0x4e21, 0x3f, @loopback, 0x2}], 0x58) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:16 executing program 3 (fault-call:5 fault-nth:4): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:58:16 executing program 5 (fault-call:3 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:16 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x8000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x1b) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x8001, 0x408300) ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000240)) r4 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000180)={r1, 0xffff, 0x7, 0x100000001}) ioctl$DRM_IOCTL_ADD_CTX(r5, 0xc0086420, &(0x7f00000001c0)) ioctl$TCSETSF2(r4, 0x402c542d, &(0x7f0000000140)={0x0, 0x401, 0x60, 0x7, 0xff, "df435b9bbad678982566347ab65b02859e01c4", 0x9, 0x5}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r6 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xb) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1154.356005] FAULT_INJECTION: forcing a failure. [ 1154.356005] name failslab, interval 1, probability 0, space 0, times 0 [ 1154.369657] Bluetooth: hci9: Frame reassembly failed (-84) [ 1154.377766] Bluetooth: hci3: Frame reassembly failed (-84) [ 1154.428631] CPU: 0 PID: 31310 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1154.436550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.445897] Call Trace: [ 1154.448487] dump_stack+0x1b2/0x283 [ 1154.452128] should_fail.cold+0x10a/0x154 [ 1154.456282] should_failslab+0xd6/0x130 [ 1154.460259] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1154.465047] ? __init_waitqueue_head+0x31/0x90 [ 1154.469891] ag6xx_open+0x41/0x150 [ 1154.473437] hci_uart_tty_ioctl+0x656/0xa00 [ 1154.477762] tty_ioctl+0x5af/0x13c0 [ 1154.481381] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1154.486037] ? tty_fasync+0x2c0/0x2c0 [ 1154.489829] ? proc_fail_nth_write+0x7b/0x180 [ 1154.494315] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1154.499250] ? trace_hardirqs_on+0x10/0x10 [ 1154.503476] ? fsnotify+0x8c5/0x1140 [ 1154.507175] ? __vfs_write+0xec/0x630 [ 1154.510967] ? tty_fasync+0x2c0/0x2c0 [ 1154.514757] do_vfs_ioctl+0x75a/0xff0 [ 1154.518546] ? selinux_inode_setxattr+0x730/0x730 [ 1154.523377] ? ioctl_preallocate+0x1a0/0x1a0 [ 1154.527789] ? lock_downgrade+0x740/0x740 [ 1154.531945] ? __fget+0x225/0x360 [ 1154.535403] ? security_file_ioctl+0x83/0xb0 [ 1154.539802] SyS_ioctl+0x7f/0xb0 [ 1154.543157] ? do_vfs_ioctl+0xff0/0xff0 [ 1154.547123] do_syscall_64+0x1d5/0x640 [ 1154.551005] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1154.556271] RIP: 0033:0x45d5b9 [ 1154.559444] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1154.567139] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1154.574395] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1154.581664] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1154.588922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1154.596187] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1154.758094] FAULT_INJECTION: forcing a failure. [ 1154.758094] name failslab, interval 1, probability 0, space 0, times 0 [ 1154.801984] CPU: 0 PID: 31327 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1154.809890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.819236] Call Trace: [ 1154.821824] dump_stack+0x1b2/0x283 [ 1154.825451] should_fail.cold+0x10a/0x154 [ 1154.829598] should_failslab+0xd6/0x130 [ 1154.833582] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1154.838252] apply_wqattrs_prepare+0xdf/0x970 [ 1154.842744] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1154.848189] apply_workqueue_attrs_locked+0x9d/0x120 [ 1154.853284] __alloc_workqueue_key+0x56a/0x1080 [ 1154.857964] ? pointer+0x9e0/0x9e0 [ 1154.861505] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1154.866520] ? ida_remove+0x210/0x210 [ 1154.870310] ? ag6xx_open+0x41/0x150 [ 1154.874013] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1154.879463] hci_register_dev+0x1a0/0x800 [ 1154.883601] ? __raw_spin_lock_init+0x28/0x100 [ 1154.888180] hci_uart_tty_ioctl+0x696/0xa00 [ 1154.892498] tty_ioctl+0x5af/0x13c0 [ 1154.896115] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1154.900774] ? tty_fasync+0x2c0/0x2c0 [ 1154.904565] ? proc_fail_nth_write+0x7b/0x180 [ 1154.909052] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1154.913983] ? trace_hardirqs_on+0x10/0x10 [ 1154.918216] ? fsnotify+0x8c5/0x1140 [ 1154.921920] ? __vfs_write+0xec/0x630 [ 1154.925715] ? tty_fasync+0x2c0/0x2c0 [ 1154.929534] do_vfs_ioctl+0x75a/0xff0 [ 1154.933343] ? selinux_inode_setxattr+0x730/0x730 [ 1154.938179] ? ioctl_preallocate+0x1a0/0x1a0 [ 1154.942578] ? lock_downgrade+0x740/0x740 [ 1154.946722] ? __fget+0x225/0x360 [ 1154.950170] ? security_file_ioctl+0x83/0xb0 [ 1154.954570] SyS_ioctl+0x7f/0xb0 [ 1154.957925] ? do_vfs_ioctl+0xff0/0xff0 [ 1154.961892] do_syscall_64+0x1d5/0x640 [ 1154.965792] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1154.970968] RIP: 0033:0x45d5b9 [ 1154.974168] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1154.981890] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1154.989149] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 22:58:17 executing program 3 (fault-call:5 fault-nth:5): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:58:17 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}}}, 0x38) clone(0x2200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1154.996415] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1155.003766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 1155.011033] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c 22:58:17 executing program 3 (fault-call:5 fault-nth:6): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1155.151579] Bluetooth: Can't register HCI device [ 1155.542728] FAULT_INJECTION: forcing a failure. [ 1155.542728] name failslab, interval 1, probability 0, space 0, times 0 [ 1155.594083] CPU: 0 PID: 31341 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1155.601992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1155.611342] Call Trace: [ 1155.613933] dump_stack+0x1b2/0x283 [ 1155.617566] should_fail.cold+0x10a/0x154 [ 1155.621735] should_failslab+0xd6/0x130 [ 1155.625704] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1155.630473] __alloc_workqueue_key+0x159/0x1080 [ 1155.635151] ? pointer+0x9e0/0x9e0 [ 1155.638697] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1155.643705] ? snprintf+0xd0/0xd0 [ 1155.647151] ? ida_remove+0x210/0x210 [ 1155.650942] ? ag6xx_open+0x41/0x150 [ 1155.654645] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1155.657997] Bluetooth: hci8 command 0xfc11 tx timeout [ 1155.660089] hci_register_dev+0x1a0/0x800 [ 1155.665314] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1155.669410] ? __raw_spin_lock_init+0x28/0x100 [ 1155.669426] hci_uart_tty_ioctl+0x696/0xa00 [ 1155.669440] tty_ioctl+0x5af/0x13c0 [ 1155.669450] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1155.669459] ? tty_fasync+0x2c0/0x2c0 [ 1155.669470] ? proc_fail_nth_write+0x7b/0x180 [ 1155.669480] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1155.669491] ? trace_hardirqs_on+0x10/0x10 [ 1155.669505] ? fsnotify+0x8c5/0x1140 [ 1155.714343] ? __vfs_write+0xec/0x630 [ 1155.718149] ? tty_fasync+0x2c0/0x2c0 [ 1155.721952] do_vfs_ioctl+0x75a/0xff0 [ 1155.725748] ? selinux_inode_setxattr+0x730/0x730 [ 1155.730590] ? ioctl_preallocate+0x1a0/0x1a0 [ 1155.735085] ? lock_downgrade+0x740/0x740 [ 1155.739236] ? __fget+0x225/0x360 [ 1155.742699] ? security_file_ioctl+0x83/0xb0 [ 1155.747104] SyS_ioctl+0x7f/0xb0 [ 1155.750462] ? do_vfs_ioctl+0xff0/0xff0 [ 1155.754435] do_syscall_64+0x1d5/0x640 [ 1155.758328] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1155.763508] RIP: 0033:0x45d5b9 [ 1155.766695] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1155.774399] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1155.781667] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000004 22:58:18 executing program 3 (fault-call:5 fault-nth:7): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1155.788935] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1155.796194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1155.803458] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1155.815517] Bluetooth: Can't register HCI device [ 1155.922569] FAULT_INJECTION: forcing a failure. [ 1155.922569] name failslab, interval 1, probability 0, space 0, times 0 [ 1155.975034] CPU: 0 PID: 31346 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1155.982941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1155.992289] Call Trace: [ 1155.994875] dump_stack+0x1b2/0x283 [ 1155.998502] should_fail.cold+0x10a/0x154 [ 1156.002655] should_failslab+0xd6/0x130 [ 1156.006630] __kmalloc+0x2c1/0x400 [ 1156.010170] ? apply_wqattrs_prepare+0xab/0x970 [ 1156.014836] apply_wqattrs_prepare+0xab/0x970 [ 1156.019329] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1156.024781] apply_workqueue_attrs_locked+0x9d/0x120 [ 1156.029877] __alloc_workqueue_key+0x56a/0x1080 [ 1156.034543] ? pointer+0x9e0/0x9e0 [ 1156.038087] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1156.043099] ? ida_remove+0x210/0x210 [ 1156.046889] ? ag6xx_open+0x41/0x150 [ 1156.050595] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1156.056043] hci_register_dev+0x1a0/0x800 [ 1156.060184] ? __raw_spin_lock_init+0x28/0x100 [ 1156.064770] hci_uart_tty_ioctl+0x696/0xa00 [ 1156.069094] tty_ioctl+0x5af/0x13c0 [ 1156.072744] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1156.077403] ? tty_fasync+0x2c0/0x2c0 [ 1156.081193] ? proc_fail_nth_write+0x7b/0x180 [ 1156.085678] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1156.090609] ? trace_hardirqs_on+0x10/0x10 [ 1156.094834] ? fsnotify+0x8c5/0x1140 [ 1156.098535] ? __vfs_write+0xec/0x630 [ 1156.102326] ? tty_fasync+0x2c0/0x2c0 [ 1156.106118] do_vfs_ioctl+0x75a/0xff0 [ 1156.109907] ? selinux_inode_setxattr+0x730/0x730 [ 1156.114736] ? ioctl_preallocate+0x1a0/0x1a0 [ 1156.119135] ? lock_downgrade+0x740/0x740 [ 1156.123280] ? __fget+0x225/0x360 [ 1156.126732] ? security_file_ioctl+0x83/0xb0 [ 1156.131135] SyS_ioctl+0x7f/0xb0 [ 1156.134500] ? do_vfs_ioctl+0xff0/0xff0 [ 1156.138475] do_syscall_64+0x1d5/0x640 [ 1156.142363] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1156.147545] RIP: 0033:0x45d5b9 [ 1156.150726] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1156.158427] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1156.165693] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1156.172952] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1156.180215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1156.187473] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1156.199940] Bluetooth: Can't register HCI device [ 1156.376506] Bluetooth: hci9 command 0xfc11 tx timeout [ 1156.381812] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1156.456642] Bluetooth: hci3 command 0xfc11 tx timeout [ 1156.461916] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1156.471771] FAULT_INJECTION: forcing a failure. [ 1156.471771] name failslab, interval 1, probability 0, space 0, times 0 [ 1156.489700] CPU: 1 PID: 31311 Comm: syz-executor.5 Not tainted 4.14.196-syzkaller #0 [ 1156.497587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1156.506944] Call Trace: [ 1156.509523] dump_stack+0x1b2/0x283 [ 1156.513145] should_fail.cold+0x10a/0x154 [ 1156.517286] ? __cancel_work_timer+0x225/0x460 [ 1156.521869] should_failslab+0xd6/0x130 [ 1156.525837] kmem_cache_alloc_node+0x54/0x410 [ 1156.530326] __alloc_skb+0x5c/0x510 [ 1156.533949] hci_sock_dev_event+0x11f/0x540 [ 1156.538267] ? lock_downgrade+0x740/0x740 [ 1156.542407] ? hci_send_monitor_ctrl_event+0x500/0x500 [ 1156.547675] hci_unregister_dev+0x223/0x7a0 [ 1156.551989] hci_uart_tty_close+0x1ca/0x220 [ 1156.556297] ? hci_uart_close+0x50/0x50 [ 1156.560262] tty_ldisc_close+0x8c/0xc0 [ 1156.564138] tty_set_ldisc+0x1b3/0x5d0 [ 1156.568019] tty_ioctl+0xa2a/0x13c0 [ 1156.571633] ? tty_fasync+0x2c0/0x2c0 [ 1156.575422] ? proc_fail_nth_write+0x7b/0x180 [ 1156.579903] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1156.584821] ? trace_hardirqs_on+0x10/0x10 [ 1156.589054] ? fsnotify+0x8c5/0x1140 [ 1156.592755] ? __vfs_write+0xec/0x630 [ 1156.596551] ? tty_fasync+0x2c0/0x2c0 [ 1156.600342] do_vfs_ioctl+0x75a/0xff0 [ 1156.604132] ? selinux_inode_setxattr+0x730/0x730 [ 1156.608969] ? ioctl_preallocate+0x1a0/0x1a0 [ 1156.613363] ? lock_downgrade+0x740/0x740 [ 1156.617522] ? __fget+0x225/0x360 [ 1156.620971] ? security_file_ioctl+0x83/0xb0 [ 1156.625368] SyS_ioctl+0x7f/0xb0 [ 1156.628723] ? do_vfs_ioctl+0xff0/0xff0 [ 1156.632686] do_syscall_64+0x1d5/0x640 [ 1156.636571] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1156.641749] RIP: 0033:0x45d5b9 [ 1156.644926] RSP: 002b:00007f83ea4b2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1156.652639] RAX: ffffffffffffffda RBX: 0000000000019740 RCX: 000000000045d5b9 [ 1156.659896] RDX: 0000000020000000 RSI: 0000000000005423 RDI: 0000000000000003 [ 1156.667202] RBP: 00007f83ea4b2ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1156.674496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1156.681751] R13: 00007ffdc003899f R14: 00007f83ea4b39c0 R15: 000000000118cf4c 22:58:18 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2a7, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:19 executing program 3 (fault-call:5 fault-nth:8): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:58:19 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1156.974594] FAULT_INJECTION: forcing a failure. [ 1156.974594] name failslab, interval 1, probability 0, space 0, times 0 [ 1157.021003] Bluetooth: hci8: Frame reassembly failed (-84) [ 1157.069810] CPU: 1 PID: 31378 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1157.077714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1157.087057] Call Trace: [ 1157.089639] dump_stack+0x1b2/0x283 [ 1157.093274] should_fail.cold+0x10a/0x154 [ 1157.097421] should_failslab+0xd6/0x130 [ 1157.101409] __kmalloc+0x2c1/0x400 [ 1157.104940] ? __alloc_workqueue_key+0x10e/0x1080 [ 1157.109780] __alloc_workqueue_key+0x10e/0x1080 [ 1157.114439] ? pointer+0x9e0/0x9e0 22:58:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) io_setup(0xfffff80c, &(0x7f0000000000)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x400400, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$VIDIOC_CROPCAP(0xffffffffffffffff, 0xc02c563a, &(0x7f0000000140)={0x1, {0x3, 0x1, 0x2, 0x1ff}, {0xfffffffe, 0x590, 0x7ff, 0x200}, {0x0, 0xffff0000}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r2 = open(&(0x7f0000000180)='./file0\x00', 0x20000, 0x156) write$P9_RUNLINKAT(r2, &(0x7f00000001c0)={0x7, 0x4d, 0x2}, 0x7) [ 1157.118002] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1157.123020] ? ida_remove+0x210/0x210 [ 1157.126806] ? ag6xx_open+0x41/0x150 [ 1157.130526] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1157.135977] hci_register_dev+0x200/0x800 [ 1157.140118] hci_uart_tty_ioctl+0x696/0xa00 [ 1157.144438] tty_ioctl+0x5af/0x13c0 [ 1157.148055] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1157.152712] ? tty_fasync+0x2c0/0x2c0 [ 1157.156500] ? proc_fail_nth_write+0x7b/0x180 [ 1157.160982] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1157.165902] ? trace_hardirqs_on+0x10/0x10 [ 1157.170128] ? fsnotify+0x8c5/0x1140 [ 1157.173828] ? __vfs_write+0xec/0x630 [ 1157.177622] ? tty_fasync+0x2c0/0x2c0 [ 1157.181414] do_vfs_ioctl+0x75a/0xff0 [ 1157.185201] ? selinux_inode_setxattr+0x730/0x730 [ 1157.190031] ? ioctl_preallocate+0x1a0/0x1a0 [ 1157.194422] ? lock_downgrade+0x740/0x740 [ 1157.198562] ? __fget+0x225/0x360 [ 1157.202003] ? security_file_ioctl+0x83/0xb0 [ 1157.206415] SyS_ioctl+0x7f/0xb0 [ 1157.209785] ? do_vfs_ioctl+0xff0/0xff0 [ 1157.213749] do_syscall_64+0x1d5/0x640 [ 1157.217633] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1157.222811] RIP: 0033:0x45d5b9 [ 1157.225984] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1157.233677] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1157.240932] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1157.248192] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1157.255447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1157.262703] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1157.510982] kauditd_printk_skb: 9286 callbacks suppressed [ 1157.510991] audit: type=1326 audit(1599173899.895:1247352): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1157.521603] Bluetooth: Can't register HCI device [ 1157.643738] audit: type=1326 audit(1599173899.895:1247353): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1157.671601] audit: type=1326 audit(1599173899.895:1247354): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1157.698238] audit: type=1326 audit(1599173899.905:1247355): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1157.720218] audit: type=1326 audit(1599173899.905:1247356): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1157.742249] audit: type=1326 audit(1599173899.905:1247357): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1157.764402] audit: type=1326 audit(1599173899.915:1247358): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1157.786946] audit: type=1326 audit(1599173899.925:1247359): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1157.808921] audit: type=1326 audit(1599173899.925:1247360): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1157.832466] audit: type=1326 audit(1599173899.925:1247361): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31376 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:20 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:20 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket(0x1e, 0x5, 0x0) sendmsg(r3, &(0x7f0000316000)={&(0x7f00000001c0)=@generic={0x10000000001e, "010000000000020000000001e526cc573c5bf86c483724c71e14dd6a739effea1b48006be61ffe06d79f00000000000000076c3f010039d8f986ff03000000000000af50d5fe32c419d67bcbc7e3ad316a198356ed0008341c1fd45624281e27800ece70b076cf979ac40000bd767e2e78a1dfd300981a1565b3b16d7436"}, 0x80, 0x0}, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000000202050000000000000000000000000608000540000000065c0003802c0001801400030000000000000000000000000014000400ff0100000000000000000000000000012c0001801400030000000000000000000000ffffac1414bb140004000000000000000000000000000000000008000540ffff1130e0b83bab4eab1badc1f4a37f6b99a12414127ef4bbd47bfa70ff5a0fb2aeb5a10d2218259ea63d63d646c7852ce3f76b1e2fbc1bebd5e7295263cd5c38da72ce107df43cc2d9de19de2e3b7f3d097a471536588f9e355f001630e77155a5ef77436c3ea35d3b35558fae8b20c91e3f824d4b909236ba3b97d1e4d74c97c5ba6c8b42d8cb205603f42c72890e93aab8d91f0c38226a8483935a3ec3ef0bf2f1cf70b1056c4eadc4b5696d7135c767b8dc72c9fa5a6ec95302f2b629581fa661cfb10cf9efa6ebd75ed23f8eea18"], 0x80}}, 0x8000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:20 executing program 3 (fault-call:5 fault-nth:9): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:58:20 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x3ffffd) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x22, &(0x7f0000000200)=""/105, &(0x7f00000000c0)=0x69) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x2c4c02, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:20 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_dccp_int(r2, 0x21, 0x4, &(0x7f0000000100)=0x9, 0x4) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1157.956318] FAULT_INJECTION: forcing a failure. [ 1157.956318] name failslab, interval 1, probability 0, space 0, times 0 [ 1157.987992] Bluetooth: hci9: Frame reassembly failed (-84) [ 1157.994004] Bluetooth: hci11 sending frame failed (-49) [ 1158.031713] CPU: 1 PID: 31402 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1158.039649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.049014] Call Trace: [ 1158.051612] dump_stack+0x1b2/0x283 [ 1158.055231] should_fail.cold+0x10a/0x154 [ 1158.059374] should_failslab+0xd6/0x130 [ 1158.063334] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1158.068001] __alloc_workqueue_key+0x159/0x1080 [ 1158.072665] ? pointer+0x9e0/0x9e0 [ 1158.076212] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1158.081221] ? ida_remove+0x210/0x210 [ 1158.085020] ? ag6xx_open+0x41/0x150 [ 1158.088721] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1158.094161] hci_register_dev+0x200/0x800 [ 1158.098316] hci_uart_tty_ioctl+0x696/0xa00 [ 1158.102644] tty_ioctl+0x5af/0x13c0 [ 1158.106260] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1158.110915] ? tty_fasync+0x2c0/0x2c0 [ 1158.114705] ? proc_fail_nth_write+0x7b/0x180 [ 1158.119201] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1158.124121] ? trace_hardirqs_on+0x10/0x10 [ 1158.128351] ? fsnotify+0x8c5/0x1140 [ 1158.132051] ? __vfs_write+0xec/0x630 [ 1158.135847] ? tty_fasync+0x2c0/0x2c0 [ 1158.139637] do_vfs_ioctl+0x75a/0xff0 [ 1158.143428] ? selinux_inode_setxattr+0x730/0x730 [ 1158.148257] ? ioctl_preallocate+0x1a0/0x1a0 [ 1158.152659] ? lock_downgrade+0x740/0x740 [ 1158.156796] ? __fget+0x225/0x360 [ 1158.160252] ? security_file_ioctl+0x83/0xb0 [ 1158.164648] SyS_ioctl+0x7f/0xb0 [ 1158.168001] ? do_vfs_ioctl+0xff0/0xff0 [ 1158.171967] do_syscall_64+0x1d5/0x640 [ 1158.175861] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1158.181037] RIP: 0033:0x45d5b9 [ 1158.184210] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1158.192078] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1158.199417] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1158.206674] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1158.213942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 1158.221207] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c 22:58:20 executing program 3 (fault-call:5 fault-nth:10): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1158.460801] Bluetooth: Can't register HCI device [ 1158.509168] FAULT_INJECTION: forcing a failure. [ 1158.509168] name failslab, interval 1, probability 0, space 0, times 0 [ 1158.525906] CPU: 0 PID: 31427 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1158.533794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.543143] Call Trace: [ 1158.545731] dump_stack+0x1b2/0x283 [ 1158.549355] should_fail.cold+0x10a/0x154 [ 1158.553513] should_failslab+0xd6/0x130 [ 1158.557479] kmem_cache_alloc_node+0x263/0x410 [ 1158.562050] alloc_unbound_pwq+0x45d/0xbb0 [ 1158.566276] apply_wqattrs_prepare+0x353/0x970 [ 1158.570852] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1158.576292] apply_workqueue_attrs_locked+0x9d/0x120 [ 1158.581383] __alloc_workqueue_key+0x56a/0x1080 [ 1158.586038] ? pointer+0x9e0/0x9e0 [ 1158.589573] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1158.594624] ? ida_remove+0x210/0x210 [ 1158.598446] ? ag6xx_open+0x41/0x150 [ 1158.602150] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1158.607591] hci_register_dev+0x1a0/0x800 [ 1158.611727] ? __raw_spin_lock_init+0x28/0x100 [ 1158.616299] hci_uart_tty_ioctl+0x696/0xa00 [ 1158.620611] tty_ioctl+0x5af/0x13c0 [ 1158.624227] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1158.628883] ? tty_fasync+0x2c0/0x2c0 [ 1158.632669] ? proc_fail_nth_write+0x7b/0x180 [ 1158.637149] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1158.642066] ? trace_hardirqs_on+0x10/0x10 [ 1158.646292] ? fsnotify+0x8c5/0x1140 [ 1158.650008] ? __vfs_write+0xec/0x630 [ 1158.653800] ? tty_fasync+0x2c0/0x2c0 [ 1158.657588] do_vfs_ioctl+0x75a/0xff0 [ 1158.661390] ? selinux_inode_setxattr+0x730/0x730 [ 1158.666236] ? ioctl_preallocate+0x1a0/0x1a0 [ 1158.670630] ? lock_downgrade+0x740/0x740 [ 1158.674774] ? __fget+0x225/0x360 [ 1158.678220] ? security_file_ioctl+0x83/0xb0 [ 1158.682621] SyS_ioctl+0x7f/0xb0 [ 1158.685979] ? do_vfs_ioctl+0xff0/0xff0 [ 1158.689940] do_syscall_64+0x1d5/0x640 [ 1158.693818] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1158.698992] RIP: 0033:0x45d5b9 [ 1158.702164] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1158.709860] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1158.717114] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1158.724369] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1158.731634] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 1158.738899] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1158.765760] Bluetooth: Can't register HCI device 22:58:21 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x100, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x100000000000}, 0x0, 0x0) 22:58:21 executing program 3 (fault-call:5 fault-nth:11): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1158.885439] FAULT_INJECTION: forcing a failure. [ 1158.885439] name failslab, interval 1, probability 0, space 0, times 0 [ 1158.898664] CPU: 1 PID: 31439 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1158.906551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.915898] Call Trace: [ 1158.918509] dump_stack+0x1b2/0x283 [ 1158.922149] should_fail.cold+0x10a/0x154 [ 1158.926306] should_failslab+0xd6/0x130 [ 1158.930304] __kmalloc+0x2c1/0x400 [ 1158.933842] ? __alloc_workqueue_key+0x10e/0x1080 [ 1158.938684] __alloc_workqueue_key+0x10e/0x1080 [ 1158.943358] ? pointer+0x9e0/0x9e0 [ 1158.946900] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1158.951914] ? ida_remove+0x210/0x210 [ 1158.955714] ? ag6xx_open+0x41/0x150 [ 1158.959428] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1158.964896] hci_register_dev+0x200/0x800 [ 1158.969137] hci_uart_tty_ioctl+0x696/0xa00 [ 1158.973467] tty_ioctl+0x5af/0x13c0 [ 1158.977095] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1158.981759] ? tty_fasync+0x2c0/0x2c0 [ 1158.985557] ? proc_fail_nth_write+0x7b/0x180 [ 1158.990049] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1158.994981] ? trace_hardirqs_on+0x10/0x10 [ 1158.999213] ? fsnotify+0x8c5/0x1140 [ 1159.002922] ? __vfs_write+0xec/0x630 [ 1159.006725] ? tty_fasync+0x2c0/0x2c0 [ 1159.010525] do_vfs_ioctl+0x75a/0xff0 [ 1159.014325] ? selinux_inode_setxattr+0x730/0x730 [ 1159.019172] ? ioctl_preallocate+0x1a0/0x1a0 [ 1159.023577] ? lock_downgrade+0x740/0x740 [ 1159.027725] ? __fget+0x225/0x360 [ 1159.032221] ? security_file_ioctl+0x83/0xb0 [ 1159.036631] SyS_ioctl+0x7f/0xb0 [ 1159.039990] ? do_vfs_ioctl+0xff0/0xff0 [ 1159.043963] do_syscall_64+0x1d5/0x640 [ 1159.047852] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1159.053032] RIP: 0033:0x45d5b9 [ 1159.056215] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1159.063916] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1159.071179] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1159.078443] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1159.085704] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b [ 1159.092972] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1159.101759] Bluetooth: hci8: Entering manufacturer mode failed (-110) 22:58:21 executing program 3 (fault-call:5 fault-nth:12): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1159.491538] Bluetooth: Can't register HCI device [ 1159.557586] FAULT_INJECTION: forcing a failure. [ 1159.557586] name failslab, interval 1, probability 0, space 0, times 0 [ 1159.569335] CPU: 0 PID: 31450 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1159.577222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1159.586574] Call Trace: [ 1159.589160] dump_stack+0x1b2/0x283 [ 1159.592824] should_fail.cold+0x10a/0x154 [ 1159.596979] should_failslab+0xd6/0x130 [ 1159.601472] __kmalloc+0x2c1/0x400 [ 1159.605006] ? apply_wqattrs_prepare+0xab/0x970 [ 1159.609677] apply_wqattrs_prepare+0xab/0x970 [ 1159.614174] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1159.619623] apply_workqueue_attrs_locked+0x9d/0x120 [ 1159.624723] __alloc_workqueue_key+0x56a/0x1080 [ 1159.629403] ? pointer+0x9e0/0x9e0 [ 1159.632944] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1159.637965] ? ida_remove+0x210/0x210 [ 1159.641767] ? ag6xx_open+0x41/0x150 [ 1159.645478] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1159.650932] hci_register_dev+0x200/0x800 [ 1159.655083] hci_uart_tty_ioctl+0x696/0xa00 [ 1159.659405] tty_ioctl+0x5af/0x13c0 [ 1159.663030] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1159.667698] ? tty_fasync+0x2c0/0x2c0 [ 1159.671498] ? proc_fail_nth_write+0x7b/0x180 [ 1159.676005] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1159.680932] ? trace_hardirqs_on+0x10/0x10 [ 1159.685188] ? fsnotify+0x8c5/0x1140 [ 1159.688897] ? __vfs_write+0xec/0x630 [ 1159.692706] ? tty_fasync+0x2c0/0x2c0 [ 1159.696513] do_vfs_ioctl+0x75a/0xff0 [ 1159.700316] ? selinux_inode_setxattr+0x730/0x730 [ 1159.705162] ? ioctl_preallocate+0x1a0/0x1a0 [ 1159.709566] ? lock_downgrade+0x740/0x740 [ 1159.713714] ? __fget+0x225/0x360 [ 1159.717170] ? security_file_ioctl+0x83/0xb0 [ 1159.721595] SyS_ioctl+0x7f/0xb0 [ 1159.724960] ? do_vfs_ioctl+0xff0/0xff0 [ 1159.728935] do_syscall_64+0x1d5/0x640 [ 1159.732825] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1159.738007] RIP: 0033:0x45d5b9 [ 1159.741187] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1159.748981] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 22:58:22 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(r0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1159.756247] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1159.763514] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1159.770777] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c [ 1159.778039] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1159.793822] Bluetooth: Can't register HCI device 22:58:22 executing program 3 (fault-call:5 fault-nth:13): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1159.902861] FAULT_INJECTION: forcing a failure. [ 1159.902861] name failslab, interval 1, probability 0, space 0, times 0 [ 1159.952950] CPU: 1 PID: 31460 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1159.960868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1159.970218] Call Trace: [ 1159.972804] dump_stack+0x1b2/0x283 [ 1159.976433] should_fail.cold+0x10a/0x154 [ 1159.980580] should_failslab+0xd6/0x130 [ 1159.984553] kmem_cache_alloc_node+0x263/0x410 [ 1159.989133] alloc_unbound_pwq+0x45d/0xbb0 [ 1159.993384] apply_wqattrs_prepare+0x353/0x970 [ 1159.997969] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1160.003421] apply_workqueue_attrs_locked+0x9d/0x120 [ 1160.008543] __alloc_workqueue_key+0x56a/0x1080 [ 1160.013214] ? pointer+0x9e0/0x9e0 [ 1160.016755] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1160.021775] ? ida_remove+0x210/0x210 [ 1160.025572] ? ag6xx_open+0x41/0x150 [ 1160.030067] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1160.035519] hci_register_dev+0x200/0x800 [ 1160.039670] hci_uart_tty_ioctl+0x696/0xa00 [ 1160.044087] tty_ioctl+0x5af/0x13c0 [ 1160.047713] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1160.052401] ? tty_fasync+0x2c0/0x2c0 [ 1160.056211] ? proc_fail_nth_write+0x7b/0x180 [ 1160.056798] Bluetooth: hci10 command 0xfc11 tx timeout [ 1160.060726] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1160.070945] ? trace_hardirqs_on+0x10/0x10 [ 1160.075191] ? fsnotify+0x8c5/0x1140 [ 1160.078900] ? __vfs_write+0xec/0x630 [ 1160.082705] ? tty_fasync+0x2c0/0x2c0 [ 1160.086506] do_vfs_ioctl+0x75a/0xff0 [ 1160.090390] ? selinux_inode_setxattr+0x730/0x730 [ 1160.095232] ? ioctl_preallocate+0x1a0/0x1a0 [ 1160.099638] ? lock_downgrade+0x740/0x740 22:58:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x105000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1160.103816] ? __fget+0x225/0x360 [ 1160.107270] ? security_file_ioctl+0x83/0xb0 [ 1160.111678] SyS_ioctl+0x7f/0xb0 [ 1160.115042] ? do_vfs_ioctl+0xff0/0xff0 [ 1160.119020] do_syscall_64+0x1d5/0x640 [ 1160.122913] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1160.128101] RIP: 0033:0x45d5b9 [ 1160.131283] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1160.138985] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1160.146249] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1160.153545] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1160.160814] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000d [ 1160.168080] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1160.177410] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1160.177501] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1160.177569] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1160.288909] Bluetooth: Can't register HCI device 22:58:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:23 executing program 3 (fault-call:5 fault-nth:14): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:58:23 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x80000001) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:23 executing program 5: r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x1c, r0, 0x711, 0x0, 0x0, {0x9}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x2c, r0, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x80000001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4048010}, 0x10) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x9) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000003c0)={&(0x7f0000000140)={0x278, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffffffff}]}, @TIPC_NLA_SOCK={0xdc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffff}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x34}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80000}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x26578f8c}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0x134, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffff00}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x61}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfc5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffd7f4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffe01}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2e1}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6d}]}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}]}]}, 0x278}, 0x1, 0x0, 0x0, 0x40040}, 0x4011) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x6) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1161.615787] FAULT_INJECTION: forcing a failure. [ 1161.615787] name failslab, interval 1, probability 0, space 0, times 0 [ 1161.668347] CPU: 0 PID: 31495 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1161.676256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1161.686047] Call Trace: [ 1161.688637] dump_stack+0x1b2/0x283 [ 1161.692294] should_fail.cold+0x10a/0x154 [ 1161.696453] should_failslab+0xd6/0x130 [ 1161.700441] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1161.705118] apply_wqattrs_prepare+0xdf/0x970 [ 1161.709628] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1161.715108] apply_workqueue_attrs_locked+0x9d/0x120 [ 1161.720217] __alloc_workqueue_key+0x56a/0x1080 [ 1161.724889] ? pointer+0x9e0/0x9e0 [ 1161.728465] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1161.733487] ? ida_remove+0x210/0x210 [ 1161.737286] ? ag6xx_open+0x41/0x150 [ 1161.741004] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1161.746453] hci_register_dev+0x200/0x800 [ 1161.750627] hci_uart_tty_ioctl+0x696/0xa00 [ 1161.754949] tty_ioctl+0x5af/0x13c0 [ 1161.758575] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1161.763246] ? tty_fasync+0x2c0/0x2c0 [ 1161.767058] ? proc_fail_nth_write+0x7b/0x180 [ 1161.771548] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1161.776475] ? trace_hardirqs_on+0x10/0x10 [ 1161.780718] ? fsnotify+0x8c5/0x1140 [ 1161.784421] ? __vfs_write+0xec/0x630 [ 1161.788238] ? tty_fasync+0x2c0/0x2c0 [ 1161.792031] do_vfs_ioctl+0x75a/0xff0 [ 1161.795822] ? selinux_inode_setxattr+0x730/0x730 [ 1161.800666] ? ioctl_preallocate+0x1a0/0x1a0 [ 1161.805084] ? lock_downgrade+0x740/0x740 [ 1161.809250] ? __fget+0x225/0x360 [ 1161.812696] ? security_file_ioctl+0x83/0xb0 [ 1161.817273] SyS_ioctl+0x7f/0xb0 [ 1161.820632] ? do_vfs_ioctl+0xff0/0xff0 [ 1161.824613] do_syscall_64+0x1d5/0x640 [ 1161.828515] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1161.833706] RIP: 0033:0x45d5b9 [ 1161.836894] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1161.844595] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1161.851882] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1161.859167] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1161.866448] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e [ 1161.873707] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1162.034271] Bluetooth: Can't register HCI device 22:58:24 executing program 3 (fault-call:5 fault-nth:15): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1162.197567] FAULT_INJECTION: forcing a failure. [ 1162.197567] name failslab, interval 1, probability 0, space 0, times 0 [ 1162.236255] CPU: 0 PID: 31528 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1162.244183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1162.253558] Call Trace: [ 1162.256149] dump_stack+0x1b2/0x283 [ 1162.259798] should_fail.cold+0x10a/0x154 [ 1162.263954] should_failslab+0xd6/0x130 [ 1162.268106] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1162.272768] apply_wqattrs_prepare+0x16c/0x970 [ 1162.277342] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1162.282780] apply_workqueue_attrs_locked+0x9d/0x120 [ 1162.287871] __alloc_workqueue_key+0x56a/0x1080 [ 1162.292543] ? pointer+0x9e0/0x9e0 [ 1162.296075] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 1162.301105] ? ida_remove+0x210/0x210 [ 1162.304893] ? ag6xx_open+0x41/0x150 [ 1162.308596] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1162.314034] hci_register_dev+0x200/0x800 [ 1162.318179] hci_uart_tty_ioctl+0x696/0xa00 [ 1162.322497] tty_ioctl+0x5af/0x13c0 [ 1162.326113] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1162.330773] ? tty_fasync+0x2c0/0x2c0 [ 1162.334561] ? proc_fail_nth_write+0x7b/0x180 [ 1162.339043] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1162.343974] ? trace_hardirqs_on+0x10/0x10 [ 1162.348206] ? fsnotify+0x8c5/0x1140 [ 1162.351925] ? __vfs_write+0xec/0x630 [ 1162.355719] ? tty_fasync+0x2c0/0x2c0 [ 1162.359510] do_vfs_ioctl+0x75a/0xff0 [ 1162.363302] ? selinux_inode_setxattr+0x730/0x730 [ 1162.368137] ? ioctl_preallocate+0x1a0/0x1a0 [ 1162.372537] ? lock_downgrade+0x740/0x740 [ 1162.376678] ? __fget+0x225/0x360 [ 1162.380129] ? security_file_ioctl+0x83/0xb0 [ 1162.384531] SyS_ioctl+0x7f/0xb0 [ 1162.387900] ? do_vfs_ioctl+0xff0/0xff0 [ 1162.391869] do_syscall_64+0x1d5/0x640 [ 1162.395753] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1162.400931] RIP: 0033:0x45d5b9 [ 1162.404105] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1162.411819] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1162.419089] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1162.426361] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1162.433627] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000f [ 1162.440888] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c 22:58:24 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000380)={0x100000001, 0x4}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1162.516510] kauditd_printk_skb: 12583 callbacks suppressed [ 1162.516519] audit: type=1326 audit(1599173904.925:1259945): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:25 executing program 3 (fault-call:5 fault-nth:16): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1162.581385] audit: type=1326 audit(1599173904.935:1259946): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1162.587529] Bluetooth: Can't register HCI device [ 1162.604291] Bluetooth: hci12: Frame reassembly failed (-84) [ 1162.665844] FAULT_INJECTION: forcing a failure. [ 1162.665844] name failslab, interval 1, probability 0, space 0, times 0 [ 1162.676523] audit: type=1326 audit(1599173904.935:1259947): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1162.724577] CPU: 0 PID: 31546 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1162.732502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1162.736554] audit: type=1326 audit(1599173904.935:1259948): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1162.741858] Call Trace: [ 1162.766227] dump_stack+0x1b2/0x283 [ 1162.769855] should_fail.cold+0x10a/0x154 [ 1162.774022] should_failslab+0xd6/0x130 [ 1162.777984] kmem_cache_alloc+0x28e/0x3c0 [ 1162.782131] selinux_inode_alloc_security+0xb1/0x2a0 [ 1162.787228] security_inode_alloc+0x8d/0xd0 [ 1162.788716] audit: type=1326 audit(1599173904.935:1259949): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1162.791540] inode_init_always+0x576/0xb10 [ 1162.791551] alloc_inode+0x7a/0x170 [ 1162.791562] new_inode+0x1d/0xf0 [ 1162.824637] debugfs_get_inode+0x1a/0x130 [ 1162.828779] debugfs_create_dir+0xa6/0x460 [ 1162.833030] hci_register_dev+0x284/0x800 [ 1162.837173] hci_uart_tty_ioctl+0x696/0xa00 [ 1162.841487] tty_ioctl+0x5af/0x13c0 [ 1162.845106] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1162.849775] ? tty_fasync+0x2c0/0x2c0 [ 1162.853566] ? proc_fail_nth_write+0x7b/0x180 [ 1162.858051] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1162.862998] ? trace_hardirqs_on+0x10/0x10 [ 1162.867242] ? fsnotify+0x8c5/0x1140 [ 1162.870956] ? __vfs_write+0xec/0x630 [ 1162.874752] ? tty_fasync+0x2c0/0x2c0 [ 1162.878541] do_vfs_ioctl+0x75a/0xff0 [ 1162.882332] ? selinux_inode_setxattr+0x730/0x730 [ 1162.887165] ? ioctl_preallocate+0x1a0/0x1a0 [ 1162.891563] ? lock_downgrade+0x740/0x740 [ 1162.895720] ? __fget+0x225/0x360 [ 1162.899167] ? security_file_ioctl+0x83/0xb0 [ 1162.903599] SyS_ioctl+0x7f/0xb0 [ 1162.906956] ? do_vfs_ioctl+0xff0/0xff0 [ 1162.910922] do_syscall_64+0x1d5/0x640 [ 1162.914821] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1162.920008] RIP: 0033:0x45d5b9 [ 1162.923192] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1162.930917] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1162.938194] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1162.945456] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1162.952740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010 [ 1162.960005] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1162.976217] audit: type=1326 audit(1599173904.935:1259950): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1163.062880] audit: type=1326 audit(1599173904.935:1259951): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1163.120775] audit: type=1326 audit(1599173904.935:1259952): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1163.149088] audit: type=1326 audit(1599173904.935:1259953): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1163.176680] audit: type=1326 audit(1599173904.935:1259954): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1163.297738] Bluetooth: hci13: Frame reassembly failed (-84) 22:58:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, &(0x7f0000000140)=0x71c6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:25 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e23, 0x5, @private1, 0x2}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1164.136504] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1164.136537] Bluetooth: hci10 command 0xfc11 tx timeout [ 1164.143298] Bluetooth: hci8 command 0xfc11 tx timeout [ 1164.154428] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1164.156552] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1164.164329] Bluetooth: hci11 command 0xfc11 tx timeout [ 1164.167850] Bluetooth: hci9: Entering manufacturer mode failed (-110) 22:58:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x104, 0x2}) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x12140, 0x0) ioctl$VT_ACTIVATE(r3, 0x5606, 0x1ff) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1164.289493] Bluetooth: hci8: Frame reassembly failed (-84) [ 1164.339716] Bluetooth: hci9: Frame reassembly failed (-84) [ 1164.616464] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1164.623270] Bluetooth: hci12 command tx timeout 22:58:26 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x8, 0xffffffffffffffff, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x20, 0x0, 0x401, 0x9c9, 0xffffffff}, 0x0) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000900)=ANY=[@ANYBLOB="38010000130002002bbd7000fbdbdf252c3f04064e244e210700000000800000090000004cff00003f0000000300000000000000040000208fe74f2be964a79f997f1530e1baba7a878a14af2a5ce06143cbd1c7370ea63702d5cc01ae8008f88919a3f4f274df0f5df598bd89d348d1b51433d4b56891187636219e20ce7295c6c2151cb49df29ce31c534d86199d404c0605bdf3dbc0ebc6eecb362a89c0908a7fa1818064b09ceae6", @ANYRES32=0x0, @ANYBLOB="e700000007000000080000000200000007000100ac148c0028000100b45a633fdda03e43e81676d5b96b83c16ab510da8f4056c5867d7c2e553929a159ea3a45bb00010053c40e34eb647ab1e73c899c174259dce7428190a1d67b0c9a8adbbcad075cc19265adb220afc592922297230a2ad58369518dc8db0f07a71d3eeca3b8e2448869b0a2a0e2d948d3fb1118b971a0146e02b4d699465120f204758c0e681c2ec071a0dda4fd838ec627d86ba97a834dfb91dfab8ec20300000000000000e5e22586e5d481bd29f8bc8e94214b7095777f1bf87fe629070b26edccac93b895b704f9f32a27a004046e390fb3d6488cab297c48956300ecf9a4f0d53d7a2434c45235666f6d"], 0x138}, 0x1, 0x0, 0x0, 0x4c085}, 0x810) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x1, 0x5, 0x0, 0x3, 0x8, 0x0, 0x405, 0x0, 0x80}, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f00000003c0)={0xb0, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {}, [@HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x4}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x4004000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x2, 0x3}}, 0x20) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) 22:58:27 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f0000000000)='./file0\x00', r2, 0x0) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000100)={{{@in6=@dev={0xfe, 0x80, [], 0x13}, @in6=@rand_addr=' \x01\x00', 0x4e20, 0x0, 0x4e26, 0x0, 0xa, 0xc0, 0xa0, 0xa2, 0x0, r2}, {0xfffffffffffffffd, 0x6, 0x0, 0x4, 0x1ff, 0xa7, 0x40000004, 0x6}, {0x1, 0x6, 0x9, 0x8}, 0x8000, 0x6e6bb7, 0x2}, {{@in=@loopback, 0x4d3, 0x32}, 0xa, @in=@multicast2, 0x3502, 0x2, 0x1, 0x91, 0x0, 0x9, 0x4}}, 0xe8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000200)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:27 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x111, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0xfff, @dev={0xfe, 0x80, [], 0x15}, 0x80000001}, r6}}, 0xfffffffffffffcf0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:27 executing program 3 (fault-call:5 fault-nth:17): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1165.336513] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1165.343248] Bluetooth: hci3 command tx timeout [ 1165.347974] Bluetooth: hci13: Entering manufacturer mode failed (-110) [ 1165.454527] FAULT_INJECTION: forcing a failure. [ 1165.454527] name failslab, interval 1, probability 0, space 0, times 0 [ 1165.589313] CPU: 0 PID: 31631 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1165.597233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1165.606605] Call Trace: [ 1165.609197] dump_stack+0x1b2/0x283 [ 1165.612831] should_fail.cold+0x10a/0x154 [ 1165.616981] should_failslab+0xd6/0x130 [ 1165.620955] kmem_cache_alloc+0x28e/0x3c0 [ 1165.625107] __d_alloc+0x2a/0xa20 [ 1165.628558] ? d_lookup+0x172/0x220 [ 1165.632185] d_alloc+0x46/0x240 [ 1165.635552] __lookup_hash+0x101/0x270 [ 1165.639429] ? __inode_permission+0xcd/0x2f0 [ 1165.643864] lookup_one_len+0x279/0x3a0 [ 1165.647821] ? lookup_one_len_unlocked+0x410/0x410 [ 1165.652747] start_creating.part.0+0x62/0x150 [ 1165.657228] debugfs_create_dir+0x5c/0x460 [ 1165.661457] hci_register_dev+0x284/0x800 [ 1165.665614] hci_uart_tty_ioctl+0x696/0xa00 [ 1165.669941] tty_ioctl+0x5af/0x13c0 [ 1165.673569] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1165.678235] ? tty_fasync+0x2c0/0x2c0 [ 1165.682037] ? proc_fail_nth_write+0x7b/0x180 [ 1165.686536] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1165.691465] ? trace_hardirqs_on+0x10/0x10 [ 1165.695698] ? fsnotify+0x8c5/0x1140 [ 1165.699411] ? __vfs_write+0xec/0x630 [ 1165.703215] ? tty_fasync+0x2c0/0x2c0 [ 1165.707017] do_vfs_ioctl+0x75a/0xff0 [ 1165.710849] ? selinux_inode_setxattr+0x730/0x730 [ 1165.715687] ? ioctl_preallocate+0x1a0/0x1a0 [ 1165.720090] ? lock_downgrade+0x740/0x740 [ 1165.724243] ? __fget+0x225/0x360 [ 1165.727697] ? security_file_ioctl+0x83/0xb0 [ 1165.732211] SyS_ioctl+0x7f/0xb0 [ 1165.735577] ? do_vfs_ioctl+0xff0/0xff0 [ 1165.739555] do_syscall_64+0x1d5/0x640 [ 1165.743449] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1165.748635] RIP: 0033:0x45d5b9 [ 1165.751825] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1165.759531] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1165.766960] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1165.774252] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1165.781520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000011 [ 1165.788790] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1166.024223] Bluetooth: hci3: Frame reassembly failed (-84) [ 1166.296473] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1166.303145] Bluetooth: hci8 command tx timeout 22:58:28 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x6, {0xa, 0x4e22, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0xfffffffffffffffd}, 0x0, 0x0) [ 1166.376452] Bluetooth: hci9 command 0xfc11 tx timeout [ 1166.376504] Bluetooth: hci9: Entering manufacturer mode failed (-110) 22:58:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = accept4(0xffffffffffffffff, &(0x7f0000000100)=@l2={0x1f, 0x0, @none}, &(0x7f0000000180)=0x80, 0x80800) getsockopt$inet_udp_int(r1, 0x11, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1166.736321] Bluetooth: hci8: Frame reassembly failed (-84) [ 1166.743780] Bluetooth: hci8: Frame reassembly failed (-84) 22:58:29 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0xfffffffffffffffe) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000380), 0x1, {0xa, 0x4e20, 0x5, @private1, 0x1ff}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x800000000000000}, 0x0, 0x0) [ 1167.336981] Bluetooth: hci2 command 0x0406 tx timeout [ 1167.526442] kauditd_printk_skb: 15645 callbacks suppressed [ 1167.526451] audit: type=1326 audit(1599173909.935:1275600): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1167.554243] audit: type=1326 audit(1599173909.935:1275601): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1167.576627] audit: type=1326 audit(1599173909.935:1275602): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1167.598710] audit: type=1326 audit(1599173909.935:1275603): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1167.621555] audit: type=1326 audit(1599173909.935:1275604): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1167.643683] audit: type=1326 audit(1599173909.935:1275606): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1167.666048] audit: type=1326 audit(1599173909.935:1275607): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1167.688379] audit: type=1326 audit(1599173909.935:1275608): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1167.710660] audit: type=1326 audit(1599173909.935:1275609): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1167.732872] audit: type=1326 audit(1599173909.935:1275610): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31613 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:30 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r2, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x80, r3, 0x20, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x20, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@private2}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xff}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3f}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x24, 0x3}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x2c}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x2}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast1}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x4044}, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:30 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:30 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x40) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x5}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x400}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x8000) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1167.896282] Bluetooth: hci9: Frame reassembly failed (-84) [ 1167.902204] Bluetooth: hci10 sending frame failed (-49) 22:58:30 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) 22:58:30 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) 22:58:30 executing program 3 (fault-call:5 fault-nth:18): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1168.049067] Bluetooth: hci11: Frame reassembly failed (-84) [ 1168.056507] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1168.063318] Bluetooth: hci3 command tx timeout [ 1168.205066] FAULT_INJECTION: forcing a failure. [ 1168.205066] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.322412] CPU: 0 PID: 31703 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1168.330720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1168.340075] Call Trace: [ 1168.342668] dump_stack+0x1b2/0x283 [ 1168.346301] should_fail.cold+0x10a/0x154 [ 1168.350457] should_failslab+0xd6/0x130 [ 1168.354429] kmem_cache_alloc+0x28e/0x3c0 [ 1168.358608] alloc_inode+0xa0/0x170 [ 1168.362253] new_inode+0x1d/0xf0 [ 1168.365640] debugfs_get_inode+0x1a/0x130 [ 1168.369794] debugfs_create_dir+0xa6/0x460 [ 1168.374028] hci_register_dev+0x284/0x800 [ 1168.378177] hci_uart_tty_ioctl+0x696/0xa00 [ 1168.382508] tty_ioctl+0x5af/0x13c0 [ 1168.386134] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1168.390813] ? tty_fasync+0x2c0/0x2c0 [ 1168.394869] ? proc_fail_nth_write+0x7b/0x180 [ 1168.399358] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1168.404298] ? trace_hardirqs_on+0x10/0x10 [ 1168.408533] ? fsnotify+0x8c5/0x1140 [ 1168.412237] ? __vfs_write+0xec/0x630 [ 1168.416040] ? tty_fasync+0x2c0/0x2c0 [ 1168.419853] do_vfs_ioctl+0x75a/0xff0 [ 1168.423649] ? selinux_inode_setxattr+0x730/0x730 [ 1168.428513] ? ioctl_preallocate+0x1a0/0x1a0 [ 1168.432928] ? lock_downgrade+0x740/0x740 [ 1168.437080] ? __fget+0x225/0x360 [ 1168.440526] ? security_file_ioctl+0x83/0xb0 [ 1168.444928] SyS_ioctl+0x7f/0xb0 [ 1168.448301] ? do_vfs_ioctl+0xff0/0xff0 [ 1168.452285] do_syscall_64+0x1d5/0x640 [ 1168.456170] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1168.461353] RIP: 0033:0x45d5b9 [ 1168.464545] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1168.472249] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1168.480472] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1168.487741] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1168.495029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012 [ 1168.502310] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1168.597219] Bluetooth: hci3: Frame reassembly failed (-84) [ 1168.776428] Bluetooth: hci8 command 0xfc11 tx timeout [ 1168.781742] Bluetooth: hci8: Entering manufacturer mode failed (-110) 22:58:31 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f00000004c0)}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x30, 0x0, 0x804, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @local}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vxcan1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x44) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000100), 0x1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_open_pts(r0, 0x200000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1169.896503] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1169.903308] Bluetooth: hci9 command 0xfc11 tx timeout [ 1169.906683] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1170.056508] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1170.063708] Bluetooth: hci11 command 0xfc11 tx timeout 22:58:32 executing program 1: socket$nl_route(0x10, 0x3, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getsockopt(r5, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0xfffffffffffffcd4, 0xfa00, {0x4, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r6, &(0x7f0000000340)={0x10, 0x7b, 0xfa00, {&(0x7f0000000100), 0x8, {0xa, 0x4e24, 0x5, @private1, 0x400}, r7}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0) [ 1170.616690] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1170.623535] Bluetooth: hci3 command 0xfc11 tx timeout 22:58:33 executing program 3 (fault-call:5 fault-nth:19): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1170.849212] FAULT_INJECTION: forcing a failure. [ 1170.849212] name failslab, interval 1, probability 0, space 0, times 0 [ 1170.873044] CPU: 0 PID: 31759 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1170.880961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1170.890343] Call Trace: [ 1170.892958] dump_stack+0x1b2/0x283 [ 1170.896593] should_fail.cold+0x10a/0x154 [ 1170.900750] should_failslab+0xd6/0x130 [ 1170.904728] kmem_cache_alloc+0x28e/0x3c0 [ 1170.908879] selinux_inode_alloc_security+0xb1/0x2a0 [ 1170.913984] security_inode_alloc+0x8d/0xd0 [ 1170.918300] inode_init_always+0x576/0xb10 [ 1170.922525] alloc_inode+0x7a/0x170 [ 1170.926141] new_inode+0x1d/0xf0 [ 1170.929497] debugfs_get_inode+0x1a/0x130 [ 1170.933648] debugfs_create_dir+0xa6/0x460 [ 1170.937877] hci_register_dev+0x284/0x800 [ 1170.942019] hci_uart_tty_ioctl+0x696/0xa00 [ 1170.946333] tty_ioctl+0x5af/0x13c0 [ 1170.949952] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1170.954630] ? tty_fasync+0x2c0/0x2c0 [ 1170.958426] ? proc_fail_nth_write+0x7b/0x180 [ 1170.962947] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1170.967873] ? trace_hardirqs_on+0x10/0x10 [ 1170.974970] ? fsnotify+0x8c5/0x1140 [ 1170.978675] ? __vfs_write+0xec/0x630 [ 1170.982491] ? tty_fasync+0x2c0/0x2c0 [ 1170.986315] do_vfs_ioctl+0x75a/0xff0 [ 1170.990109] ? selinux_inode_setxattr+0x730/0x730 [ 1170.994955] ? ioctl_preallocate+0x1a0/0x1a0 [ 1170.999352] ? lock_downgrade+0x740/0x740 [ 1171.003496] ? __fget+0x225/0x360 [ 1171.006945] ? security_file_ioctl+0x83/0xb0 [ 1171.011347] SyS_ioctl+0x7f/0xb0 [ 1171.014704] ? do_vfs_ioctl+0xff0/0xff0 [ 1171.018672] do_syscall_64+0x1d5/0x640 [ 1171.022556] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1171.027735] RIP: 0033:0x45d5b9 [ 1171.030913] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1171.038637] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1171.045917] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1171.053184] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1171.060467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013 [ 1171.067744] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1171.104705] Bluetooth: hci3: Frame reassembly failed (-84) 22:58:33 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(r0, &(0x7f0000000400)={0x38, 0x1, 0x2, 0x4, 0x3, 0x1, 0x0, 0x0, 0x27}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x403, 0xffffffffffffffff}, 0x0, 0x0) 22:58:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) pselect6(0x40, &(0x7f0000000100)={0x100, 0x30000000, 0x20, 0x5, 0x200, 0x1, 0x2, 0x6928}, &(0x7f0000000140)={0x1, 0x100, 0xd8, 0x7ff, 0x80000000, 0xe172, 0x10001, 0x100}, &(0x7f0000000180)={0x3f, 0x59, 0x100, 0x1, 0xfa, 0x1, 0xfffffffffffffff8, 0x1}, &(0x7f00000001c0)={0x77359400}, &(0x7f0000000240)={&(0x7f0000000200)={[0x101]}, 0x8}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCGDEV(r2, 0x80045432, &(0x7f0000000140)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000100)={0x990, 0x400, 0xffffffff, 0x100, 0x1a, "efe980254be38feae36a84dd6def839eb455ca"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1171.566216] Bluetooth: hci9: Frame reassembly failed (-84) [ 1171.589686] Bluetooth: hci10: Frame reassembly failed (-84) [ 1171.896432] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1171.904392] Bluetooth: hci8 command 0xfc11 tx timeout 22:58:34 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1172.547242] kauditd_printk_skb: 18372 callbacks suppressed [ 1172.547250] audit: type=1326 audit(1599173914.945:1293982): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1172.656715] audit: type=1326 audit(1599173914.945:1293983): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1172.748832] audit: type=1326 audit(1599173914.945:1293984): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=16 compat=0 ip=0x45d5b9 code=0x50000 [ 1172.808774] audit: type=1326 audit(1599173914.945:1293985): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1172.830858] audit: type=1326 audit(1599173914.945:1293986): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1172.854746] audit: type=1326 audit(1599173914.945:1293987): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1172.877405] audit: type=1326 audit(1599173914.945:1293988): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1172.899977] audit: type=1326 audit(1599173914.945:1293989): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1172.922551] audit: type=1326 audit(1599173914.945:1293990): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1172.945905] audit: type=1326 audit(1599173914.945:1293991): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31727 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:35 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000380)}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x278cc1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:35 executing program 3 (fault-call:5 fault-nth:20): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1173.176407] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1173.176923] Bluetooth: hci3 command 0xfc11 tx timeout [ 1173.268063] FAULT_INJECTION: forcing a failure. [ 1173.268063] name failslab, interval 1, probability 0, space 0, times 0 [ 1173.310938] CPU: 0 PID: 31823 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1173.318860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1173.328212] Call Trace: [ 1173.330806] dump_stack+0x1b2/0x283 [ 1173.334440] should_fail.cold+0x10a/0x154 [ 1173.338594] should_failslab+0xd6/0x130 [ 1173.342569] __kmalloc_track_caller+0x2bc/0x400 [ 1173.347242] ? kstrdup_const+0x35/0x60 [ 1173.351130] ? ___preempt_schedule+0x16/0x18 [ 1173.355577] kstrdup+0x36/0x70 [ 1173.358796] kstrdup_const+0x35/0x60 [ 1173.362574] __kernfs_new_node+0x2e/0x470 [ 1173.366750] kernfs_create_dir_ns+0x8c/0x200 [ 1173.371168] sysfs_create_dir_ns+0xb7/0x1d0 [ 1173.375496] kobject_add_internal+0x279/0x810 [ 1173.380025] kobject_add+0x11f/0x180 [ 1173.383764] ? kset_create_and_add+0x190/0x190 [ 1173.389130] device_add+0x32c/0x1510 [ 1173.392859] ? device_is_dependent+0x270/0x270 [ 1173.397448] hci_register_dev+0x2d3/0x800 [ 1173.401631] hci_uart_tty_ioctl+0x696/0xa00 [ 1173.406070] tty_ioctl+0x5af/0x13c0 [ 1173.410658] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1173.415353] ? tty_fasync+0x2c0/0x2c0 [ 1173.419159] ? proc_fail_nth_write+0x7b/0x180 [ 1173.423655] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1173.428588] ? trace_hardirqs_on+0x10/0x10 [ 1173.432823] ? fsnotify+0x8c5/0x1140 [ 1173.436530] ? __vfs_write+0xec/0x630 [ 1173.440372] ? tty_fasync+0x2c0/0x2c0 [ 1173.444174] do_vfs_ioctl+0x75a/0xff0 [ 1173.447976] ? selinux_inode_setxattr+0x730/0x730 [ 1173.452823] ? ioctl_preallocate+0x1a0/0x1a0 [ 1173.457230] ? lock_downgrade+0x740/0x740 [ 1173.461389] ? __fget+0x225/0x360 [ 1173.464873] ? security_file_ioctl+0x83/0xb0 [ 1173.469282] SyS_ioctl+0x7f/0xb0 [ 1173.472645] ? do_vfs_ioctl+0xff0/0xff0 [ 1173.476646] do_syscall_64+0x1d5/0x640 [ 1173.480536] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1173.485735] RIP: 0033:0x45d5b9 [ 1173.488913] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1173.496633] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1173.503893] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1173.511158] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1173.518420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 1173.525687] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1173.547759] kobject_add_internal failed for hci3 (error: -12 parent: bluetooth) 22:58:36 executing program 3 (fault-call:5 fault-nth:21): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1173.568181] Bluetooth: Can't register HCI device [ 1173.576439] Bluetooth: hci9 command 0xfc11 tx timeout [ 1173.581793] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1173.656431] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1173.680627] FAULT_INJECTION: forcing a failure. [ 1173.680627] name failslab, interval 1, probability 0, space 0, times 0 [ 1173.732126] CPU: 0 PID: 31832 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1173.740046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1173.749418] Call Trace: [ 1173.752012] dump_stack+0x1b2/0x283 [ 1173.755686] should_fail.cold+0x10a/0x154 [ 1173.759844] should_failslab+0xd6/0x130 [ 1173.763861] kmem_cache_alloc+0x28e/0x3c0 [ 1173.768015] __kernfs_new_node+0x6f/0x470 [ 1173.772171] kernfs_new_node+0x7b/0xe0 [ 1173.776064] __kernfs_create_file+0x3d/0x320 [ 1173.780471] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1173.785190] device_create_file+0xc8/0x100 [ 1173.789489] ? acpi_platform_notify_remove+0x1f0/0x1f0 [ 1173.794770] device_add+0x367/0x1510 [ 1173.798493] ? device_is_dependent+0x270/0x270 [ 1173.803077] ? start_creating.part.0+0xf2/0x150 [ 1173.807753] hci_register_dev+0x2d3/0x800 [ 1173.811911] hci_uart_tty_ioctl+0x696/0xa00 [ 1173.816240] tty_ioctl+0x5af/0x13c0 [ 1173.819867] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1173.824529] ? tty_fasync+0x2c0/0x2c0 [ 1173.828321] ? proc_fail_nth_write+0x7b/0x180 [ 1173.832806] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1173.837740] ? trace_hardirqs_on+0x10/0x10 [ 1173.841968] ? fsnotify+0x8c5/0x1140 [ 1173.845669] ? __vfs_write+0xec/0x630 [ 1173.849467] ? tty_fasync+0x2c0/0x2c0 [ 1173.853260] do_vfs_ioctl+0x75a/0xff0 [ 1173.857053] ? selinux_inode_setxattr+0x730/0x730 [ 1173.861913] ? ioctl_preallocate+0x1a0/0x1a0 [ 1173.866317] ? lock_downgrade+0x740/0x740 [ 1173.870463] ? __fget+0x225/0x360 [ 1173.873911] ? security_file_ioctl+0x83/0xb0 [ 1173.878310] SyS_ioctl+0x7f/0xb0 [ 1173.881685] ? do_vfs_ioctl+0xff0/0xff0 [ 1173.885656] do_syscall_64+0x1d5/0x640 [ 1173.890154] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1173.895362] RIP: 0033:0x45d5b9 [ 1173.899497] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1173.907195] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1173.914475] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1173.921735] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 22:58:36 executing program 3 (fault-call:5 fault-nth:22): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:58:36 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(r0, &(0x7f0000000380)={0x38, 0x5, 0x59, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffff8}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1173.928999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 1173.936266] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1173.959892] Bluetooth: Can't register HCI device [ 1174.018057] FAULT_INJECTION: forcing a failure. [ 1174.018057] name failslab, interval 1, probability 0, space 0, times 0 [ 1174.041898] CPU: 0 PID: 31846 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1174.050783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1174.060168] Call Trace: [ 1174.062760] dump_stack+0x1b2/0x283 [ 1174.066417] should_fail.cold+0x10a/0x154 [ 1174.070596] should_failslab+0xd6/0x130 [ 1174.074584] kmem_cache_alloc+0x28e/0x3c0 [ 1174.078731] __kernfs_new_node+0x6f/0x470 [ 1174.082881] kernfs_new_node+0x7b/0xe0 [ 1174.086770] kernfs_create_link+0x27/0x155 [ 1174.091004] sysfs_do_create_link_sd+0x90/0x120 [ 1174.095672] sysfs_create_link+0x5f/0xc0 [ 1174.099730] device_add+0x6df/0x1510 [ 1174.103451] ? device_is_dependent+0x270/0x270 [ 1174.108031] ? start_creating.part.0+0xf2/0x150 [ 1174.112705] hci_register_dev+0x2d3/0x800 [ 1174.116858] hci_uart_tty_ioctl+0x696/0xa00 [ 1174.121211] tty_ioctl+0x5af/0x13c0 [ 1174.124844] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1174.129524] ? tty_fasync+0x2c0/0x2c0 [ 1174.133321] ? proc_fail_nth_write+0x7b/0x180 [ 1174.137813] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1174.142744] ? trace_hardirqs_on+0x10/0x10 [ 1174.146982] ? fsnotify+0x8c5/0x1140 [ 1174.150695] ? __vfs_write+0xec/0x630 [ 1174.154510] ? tty_fasync+0x2c0/0x2c0 [ 1174.158312] do_vfs_ioctl+0x75a/0xff0 [ 1174.162112] ? selinux_inode_setxattr+0x730/0x730 [ 1174.166958] ? ioctl_preallocate+0x1a0/0x1a0 [ 1174.171371] ? lock_downgrade+0x740/0x740 [ 1174.175521] ? __fget+0x225/0x360 [ 1174.178978] ? security_file_ioctl+0x83/0xb0 [ 1174.183406] SyS_ioctl+0x7f/0xb0 [ 1174.186798] ? do_vfs_ioctl+0xff0/0xff0 [ 1174.190770] do_syscall_64+0x1d5/0x640 [ 1174.194669] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1174.199857] RIP: 0033:0x45d5b9 [ 1174.203042] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1174.210751] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1174.218014] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1174.225284] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1174.232555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 [ 1174.239825] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1174.278332] Bluetooth: Can't register HCI device 22:58:36 executing program 3 (fault-call:5 fault-nth:23): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:58:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000100)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = socket(0x27, 0x80000, 0x80) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req={0x2, 0x5, 0xff, 0x8001}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000180)=0x3ff) 22:58:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1174.680197] FAULT_INJECTION: forcing a failure. [ 1174.680197] name failslab, interval 1, probability 0, space 0, times 0 [ 1174.744898] CPU: 1 PID: 31860 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1174.752835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1174.762215] Call Trace: [ 1174.764807] dump_stack+0x1b2/0x283 [ 1174.768439] should_fail.cold+0x10a/0x154 [ 1174.772602] should_failslab+0xd6/0x130 [ 1174.776581] __kmalloc_track_caller+0x2bc/0x400 [ 1174.781251] ? kstrdup_const+0x35/0x60 [ 1174.785152] kstrdup+0x36/0x70 [ 1174.788351] kstrdup_const+0x35/0x60 [ 1174.792073] __kernfs_new_node+0x2e/0x470 [ 1174.796225] kernfs_new_node+0x7b/0xe0 [ 1174.800119] kernfs_create_link+0x27/0x155 [ 1174.804365] sysfs_do_create_link_sd+0x90/0x120 [ 1174.809055] sysfs_create_link+0x5f/0xc0 [ 1174.813120] device_add+0x6df/0x1510 [ 1174.816844] ? device_is_dependent+0x270/0x270 [ 1174.821430] ? start_creating.part.0+0xf2/0x150 [ 1174.826104] hci_register_dev+0x2d3/0x800 [ 1174.830263] hci_uart_tty_ioctl+0x696/0xa00 [ 1174.834623] tty_ioctl+0x5af/0x13c0 [ 1174.838255] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1174.842927] ? tty_fasync+0x2c0/0x2c0 [ 1174.846726] ? proc_fail_nth_write+0x7b/0x180 [ 1174.851209] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1174.856130] ? trace_hardirqs_on+0x10/0x10 [ 1174.860360] ? fsnotify+0x8c5/0x1140 [ 1174.864060] ? __vfs_write+0xec/0x630 [ 1174.867855] ? tty_fasync+0x2c0/0x2c0 [ 1174.871747] do_vfs_ioctl+0x75a/0xff0 [ 1174.875538] ? selinux_inode_setxattr+0x730/0x730 [ 1174.880368] ? ioctl_preallocate+0x1a0/0x1a0 [ 1174.884763] ? lock_downgrade+0x740/0x740 [ 1174.888905] ? __fget+0x225/0x360 [ 1174.892350] ? security_file_ioctl+0x83/0xb0 [ 1174.896769] SyS_ioctl+0x7f/0xb0 [ 1174.900126] ? do_vfs_ioctl+0xff0/0xff0 [ 1174.904108] do_syscall_64+0x1d5/0x640 [ 1174.907990] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1174.913186] RIP: 0033:0x45d5b9 [ 1174.916361] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1174.924062] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1174.931336] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1174.938611] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1174.945882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 1174.953157] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c 22:58:37 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000240)=0x14) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETGAMMA(r1, 0xc02064a5, &(0x7f0000000200)={0x1, 0x7, &(0x7f0000000280)=[0x6, 0x461, 0xe1, 0x6, 0x7, 0x4d58, 0x2], &(0x7f0000000180)=[0x0, 0xb2ce, 0xffff], &(0x7f00000001c0)=[0x2, 0x5, 0x2, 0x8, 0x1, 0x2, 0xf5ac, 0x3ff, 0x2]}) 22:58:37 executing program 1: socket$nl_route(0x10, 0x3, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getsockopt(r5, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x80000000}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r6, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r7}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1175.135001] Bluetooth: hci9: Frame reassembly failed (-84) [ 1175.187798] Bluetooth: hci10: Frame reassembly failed (-84) [ 1175.293966] Bluetooth: Can't register HCI device 22:58:37 executing program 3 (fault-call:5 fault-nth:24): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1175.435266] FAULT_INJECTION: forcing a failure. [ 1175.435266] name failslab, interval 1, probability 0, space 0, times 0 [ 1175.462363] CPU: 0 PID: 31904 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1175.470268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1175.479618] Call Trace: [ 1175.482211] dump_stack+0x1b2/0x283 [ 1175.485841] should_fail.cold+0x10a/0x154 [ 1175.489995] should_failslab+0xd6/0x130 [ 1175.493969] kmem_cache_alloc+0x28e/0x3c0 [ 1175.498118] __kernfs_new_node+0x6f/0x470 [ 1175.502285] kernfs_new_node+0x7b/0xe0 [ 1175.506175] kernfs_create_link+0x27/0x155 [ 1175.510453] sysfs_do_create_link_sd+0x90/0x120 [ 1175.515103] sysfs_create_link+0x5f/0xc0 [ 1175.519156] device_add+0x6df/0x1510 [ 1175.522874] ? device_is_dependent+0x270/0x270 [ 1175.527452] ? start_creating.part.0+0xf2/0x150 [ 1175.532122] hci_register_dev+0x2d3/0x800 [ 1175.536278] hci_uart_tty_ioctl+0x696/0xa00 [ 1175.540595] tty_ioctl+0x5af/0x13c0 [ 1175.544213] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1175.548899] ? tty_fasync+0x2c0/0x2c0 [ 1175.552698] ? proc_fail_nth_write+0x7b/0x180 [ 1175.557196] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1175.562126] ? trace_hardirqs_on+0x10/0x10 [ 1175.566362] ? fsnotify+0x8c5/0x1140 [ 1175.570073] ? __vfs_write+0xec/0x630 [ 1175.573874] ? tty_fasync+0x2c0/0x2c0 [ 1175.577677] do_vfs_ioctl+0x75a/0xff0 [ 1175.581502] ? selinux_inode_setxattr+0x730/0x730 [ 1175.586339] ? ioctl_preallocate+0x1a0/0x1a0 [ 1175.590747] ? lock_downgrade+0x740/0x740 [ 1175.594899] ? __fget+0x225/0x360 [ 1175.598357] ? security_file_ioctl+0x83/0xb0 [ 1175.602764] SyS_ioctl+0x7f/0xb0 [ 1175.606125] ? do_vfs_ioctl+0xff0/0xff0 [ 1175.610099] do_syscall_64+0x1d5/0x640 [ 1175.613991] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1175.619180] RIP: 0033:0x45d5b9 [ 1175.622364] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1175.630065] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1175.637330] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1175.644592] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1175.651854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000018 [ 1175.659119] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1175.775306] Bluetooth: Can't register HCI device 22:58:38 executing program 3 (fault-call:5 fault-nth:25): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1175.870638] FAULT_INJECTION: forcing a failure. [ 1175.870638] name failslab, interval 1, probability 0, space 0, times 0 [ 1175.900878] CPU: 1 PID: 31910 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1175.908792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1175.918704] Call Trace: [ 1175.921296] dump_stack+0x1b2/0x283 [ 1175.924931] should_fail.cold+0x10a/0x154 [ 1175.929083] should_failslab+0xd6/0x130 [ 1175.933077] kmem_cache_alloc+0x28e/0x3c0 [ 1175.937231] __kernfs_new_node+0x6f/0x470 [ 1175.941423] kernfs_create_dir_ns+0x8c/0x200 [ 1175.945814] internal_create_group+0xe9/0x710 [ 1175.950320] ? kernfs_put+0x13/0x30 [ 1175.954009] dpm_sysfs_add+0x21/0x1c0 [ 1175.957806] device_add+0x90d/0x1510 [ 1175.961511] ? device_is_dependent+0x270/0x270 [ 1175.966090] ? start_creating.part.0+0xf2/0x150 [ 1175.970782] hci_register_dev+0x2d3/0x800 [ 1175.974933] hci_uart_tty_ioctl+0x696/0xa00 [ 1175.979258] tty_ioctl+0x5af/0x13c0 [ 1175.982884] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1175.987563] ? tty_fasync+0x2c0/0x2c0 [ 1175.991362] ? proc_fail_nth_write+0x7b/0x180 [ 1175.995854] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1176.000781] ? trace_hardirqs_on+0x10/0x10 [ 1176.005013] ? fsnotify+0x8c5/0x1140 [ 1176.008722] ? __vfs_write+0xec/0x630 [ 1176.012530] ? tty_fasync+0x2c0/0x2c0 [ 1176.016331] do_vfs_ioctl+0x75a/0xff0 [ 1176.020130] ? selinux_inode_setxattr+0x730/0x730 [ 1176.024972] ? ioctl_preallocate+0x1a0/0x1a0 [ 1176.029382] ? lock_downgrade+0x740/0x740 [ 1176.033535] ? __fget+0x225/0x360 [ 1176.036990] ? security_file_ioctl+0x83/0xb0 [ 1176.041403] SyS_ioctl+0x7f/0xb0 [ 1176.044764] ? do_vfs_ioctl+0xff0/0xff0 [ 1176.048738] do_syscall_64+0x1d5/0x640 [ 1176.052627] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1176.057810] RIP: 0033:0x45d5b9 [ 1176.061019] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1176.068723] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1176.075986] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1176.083252] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1176.090524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000019 [ 1176.097788] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c 22:58:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(0xffffffffffffffff, 0xc0045004, &(0x7f0000000100)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:38 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x80}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000380)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1176.284172] Bluetooth: hci11: Frame reassembly failed (-84) [ 1176.290568] Bluetooth: hci11: Frame reassembly failed (-84) [ 1176.428967] Bluetooth: Can't register HCI device 22:58:38 executing program 3 (fault-call:5 fault-nth:26): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1176.556728] FAULT_INJECTION: forcing a failure. [ 1176.556728] name failslab, interval 1, probability 0, space 0, times 0 [ 1176.675918] CPU: 0 PID: 31935 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1176.683843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1176.693193] Call Trace: [ 1176.695783] dump_stack+0x1b2/0x283 [ 1176.699417] should_fail.cold+0x10a/0x154 [ 1176.703603] should_failslab+0xd6/0x130 [ 1176.707611] kmem_cache_alloc+0x28e/0x3c0 [ 1176.712541] __kernfs_new_node+0x6f/0x470 [ 1176.716690] kernfs_new_node+0x7b/0xe0 [ 1176.720607] __kernfs_create_file+0x3d/0x320 [ 1176.725014] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1176.729720] sysfs_merge_group+0xdc/0x200 [ 1176.733869] dpm_sysfs_add+0x122/0x1c0 [ 1176.737753] device_add+0x90d/0x1510 [ 1176.741467] ? device_is_dependent+0x270/0x270 [ 1176.746046] ? start_creating.part.0+0xf2/0x150 [ 1176.750719] hci_register_dev+0x2d3/0x800 [ 1176.754898] hci_uart_tty_ioctl+0x696/0xa00 [ 1176.759224] tty_ioctl+0x5af/0x13c0 [ 1176.762850] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1176.767515] ? tty_fasync+0x2c0/0x2c0 [ 1176.771323] ? proc_fail_nth_write+0x7b/0x180 [ 1176.775817] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1176.780746] ? trace_hardirqs_on+0x10/0x10 [ 1176.785002] ? fsnotify+0x8c5/0x1140 [ 1176.788731] ? __vfs_write+0xec/0x630 [ 1176.792546] ? tty_fasync+0x2c0/0x2c0 [ 1176.796368] do_vfs_ioctl+0x75a/0xff0 [ 1176.800164] ? selinux_inode_setxattr+0x730/0x730 [ 1176.805004] ? ioctl_preallocate+0x1a0/0x1a0 [ 1176.809420] ? lock_downgrade+0x740/0x740 [ 1176.813570] ? __fget+0x225/0x360 [ 1176.817027] ? security_file_ioctl+0x83/0xb0 [ 1176.821435] SyS_ioctl+0x7f/0xb0 [ 1176.824797] ? do_vfs_ioctl+0xff0/0xff0 [ 1176.829752] do_syscall_64+0x1d5/0x640 [ 1176.833681] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1176.838867] RIP: 0033:0x45d5b9 [ 1176.842048] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1176.849755] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1176.857994] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1176.865255] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 22:58:39 executing program 3 (fault-call:5 fault-nth:27): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1176.872523] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a [ 1176.880482] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1176.904673] Bluetooth: Can't register HCI device [ 1176.995181] FAULT_INJECTION: forcing a failure. [ 1176.995181] name failslab, interval 1, probability 0, space 0, times 0 [ 1177.009537] CPU: 0 PID: 31941 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1177.017436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1177.026793] Call Trace: [ 1177.029413] dump_stack+0x1b2/0x283 [ 1177.033041] should_fail.cold+0x10a/0x154 [ 1177.037187] should_failslab+0xd6/0x130 [ 1177.041184] kmem_cache_alloc+0x28e/0x3c0 [ 1177.045338] __kernfs_new_node+0x6f/0x470 [ 1177.049522] kernfs_new_node+0x7b/0xe0 [ 1177.053411] __kernfs_create_file+0x3d/0x320 [ 1177.057822] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1177.062493] sysfs_merge_group+0xdc/0x200 [ 1177.066654] dpm_sysfs_add+0x122/0x1c0 [ 1177.070555] device_add+0x90d/0x1510 [ 1177.074266] ? device_is_dependent+0x270/0x270 [ 1177.078866] ? start_creating.part.0+0xf2/0x150 [ 1177.083539] hci_register_dev+0x2d3/0x800 [ 1177.087716] hci_uart_tty_ioctl+0x696/0xa00 [ 1177.092056] tty_ioctl+0x5af/0x13c0 [ 1177.095698] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1177.096403] Bluetooth: hci8 command 0xfc11 tx timeout [ 1177.100377] ? tty_fasync+0x2c0/0x2c0 [ 1177.105596] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1177.109342] ? proc_fail_nth_write+0x7b/0x180 [ 1177.109351] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1177.109363] ? trace_hardirqs_on+0x10/0x10 [ 1177.109375] ? fsnotify+0x8c5/0x1140 [ 1177.109383] ? __vfs_write+0xec/0x630 [ 1177.109398] ? tty_fasync+0x2c0/0x2c0 [ 1177.109409] do_vfs_ioctl+0x75a/0xff0 [ 1177.109421] ? selinux_inode_setxattr+0x730/0x730 [ 1177.109431] ? ioctl_preallocate+0x1a0/0x1a0 [ 1177.109440] ? lock_downgrade+0x740/0x740 [ 1177.109454] ? __fget+0x225/0x360 [ 1177.109468] ? security_file_ioctl+0x83/0xb0 [ 1177.109479] SyS_ioctl+0x7f/0xb0 [ 1177.169220] ? do_vfs_ioctl+0xff0/0xff0 [ 1177.173202] do_syscall_64+0x1d5/0x640 [ 1177.176506] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1177.177094] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1177.188851] RIP: 0033:0x45d5b9 [ 1177.192037] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1177.199774] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1177.207063] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1177.214335] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1177.221606] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001b [ 1177.228873] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c 22:58:39 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000380)={0xfb, 0x801}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x5, 0x10000071, 0x0, 0x5, 0x8, 0x7, 0x0, 0xffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3a3, 0x100000, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x1fffc, 0xfffffffffffffffc}, 0x0, 0x0) [ 1177.256521] Bluetooth: hci10 command 0xfc11 tx timeout [ 1177.261932] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1177.311394] Bluetooth: Can't register HCI device 22:58:39 executing program 3 (fault-call:5 fault-nth:28): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1177.381986] FAULT_INJECTION: forcing a failure. [ 1177.381986] name failslab, interval 1, probability 0, space 0, times 0 [ 1177.399459] CPU: 0 PID: 31963 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1177.407390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1177.416741] Call Trace: [ 1177.419357] dump_stack+0x1b2/0x283 [ 1177.423009] should_fail.cold+0x10a/0x154 [ 1177.427163] should_failslab+0xd6/0x130 [ 1177.431135] kmem_cache_alloc+0x28e/0x3c0 [ 1177.436230] __kernfs_new_node+0x6f/0x470 [ 1177.440382] kernfs_new_node+0x7b/0xe0 [ 1177.444274] __kernfs_create_file+0x3d/0x320 [ 1177.448689] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1177.453383] sysfs_merge_group+0xdc/0x200 [ 1177.457559] dpm_sysfs_add+0x122/0x1c0 [ 1177.461446] device_add+0x90d/0x1510 [ 1177.465158] ? device_is_dependent+0x270/0x270 [ 1177.469750] ? start_creating.part.0+0xf2/0x150 [ 1177.474423] hci_register_dev+0x2d3/0x800 [ 1177.478568] hci_uart_tty_ioctl+0x696/0xa00 [ 1177.482883] tty_ioctl+0x5af/0x13c0 [ 1177.486506] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1177.491166] ? tty_fasync+0x2c0/0x2c0 [ 1177.494957] ? proc_fail_nth_write+0x7b/0x180 [ 1177.499468] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1177.504406] ? trace_hardirqs_on+0x10/0x10 [ 1177.509326] ? fsnotify+0x8c5/0x1140 [ 1177.513026] ? __vfs_write+0xec/0x630 [ 1177.516825] ? tty_fasync+0x2c0/0x2c0 [ 1177.520642] do_vfs_ioctl+0x75a/0xff0 [ 1177.524452] ? selinux_inode_setxattr+0x730/0x730 [ 1177.529302] ? ioctl_preallocate+0x1a0/0x1a0 [ 1177.533713] ? lock_downgrade+0x740/0x740 [ 1177.537856] ? __fget+0x225/0x360 [ 1177.541304] ? security_file_ioctl+0x83/0xb0 [ 1177.545705] SyS_ioctl+0x7f/0xb0 [ 1177.549063] ? do_vfs_ioctl+0xff0/0xff0 [ 1177.553028] do_syscall_64+0x1d5/0x640 [ 1177.556930] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1177.562107] RIP: 0033:0x45d5b9 [ 1177.565281] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1177.573001] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1177.580259] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1177.587521] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1177.594780] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001c [ 1177.602063] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1177.609770] kauditd_printk_skb: 12087 callbacks suppressed [ 1177.609777] audit: type=1326 audit(1599173919.815:1306079): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.638885] audit: type=1326 audit(1599173919.815:1306080): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.661608] audit: type=1326 audit(1599173919.815:1306081): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.684028] audit: type=1326 audit(1599173919.815:1306082): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.706505] audit: type=1326 audit(1599173919.815:1306083): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.729312] audit: type=1326 audit(1599173919.815:1306084): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.752150] audit: type=1326 audit(1599173919.815:1306085): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.760103] Bluetooth: Can't register HCI device [ 1177.782924] audit: type=1326 audit(1599173919.815:1306086): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.806617] audit: type=1326 audit(1599173919.815:1306087): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1177.840856] audit: type=1326 audit(1599173919.815:1306088): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=31920 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:40 executing program 3 (fault-call:5 fault-nth:29): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:58:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1178.009389] FAULT_INJECTION: forcing a failure. [ 1178.009389] name failslab, interval 1, probability 0, space 0, times 0 [ 1178.026153] CPU: 0 PID: 31979 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1178.034077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1178.043424] Call Trace: [ 1178.046014] dump_stack+0x1b2/0x283 [ 1178.049649] should_fail.cold+0x10a/0x154 [ 1178.053807] should_failslab+0xd6/0x130 [ 1178.057784] __kmalloc_track_caller+0x2bc/0x400 [ 1178.062449] ? kstrdup_const+0x35/0x60 [ 1178.066338] kstrdup+0x36/0x70 [ 1178.069532] kstrdup_const+0x35/0x60 [ 1178.073249] __kernfs_new_node+0x2e/0x470 [ 1178.077404] kernfs_new_node+0x7b/0xe0 [ 1178.081292] kernfs_create_link+0x27/0x155 [ 1178.085530] sysfs_do_create_link_sd+0x90/0x120 [ 1178.090205] sysfs_create_link+0x5f/0xc0 [ 1178.094266] device_add+0x6df/0x1510 [ 1178.097987] ? device_is_dependent+0x270/0x270 [ 1178.102575] hci_register_dev+0x2d3/0x800 [ 1178.106728] hci_uart_tty_ioctl+0x696/0xa00 [ 1178.111052] tty_ioctl+0x5af/0x13c0 [ 1178.114674] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1178.119338] ? tty_fasync+0x2c0/0x2c0 [ 1178.123134] ? proc_fail_nth_write+0x7b/0x180 [ 1178.127627] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1178.132556] ? trace_hardirqs_on+0x10/0x10 [ 1178.136790] ? fsnotify+0x8c5/0x1140 [ 1178.140494] ? __vfs_write+0xec/0x630 [ 1178.144296] ? tty_fasync+0x2c0/0x2c0 [ 1178.148095] do_vfs_ioctl+0x75a/0xff0 [ 1178.151892] ? selinux_inode_setxattr+0x730/0x730 [ 1178.156733] ? ioctl_preallocate+0x1a0/0x1a0 [ 1178.161135] ? lock_downgrade+0x740/0x740 [ 1178.165285] ? __fget+0x225/0x360 [ 1178.168736] ? security_file_ioctl+0x83/0xb0 [ 1178.173142] SyS_ioctl+0x7f/0xb0 [ 1178.176504] ? do_vfs_ioctl+0xff0/0xff0 [ 1178.180477] do_syscall_64+0x1d5/0x640 [ 1178.184365] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1178.189559] RIP: 0033:0x45d5b9 [ 1178.192753] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1178.200457] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 22:58:40 executing program 4: ioctl$PPPIOCSMRU1(0xffffffffffffffff, 0x40047452, &(0x7f0000000100)=0x3f) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) recvfrom$netrom(0xffffffffffffffff, &(0x7f0000000180)=""/103, 0x67, 0x40, 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$MEDIA_REQUEST_IOC_QUEUE(0xffffffffffffffff, 0x7c80, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x2, 0x0, 0x0, 0x400}, {0x7, 0x3f, 0x6, 0xffffff7f}]}) [ 1178.207721] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1178.215769] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1178.223031] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001d [ 1178.232140] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1178.253138] Bluetooth: Can't register HCI device 22:58:40 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x18) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000200)=@v2={0x2000000, [{0x100, 0x3800000}, {0x4, 0x4}]}, 0x14, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x200, 0x0) ioctl$KIOCSOUND(r1, 0x4b2f, 0x4) 22:58:40 executing program 3 (fault-call:5 fault-nth:30): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1178.296504] Bluetooth: hci11 command 0xfc11 tx timeout [ 1178.301946] Bluetooth: hci11: Entering manufacturer mode failed (-110) 22:58:40 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x600000, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x20000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f00000001c0)={0x1, &(0x7f0000000080)=[{0x6, 0x9, 0x0, 0x50000}]}) [ 1178.363021] FAULT_INJECTION: forcing a failure. [ 1178.363021] name failslab, interval 1, probability 0, space 0, times 0 [ 1178.400665] CPU: 0 PID: 31997 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1178.408575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1178.417922] Call Trace: [ 1178.420515] dump_stack+0x1b2/0x283 [ 1178.424149] should_fail.cold+0x10a/0x154 [ 1178.428302] should_failslab+0xd6/0x130 [ 1178.432274] kmem_cache_alloc+0x28e/0x3c0 [ 1178.436424] __kernfs_new_node+0x6f/0x470 [ 1178.440574] kernfs_new_node+0x7b/0xe0 [ 1178.444488] __kernfs_create_file+0x3d/0x320 [ 1178.449593] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1178.454293] sysfs_merge_group+0xdc/0x200 [ 1178.458448] dpm_sysfs_add+0x122/0x1c0 [ 1178.462337] device_add+0x90d/0x1510 [ 1178.466051] ? device_is_dependent+0x270/0x270 [ 1178.470636] ? start_creating.part.0+0xf2/0x150 [ 1178.475348] hci_register_dev+0x2d3/0x800 [ 1178.479504] hci_uart_tty_ioctl+0x696/0xa00 [ 1178.483833] tty_ioctl+0x5af/0x13c0 [ 1178.487461] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1178.492155] ? tty_fasync+0x2c0/0x2c0 [ 1178.495985] ? proc_fail_nth_write+0x7b/0x180 [ 1178.500487] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1178.505424] ? trace_hardirqs_on+0x10/0x10 [ 1178.509664] ? fsnotify+0x8c5/0x1140 [ 1178.513387] ? __vfs_write+0xec/0x630 [ 1178.517192] ? tty_fasync+0x2c0/0x2c0 [ 1178.520995] do_vfs_ioctl+0x75a/0xff0 [ 1178.524798] ? selinux_inode_setxattr+0x730/0x730 [ 1178.529649] ? ioctl_preallocate+0x1a0/0x1a0 [ 1178.534046] ? lock_downgrade+0x740/0x740 [ 1178.538187] ? __fget+0x225/0x360 [ 1178.542586] ? security_file_ioctl+0x83/0xb0 [ 1178.546983] SyS_ioctl+0x7f/0xb0 [ 1178.550338] ? do_vfs_ioctl+0xff0/0xff0 [ 1178.554309] do_syscall_64+0x1d5/0x640 [ 1178.558192] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1178.563367] RIP: 0033:0x45d5b9 [ 1178.566543] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1178.574256] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1178.581514] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1178.588770] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1178.596996] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e [ 1178.604289] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c [ 1178.671817] Bluetooth: Can't register HCI device [ 1179.442413] FAULT_INJECTION: forcing a failure. [ 1179.442413] name failslab, interval 1, probability 0, space 0, times 0 [ 1179.451557] Bluetooth: hci8: Frame reassembly failed (-84) [ 1179.487683] CPU: 1 PID: 32021 Comm: syz-executor.3 Not tainted 4.14.196-syzkaller #0 [ 1179.495576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1179.504922] Call Trace: [ 1179.507501] dump_stack+0x1b2/0x283 [ 1179.511129] should_fail.cold+0x10a/0x154 [ 1179.515800] should_failslab+0xd6/0x130 [ 1179.519793] kmem_cache_alloc+0x28e/0x3c0 [ 1179.523942] __kernfs_new_node+0x6f/0x470 [ 1179.528091] kernfs_new_node+0x7b/0xe0 [ 1179.531976] __kernfs_create_file+0x3d/0x320 [ 1179.536398] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1179.541060] sysfs_merge_group+0xdc/0x200 [ 1179.545400] dpm_sysfs_add+0x122/0x1c0 [ 1179.549284] device_add+0x90d/0x1510 [ 1179.552997] ? device_is_dependent+0x270/0x270 [ 1179.562183] hci_register_dev+0x2d3/0x800 [ 1179.566332] hci_uart_tty_ioctl+0x696/0xa00 [ 1179.570657] tty_ioctl+0x5af/0x13c0 [ 1179.574281] ? hci_uart_tty_receive+0x4c0/0x4c0 [ 1179.578944] ? tty_fasync+0x2c0/0x2c0 [ 1179.582741] ? proc_fail_nth_write+0x7b/0x180 [ 1179.587233] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1179.592163] ? trace_hardirqs_on+0x10/0x10 [ 1179.600135] ? fsnotify+0x8c5/0x1140 [ 1179.603849] ? __vfs_write+0xec/0x630 [ 1179.607664] ? tty_fasync+0x2c0/0x2c0 [ 1179.611487] do_vfs_ioctl+0x75a/0xff0 [ 1179.615286] ? selinux_inode_setxattr+0x730/0x730 [ 1179.620128] ? ioctl_preallocate+0x1a0/0x1a0 [ 1179.624542] ? lock_downgrade+0x740/0x740 [ 1179.628683] ? __fget+0x225/0x360 [ 1179.632138] ? security_file_ioctl+0x83/0xb0 [ 1179.636543] SyS_ioctl+0x7f/0xb0 [ 1179.639898] ? do_vfs_ioctl+0xff0/0xff0 [ 1179.643894] do_syscall_64+0x1d5/0x640 [ 1179.647781] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1179.652962] RIP: 0033:0x45d5b9 [ 1179.656150] RSP: 002b:00007f63819cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1179.663868] RAX: ffffffffffffffda RBX: 0000000000010280 RCX: 000000000045d5b9 [ 1179.671131] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000005 [ 1179.678402] RBP: 00007f63819cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1179.685668] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001f [ 1179.692930] R13: 00007ffc2f236b8f R14: 00007f63819cc9c0 R15: 000000000118cf4c 22:58:41 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x50000}]}) 22:58:41 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:41 executing program 3 (fault-call:5 fault-nth:31): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1180.056403] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1180.056414] Bluetooth: hci3 command 0xfc11 tx timeout [ 1180.241020] Bluetooth: Can't register HCI device 22:58:42 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r5, 0xab9535e9a6578fc1, 0x0, 0x0, {0x6b}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x3}}]}, 0x20}}, 0x0) r6 = socket(0x11, 0x800000003, 0x0) bind(r6, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) fchown(r6, 0x0, 0xee00) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, r5, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0xffffffffffffffff}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0x1}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x8, 0x3}}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x20048040) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) unlink(&(0x7f0000000000)='./file0\x00') 22:58:42 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$SNDCTL_SYNTH_ID(0xffffffffffffffff, 0xc08c5114, &(0x7f0000000440)={"47896b5651c7f5c0eb0a10fe3889de2a78915f8ade31b486b0a9bdbd49d9", 0x4, 0x3, 0x0, 0x7, 0x6, 0x101, 0x50f, 0x3, [0x10000, 0x9, 0x7fffffff, 0x685, 0xd3c, 0x9, 0x1, 0xfffffffc, 0x8, 0x80000001, 0x7, 0x8c5, 0x400, 0x40, 0x10001, 0xb7, 0x2, 0x40, 0x7]}) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1181.309979] Bluetooth: hci9: Frame reassembly failed (-84) 22:58:43 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffe, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x100000000}, 0x0, 0x0) 22:58:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x100002, 0x0) ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000180)={0x6, 0x3, 0x4, 0x100, 0x400000, {0x0, 0x2710}, {0x4, 0x8, 0x0, 0x4, 0x1, 0x9a, "786f8cb5"}, 0x2, 0x2, @planes=&(0x7f0000000100)={0x7f, 0x800, @fd, 0x5}, 0x0, 0x0, r3}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1181.496406] Bluetooth: hci8 command 0xfc11 tx timeout [ 1181.501739] Bluetooth: hci8: Entering manufacturer mode failed (-110) 22:58:43 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$usbfs(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xa, 0x40010, r2, 0x1000) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1181.919467] Bluetooth: hci8 sending frame failed (-49) [ 1181.925394] Bluetooth: hci10: Frame reassembly failed (-84) 22:58:44 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000008c0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1182.456433] Bluetooth: hci3 command 0xfc11 tx timeout [ 1182.461926] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1182.515492] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=32040 comm=syz-executor.3 [ 1182.628417] kauditd_printk_skb: 15072 callbacks suppressed [ 1182.628426] audit: type=1326 audit(1599173925.025:1321161): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video1\x00', 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000140)) [ 1182.703951] audit: type=1326 audit(1599173925.025:1321162): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1182.800558] audit: type=1326 audit(1599173925.025:1321163): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1182.926291] audit: type=1326 audit(1599173925.025:1321164): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1182.959154] Bluetooth: hci11: Frame reassembly failed (-84) [ 1183.074198] audit: type=1326 audit(1599173925.025:1321165): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1183.201020] audit: type=1326 audit(1599173925.025:1321166): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1183.250113] audit: type=1326 audit(1599173925.025:1321167): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1183.279472] audit: type=1326 audit(1599173925.025:1321168): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1183.306278] audit: type=1326 audit(1599173925.025:1321169): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1183.336443] Bluetooth: hci9 command 0xfc11 tx timeout [ 1183.336482] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1183.341786] audit: type=1326 audit(1599173925.025:1321170): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32076 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:45 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1183.976371] Bluetooth: hci10 command 0xfc11 tx timeout [ 1183.976527] Bluetooth: hci8 command 0xfc11 tx timeout [ 1183.981738] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1183.987044] Bluetooth: hci10: Entering manufacturer mode failed (-110) 22:58:46 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x800}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1184.616387] Bluetooth: hci3 command 0xfc11 tx timeout [ 1184.616399] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:58:47 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r3, 0x40089413, &(0x7f0000000000)=0x1) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1184.858630] Bluetooth: hci2: Frame reassembly failed (-84) 22:58:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1185.016516] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1185.023394] Bluetooth: hci11 command tx timeout [ 1185.055013] Bluetooth: hci3: Frame reassembly failed (-84) 22:58:47 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x4006, 0x0, 0x0, 0x8001}]}) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) r4 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x1f, 0x40801) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000180)={r4, 0x5, 0xd45, 0x2dd}) r6 = fcntl$dupfd(r5, 0x406, r2) ioctl$TIOCGWINSZ(r6, 0x5413, &(0x7f0000000140)) [ 1185.431458] Bluetooth: hci9: Frame reassembly failed (-84) 22:58:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x11) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000004c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x68, r2, 0x1, 0x0, 0x0, {{}, {0x0, 0x4101}, {0x4c, 0x18, {0x0, @link='syz0\x00'}}}}, 0x68}, 0x1, 0x0, 0x0, 0x1001}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000ffdbdf2501000000000000000141000000180017000064703a73797a310000000056f2a5c23dfddf3d3a408bab09cabab3a879df406737742d0000000080000001268db059a25a904b84c298a0e920a2995680956777876864b0"], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8040) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x3e, 0x0, 0x50000}]}) [ 1185.666261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1185.685462] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1185.695221] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1185.713416] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1185.744779] device bridge_slave_1 left promiscuous mode [ 1185.776492] bridge0: port 2(bridge_slave_1) entered disabled state [ 1185.784688] device bridge_slave_0 left promiscuous mode [ 1185.791909] bridge0: port 1(bridge_slave_0) entered disabled state [ 1185.834243] device veth1_macvtap left promiscuous mode [ 1185.849415] device veth0_macvtap left promiscuous mode [ 1185.868130] device veth1_vlan left promiscuous mode [ 1185.891063] device veth0_vlan left promiscuous mode [ 1186.165987] Bluetooth: hci10 sending frame failed (-49) 22:58:48 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140)='gtp\x00') sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00082abd7000fbdbdf010400000000000000020000000c00030003000000000000fc0b000300010000000000000006000600040000000c000300020000000000000008000200000000000c000308040000f5a77efb000000001ab587aa75e1709d609de628ade061495ba3a20ed1f375f8d7f1184313800d105d2f9660f75742e35aab5be7f38fb65e000001d6bc50612fcafd32eadcf2e81f16739cb649444f865338aa14f1bab281c79086f71bdbd0c1042e449c79ad928ea94fc61fb89263f7bbf548eec5430f282d28ad9ec4d1ba38ab8a349d"], 0x5c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4040) [ 1186.329571] Bluetooth: hci12: Frame reassembly failed (-84) [ 1186.367520] device hsr_slave_1 left promiscuous mode [ 1186.412591] device hsr_slave_0 left promiscuous mode [ 1186.470394] team0 (unregistering): Port device team_slave_1 removed [ 1186.510051] team0 (unregistering): Port device team_slave_0 removed [ 1186.541578] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1186.589277] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1186.795759] bond0 (unregistering): Released all slaves [ 1186.936603] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1186.936634] Bluetooth: hci2 command 0xfc11 tx timeout [ 1187.096544] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1187.416333] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1187.416345] Bluetooth: hci8 command 0xfc11 tx timeout [ 1187.496546] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1187.503251] Bluetooth: hci9 command tx timeout [ 1187.637436] kauditd_printk_skb: 14299 callbacks suppressed [ 1187.637523] audit: type=1326 audit(1599173930.045:1335471): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.696035] audit: type=1326 audit(1599173930.045:1335472): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.742683] audit: type=1326 audit(1599173930.055:1335473): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.794958] audit: type=1326 audit(1599173930.055:1335474): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.847148] audit: type=1326 audit(1599173930.055:1335475): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.873095] audit: type=1326 audit(1599173930.055:1335476): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.899529] audit: type=1326 audit(1599173930.055:1335477): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.924829] audit: type=1326 audit(1599173930.055:1335478): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.951018] audit: type=1326 audit(1599173930.055:1335479): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1187.977547] audit: type=1326 audit(1599173930.055:1335480): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32189 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1188.216367] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1188.223134] Bluetooth: hci10 command 0xfc11 tx timeout [ 1188.228493] Bluetooth: hci10: Entering manufacturer mode failed (-110) 22:58:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$CAN_RAW_RECV_OWN_MSGS(r2, 0x65, 0x4, &(0x7f0000000100), &(0x7f0000000140)=0x4) [ 1188.333050] Bluetooth: hci3: Frame reassembly failed (-84) [ 1188.339679] Bluetooth: hci3: Frame reassembly failed (-84) [ 1188.376372] Bluetooth: hci12 command 0xfc11 tx timeout [ 1188.379416] Bluetooth: hci12: Entering manufacturer mode failed (-110) 22:58:51 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x8000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x20000, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x4, 0x50000}]}) 22:58:51 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x3) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1189.016346] Bluetooth: hci2 command 0xfc11 tx timeout [ 1189.016403] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1189.083465] Bluetooth: hci2: Frame reassembly failed (-84) 22:58:51 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x210080, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x300, 0x2, 0x25dfdbfe, {}, [@NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x80}]}, 0x24}, 0x1, 0x0, 0x0, 0x844}, 0x4c0c0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1189.485010] Bluetooth: hci9: Frame reassembly failed (-84) [ 1189.617956] IPVS: ftp: loaded support on port[0] = 21 [ 1189.951295] chnl_net:caif_netlink_parms(): no params data found [ 1190.061894] bridge0: port 1(bridge_slave_0) entered blocking state [ 1190.072034] bridge0: port 1(bridge_slave_0) entered disabled state [ 1190.084556] device bridge_slave_0 entered promiscuous mode [ 1190.093051] bridge0: port 2(bridge_slave_1) entered blocking state [ 1190.103580] bridge0: port 2(bridge_slave_1) entered disabled state [ 1190.111588] device bridge_slave_1 entered promiscuous mode [ 1190.150208] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1190.164411] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1190.214988] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1190.227387] team0: Port device team_slave_0 added [ 1190.233305] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1190.245087] team0: Port device team_slave_1 added [ 1190.283358] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1190.290264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1190.326579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1190.343407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1190.349901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1190.376365] Bluetooth: hci8 command 0xfc11 tx timeout [ 1190.381622] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1190.382826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1190.388554] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1190.397892] Bluetooth: hci3 command tx timeout [ 1190.415395] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1190.427380] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1190.485698] device hsr_slave_0 entered promiscuous mode [ 1190.493277] device hsr_slave_1 entered promiscuous mode [ 1190.503236] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1190.511726] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1190.713450] bridge0: port 2(bridge_slave_1) entered blocking state [ 1190.719912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1190.726622] bridge0: port 1(bridge_slave_0) entered blocking state [ 1190.732984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1190.818251] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1190.824591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1190.841042] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1190.872361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1190.880793] bridge0: port 1(bridge_slave_0) entered disabled state [ 1190.902395] bridge0: port 2(bridge_slave_1) entered disabled state [ 1190.939272] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1190.945379] 8021q: adding VLAN 0 to HW filter on device team0 [ 1190.981240] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1191.005543] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1191.025409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1191.050836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1191.079285] bridge0: port 1(bridge_slave_0) entered blocking state [ 1191.085709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1191.096394] Bluetooth: hci2: Entering manufacturer mode failed (-110) 22:58:53 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f0000000100)={0xc, @output={0x1000, 0x0, {0xbc, 0xa1}, 0x3f, 0xffffff01}}) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x6) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$BLKBSZSET(r3, 0x40081271, &(0x7f00000002c0)=0x3ff) ioctl$KDADDIO(r4, 0x400455c8, 0x9) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x21) write$P9_RRENAME(r5, &(0x7f0000000080)={0x7, 0x15, 0x1}, 0x7) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x0, 0x0) ioctl$PIO_UNISCRNMAP(r6, 0x4b6a, &(0x7f0000000240)="9c7197ba02d7ee9d94a04fef0f15d156190bae8828f9d02b5b9821a4c3ab8ef44e9aa604564991df3a747844714f3e077bde5c75a151e9461b95d92d54e0c19c618da18d0b97c28baefce724269f") [ 1191.133069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1191.145247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1191.177560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1191.195743] bridge0: port 2(bridge_slave_1) entered blocking state [ 1191.202181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1191.237035] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1191.251955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1191.297099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1191.310721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1191.342303] Bluetooth: hci2: Frame reassembly failed (-84) [ 1191.353592] Bluetooth: hci2: Frame reassembly failed (-84) [ 1191.377502] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1191.426783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1191.496377] Bluetooth: hci9 command 0xfc11 tx timeout [ 1191.496444] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1191.508862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1191.529259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1191.559891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1191.575924] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1191.590079] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1191.602741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1191.616006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1191.632950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1191.665607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1191.672798] Bluetooth: hci10 command 0x0409 tx timeout [ 1191.684193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1191.704143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1191.716728] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1191.722768] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1191.743666] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1191.752235] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1191.760467] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1191.768504] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1191.779958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1191.909351] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1191.923335] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1191.932877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1191.945611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1192.011163] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1192.022397] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1192.031972] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1192.048986] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1192.061684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1192.072652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1192.086658] device veth0_vlan entered promiscuous mode [ 1192.094664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1192.105967] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1192.120451] device veth1_vlan entered promiscuous mode [ 1192.131622] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1192.144311] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1192.164563] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1192.181821] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1192.192310] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1192.202511] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1192.214115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1192.223790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1192.239448] device veth0_macvtap entered promiscuous mode [ 1192.245777] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1192.263691] device veth1_macvtap entered promiscuous mode [ 1192.271861] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1192.286206] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1192.303824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1192.316129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1192.331932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1192.341422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1192.357202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1192.369894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1192.387696] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1192.399763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1192.412228] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1192.427948] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1192.435033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1192.445860] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1192.456049] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1192.469241] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1192.479609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1192.492897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1192.506140] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1192.521335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1192.531213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1192.548794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1192.558713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1192.568772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1192.578714] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1192.589179] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1192.596057] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1192.603009] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1192.611337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1192.936349] Bluetooth: hci7 command 0x0406 tx timeout [ 1193.416642] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1193.436630] Bluetooth: hci2: Frame reassembly failed (-84) 22:58:56 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x7f, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:56 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:58:56 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x80000003) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) syz_mount_image$ocfs2(&(0x7f0000000100)='ocfs2\x00', &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x1, &(0x7f0000000180)=[{&(0x7f0000000200)="0f879a59cad5cec7b1a2a8a0bf0524307ef04e86663fba512c4195c2d81602629a031d4f6d6a4a5865dc69c2352cae8264382927c2009feb49f2e4e06209561f6a3a8f19428b3570455f83d9696fa33727effdf65e5434157d61751f2757d1f755709ad6aa409ef7f01d3659e26c3d30e1f07cb836a3d2f70a41ec195e7020201b94e23c726365d6021129ceee2ba6a3a1241ad813b4a20ff21cae0e05b988c83f71e20ef6a33038510fda81fd97e253cd5e2395ce9a6689b90d8cc0f4934421a671ad5a06a67354b12e2401a45c61e1baf56ef0843a17a215ddb5621c1d4cd640e760199ff304fdee18316d5f2736144feb25e1910d776eb5e44d08dcc5efe803ed9a99c3a45bd86733698219dcfba7d7e47367042389328a04a984f3163b04e5c7b97a02bedb9ac272c6cffa86a9a92537c016b318290c8f95a5dd667aa67865b2a2d839d11f408cf1fbf8843c0a403ee3914a41b0611e606e1cde41b11d2b27b07b7cc85a469cbe1f8ed08be031fe6dfdec971ccd98b7bfa3451f36b4639ab3d27012ca26d6d78790f0ef76cc122c6dff2187d31d59eea2721acd9b20e9ef00daa74b1f3a22bfa3d5081f6b93b26b8bbc0cab32c93949c9b8b7a7203b80498e3196e269d3a8c99a4bd188d47cbdb6b7f05b5c8a7ed445cad7f4dc8c27beee5a52767a328a117de4971a047d2ac39a0a31826f70b2a6f1249602a79165c30d3adbc9f13fd6b87882cfb2e97a3131e5b04437f629b6d514edac3aed2f3a2a2e1f2d5fa48dfbe36ba3e08f58688aacd7c12f7835a947ef37186a9d27fa5797b2732723432b61bf916180aa7fef28fc45a132b7509f27a6836342c80159ab2719c7d93d5b1f107713c1090edce466e19b1b7536e1bb82ac73dd54e267e68e42cc028b4d5a026626fd9429657a4ce437c7d2dcf93312691120ca6c7052f9cdeb7c67fc196313098d9f4d264b833c3f5810dffdd1069f544fa02118f42f763d8b08dc2592b7ebd1c02966001299145e6b62390be9cc863bcbb30b86642ff9f59cd84b992dcdc0ef55d756f3a5e30832cb5f12752a8a2ed499039993a51fbe05f3020bed407913a0eaf701fe17ff3e73b8906b5e70978ca66072850e90a67cbe53d8565d9f3d9c9c0a874312aede4a911be5248d1ee3dfa49df9485842ac76b461ecbe22481828ad44de504ad8fd4e316be69e9908b451a3cf7576af898744de1000333ccc7af5fbff0eb6ccc5e2de5452fffe3b41417fa94202186b8d02f31f6bc762d5ef39a0971c6fe5a323dced8f376803c2a101732b73b5923a06cbf4f25c9c7a74b5330432aa9e11c564f58f030d2a60f9475b147528ed0d6a048d35596b7fc15a799960e5f00ec0afe97f0fa83cf805c8bdae85838880ccac20484e77f81f34aa1eb4f35d125243fb76dafc0b2209d86c2101ea1addf84970c04003f222cb3abac04ac451943dd8a2b211b370717ebe189873434ceab4afb8a6373bbfbd47c20241da6b346ffabd5797652239750ac9b2b92abc71e1d45e37ef3b05087f76379a08506df1228290625dbfd6394e6c1d4192b8cacf9e697453f26962113ea5c1688a478b0a1b5245289803b976c3c0446b32f530ca0fedbbf0baf41d0883722d5de0cf3c6315e5e3a7c3f58d9ff62cf6db0a998090cf35d983ca1d348442ab8f2606cd6233bdd5363db9f5f3f138fecf31c4555aabb60de1dac7bda1b61dd5049d54676b8b89e9f71c46e9f317f587f4f73c351c0d58cd62a216cf0e52753e845323bf15ab811da932266c2d853fcafb2edd301e057ddcbeb44e6fa8e8888a06f1d0350a78ba2b1e95f4fd805c0301c90cc05f9e13f2b556ccd2294f3e784da450cf8444037651b4c252bb95a622f752accfc81536e87b802187915abf12c0a4f6807919114837c8031bf76dd16791eb6224362407f4bb1536821cc5c93c5a5a5ebba559b5c69f688b5231dd1ba2aa04320017edeb7ca161d5cf15c20c4f1a1ee4a9cf923b51520069ce048538eea7004b40c074da5c5d3e25543aaaef8bb54f3ff43346c56e1f80b180184e9f6be14497db577032a83384c0c5fed404f16b3b9bacba505ab96ddaa6bda512f3b61c1046dfd311ad8ea154841f3a085ede575ce431ddcd387c3d70857f045f45ba7801255496ea88611457b0fd1b5e8921b93fb161e163c9a38ea223aadd73b612e9834e4ce4aa3266c89523222957ebdbc45c43a521458e21b2653f4ce2d18b377e1561ff5408cc8342fdd40aa0338dc556a17060c22528892c76f7fc839d7dc9ea2dc6f86b94f70992a889441eea909ca24bacace888b944cd5ec748358c3648fa72f3d1fef2436976580fc38ef09a6265ac450d6b4b5de53af8f83bf24f371718ccd70e65407310b08af0a5d40d05af2542089baeb1965cedc09ce52a74f85ba9f6e2f7bf02e52fe272721be32a8d452d49cfdf66618b84ed5c1dc37e7598c535d76e91dd845f47745d959adaae9666e379f1151c3626937149187aacd9ff8bd533677db26d9c6e55c03aa3b389a2f14a9f07f3b6caa85e985111a6f10c9788f1eb0406bb8c1ad7846969e14b94918b1787d7b5b870331c5de4dc0c15404c72cfbb9978c22e9d5b84547c0e5a3546cabbd13920150089ea2d74244037257258c1857ea17ec7a20547e1c567a56b2507cfdcfdfc02e34e2228279d86c47aed9266ae0c0b4afc7a6f9b9a30f097730583ed4b4277150168941e38aaca59341391b5117c0d22a234d8665b7f8995b161f8bc0f4c51287689abd8b4a5e712a674969b87673fc0b5a652722343b8aaf4b052b508b2885174c985976ec5a3f8fecd37496049e6cd51dd2ce5c32c33858ac4b2e31a803d2318d6b248de2c9a20139c3e662ebab189f69384d1969d53249b65b4da14279ac477dcbcee074153f252f48336e17a5f63e872dce358170f7af6fd03c38c97be56164687b12b260ff33f4aad9b5d66abc766fed570e2041615731fa3ceb4ed7746fbabdbcc0ad3816ea0efbfcbe126d00b9e619d41dd723f9fc1472c9773e66005476b31a76b8ba3da5b7e0e8b1d29e1a6354916b84b4ac7ddb056b1efa9542d50d91e2dd4dae713c223aa84994e4b9780e285ab92f2424afde6fa6a3225713e334b2b604f5d580326137b4c258308b7e51f801b5462f8c4d2a34317e2473450c77af973b0396c7945e03dabc5a8d9b07a94de3fdda6315494926132e48f6db5322b371725ddfe1e82bda2dd7ebb28e57e9629863d388301a726c2c2806fca68621f5380456d7cc7c71df70fabbd0ce79da9a6be2f6122247e7f9722cc05c1e1c0ee6c6038001b958512bb33da311e7442b65dbae547c600be8aa52d278c7382e2edf96f1e895cb0ef14fff4d735319fe5e269009c07ae870a10913a5ed3d4dc9ab3fcf9ef5283634c364a38179b79a2ed1f1ef09a114cd7376be6969563d3e152da51a7fb945760072922266d8822165cee35a38151e9424809ed6656d26f619709ccb320b6337a70703fbcefb1c7f006d550734215c4fd6f4c1b4b29227f0a9b3442a843f1e8bd3fbf35a9c5ef527f4c42e9940ee12a03ed4b632af70720efb2e329fc7787718a89a7231643609d905767039d73a56794d0e4b55fedcb0d515b0742013be22096a71cbd5d4ae7ae8a1e0871c5a4882626bc7870ad175d455d5b662f3e2df5041b234bb7e18216ec8e329e1b52246534a1204ac49f4d5a6f418d1969a69811e1e6135bc80c5ce13efc797672cb05bbdc814c55c8d908ffd0f617c19f5808dd5ba0d9ff93c81cd93237c40c8fdf520662fe594a390dc5ae59d0b833a7d01bc0214016821982f4fc0f9a4750b0c28affaa6cd327cdf1da5a00681107c901ad55d257e238c8b8477ca27afff9a70e9092f6d33cb89cd630d511cc387107f8decdb89f58ee5ba66852042640e54afaf38eb8c66d95702453191ca3586b6fbd6ff5f5ed2697d0fd79439ea0d2378fbbeebad26f718311563cb59ed0db83c853facca88ea74c31dae2f582f370dc23966434a6f239ea33a0a57e377604177c22ff10016b07f9243556f10dc0f239a60ce55e4999ad847e9b70f0cc1fba69b641302384b65fc228435b763fedd8b6a0a6de1c13880dd61e487b264aa01ccdf7b7398283a49e4364749715e66ea0be80ceb92b02d920712260ceddbbf326316dc8e06d9ce710157d143fe3239c8716ed8c18e1c1e0cabcaf400f677ef18841bfce4be6af9a81d21ba5270bfae54b7a0866095bdddd687472278b1b593c2efcf3976014f6420a86f0b372aa77feec5761a10a2aa5f00b3e84f0093c345601918d458e4beec0f08fbbddad753078918d0ef10f59383df613fd26cfe8a436aa9febaf71223543e0b040010704a5a4a62cf60a68bfc918dbc3975afd61001e27b38467884df1e5b16f94f98ff7fd84b8eeac8a032a14eeb66b241c3d76e0bfa41b361d9356e9d241d19bc2fb0d802486bd072ae697b7559b1421150e68c79bf51ab8db89feb3bba4ca3468302ab168a88e929c405fa83f1d0ef07bd1dc7242d5cffcadc3be462525d753a476ba6cee924183912e140fbc31d5b5cb6eae25b1b5f1bc869ef9c8d53c92c90c224d64f868fa0dc5892868fcef49ac24a4f70211a6ebd3104464fcb6dcfb3c8e01be521e49bedb459ec212508c4394b662cc7a303194287c622c6abc7224c178ed18d67ca6b154174439b7c2e7be819538adde417f5b8fbc47e1b11b76becc45a37263a32f52ad7c4267f571fb7c8771d619d1de15ad25d4d8215e2206366900ad0287400371ad77f540135f7b2193e713ab9b56ef28ac1c80f8183b8686689d5fdb17b3f733d624d866c65a565328d87799de5ca74e1102f68f265fa1ccef040b915b387718b11d0f2ff0eda5d86ad9e768a0b68024b192ac41cab0394244466cdf9d647c7bdbe20c0d58f4aaa472c39543da26584883b3b4b2cb6e7f59181041ad9cfd6855989aa3b182d5ac5adb44326ced81c55fb246470ccc064053be44398b65a2d027ba8c3c463e1d28fe5c0a6cbcb2784fb687bcb33aa923660a58d49a866802461f20405d230c34782164d0e06c0a5fbd667f9ffef4d339950363a8a132922abc88c2991824be1990e9e65860fcae929f22ea0e9039aafff8ec30fa1b4e18bd35774f2fff7d116a618a27723ce15888d290b63cc3e30104ef36ff405d43242de3fe19bb76b8360e4e84ad38860312c253e3e248470da9a60b975430dc1d3e84899e597ac1c0a702223827ec650baf82ebfc7f396a0115a25c39d1f9d1e4ed58a42dafb4bdc130811b5e5e81bd4d9f417fb2996f38f5df99c645666ed1156760e45f73694b6c076783a16f26790949911821312198566c279fe0c20c6ee4d5960f58fbf2a5f04cea1531cf8f20accd3b71ccd47e4b836b63f57ba3d2c5d8aa44bad348b5d1c2f7dbf81bd5c683bf371ef302a5be3a25f848c6412d861d4464725aca2b09c766f0c2834128089fa34439168f9906fd14da9b15cd77e717b21af8517b6888d0a38a37438da292c6957f4a515df3b15c6939838e2203148b135dff3926a7fb757ba5e8c270cc37ed3c84a48973ba609d27d4accd1bc950aaeaa74115005f25b03d7fa42293082b49adfb5432ae72319b20e2ad388c38d4efed4cb3f49873757a7d6091c3ef21e4a56d3add81504a2fadd5fcb70783fcbd5cd500977556d771d5ff5035edee1ede07b0720faff66169f972cca83473a57ab7d541c0aaca3e4051894312ff09baa9740f9a56bac0eba83470a0862c59773b6ebe104ab64daee18ba3781507683f3816", 0x1000, 0x1}], 0x44, &(0x7f00000001c0)='/dev/ptmx\x00') 22:58:56 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x9, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x3, 0x9}]}) 22:58:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x180402, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) msync(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1193.674687] Bluetooth: hci3: Frame reassembly failed (-84) [ 1193.685958] kauditd_printk_skb: 23194 callbacks suppressed [ 1193.685967] audit: type=1326 audit(1599173936.105:1358674): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1193.704037] Bluetooth: hci8: Frame reassembly failed (-84) [ 1193.737787] Bluetooth: hci10 command 0x041b tx timeout [ 1193.766035] audit: type=1326 audit(1599173936.105:1358675): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1193.801583] audit: type=1326 audit(1599173936.105:1358676): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1193.837300] audit: type=1326 audit(1599173936.105:1358677): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1193.860092] audit: type=1326 audit(1599173936.105:1358678): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1193.927040] audit: type=1326 audit(1599173936.105:1358679): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1193.977592] audit: type=1326 audit(1599173936.105:1358680): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1194.008876] audit: type=1326 audit(1599173936.105:1358681): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1194.036550] audit: type=1326 audit(1599173936.105:1358682): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1194.132231] audit: type=1326 audit(1599173936.105:1358683): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32539 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:58:56 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000078c0)=[{{&(0x7f0000000380)=@alg, 0x80, &(0x7f0000002780)=[{&(0x7f0000000440)=""/149, 0x95}, {&(0x7f0000000500)=""/89, 0x59}, {&(0x7f0000000580)=""/32, 0x20}, {&(0x7f00000005c0)=""/245, 0xf5}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/161, 0xa1}, {&(0x7f0000001780)=""/4096, 0x1000}], 0x7, &(0x7f0000002800)=""/159, 0x9f}, 0x4}, {{&(0x7f00000028c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000002a80)=[{&(0x7f0000002940)=""/163, 0xa3}, {&(0x7f0000002a00)=""/65, 0x41}], 0x2, &(0x7f0000002ac0)=""/41, 0x29}, 0x80}, {{&(0x7f0000002b00)=@xdp, 0x80, &(0x7f0000004040)=[{&(0x7f0000002b80)=""/129, 0x81}, {&(0x7f0000002c40)=""/129, 0x81}, {&(0x7f0000002d00)=""/186, 0xba}, {&(0x7f0000002dc0)=""/94, 0x5e}, {&(0x7f0000002e40)=""/48, 0x30}, {&(0x7f0000002e80)=""/113, 0x71}, {&(0x7f0000002f00)}, {&(0x7f0000002f40)=""/4096, 0x1000}, {&(0x7f0000003f40)=""/143, 0x8f}, {&(0x7f0000004000)=""/17, 0x11}], 0xa, &(0x7f0000004100)=""/219, 0xdb}, 0x6}, {{&(0x7f0000004200)=@l2tp={0x2, 0x0, @dev}, 0x80, &(0x7f0000005580)=[{&(0x7f0000004280)=""/112, 0x70}, {&(0x7f0000004300)=""/113, 0x71}, {&(0x7f0000004380)=""/4096, 0x1000}, {&(0x7f0000005380)=""/66, 0x42}, {&(0x7f0000005400)=""/105, 0x69}, {&(0x7f0000005480)=""/194, 0xc2}], 0x6, &(0x7f0000005600)=""/22, 0x16}, 0x3f}, {{&(0x7f0000005640)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x80, &(0x7f0000006880)=[{&(0x7f00000056c0)=""/191, 0xbf}, {&(0x7f0000005780)=""/250, 0xfa}, {&(0x7f0000005880)=""/4096, 0x1000}], 0x3, &(0x7f00000068c0)=""/4096, 0x1000}, 0x3}], 0x5, 0x10000, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000007a00)="9754e745a22f508214b0ec84469e2723ac17f0e891e36faf2b2fe59a4e30d56e924c2ea11e16b2f7f5153b8de71b2a76520c307a72b7accd70bb8f8f7f27a4062b3403e40af1025190041c1506cf62ddbcbc0d434f66d7ad0af9e44824568a6c577d52711a23f0df68", 0x69}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x10000060, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x101, 0xfa00, {0x2, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e27, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:57 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001600)=[{{&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/73, 0x49}, {&(0x7f0000000540)=""/174, 0xae}], 0x2, &(0x7f0000000600)=""/151, 0x97}}, {{&(0x7f00000006c0)=@nfc_llcp, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000740)=""/74, 0x4a}, {&(0x7f00000007c0)=""/173, 0xad}, {&(0x7f0000000880)=""/191, 0xbf}, {&(0x7f0000000940)=""/222, 0xde}, {&(0x7f0000000a40)=""/114, 0x72}, {&(0x7f0000000ac0)=""/233, 0xe9}], 0x6, &(0x7f0000000c40)=""/69, 0x45}, 0x401}, {{&(0x7f0000000cc0)=@in, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000d40)=""/229, 0xe5}], 0x1, &(0x7f0000000e80)=""/250, 0xfa}, 0xee}, {{&(0x7f0000000f80)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001480)=[{&(0x7f0000001000)=""/158, 0x9e}, {&(0x7f00000010c0)=""/57, 0x39}, {&(0x7f0000001100)=""/50, 0x32}, {&(0x7f0000001140)=""/43, 0x2b}, {&(0x7f0000001180)=""/73, 0x49}, {&(0x7f0000001200)=""/61, 0x3d}, {&(0x7f0000001240)=""/192, 0xc0}, {&(0x7f0000001300)=""/99, 0x63}, {&(0x7f0000001380)=""/227, 0xe3}], 0x9, &(0x7f0000001700)=""/188, 0xbc}, 0x7ff}], 0x4, 0x100, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1195.506504] Bluetooth: hci2 command 0xfc11 tx timeout [ 1195.511773] Bluetooth: hci2: Entering manufacturer mode failed (-110) 22:58:58 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000000)) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1195.736435] Bluetooth: hci3 command 0xfc11 tx timeout [ 1195.736490] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1195.748941] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1195.749032] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1195.764736] Bluetooth: hci8 command 0xfc11 tx timeout [ 1195.906417] Bluetooth: hci10 command 0x040f tx timeout [ 1195.968285] Bluetooth: hci2: Frame reassembly failed (-84) 22:58:58 executing program 1: socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x1000000000000000, 0x0, 0x7f}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000380), 0x1000000000003, {0xa, 0x4e24, 0xb, @remote, 0x402}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:58:58 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfffffffd) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000140)={0x3, 0x9e, 0xf70d, 0x7fff, 0x8}) [ 1196.536757] Bluetooth: hci11 command 0xfc11 tx timeout [ 1196.542125] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1196.645964] Bluetooth: hci3: Frame reassembly failed (-84) [ 1196.656053] Bluetooth: hci3: Frame reassembly failed (-84) 22:58:59 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000280)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000180)=0x1, r2, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000040)={0x7, 0x8, 0xfa00, {r2}}, 0x10) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000300)={0x13, 0x10, 0xfa00, {&(0x7f0000000100), r2}}, 0x18) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) lremovexattr(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)=@known='trusted.overlay.metacopy\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) [ 1196.866423] Bluetooth: hci8: Frame reassembly failed (-84) 22:58:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x900, 0x81, 0x6, 0x101}, {0x0, 0x20, 0x80, 0x7}]}) 22:58:59 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1197.173844] Bluetooth: hci9 sending frame failed (-49) 22:58:59 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000340)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x1000, 0xce, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x2, 0x3, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x5}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000380)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private2={0xfc, 0x2, [], 0x1}, 0x2e}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0) 22:58:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000100), &(0x7f0000000180)=0x30) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x1bf240, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSIG(r0, 0x40045436, 0x29) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1197.691780] Bluetooth: hci11: Frame reassembly failed (-84) [ 1197.976427] Bluetooth: hci2 command 0xfc11 tx timeout [ 1197.981717] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1197.988535] Bluetooth: hci10 command 0x0419 tx timeout 22:59:00 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x12, 0x0, 0x5, 0x10000000000, 0x81}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f00000003c0)='\x00\x00\a\x00\x00\x00', 0x6) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000380)="392ed87a55240937e95f69c44e85c42fc4bef947", 0x14}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x8000000000000000}, 0x0, 0x0) [ 1198.693178] kauditd_printk_skb: 22588 callbacks suppressed [ 1198.693184] audit: type=1326 audit(1599173941.085:1381131): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32642 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1198.699195] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1198.724472] Bluetooth: hci3 command 0xfc11 tx timeout [ 1198.725885] audit: type=1326 audit(1599173941.105:1381274): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32642 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1198.758744] audit: type=1326 audit(1599173941.105:1381275): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32659 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1198.780715] audit: type=1326 audit(1599173941.105:1381276): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32642 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1198.802638] audit: type=1326 audit(1599173941.105:1381278): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32659 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1198.824561] audit: type=1326 audit(1599173941.105:1381277): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32642 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1198.846468] audit: type=1326 audit(1599173941.105:1381279): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32659 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1198.868267] audit: type=1326 audit(1599173941.105:1381280): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32642 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1198.890207] audit: type=1326 audit(1599173941.105:1381281): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32659 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1198.911979] audit: type=1326 audit(1599173941.105:1381282): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32642 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1198.936332] Bluetooth: hci8 command 0xfc11 tx timeout [ 1198.941599] Bluetooth: hci8: Entering manufacturer mode failed (-110) 22:59:01 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r3, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000380), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x9}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1199.176567] Bluetooth: hci9: Entering manufacturer mode failed (-110) 22:59:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x1f, 0x8, 0x50000}]}) 22:59:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000180)={0x0, 0xfffb, 0x7}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$vim2m_VIDIOC_STREAMON(r2, 0x40045612, &(0x7f0000000100)=0x1) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) sendmsg$NL80211_CMD_SET_BEACON(r2, &(0x7f0000001080)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001040)={&(0x7f0000000440)={0xbf4, 0x0, 0x2, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_IE={0x65f, 0x2a, "018e4583cd65302e4642be524a227de036b1232208d103fc88f47ac5849ee532a785e5e82165f419f35598431b9e2ec4a8a497ba139d01d37c7421e8fa7499534b2df71cd835147c85fcac21280935b151f489555a67f6475eb36b52f14b25f9e093230fac7793f23ab7f450abe1e7cbcbcea530cd21e6cd1d90470977ba2e6766b63f72c94bf6c66dda5b5b5b71826267af47aa29bed9b137584e8f343a093aa6664c78475b5bdbd903f431a7a6104d65ee84d7f2033b2c2dc9ae5a1b48c96bd1e0bf156b4fd21b1e639ade2b350cc768c2c4bc1eba0f1ab195218793ddd24016c9bf0f222aaff659ec778886ca5d0667d37ac2623012419a11bc03b44105ebf5ed7077c1ea8060bf4fe1147e3a2ab8eb68a3f28d5f4428e33454f02de7755dc313d4f5bf1e14b94026ac2ffcf138ec759f2a87c19b3ae146ce916c8ceb01f1de2ebe272e0f1db6a1501c0c0aa8e51c35347917b5e6267d1e4e8206b63764d36471e302955d7f09bf794d4b98ca7f1017e9740c6dbd1902ff458a949a14af0c7273728d0ed1c6156fa7211d9050b0e0fe16fbfe23097b77c0ded1dcc7829d0122c1f6791baa2dab3fcaaf84b57c2935d0310ea08190f1cbe9f5496315f0c2ca0103c412fe018129c2b43c5aa92e121e4be626e7a26b57cd73b622ed4549cb31367626e699e7301f5871a9148d8125f267cf1c03d85213b98c9f7450b0104f6db26067a3e58729dfb705dc14c72c36874d8e8452ab66d267e0e813aeb81e21e4b9ec6f896758b17bf5701dd63707b92cf764cdd1b6d1a41a73312f15c3adb7d2073719137c0ea4c64cbd1ce2d77c892a7aef154cd701a5bf108ec577cad72ae7ab7bb7467ce6146dbfdda1cc2933179b858794ecd3985a07fe3a3fd2ea7efd2795fcd2967161d60c579889a532c8d857b10a2e852a0fa5428990901c9229a4fc0ef533d334388500746d00f9e5fc34eff6ac1650e111f18b5faa1ca1cfdb750ac9f441ba1814822b83de45f545fdbc8e98a7339134e4ce9fb909bdb314d79579d48b58ef329832c5a8cf127d5ec8ac32e07d2050a573986777a701de4f96bccc58b348635e342dedbc81d01bf6c05db45b36385aa720b457a9665ff85d909707670ca4f0a27d82f0cb7bc73ee3c4e68aa77ea88d437673621016f8b1b30a48d0f5b774effc65c7fe06ebb9b6e020b41ea682fa7b448f4f3fd809c0d123dd677e17ea66d7365762640ff2a244b1f48f154f4e6d45a6c00ff7a214cecfb49e90daae597d540ae7519a2eab693bc3226a72c7c0849431ac431ddae904169134b9b68670315c9548c64792a69c9bc47746d930870de8ba5ab5a44ff674b6304ad09861daaeacae601ab104adf6b56c4feb8df43d01af77311682710d72df09f4092e010a354263faf93d47da274d04c5b7938fcf897cf8ad10f3a379abd900fccacef4d6f73bfad21fd731272bb75a78cc8dfe6754c9f4500017e206e4e50cb88a5fb71f49365b284a770be5c008266fafe3ed8df3465bf94bf5a7ed690c88aff61c00cd6442757496ccd4ba2b8532d8fdaf9f11ba4d41101e549d7a3b69c62f8d667f0d25df036e6f0644b41e87fd5964b40d9c3d123e09be424c22a05b63d3d94902bfd8d59d573c0568c0ea05d66dcb883f7c2b3425af02c4cb5dc12de97af472aae1d301a2d67290dbf7cbdc921a5f34a69cbc085e3a08d7d5581d6672ee5ef155e8ce89cfcec87581f0c39dea48e55520f5c68244086819eb447fe0336977808ac6d473114e3e6e1afbb2a4a8e24cbb392f906052093d83cdd7f6b976a8c1c689c2a3bdb57eae8460a37391d634ebc07b0a27d94dec5d7e824ec9fb92d08395813f216cde767b83f528fb29e2c8472207ebb17e1b2ac80381c899d5e0bbe9846e467d26df8dbff3c4ba6bc7d534e2d69a201e0ab50ddc0e73d5987a1cefa55562e87519826ffddbd56d95312924e4e99db768cc00b8c5186da4ac7b189560cbc1b18cdf90c0fa8abe13608420495e81c7aa4d1c4b11ba4c1c60719e101e3ec140b36c2899edad08af8513a14d9e989bf4a55c1790f2154a9a9bc8eeb9f999761e0c74f35fc09f17c9789cce5b0204ae40c32d744adfc56b8a50c0773c7a2394ae9e4ad16a96a396c4558042029ddc3e400e5b061f556c18571e1144d96299d22b6a8c26a91850cf296a72bb31bc82f24d96ab5d186a22fe7bd55aa3dca6cd4c9a29b7d539689d622c7803354b7e5d77d383ef999ef4f8ed906707051eecf7492d3c2d147815680fdea8169e9a984e7853f7c375d4f080636d7094"}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x5, 0x3}}, @NL80211_ATTR_IE_RIC={0x56f, 0xb2, "b269698287e0e1ba53a2eab4849c08e7eec4f54a30d0fe2eacd2ebc8784e59b5f7e7d8dbb6a2772720e83316665e4e2cedc290e1dd8e0747e5a4770dcdded3fb00ae38b8414a82eaeedad1db0517a91a85608500f959ffb823c5471daea6125b1fb2fc1e03eb396ad3ffa1354b076d1898cbcb86e42d2b755696e508036210dad270806c5a6ef485826abdf70f871f140ffedc92e6471022faa35f38963f6fe873ea61b1ef252846d1e5a990aed7db1b1f7b2be1e0a4ef3e7344ebc1fbed4261abfbdea28189a6ab58369fc2ffe73ea8f600e8dd6313e8430cb0e76aa73079bd9c801db59935e6d5628c465c5ed83af7b578f48374e107e0026aa0af607ee1d46ba9053a54675cff9b1fc4767efee3de2390e0e5057c08dde4366a31d68b87b96509eebd4eb19998038d8ed44ce694d6dbd77598cf7a5ce3eff51c16ec007f6d36a3cf6cf05064a0c101931c6330c64815821d369417b8181c18ffb5c4a2cf11e785194b1866fdac333b5aa8e96f589f3aaf72f7a8c1ff9aeff349ffb613b1ba34e3dc85d3008e9c1366b523c943157d026c5d2e740af30827d0085693042d7c2ca0f0f2dc80e3d811b39cf8afb44ce3dbd3aa00c8b99ec4152ce7ae3eef9b098f695af14c6af4afb5b0bf0e56aa8c8c321691813845df26ee5bd47c0140f69aae155654f5ba31f987e612803dd39b05e346986d85c2a059909349c94fac6ee654cde21681f0b76184de116dfcfba798aaa511a39c80e06034e69e22ed5282d277c284d9d396e410e20222617a03c7b5cedd1f56cd2d5aaf369e25dc4da0de574cafc7f6fb3debf04fb3941fec9992dc851378b57a26eff193b4ea10bf20e678b27e04a41776d10cba06cc8351cd8abdd5dcd0491b1794aa7e1f04d3f642244f87138a289920e91f822309af5e05409f7cc5c5b914da4873408b7382019c3f162b3a259e79f7f5e2e3f8ab0d6e3c1fb2ddb2a1e94cdc38069e59d14a9fc2106b95d8f2adec022471c4b66233b5ac0833d45bf03f1f77df4a459ab8c37066845ffdb382ecf02dcb6290ab53e403205406988aa83c9c05dd2c9de61ea8c0acbb0fef45f78793ad09713e3a23f7a12ac78e6180aec3bb702e2aa670a00d5b3f5c53948847922c432b3897d3a99d0a2cfa78d35f9fe7ecbbd9f1c0c96dca92f3c16435eb93b88cb302bc3b7dfb83b5889793cf40323cd8021eee5bef62f59dcd6efe858b4dcc1cd7258b11572b690fa3fe0a0892640a212053b5422537a30ed986efc7c49a1ffbb5af98370cf450b98b180027fcab5aa3f504d8149f39f6b0de7277424c31b50a787a0a75d4a7d7b3c7e454984971bab6311011fbe2ad6fb03d4d0637f6fdb95049886c42f901babaf7614a1a08cf9a6fec9c13650eb6184767673d17b1e1c340ad13f3b1fabe810786e386cb5ae1f7f7e435f2329901e6e9309d80a7887d85bc7fdeeee039dfce5c0c8f96e29a45c04031721e9e26e962e73c3357f7bc72fa2eaf20e4da667ef6b7e7cc8f69250980d80c6919946b4faadd00c6a98e29b495a21eb560d7d24aaa9d2ef9a5aacd59197a2d0d935085474a2f236eec60b257b42c8f64a2cc6c5d5ff0456618a3972eea4cfc375971af7918bb917576cc8d6c37a0063135b86587b2a6d68f55cde61b674c5564e6365de941f197e265b0eef3a6978fe6538ca9be268f43baf88abb02acdbfa690ebf60e567f7994097d39dee8830873dcb17c865ff3d3bfa23e3084019d1e4f4078b46ccf7fcdf47e85ea53069bb590b1f376ebd151e8806e402dc6bf59e8821537e247dbf1d469c0fc1f1f95aefecc618eadea7702208e37a334872c961f5857d47b1847e906d77246ed44832c264a337d500599f0fef6f08b3e8fb91720efa667f9329ef5d3c46c943ec12f9ada36efac5e85053cb32075e343666519b804a5247f67b0b56583de8eaa155edc6839e4bcd747d"}]}, 0xbf4}, 0x1, 0x0, 0x0, 0x40000}, 0x8844) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ubi_ctrl\x00', 0x610241, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000003c0)={0x10000, 0x3, 0x1}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xd8, 0x0, 0x20, 0x70bd25, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}]}, @MPTCP_PM_ATTR_ADDR={0x38, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_ADDR={0x3c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xfc}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010101}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40c1}, 0x4000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x14e, &(0x7f0000000140)=[{0xff55, 0x0, 0x42, 0x50000}, {0xf802, 0x50, 0x3, 0x4}, {0x9, 0x9, 0x1f, 0x401}]}) [ 1199.736391] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1199.738351] Bluetooth: hci11 command 0xfc11 tx timeout [ 1199.763333] Bluetooth: hci3: Frame reassembly failed (-84) [ 1199.873852] Bluetooth: hci8: Frame reassembly failed (-84) 22:59:02 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x3) ioctl$TIOCGICOUNT(r3, 0x545d, 0x0) [ 1200.056859] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1200.060737] Bluetooth: hci2 command 0xfc11 tx timeout 22:59:02 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000380)={0x38, 0x2, 0x0, 0x0, 0x8, 0x65f3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000300)=0x40) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x4f5, &(0x7f0000000440)=""/82, &(0x7f00000003c0)=0x52) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) [ 1200.179088] Bluetooth: hci2: Frame reassembly failed (-84) [ 1200.199455] Bluetooth: hci9: Frame reassembly failed (-84) 22:59:02 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:02 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000001180)='/dev/dlm-monitor\x00', 0x468040, 0x0) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x40) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) write$cgroup_pid(r2, &(0x7f00000011c0)=r3, 0x12) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000100)={0x7fffffff, 0x1, 0x0, {0x6, 0x5}, 0x9}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) r4 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$BTRFS_IOC_DEV_INFO(r4, 0xd000941e, &(0x7f0000000180)={0x0, "5572c86f1907a255c7b1d873a3541278"}) ioctl$KDADDIO(r4, 0x400455c8, 0x80000002) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:02 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x1ff) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1200.421003] Bluetooth: hci11: Frame reassembly failed (-84) [ 1200.567415] Bluetooth: hci12: Frame reassembly failed (-84) 22:59:03 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() setregid(0x0, 0x0) sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003b00)=[{{&(0x7f0000000380)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000440)=""/162, 0xa2}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000000600)=""/65, 0x41}, {&(0x7f0000000080)=""/36, 0x24}, {&(0x7f0000000680)=""/136, 0x88}, {&(0x7f0000000740)=""/164, 0xa4}], 0x6, &(0x7f0000000880)=""/147, 0x93}, 0x9}, {{0x0, 0x0, &(0x7f0000003200)=[{&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000003140)=""/55, 0x37}, {&(0x7f0000003180)=""/96, 0x60}], 0x3, &(0x7f0000001980)=""/180, 0xb4}}, {{&(0x7f0000001a40)=@x25, 0x80, &(0x7f0000001b40)=[{&(0x7f0000001ac0)}, {&(0x7f0000001b00)=""/26, 0x1a}], 0x2}}, {{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000001b80)=""/219, 0xdb}, {&(0x7f0000001c80)=""/17, 0x11}, {&(0x7f0000001cc0)=""/43, 0x2b}, {&(0x7f0000001d00)=""/83, 0x53}, {&(0x7f0000001d80)=""/144, 0x90}, {&(0x7f0000001e40)=""/116, 0x74}, {&(0x7f0000001ec0)=""/180, 0xb4}], 0x7, &(0x7f0000002000)=""/97, 0x61}, 0x8}, {{&(0x7f0000002080)=@l2tp={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000002300)=[{&(0x7f0000002100)=""/88, 0x58}, {&(0x7f0000002180)=""/209, 0xd1}, {&(0x7f0000002280)=""/115, 0x73}], 0x3, &(0x7f0000002340)=""/132, 0x84}, 0x1}, {{0x0, 0x0, &(0x7f0000002a40)=[{&(0x7f0000002400)=""/220, 0xdc}, {&(0x7f0000002500)=""/167, 0xa7}, {&(0x7f00000025c0)=""/62, 0x3e}, {&(0x7f0000002600)=""/178, 0xb2}, {&(0x7f00000026c0)=""/100, 0x64}, {&(0x7f0000002740)=""/75, 0x4b}, {&(0x7f00000027c0)=""/34, 0x22}, {&(0x7f0000002800)=""/39, 0x27}, {&(0x7f0000002840)=""/247, 0xf7}, {&(0x7f0000002940)=""/219, 0xdb}], 0xa, &(0x7f0000002b00)=""/52, 0x34}, 0xc86}, {{&(0x7f0000002b40)=@isdn, 0x80, &(0x7f0000002ec0)=[{&(0x7f0000002bc0)=""/210, 0xfffffffffffffdbf}, {&(0x7f0000002cc0)=""/69, 0x45}, {&(0x7f0000002d40)=""/39, 0x27}, {&(0x7f0000002d80)=""/144, 0x90}, {&(0x7f0000002e40)=""/83, 0x53}], 0x5, &(0x7f0000002f40)=""/97, 0x61}, 0x4}, {{&(0x7f0000002fc0)=@tipc=@name, 0x80, &(0x7f0000001ac0)=[{&(0x7f0000003040)=""/212, 0xd4}], 0x1, &(0x7f0000003500)=""/197, 0xc5}, 0x3ff}, {{&(0x7f0000003600)=@sco={0x1f, @none}, 0x80, &(0x7f0000003800)=[{&(0x7f0000003680)=""/119, 0x77}, {&(0x7f0000003700)=""/240, 0xf0}], 0x2}, 0x47}, {{&(0x7f0000003840)=@ax25={{0x3, @bcast}, [@bcast, @null, @default, @rose, @rose, @netrom, @null, @rose]}, 0x80, &(0x7f0000003a00)=[{&(0x7f00000038c0)=""/93, 0x5d}, {&(0x7f0000003940)=""/129, 0x81}], 0x2, &(0x7f0000003a40)=""/151, 0x97}, 0x9}], 0xa, 0x10022, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x100000000007) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0xb7c5, 0x800, 0x8000, 0x7, 0xfffffffd}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e23, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x5, 0x0, 0x0, 0x0, 0x0, 0x4e0}, 0x0, 0x0) 22:59:04 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0xffffffffffffffa7, 0x0}}], 0x1, 0x20, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1201.816537] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1201.823479] Bluetooth: hci3 command 0xfc11 tx timeout [ 1201.896467] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1202.216468] Bluetooth: hci2 command 0xfc11 tx timeout [ 1202.221815] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1202.226309] Bluetooth: hci9 command 0xfc11 tx timeout [ 1202.228519] Bluetooth: hci2: Entering manufacturer mode failed (-110) 22:59:04 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x3, 0x0, 0x0, 0x4, 0x0, 0x7, 0x0, 0x8001}, 0x0, &(0x7f0000000300)={0x3ff, 0x8000, 0x20, 0x2, 0x0, 0x0, 0x2}, 0x0, 0x0) [ 1202.456303] Bluetooth: hci11 command 0xfc11 tx timeout [ 1202.456448] Bluetooth: hci11: Entering manufacturer mode failed (-110) 22:59:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpu.stat\x00', 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000140)={{0x7f, 0x5}, {0x3, 0x8}, 0x3e96, 0x6, 0xff}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x0, &(0x7f00000001c0)}) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f0000000000)='./file0\x00', r3, 0x0) syz_mount_image$tmpfs(&(0x7f00000001c0)='tmpfs\x00', &(0x7f0000000200)='./file0\x00', 0x40, 0x3, &(0x7f00000003c0)=[{&(0x7f0000000240)="1d0f6d", 0x3, 0x800}, {&(0x7f0000000280)="eb63a38a28f6f8b6dd59deeb0698ea4b84d7ae1de15ee5b99e7f54eaf47c1bee63ec609486cca5d91ad91d38617fa39cf743c7a805477c534f843dbd320d69f9517ca8e394f61ad2db76e7cb3971bce45349f98f60505d60bcf2523e8d44aad82a40937e321e8eb19a4b12608f5f4ee44ea721a7b37ce8f709b539fdf920b4c9db2be0abd1e74ec35a5dd1d0711676dcc4a7bd71b7f41b232fcefbfb3cbb53e93069393daa40fb0221ff58cf8e71387ecc9e35bf77ee6ac5310e8dfc47b990c2ca49db1959be1b29a67b28fc903f8facf9102729ab7f8f905b11a71197156398e3cc1a86398e6e364a6fd74d7e59efedb88d4c15a25d5a1bb4", 0xf9}, {&(0x7f0000000380)="60a383bc55acc3e033178bf0fcac70702f16899b86a17fa3ebc867ea3134c60b210383da65fa930dea5914fe7b6d33573a9b84addb6163", 0x37, 0x8}], 0x0, &(0x7f0000000440)={[{@huge_within_size={'huge=within_size', 0x3d, 'cpu.stat\x00'}}, {@huge_advise={'huge=advise', 0x3d, 'cpu.stat\x00'}}, {@size={'size', 0x3d, [0x70, 0x65, 0x33, 0x67, 0x2d, 0x31]}}], [{@rootcontext={'rootcontext', 0x3d, 'root'}}, {@subj_user={'subj_user', 0x3d, '\'!'}}, {@uid_lt={'uid<', r3}}, {@fscontext={'fscontext', 0x3d, 'user_u'}}]}) [ 1202.620639] Bluetooth: hci12 command 0xfc11 tx timeout [ 1202.625975] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1202.696483] Bluetooth: hci13: Entering manufacturer mode failed (-110) [ 1202.697480] Bluetooth: hci13 command 0xfc11 tx timeout 22:59:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x20000, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x11) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = signalfd4(r0, &(0x7f00000002c0)={[0x12]}, 0x8, 0x800) openat$cgroup(r1, &(0x7f0000000300)='syz1\x00', 0x200002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x181000, 0x0) msgrcv(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000929b7a19d528e26225aa7c11c238000020aa6b02679792ca3a7cc62b840b"], 0xa9, 0x1, 0x800) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ttyS3\x00', 0x40081, 0x0) r4 = dup2(r3, r2) getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000200), &(0x7f0000000240)=0xc) ioctl$GIO_FONT(r3, 0x4b60, &(0x7f0000000180)=""/24) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000001c0)={0x0, 0x80, 0x1, 0xff, 0x17, "1e5e7808458c19a106762c86ba94ab3b3f8501"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1202.947395] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000380)='trusted.overlay.opaque\x00', &(0x7f00000003c0)='y\x00', 0x2, 0x1) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x1}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1203.698925] kauditd_printk_skb: 16292 callbacks suppressed [ 1203.698933] audit: type=1326 audit(1599173946.095:1397576): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=359 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1203.786495] audit: type=1326 audit(1599173946.095:1397575): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=374 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1203.865561] audit: type=1326 audit(1599173946.095:1397577): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=359 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1203.935500] audit: type=1326 audit(1599173946.095:1397578): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=374 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1203.988839] audit: type=1326 audit(1599173946.095:1397579): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=374 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1204.044044] audit: type=1326 audit(1599173946.095:1397572): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=359 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1204.098667] audit: type=1326 audit(1599173946.095:1397581): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=359 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1204.134172] audit: type=1326 audit(1599173946.095:1397580): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=374 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1204.156196] audit: type=1326 audit(1599173946.095:1397583): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=374 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1204.178794] audit: type=1326 audit(1599173946.095:1397584): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=374 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:59:06 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) getsockname$ax25(r1, &(0x7f0000000100)={{0x3, @netrom}, [@rose, @remote, @null, @bcast, @default, @null, @default, @null]}, &(0x7f0000000000)=0x48) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:59:06 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:06 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x10, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000380)}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1204.303372] Bluetooth: hci2 command 0xfc11 tx timeout [ 1204.308637] Bluetooth: hci2: Entering manufacturer mode failed (-110) 22:59:07 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000100)={0xc3}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1205.020783] Bluetooth: hci3 command 0xfc11 tx timeout [ 1205.026056] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1205.116578] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:07 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x4}, 0x0, 0x0) 22:59:08 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x8c601, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fcdbdf250200000008000100", @ANYRES32=0x0, @ANYBLOB="0800007200a66cd5"], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x20000050) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-control\x00', 0x200000, 0x0) ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f0000000480)={0x8001, 0x3f, 0xce3, 0x88, &(0x7f0000000280)=""/136, 0x64, &(0x7f0000000340)=""/100, 0x91, &(0x7f00000003c0)=""/145}) syz_open_pts(r0, 0xc8a00) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000100)={0x1f, 0x6, 0x8}) 22:59:08 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000380)=[{&(0x7f00000004c0)="a4c8e27521d505084b0a90c69463d3bfe84a528b577ab91b4a739600499ee4ef8f3ba3f9e1681469bef4892e41ce7be7e3ab9bd7a1007752f9ac356aff1940ccf3f71065de881bb62362d62b801de8a0f3f8592b1e693ee4653ffc01624141ea437f0085eb7452e8ab19cc4f2df6fc9928", 0x71}], 0x1, 0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r3, &(0x7f0000000340)={0x10, 0x2b, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e22, 0x5, @private1, 0x400}, r5}}, 0x60) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:08 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1206.456302] Bluetooth: hci8 command 0xfc11 tx timeout [ 1206.456352] Bluetooth: hci2 command 0xfc11 tx timeout [ 1206.466879] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1206.473512] Bluetooth: hci2: Entering manufacturer mode failed (-110) 22:59:08 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KDGKBMETA(r4, 0x4b62, &(0x7f0000000000)) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r5, 0x400455c8, 0x9) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)) ioctl$GIO_FONTX(r5, 0x4b6b, &(0x7f0000000080)={0x75, 0x0, &(0x7f0000000100)}) [ 1206.598145] Bluetooth: hci2: Frame reassembly failed (-84) 22:59:09 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000000c0)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1207.176325] Bluetooth: hci3 command 0xfc11 tx timeout [ 1207.182060] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:59:09 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffb000/0x3000)=nil) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x2, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x50000}, {0x1, 0x40, 0x1f, 0x200}]}) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, &(0x7f0000000100)) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f00000005c0)={&(0x7f00000001c0)=@nfc_llcp={0x27, 0x1, 0x1, 0x4, 0x41, 0x1, "4b945b55bf342634a025b6be409d9fe5879f9bfc65d5e63ff90550377869aa5614d754d5a7ad11ca8ce3d3a53bfaaec34811c90371a040a6cfd730fbaeb6a8", 0x3b}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000240)="d2a84a5f59c7d74d180a0a375f7f6ba4b6498f6c03e59f5de5207392cfb7c1a72c97e8deb6f34e622be9c87ace3f6419e0d2c205b1dc69599adb2d571869f7a6c6cd95e4aa143d08595981fa5aadfd83add46ad1d62e7cbc8907425631de176affa061eda74cb56e042cea1e8cc4c5f90161", 0x72}, {&(0x7f00000002c0)="991ae6f17e8c70d1302fe616072c04f846e34feca97a8212f8165f9b8aee070bc96c696fbee61a7997b49154755b72e844887b915956d22ca6d3e175894b0352c5a04f2886f21f4b005eced97d31eb29f20efcc4ab1806229ecbbc36da5ce3d55522cdde93532c274f42781927291a03d67ca3df17cac2a00db845955964be5aac7eda6f4145f924be25dadc61b63ad1a81e6387ad04d0005df1314b1a12b76cc8484f2c13993f933c9139dcb37e4de1edb1481151c90c787d9579648639f19d8f393ac917c604f2ed886dd1102d06fecbae1d2fb05bfa408a45ee7de10823307376edda4a920c7532608b0f7e5665183478cb916f8a8a5f82fdb90550", 0xfd}], 0x2, &(0x7f0000000400)=[{0x68, 0xd66c471f7d48ec6c, 0x56, "7278db35bc222048bd06eee93ffbb1ce39700cdeaf20d4a15edae0b2b8ca9d6d3f9b4260f0fca4a5348c58ef6fbd8abd85245a78ffd6ab15e81a009703f244d5d943182d0513c4376306336b588d20fee02e98da2b29fa"}, {0x80, 0x114, 0x6, "d0b349eae9e713344ab105a2c341308bc4f1ddeb8369f4ce956e81502adb658698b452aae848aac566ed716965771ccfc6b951251c3d79b946e12b04a183a8ef8bb7b19df468e34c92e87f7e8d42e171551d29a4f6c4051eb8ffdbd70460681e9f81e7b5e5a0033d3ab707aac2c5b8"}, {0x90, 0x104, 0x74, "74fd1797c84161ea08c18ff7e582f18be0d616d59feb594ab8915deb04025a42202a2a50ed2e9477124f4a9ff5f3158eeaea412a357d8d12257cbb23ea5d075237a1779cce54b6f2ed292efbe0d43b5fb64d4a41aa6c188e6cb82ead76e289ce8628895de61101c4b544b042d3388d5bc9ec453660d815c720f9b5b6ef77"}, {0x30, 0x107, 0x1681, "b06984d8d64c73135ed7bf13565256d21b642b9c565496a5e7"}], 0x1a8}, 0x40c0) [ 1207.668369] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:10 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000380)={0x38, 0x1, 0x58, 0xfffffffd, 0x5, 0xfffffffffffffffc, 0x803, 0x0, 0x2, 0x3}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1208.296274] Bluetooth: hci1 command 0x0406 tx timeout [ 1208.442856] Bluetooth: hci8: Frame reassembly failed (-84) 22:59:11 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000100)=0x904, 0x4) [ 1208.616388] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1208.623150] Bluetooth: hci2 command tx timeout [ 1208.655003] Bluetooth: hci2 sending frame failed (-49) [ 1208.710962] kauditd_printk_skb: 18460 callbacks suppressed [ 1208.710970] audit: type=1326 audit(1599173951.115:1416044): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1208.748666] Bluetooth: hci9: Frame reassembly failed (-84) [ 1208.764114] audit: type=1326 audit(1599173951.115:1416045): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1208.798625] audit: type=1326 audit(1599173951.115:1416046): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1208.834354] audit: type=1326 audit(1599173951.115:1416047): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 22:59:11 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffd}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x10000050, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1208.866823] audit: type=1326 audit(1599173951.115:1416048): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1208.894102] audit: type=1326 audit(1599173951.115:1416049): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1208.932052] audit: type=1326 audit(1599173951.115:1416050): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1208.960035] audit: type=1326 audit(1599173951.115:1416051): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1208.985686] audit: type=1326 audit(1599173951.115:1416052): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1209.012831] audit: type=1326 audit(1599173951.115:1416053): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=433 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 22:59:11 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) syz_open_dev$sndpcmc(&(0x7f0000000540)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffe02, 0x40000) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140)='gtp\x00') r4 = socket$inet(0x2, 0x800, 0x1) getsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f00000004c0), &(0x7f0000000500)=0x4) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x34e263e64e324899}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="becd1346478c3f2e25ec41ead69ec1462054c1805a346e0f664c2c23e46d", @ANYRES16=r3, @ANYBLOB="00032bbd7000ffdbdf25000000000c00030000000000000000000c00030003000000000000000800020001000000"], 0x34}, 0x1, 0x0, 0x0, 0x40004}, 0x5) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x4) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280)='ethtool\x00') sendmsg$ETHTOOL_MSG_EEE_SET(r2, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000440)={&(0x7f0000000700)={0x158, r6, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_EEE_ENABLED={0x5, 0x5, 0x1}, @ETHTOOL_A_EEE_MODES_OURS={0x13c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_BITS={0x130, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, '/dev/ptmx\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '\\^\\&\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffff}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x800}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffff9}, @ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, '/dev/ptmx\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x40}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '-.!&\xb5(\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffff001}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'gtp\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fffffff}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, '/dev/ptmx\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, '/$+]*))-(\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xbee8}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'gtp\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x0, 0x1, 0x3}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xf, 0x2, '@+{![@/%@:\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x0, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x0, 0x1, 0x9}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}]}]}, 0x158}, 0x1, 0x0, 0x0, 0x4000}, 0x904) ioctl$KDADDIO(r5, 0x400455c8, 0x9) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000180)) 22:59:11 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDDELIO(r0, 0x4b35, 0xe0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) [ 1209.736412] Bluetooth: hci3 command 0xfc11 tx timeout [ 1209.746535] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:59:12 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e25, 0x5, @mcast2, 0x4}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x10000, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1209.811264] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1210.456401] Bluetooth: hci8 command 0xfc11 tx timeout [ 1210.461684] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1210.552989] Bluetooth: hci11: Frame reassembly failed (-84) 22:59:13 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1210.696421] Bluetooth: hci2 command 0xfc11 tx timeout [ 1210.701751] Bluetooth: hci2: Entering manufacturer mode failed (-110) 22:59:13 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400201) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x62080, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1210.776246] Bluetooth: hci9 command 0xfc11 tx timeout [ 1210.776355] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1210.815802] Bluetooth: hci2: Frame reassembly failed (-84) [ 1211.345239] Bluetooth: hci9 sending frame failed (-49) 22:59:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x6, 0x13, 0x3, 0x3, 0x3, 0x1f, 0x3}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}, 0xfffffffd}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x52, 0x1f, &(0x7f0000000440)=""/79, &(0x7f0000000380)=0x4f) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:14 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = accept$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs, &(0x7f00000001c0)=0x6e) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8982, &(0x7f0000000200)={0x7, 'rose0\x00', {0x8000}, 0x3}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TIOCGISO7816(r3, 0x80285442, &(0x7f0000000100)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1211.816235] Bluetooth: hci3 command 0xfc11 tx timeout [ 1211.821551] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1211.950918] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:14 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000380)=@generic, 0x80, &(0x7f0000000540)=[{&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f0000000440)=""/88, 0x58}, {&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/32, 0x20}, {&(0x7f0000000500)=""/26, 0x1a}], 0x5, &(0x7f00000005c0)=""/123, 0x7b}, 0x4}, {{&(0x7f0000000640)=@in={0x2, 0x0, @initdev}, 0x80, &(0x7f0000002c40)=[{&(0x7f00000006c0)=""/30, 0x1e}, {&(0x7f0000000700)=""/140, 0x8c}, {&(0x7f00000007c0)=""/179, 0xb3}, {&(0x7f0000002900)=""/73, 0x49}, {&(0x7f0000002980)=""/254, 0xfe}, {&(0x7f0000000880)=""/38, 0x26}, {&(0x7f0000002a80)=""/204, 0xcc}, {&(0x7f0000002b80)=""/129, 0x81}], 0x8, &(0x7f0000002cc0)=""/244, 0xf4}, 0x8001}], 0x3, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1212.536276] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1212.536335] Bluetooth: hci8 command 0xfc11 tx timeout 22:59:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) setrlimit(0xe, &(0x7f0000000100)={0xffffffffffff8001, 0x6}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_bt_hci(r2, 0x400448e7, &(0x7f0000000140)="b25127338ba39aa71eda5cf169c3a6c62e21c1") seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1212.616359] Bluetooth: hci11 command 0xfc11 tx timeout [ 1212.616432] Bluetooth: hci11: Entering manufacturer mode failed (-110) 22:59:15 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1212.701495] Bluetooth: hci8: Frame reassembly failed (-84) [ 1212.856351] Bluetooth: hci2 command 0xfc11 tx timeout [ 1212.861681] Bluetooth: hci2: Entering manufacturer mode failed (-110) 22:59:15 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x800, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000080)=0x7c, 0xffffffffffffffff, 0x0, 0x0, 0x1}}, 0x20) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) [ 1213.046539] Bluetooth: hci2 sending frame failed (-49) 22:59:15 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x5}, 0x0, 0x0) 22:59:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/seq\x00', 0x80) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r1, 0x7, r3, &(0x7f0000000140)={0xffffffffffffffff, r4, 0x3}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1213.416277] Bluetooth: hci9 command 0xfc11 tx timeout [ 1213.421551] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1213.552170] Bluetooth: hci9: Frame reassembly failed (-84) [ 1213.719141] kauditd_printk_skb: 12645 callbacks suppressed [ 1213.719150] audit: type=1326 audit(1599173956.125:1428700): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1213.851156] audit: type=1326 audit(1599173956.125:1428701): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1213.940288] audit: type=1326 audit(1599173956.125:1428702): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1213.976288] Bluetooth: hci3 command 0xfc11 tx timeout [ 1213.977078] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:59:16 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x7, 0xffffffffffffffff, 0xb) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0xa, 0x9) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x850, 0x1f, &(0x7f0000000380)=""/93, &(0x7f00000000c0)=0x5d) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x6, {0xa, 0x4e20, 0x5, @mcast2, 0xe09}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1214.012362] audit: type=1326 audit(1599173956.125:1428703): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1214.037941] audit: type=1326 audit(1599173956.125:1428704): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1214.062504] audit: type=1326 audit(1599173956.125:1428705): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1214.088954] audit: type=1326 audit(1599173956.125:1428706): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1214.111528] audit: type=1326 audit(1599173956.125:1428707): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1214.133758] audit: type=1326 audit(1599173956.125:1428708): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1214.155802] audit: type=1326 audit(1599173956.125:1428709): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=635 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1214.776240] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1214.776813] Bluetooth: hci8 command 0xfc11 tx timeout 22:59:17 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xd, &(0x7f0000000280)={0x9, 0x104000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffca4}, 0x4}], 0x1, 0x20, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x800, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1215.096234] Bluetooth: hci2 command 0xfc11 tx timeout [ 1215.101483] Bluetooth: hci2: Entering manufacturer mode failed (-110) 22:59:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r0) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000080)={0x1, 0x5003, 0x1, 0x2, 0x9}) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0xff) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$CHAR_RAW_IOMIN(r3, 0x1278, &(0x7f0000000000)) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x9) 22:59:17 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000100)={0x3, 0x8009, 0x200, 0x1, 0x0}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={r2, 0x1df3}, 0x8) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1215.478902] Bluetooth: hci3: Frame reassembly failed (-84) [ 1215.484674] Bluetooth: hci3: Frame reassembly failed (-84) [ 1215.586811] Bluetooth: hci9 command 0xfc11 tx timeout [ 1215.592099] Bluetooth: hci9: Entering manufacturer mode failed (-110) 22:59:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:18 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x401, 0x5, 0x8244, 0x6}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x42, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000380), 0x4, {0xa, 0x4e25, 0x5, @private0={0xfc, 0x0, [], 0x1}, 0x400}}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:18 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r2, 0x80083314, &(0x7f0000000100)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:19 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(r0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1217.336224] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1217.343055] Bluetooth: hci2 command 0xfc11 tx timeout 22:59:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getpeername$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000140)=0x1c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x80050000}]}) 22:59:19 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r1}, 0x8) io_cancel(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x9, r2, &(0x7f0000000100)="51f174fa18fa8bc8f53088719352cb7e8c7ddde63522ed658ce56ae6c3a71b39bf2c932b0d52e35c4b7c13839477cf7006782cc295cb7d880edb5f6e1395c924165f29e6abe67da668", 0x49, 0x40, 0x0, 0x2, r3}, &(0x7f0000000180)) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1217.453285] Bluetooth: hci2: Frame reassembly failed (-84) [ 1217.496390] Bluetooth: hci3 command 0xfc11 tx timeout [ 1217.501716] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1217.531711] Bluetooth: hci3 sending frame failed (-49) 22:59:20 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0xfffffffffffffd9b, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, [], 0x3e}, 0x1}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x2, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1218.726234] kauditd_printk_skb: 15624 callbacks suppressed [ 1218.726243] audit: type=1326 audit(1599173961.135:1444332): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=747 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1218.789504] audit: type=1326 audit(1599173961.135:1444334): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=747 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:59:21 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000}, 0x0, 0x0) [ 1218.842756] audit: type=1326 audit(1599173961.135:1444335): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=747 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1218.865115] audit: type=1326 audit(1599173961.135:1444336): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=737 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1218.887523] audit: type=1326 audit(1599173961.135:1444337): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=737 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1218.913369] audit: type=1326 audit(1599173961.135:1444338): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=737 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1218.941604] audit: type=1326 audit(1599173961.135:1444339): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=737 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1218.964226] audit: type=1326 audit(1599173961.135:1444340): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=737 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:59:21 executing program 5: ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x40, @bcast, @bpq0='bpq0\x00', 0x5, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x400, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:21 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1218.986516] audit: type=1326 audit(1599173961.135:1444342): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=747 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1219.008581] audit: type=1326 audit(1599173961.135:1444343): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=747 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 22:59:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4000009) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x50000}]}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f00000001c0)=[@in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e22, 0x200, @empty, 0x8}], 0x3c) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram\x00', 0x20002, 0x0) ioctl$SNDRV_PCM_IOCTL_DELAY(r1, 0x80084121, &(0x7f0000000140)) 22:59:21 executing program 4: setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000100)="b0c187af30c3b32111b7874d4e4b5a45", 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x40a00, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nvram\x00', 0x100000, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000040)='\x00\x00\x02\x13\x00\x00\x00\x05\x00x\x92\x12\xbc(^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x9e\x00gQ\xca\x0e\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91ze\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\'\x89h\xd5\xc0\xb4a \x15\x9a\x9f\xf0:\xfd\x9a|b\xe2\xff\xee\x84\x93Q\x82\x16\xbf\xe3c\x8d \x01\x00\x00\x00\x81\x00\x00\x00\xcb\xde\x05\xfe[H\x06\x00\x00\x00\x00\x00\x00\x00>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjVA\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008\xbfy:d\x9e\xc5,\x9287\x83\xb0\xd8\xdec\xae\xdd\x1eh2\xd5\xd8\xc9\x8f\xc9\xef\x97\xd0\xae\x86\x81\xf7|a\x035\xe8\xd6\x042\xe8\xa4\xe2\x93\xb4{\x8bb\xdd\x02\xc3H\t\x80\xaf\xb4/\x85(v{\t\xe0\xac\x92d\xec7\xf9\xedN\x9b=y\xc6\x9b\\\xb2\x9b\xb41\x11\xb2\xcbcxX#6\n\xb2j\x00\xe5') ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000500)='\x00\x00\x00\x13\x00\x00\x03\x00\x00k\x12\xf4V\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\"S\x15\x031\x87\xec\xc1\x9b$\x92\xad\xc4\x04\xdc\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0e\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x87=\t7\x96\x1a\xad\xd0\xd0u\xba\xfc\x00\xc2\x19\x02\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\x17Bn\x17h\x1b\xac\xfc\x82J\x00\x00\x00h\xd5\xc0\xb4a \x15\x9a\x9f\xf0:\xfd\x9a|b\xe2\xff\xee\xc4\x99G\x82\x16\xbf\xe3c\x8d \x01\x00\x00\x00\x01\x00\x00\x00\xcb\xde\x05\xfe[H\x06\x00\x00\x00\x00\x00\x00\x00>\xfdb\xbfJ\xd2\xe3\xbf96f\x94\x02!A\xa9\x18+C\xdd\xaaV\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\xf3\x7f^\x9b\xa3\x9cy\x92\xe6&\x87\x1b\xe1\xec\xcb\xa7\xeb\xaa/T\xc8\x7fs\x96\xb1 \xfa\xd2\xcd\x0e)\x89c\xd5\xe2\x1b\x91\x83\xd1&\xd4\xaf\xfc*\x1c\xc2\xfa\x972\x0e\x9c\xcd\x1e\f\x06\xc9\xadc\xb0\xea\x15s\xc9\xf7u\xd5\x00c\xf9\xa2\x83') ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x1000, 0x6f9e, 0x3f2, 0x5, 0x51, "8db8c9cdacdddc7792c17bf743c2741c88693b"}) ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000140)) [ 1219.496252] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1219.497380] Bluetooth: hci2 command 0xfc11 tx timeout [ 1219.576295] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:59:22 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_G_MODULATOR(r4, 0xc0445636, &(0x7f0000000100)={0x2, "a3c59b56af3655cb1ad4e94b10005e4f86b38902206b0b584472bc1ab5e4c30f", 0x100, 0x0, 0x2, 0x4, 0x2}) [ 1219.618098] Bluetooth: hci2: Frame reassembly failed (-84) 22:59:22 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x5, 0x74, 0x0, 0x5, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1219.765271] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:23 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() ioctl$VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, &(0x7f00000003c0)={0x20, 0x0, 0x1, 0x6, 0x7a8}) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x16a6, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x400, 0x0, 0x2000000000}, 0x0, 0x0) 22:59:23 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1221.336192] Bluetooth: hci8 command 0xfc11 tx timeout [ 1221.338732] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1221.656359] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1221.816229] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1221.816345] Bluetooth: hci3 command tx timeout 22:59:24 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1221.984086] Bluetooth: hci2: Frame reassembly failed (-84) 22:59:24 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000300)={0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0) 22:59:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0xa0600, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r2, 0x330f, 0x20) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x2000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:24 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1222.263254] Bluetooth: hci3: Frame reassembly failed (-84) [ 1222.274200] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_open_pts(r1, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0xf) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0x8, 0x0, 0x8, 0x50000}]}) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="44828f8cc1e5bea909cbdbcbc30000000209010300000000000000000a0000020900010073797a30000000000000048008000140080000000000000073797a3000000000"], 0x44}, 0x1, 0x0, 0x0, 0x4110}, 0x0) [ 1222.505960] Bluetooth: hci8: Frame reassembly failed (-84) [ 1222.511860] Bluetooth: hci8: Frame reassembly failed (-84) 22:59:25 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x2, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1223.738760] kauditd_printk_skb: 18831 callbacks suppressed [ 1223.738768] audit: type=1326 audit(1599173966.145:1463175): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=933 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1223.766285] audit: type=1326 audit(1599173966.145:1463176): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=903 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 22:59:26 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x5, &(0x7f0000000280)={0xd, 0x3}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x31) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x800000, 0x1}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000380)={0xff, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffc}, 0x0, 0x0) [ 1223.789809] audit: type=1326 audit(1599173966.145:1463177): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=933 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1223.812016] audit: type=1326 audit(1599173966.145:1463178): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=903 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1223.845634] audit: type=1326 audit(1599173966.145:1463179): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=933 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1223.870724] audit: type=1326 audit(1599173966.145:1463180): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=903 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1223.902754] audit: type=1326 audit(1599173966.145:1463181): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=933 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1223.928507] audit: type=1326 audit(1599173966.145:1463182): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=903 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1223.950875] audit: type=1326 audit(1599173966.145:1463183): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=933 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1223.972977] audit: type=1326 audit(1599173966.145:1463184): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=903 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1224.058362] Bluetooth: hci2 command 0xfc11 tx timeout [ 1224.063804] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1224.296217] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1224.296234] Bluetooth: hci3 command 0xfc11 tx timeout [ 1224.536198] Bluetooth: hci8: Entering manufacturer mode failed (-110) 22:59:27 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000440)="c21b3f903b55afbc9ea961350dd6b088163c373a02dc6a44de8da13fc72ae3ef6de3984a7cd58c18ab7437223f57142a7a588350d324df21995b4fae9878645d64e1d4e725a9d8eaa4da6955849c34761e91a4c0a5484a5b1815298b7002927266871160dddaf2db53f42c220cfc7dc5f1881d6b05c3590b411cf7c91d726581e99350ebd84729a4cbdfb4a8af8a1c2b745c4a138824e5c7a79ec77f8cd6d17774c44748701538b4e22fa0f672aa7dcb96d3b132474c32cbbc5f17ee35a1a087ef6d90bea983faac0e592fe7ab56738ec26b8c7d027f4c1c2c2cbd1eda5d692aecb4a1a31dabc5284dcb5d7c5f", 0xed) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1225.096232] Bluetooth: hci9 command 0xfc11 tx timeout [ 1225.096457] Bluetooth: hci9: Entering manufacturer mode failed (-110) 22:59:27 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:27 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$VIDIOC_DBG_S_REGISTER(0xffffffffffffffff, 0x4038564f, &(0x7f0000000180)={{0x3, @addr=0x9}, 0x8, 0x8, 0x80}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000100)=0x71a, 0x4) ioctl$SNDRV_CTL_IOCTL_PVERSION(r2, 0x80045500, &(0x7f0000000140)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x3, &(0x7f00000001c0)=[{0x6, 0x0, 0x9, 0x50000}, {0x5, 0x3, 0x83, 0x5}, {0x5, 0x1, 0x3f, 0x8}]}) 22:59:27 executing program 4: clock_gettime(0x4, &(0x7f0000000100)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/bus/input/devices\x00', 0x0, 0x0) ioctl$sock_bt_hci(r1, 0x400448e6, &(0x7f0000000180)="2cd970bad15231bd106191900e8be44b14fcc2616b3905bc0f4ee6ec643a79464be077f03e3da60d4112191abad766bf6197125e4223350ca1752347cbb2cfff67f48becfb8966b5c2b2bd65002288796eee0efff1f4a320ce10080baa73f171541cfd16694af78d2efb738b57c3ca4252a30bb93a5c370ff3aedb0f293a78f0a0b5a16a68b7e96f23093e509558d075c6930f4cf4da7c6fd1609074b21631ea9bc2c6ae8b53e78a507613ed18343a535c4eef951d0e46b1972a1e84cc812e558fbce336236d73a6bd169f81dec8e54c5db168781b6c5dde3577740f5839e2b26b5e29f7e0ce66c4f4d5af934039f716095ec313328d4763200bebae3ef796970e50d308d21b33f93240fc10ec10408825dc09346ef363e9455eafdceb54a04130e169e1226f893bfef339b7e9d2b99fe6eb9e1bca58c1c8d697f19697dfd942df7c0cc969c931f313b885616006f001af085c6bce35b429ded8ef3e8c0713c0b14a07006f31c4e0daba881399dd4839daaf6bc3beb7a349d949d9018963d5a04b95cfd22f2a12e30861829b3ee1b6ef8b31600b735b18060a372e30d9f268f1b0a7bda70ef54e48d3667f016869e8222daf6f7b32debabc1445e57c3f828e8a09b625a1dc31d9acdc5876c8d7dd4ed80528c3feabffca815c58c79dad00ca8bffa5306ffb4bcb874e9128fa40bfdef1de7b5e8da7b2ea51310812a8e8b8dbc3a22ee1539ff372050c2ad7c77a01fa0f3ade83553a1ccb51879e8b7ece49d697598155ee7cbfbe1943112da5a8290ecd882053cc5456bb28083b23db10732cfa7c10c09a2fef54de8e2d1625ed91ff6f741be5237dfceae9b04b869af127a51ddb1fc22ebd00f3c58a7068fdc9715328bd73ac723a75edd42ec0a7ed4e1324931a51a0a90065c5e55cf36493d8f02336375ef312f66436b4592ba94d4e0de01ee4161e5c95da10dab9c89c2f53626cd7dfbea6ae9cb1161d58db7129745ada3c3e2bc5d8c62a6be8b787d03c3f09c5e12e156f5ffe1440cc5bb7679f0250ceee8ea6932bb6956eed8b9aa95cf57d76901e0ef1244a77ba9ce8df06da1072aa7ab3a529e9e18f3c3ac845f52add230b371192c4ff61e6a40a302aafa449a95789cb1e14a6c3adc3896727206a47b4953348c1f9715bda9ef391b82086df8bdb7a2cb218349abb1ab0fdb8ce6315078935584023f327775275ea7adb541d83290dbf4724b83fb1f51c29ac5c72aa32b0cbfae453302121e938233a4c54516ab2830a2654cfe2c4b0ebc7687790bf07b20a7eb96d6a01c22e9b7c4e89fb73b23202b344285ddc27584a6cde8d09543e0f90264181ed914903efb3a806293667221d22e7bf16df6091f0d7e0ef0b07bd94b5ebaaee84906974453290885aa015a91176fde89f8a10f8482edd52a580b9405920eeb20787ce9c7924bacb824e5e6e2638dbb6ff1a98c08e0367e06e44f994d82923215cc89b4b5080aec135ad6bad15ee3634a0303b938062a6f3868297815cb28f1cc0a68d2f20e22fc4cd6b113f95d97930f5bd2662ed85b9b26146bd7cbaf58a3fbfe6840d4cb80f60b71bf0ca2c643a93c3e7997d5f9fc1415656189364ec429c5ed50b027dbbb52b2abb81c9094c4fd3d0f0df3b2d4951dff57d60373ba45df2a9259eecb926eb438703eb022f1b3f539c5a56a1bcc89274778d7221a61e9968a65ac6110896f2787f31f95bebafe96f3fee850e8e601ca6d09a898fdf90ce59f98bcd35c0b17fcd3d1e2b51ae078b53efe9554ed0399624614ac34be1706a10de04c1c45174d72ba1b361d8246f3f4b47e198a95541c1e91fe4ba364ee5de8a52b030b61869759155c81e35d303eefbe786338403d850ea013f724ddb2b5e9632b57007ee38c945f5d750850f0346bbd356147ababa8b8bba4be1a25ea4cb9e7a6d77c34acc8b94c3d3f037305f1e73204f23bfd592ae3a3eda2728dbbe2839f5aa8ca3ad8a4f658affada25f8200e9600b99956aa4db2072df51b512ca46c02eab8fd3cde56ad7be8058da63edbc918d65404ee971f54e598e8d205b6f3f337b13adcb8b36a4e791fbb77fe1ed4251a8574fe33bb5f26523b1e1c555cf03199061d8bd32c8ad70f83b4d0d9906e59d3cbe3cb8fd28280f8d45d036d06874f655b117f0cb1ec39298147cc5fe2598c8ec065c0b312f01e080dfc3f1fe65f12cdc90e5885dfe48eb1f8607d85835a4f469b342218df9598099135dd3217df1738c51fa79b69361ab8b16e984c3d913fd2043adb935cc8b6ec6af17aaa6feb54d43a2f28e9f74860eda19ba07da3a5acab8132d06c6b2adfad8bd67c86054807a3bbc9a74408353e4e7a9873d1712f3c969303d0d05547dd6e822800a54ef9fc18fed3ab9779968a98b831fe68e8bfb3b7d550d7c598798cb1d7bfd13cfee2d7c7811728c07f9d2ac694a59b9849503031a15900c6b4d78fa3daa8e1b6b248aa127b35acc9ef0e11d20a47beb11a5a2d40a709d050783a7a2ed587289b1f7f88fc3daaaf5dfe86cb0127847ff5210bc1051ac53d3b95e923a200a3623e3988d3e22b21765a224a78012793baea1e7d4311a619f73e879a41886a816e768278f9e8037e802d20cc7969ec5640bdaadd1e15ce19fcbb34db8c2f54e61caf42ee9f201e208fe2d0cf82c2227873b1ae549fc2fdc4c48cf615da5f3954f09ecb8c4ac7be9c945703c4403c2f7f23acb4f4f68016f409d4c906e55235af7636875a9267eda382c45cf9a73ad38a7900d9baa7217a468f574022522f56d257d8a592976a8f5185849e41b5c9e0eb22e73ee614ecc9cd1481eb633108790723578accff8ada6b83e97bbb303faeb4cee9e6c0deaacc048c5717a1153fd71598eb65765d17f99446aea715b65224633d6776e8985f403289467d536c53fa099a26f91433724fe77de095d452435d78a171026e935967195521b9589ca32f33e917da4016592f21fd23b95ea9d53d3b6afed4dc5cb5cbcf0e52bfb1c54dc6ffc35744fa4269373d16bea76df50d6721460f08df6d5f85eed3a2d2fed780be51886a10b11268d1565a946174c7d2cfa6da83e91ad2e60be0b573fc9bcdd161fca14b7bdc2dcb9fce9f731ad3bfa6b0cdebb3d7c73ca692b936df8d03e6023c4e34d8fc2e8ee1509320869fa11ff3bb07400b8e524e28ad6fcdf0bf6dff41906d71382f4699d0a661011cc729a1bba0fcd8a476b753829eab3be9214919b257bf5a1dd3d2d9cd8e779c05fd9249cd71c58e819b293e3268d159df1833d78e1205a03c4a5eb01976790308d39829f0f98591d3872945e4cb50be32b815883cec4f2f63b9bc711e9f13e3443fcb2aa6faedf503620790bd630f82656e338d8f6c65d67a7e6dd88a506b2cfcd97ab2fcd246f4e45305ff5d2e6478ac97cb1ff5b0d95f8f87ecb18880fc3905ed5b000f24794b96e763d2c882c884d23eb30d22542e2d5d0ce2f2e6548c1dd6406605ba37b2ba5c2889e1ebd59c89c44ea703149cdd7d3e9266e74ac722ac17af0fc6087aa00fd32d9bf18ca61510269c7a004948bb961b97c91a0cc531b6c1b4ff9a2eb0c41a362d25c6b0d4b045ca23bc7bd76b17236fff191f4126117f88e2c883ed3cc0b033c87b0454141ddedc384fc1909fc9ae34143283cd93ee65e820ddfdb87944ecdf126f3b79e69afafe6c149093082ced2ca076b420405f3a29ede84526e1bb39063488674d132b6b0af544fb01cc83c95a89cf1f8a41a9be298b1485b1e299dd4d6306bd18cce9b1aa5045debcf66c7dee0896884f34ac551e80ea1e7d7e524a61ee2b4628a1e61de25e8a0e2f431d8115e6fdcd01fa8ffc4e30d8884a6dbf2cf2395998beb552decd8805a3cca9fb0a0f467af31928ec4b213233a47a45d2dc760e0fc66d29aac58f068690846a030a10844004c2d2f0b9819b644cdff0134f8f266abf15ed8ab5a35d72d10c2b621f86024ae1667f642360ade3533ca546cb0b272bbfb1fa6cf0fc9cc8dab03b61a9bc52576c54f734947e8d48338c97efd53c86626b312d51df1556101f8e25ea7d0c15bc4fe1eae7b7c2180dd0319fd0c163d403f942cb8c386b72f7aaacd64bc90ce91e55f5c4bf21589d3f126cd74b155483b801786bab88c66d5292a7b782c6279c13203381cff295327a36d842884ff5074e7b439ff2df0d3409270abc9db5f42e5f39d53c953a4dad8920f90d3810e32d77bb20017cf55a71be57e4b04439ab5001e3f929e25fb8484af276139eef6d0545c8218da198d2fc42396543a5526462bf88575962a0a2da0685b4fda599e1846718979b67d2e834a896a10e1d704c62295103a20b50f619632d18bee5be381ff436b6f309386207b107e00a22856d621e7676d4a684a00c52d145503b44d75843d4027a075b30e89d918c483e0b6cf5a06f3062e4138414e03ec04230109a31ec6d149220b1db7e93e53b58c340c07cf3452f643b152b33f6e4d76d967f8187ed626a03939b69a86edfb236857f399717859556d183b9a45b1b0beca461e886d79d06ce8cbe5eb9d31d4ef52fa4e06bcb7ecba2ca1cccf5893008b5e5a3fa8c85ac5d00a7902f82a88aed8cc6929ab23d020cd9bfa6806f07604a8e8d81acb21d1aa0e2eb8caffe26f7e8e2818ce7f38d850cddd2b019cd0abfa7b78e07409fa8e83a3d77450f2cd835c8c27ecb80ef4169031787a613c0bcf2f4603b1fa995fae8066680d8e90bbd2fd703c8e504a3131d5fa33e2a6aa5bc2b4dc2e6a8836d387ba0119a259b369cd73b486a5bd9276d06b7032398f695357d819f87bd31c7a4c65cbb28977106f5ec6a3251c622e51342ec88b5816fced1c09a8213ce67fc2ca54f9c6537a1e40eb720491752d1d8e44259ae980218a1ebfb77920bb2059c0248a2f735e6d9d9c3e940f659b08794c6b977fe764ed66c8a14bd2fc68388f4650e3a57db358fc4902606547ef29d08e27b610c31f03d6ea5056228922b1652b3a56da8528603d301af27dd54a52dcfe250ac60d570bf2a34ff3a71227694367ed114ffbcefe422e4056c457d8235afd98e14df67b4f2985dd14300d361e8f89a616a801cd217d218a1b338a9d67fab79f411f8b64911240e334375e325fa4a7b449af14c1126acdf117ee3254b0b42f58fd502c24d0fa1cc41d4e0e25bd0303ff4a21ee61bcdaf2bd67baf0fc41f5b28b868580c1ea0d4340eab4fe099e6171bda45e5b1179910c6b1dabd0781307662a389e611054404b544175b9deeab25bcf6cc60f9d8fab6436833a5ad68b7a60b32bb971aca0bca18943b7106f3e26401eb4ba8a051bd7a51c56d706087008c499472756cf66986a97793acc4007a8a6b4c8ef4979ba8ac4e574be7a7cbc22de8590c3f3c0c2a6efe1d9bcc3f3d3c055cf91f292f342a924773f45a2612e25fa54a73ef1c79d56d52fccb51f9681ebb4c268ebc6f97479b233b5e19937e1425fa973b1a369d412f32633040ca46989cc62ad6fd756637482bf725c4f2db2987df88127db165de215c86c8fcfa75eaa42b2fcd4c47c169e7d7950443ac633b2199431c29b4f9dc8a922046b6ceb95a1a433f1ef930f52a6e040b126424f54d09347b7d74101bcd453c0484b1558aee68f202c5140bbc4be0ebf09c71b76716082c63f9fff9f06e3033d507bb62df306c7c57edd42e9bc101b672c68d4729d905b6ee64012a10108f4aec47813ed8732d218930d7bd1eea683dd9c0aaffa5d95edcb4eb2706b04d8497c5f947a9bd57c4769b40422615e5ee483f03f57cb6d202bed4e79577f590b4a6f493baedbf075") [ 1225.496258] Bluetooth: hci11 command 0xfc11 tx timeout [ 1225.501632] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1226.136246] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1226.136300] Bluetooth: hci2 command 0xfc11 tx timeout 22:59:28 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) ioctl$FS_IOC_FSGETXATTR(r3, 0x801c581f, &(0x7f0000000000)={0x3, 0x8, 0x5, 0x2, 0x2}) 22:59:28 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x7772, 0x0, 0x9ad}, 0x0, 0x0) 22:59:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0xb) r1 = syz_open_dev$vcsa(&(0x7f0000007040)='/dev/vcsa#\x00', 0x3, 0x8000) getsockopt$rose(r1, 0x104, 0x3, &(0x7f0000007080), &(0x7f00000070c0)=0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1226.284804] Bluetooth: hci2: Frame reassembly failed (-84) [ 1226.314424] Bluetooth: hci9: Frame reassembly failed (-84) 22:59:29 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1227.416192] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1227.416246] Bluetooth: hci3 command 0xfc11 tx timeout 22:59:30 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x60, 0x6, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getsockopt(r2, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x4}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r3, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x20000000000004, {0xa, 0x4e24, 0x5, @private1, 0x400}, r4}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x24002, 0x0) 22:59:30 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = signalfd(r0, &(0x7f0000000100)={[0x9]}, 0x8) ioctl$SNDCTL_TMR_START(r1, 0x5402) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:30 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1228.216207] Bluetooth: hci8 command 0xfc11 tx timeout [ 1228.216362] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1228.296280] Bluetooth: hci2 command 0xfc11 tx timeout [ 1228.301536] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1228.331484] Bluetooth: hci3: Frame reassembly failed (-84) [ 1228.376239] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1228.376364] Bluetooth: hci11 command 0xfc11 tx timeout [ 1228.383072] Bluetooth: hci9 command 0xfc11 tx timeout [ 1228.388668] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1228.457206] Bluetooth: hci8: Frame reassembly failed (-84) [ 1228.486465] Bluetooth: hci9: Frame reassembly failed (-84) 22:59:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x106, 0x0, 0x0, 0x50000}]}) [ 1228.661191] Bluetooth: hci11: Frame reassembly failed (-84) [ 1228.749748] kauditd_printk_skb: 21695 callbacks suppressed [ 1228.749757] audit: type=1326 audit(1599173971.156:1484879): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1228.780656] audit: type=1326 audit(1599173971.156:1484880): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1228.808271] audit: type=1326 audit(1599173971.156:1484881): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1228.830204] audit: type=1326 audit(1599173971.156:1484882): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1228.853945] audit: type=1326 audit(1599173971.156:1484883): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1228.876658] audit: type=1326 audit(1599173971.156:1484884): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 22:59:31 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4000000000}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) dup(0xffffffffffffffff) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r3, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x401, @mcast1, 0x400}}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x100000000}, 0x0, 0x0) [ 1228.898804] audit: type=1326 audit(1599173971.156:1484885): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1228.961806] audit: type=1326 audit(1599173971.156:1484886): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1228.989639] audit: type=1326 audit(1599173971.156:1484887): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1229.012086] audit: type=1326 audit(1599173971.156:1484888): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1066 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 22:59:31 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000100)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) setsockopt$CAN_RAW_FD_FRAMES(r1, 0x65, 0x5, &(0x7f0000000200), 0x4) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1229.405340] Bluetooth: hci2: Frame reassembly failed (-84) 22:59:32 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0xfffffffd, 0xa78}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) iopl(0xbf) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000200)="56b4ac6b649c30b1ba83afcc60ee0235df5f9221c76b10a9aebdd1d2b7248913b48f98903bdddc9ecc1985d0bd5ff14f2633be91f1f82a968000000000000000b6dfbab634c8c0c28095c4cec204b544b18f0d21e18eee851596103d94505a6970476ad6c65845fb05f2795bb80a34c6cd13f529cc1b9c", 0x77) vmsplice(r2, &(0x7f0000000740)=[{&(0x7f0000000900)="be7ab721db1c97e349a729f8008b66431ffb0b3158689231b497a41f7c238a7860af4ccf044019320fa13b4d6b72b776a2ad121f93f471444bb9ff2e61d486bda9bcd83528cc942000ac4d521e3fa4f59fc3916e237b9ee990b45221bfc6cf33d2fc7bdb5e56021f0e47f0546055cc674c752993bd941237c63159732cfd602eb1feb9191139cb49f44068f02984abb4eb402775107e85c511596886627f12e57d43c2f7e75c2a30366a3c5a964eb939b13c1d1df9dbfb56e0c1c87c45ff2322931ef09405f538d89c3bb4310a772d532e3f3f812346800824f162a2dd5337cdb89068c42edadcc4f8adb5cbd4515495249b3dd6bcf9ab29aba8edcae63c53a080ec6da5523191343f2a6b4ac6d9b08f863e1d6e5e10fff7ca7ceeba61d43833d8cb14f27f49ff90524d40c319295e1759b8c54252a2708d8b836a1b13fca11be2fd4852495d20be8c85c7a2fe0127d954fdbb95c75160083dc9eaf8eb4cdfc0695b458b329e960455801caf16632b8b46da7482cac90fca6b6e678b6095335f2e3e924a4c22074c272a5ba78f04fb5c1ead19b7cf259b593e0dcc008a86a919b177d27ec20ab9e569432912853c0fca47bbfa68cbc3f4156ba4437dbe6fe9ebe8c82f908f467b3233f5bd02a091f01400337d3637f3245c71852f2202d25ff4514a7164d6e0b84170061c669a7c906b8cd6ca97b46aec3d9ecaa2a54aae47d12f0e78a4e4ab1e788134af44b1398eab54498476f13b982c0c7258a99ef3e0a15569e0a26f2afeccb6cd13ab02cd229ef79f575ed334c5244f04f5a7cf047c8946456de55ad0d63eb76db495652024ec464bbfc73888ce751f74dfc4401b81e5540c1e96b25e35a9af66c1ea83528ffebc758c9df4c5d04a9bfaa098d2a1dc8b3a92a979c3e4fb1e6ba6bbd3fe170cd60c405d263fbd6653062759bd7b16c1a519f6e2418363469c058c60eb402f7b48dd43e5f6fa60f44a99bc65e8d95570e1c7c29759becee2035d5bf8a3d28bd63561125bec24a17d41648d68ea0001bfa113ba4c8f70033c199dda7558a6ad864a3478bf82e25ba6c99ad88c7fe5ad620daf4fcdb2f3df9b22a7db2538f404e8f90e4d2c717fdf01ff3a4ab1f544d55b22ca45de8a6b2a133568c1a46221cc470ee095eb04e9f03322be196ff1ff399bda2f60638539aff8bdd205d0caf8239aa024831c2ade05f981e7a4389ad1b9c1a5d9b4f112f8c9bc0d9f8bbea59df1aa0724717a7ca7b255ff269e2123bebb8567cad1670ce7f4562298dcbdbac231b83544ffd5fc1c337187a2d6c2cfd09f33eed35493a7835f7cf3d9cdca58bea3f016a2d48baa93e36c8365ef844b3720efe5a422cf1795906449cab66b7b4c04e0b6bb3c456123ce984d72c5e7583906ea0573f35ca80e2ceea56cc034f8effc5dde4e2c711bb40c5c7b276adb00df50c638c107f7818d9c410f0dc4eb11bcf478a9c9aab79975e8f507c6ea59e3a8ddefd0c13eddbbb8fa1235f4f74c518634ea5b55487c157d908685ba97e3a63580c0995952f9c1e4a131a328db80096d90a527b1f9f718f025ed978775ab1a783ff5c9af9c2801d6fc7e7bb697e9ead4606416ef5e2ae24d91f6c980f7355c987e9200710413eaa7a57e0ccd394a24f0e15a7d06212f3b40ac19a5278e838dbf3ebafe7bb1e42fccf27128f5576b28f0f48c793a931ccc2f51d59c68b8920a733f884422c06b3e09c98d1be927d9089ec71fac5a30c0c4dd65db00446b4e3e1d28901a4965b608461eec04f42e98e57045dcf646d1199c66757ff5ccc57db00fb0a176d4316ef57ffaa8610787551b2f5b99a47ba6fef2e281e6dacc72acc4672dd53f6c6003756757ec5262bf8e2c6f7f1350e21c2a025c363c76c25de24d5246d5fd15a1d7ed18baa9245f30f08a54bbcbf51119d5dc1c8b6bcc7bb45a66b7d09e55777facebf78b479473adae9f1f60390417db0ea8e0d8fbb8c5678c2dbf2f822f5bcde8960c60c65e8a245a5629e08d73955c09fddadac73d263c2b4a5e8cbb89de6aa769eb396aecabf7587cb059dfde8298dcc335c67459cd2df13de1b19a652e2ba51595ec5f7427265d2ffb1e47adb69d3c12f05ec9b3ba0b4a98c4232fea7dc23da7b8338874dd0225106fd55ed41a1e61d23cb7a68fdab7fe6884a334b04bda799dfce26958c2961e3b5300c6434a60db02d9eb7e0e508bd38c3c1f403dc64bbe938347cbb19037eef8c947e4917cb2c2264300a55f174a18c733598486443fc4392e4bdba837f755d149b024242987bd8bf97435d18e3a30d0da1bf38dfd099b62795e9a799066c6175a2f7a67ff2e1821d4ed920e7fcc91567d0e31fa42f497c6a3f20df0b012b91362a98bd777d7e2662693e580f66dcb8fd7e979e6c68f1dee9f0c7def18a64698da03b46d83d682978ed8d0f2615612d0bca5238f7bab99b2bfb3412af0b617c69e46c789c3580ef2a68cb5e06c5c83f6ad8e1eb9b1ca88e4b86f6b96ed042f3b791ea1360badfd7d54d2d9b002608fe44f29d4da86ff4e2ec5aee09be646dfee5d101d6e4368a6a9efd17ed11154a1917bdc44e904b69ee4cc670768352a9471545bcc9b6e860f9cf95f48101cdf760b215a622df632bb084530049a8db030880c0f50cb585edc2aafae40a86eb4a86582eb26f955987c3c86a1d53d58e356602b74bf6f33fbfb7ee45f3866eb3d2b2d44306fe6c802a48079c03ff5ce0df800d5905f14166df7f3fddf69d04d925f0b5938a6a1794ec5fa20d0b745b0e7f81f4ba3df8a009b6b3a790ad8f8a4730cfd6878582bec30c17a23d66c439f0ff63131f5aa3a6b8a537a8bbb6b06927ce4d6f520752356acef1a536dea3f04c7b3acd63a01b415bbc763be80ac91d3184e8dc735a87fa0b216e8b6bfbe84a75bdd3f3e2f08577362c284f43907aec8d884c0a0f7764b9ae87d3c954e46a5f86e849db0c289fb8641c98e43951bc17380c2589583454a5dab2ec8d082d3251241f0e5e17f2e7d4c5804f7c0ebc0df518b18b42c40bf9ca5d1fbd80d1907033f8ceffb65482e7159319a562805af26c92c7093806bb285baf28f7ec6af10c99eda36f57528c2eb988a29e8801e1f5740e6d42b595a17a454dba6253fd888a0c8a364a9bc7e5cd02836dabe6e56a24580e1b7d33a3e30dc949bfde4981383695f6a8b672de3e0585905519567b5e5eb103065734063efec2f0251f66c99ab1c184b90468081f8edfb391216ae38eee1adcf568b964f21c84332a9666f3c6fc5371ab129907ba22c55224aa5c087b120dbb92c99e561be84020d1581373664f864e09e220768813aa4a8db24c84a2eb2027b64322bce7b3bc50f2581fdaf2c09c6a2bb3c7636b951f85b29839aa932d686a1263f0fb65ab57c9b86c9a5a186a726307a75c54aaf03044c7aeaaa8bea1857e01e6ad8aa323227f71567bd2f6de5505d9dc4ef4c07200cca8e89de0fbf2da914e5574fd856b81d54926e1885b8ad07706ee13baa256f02300656d47f81f7547008e695e277b169a57361604494fa29d742e247f9ae63d7901ae144d17a6fa78b98cf979cc9a85afd85cb56a7abb3f909303b04a077065926f64ed6d669f8ae7857e97e2722723bc03333e7657e9fc8a5eea12e75da2163af6d22714835143844181aa2e9a78f5c179c6d7b2dcb502fd1eb5d8f8f9c290e5587a13da33cf77549b694437d8cd7e694c32e92b28a337ab6283a6d2d8291f68d72e301a9400021152f83711fb659040f44e042592eda3163e1646e180dcd173e1f7b03ad4f4f7faaf11b6d3c9549eb81881039f031e287dc7ece2d61a5b973f18559fcd8f1e06512b53348349765cc3b935e0bb134d26f99fac7d77e55a211224b535ad9640a3820259a22fb46cb40fe09136fdb82c084446c6d2fc354d0e304fc9c660f6a5e27996ac24ef97f6856670fe091559b1949dd800ef85a88623284e506ea76feeb99ce358a961b44cbe1004c35275e77319b12221368dbf84ba9167ea28a89abfe807f7829e05e516ebd60940536f5b2947ec3ab45fd82420094aead03236119dc8095452bc07e7ccb2c5f4cf43ae8bf5542059037163c6a8711f9aa716780943703d142be8a8ef5c6c49ff4e120716e781ad33ec0ff144b0c7c4eb40467f37909935dfdc7c52d9c0fda2dc056b168a5b42f1ecdf884ee763af2c6a6505a68a3345eeb0eaa9da99d6bc89972830829e1b782204f2c6902868fc1f6be2d083e88bb7395d90a7d3233d13d97ebf1f4e1808a3ab396eae4d1fe4a17bbe9b49f5af3daa1a2af441761f67cc8f86bb9ccd3f5babbc45e590f561a8c33e5f0edef5182442e2f35cfe64e13a6b6c5f3fe8ba323065b08af7135bc8a47fce75720b4a856cca2a3f9b7f6df8d61f11d77dfe71f84d5d5c262c0238ec229fed741d8d7b064591f179343e2c72a9dfe197903aace1512e5b1d149cc3884d6f222ad22caa4e16ecd99ee0e5e38aea648442d91d7e51f5cdcf172703364b0587531c2652a5585a7bc32eee1aaa6a3a82318bc30323343a8db7ebb8c566156aa6562cefdfaee5f1afde6b3107610c65dcfb5f43803e59b1deb87267cd7203b93f93a7d742d492903cdb1a4c04b205c8a9e05d600873718b91f55fa47228aff4b105c13ee9f443000352bce03277a1beacca0cb23a5d03d7ab61f71dda6bc1a6a6d4d526892bdb35acd71f7a78ea6bbe7c7c644fc9e2423f2dd28f70d4e3bf024c802194dd7f0ad5b2780a3d26c7b87ca4506fbc6fb3768da100e11287b4ab07065edb9ddee517dab6e4085b1baa3f719900db8d32e72caae37a0258b9d6a2a5c21e4206479a9b9aee11b3c6764100366d73f57d48142d67d81f0ac56ea568458bdc7e7b71a83e4a0dc551b53cf85d36eb90a37f85bdce9046b6778eb63eca63757d01cdf914c0fc43e20aa7c0bd32d8209b15609e6ba43a11f8d1dc94de098d75779275cb9971c9eee2d45b10acde6ff33ed1c9de69bc144d70c71a3d5972cd8d9530a3ef40041ac171c1cc075be9ada78d1b3c45745f85f1f022452f29eb50eb073f0268b48059b66c5c90f874328e203e0d15a917475367b1c9e61a914367cdd86f44c3a26e09788b633743f810d2ebcb3f40d2e587be70fbd6b88a46bc69f862fba9a20ef11097dc053288972c77869d0a785b1e40c396fcd999407d42f2bfe80faa824b0b6f8de6d700bd9b010e12214e2ac079cb015b7918c7123ee57004e2e5f0c7dd70e78217aa8a23677b8757534a6ced79e58b9623f163ee192aed146fbe20fa9c036091bfeab5ab38d89a551d1d4c6ada75ef4760f6976b490a91fa5b7d421adc828113a0e9c7b02fc87e01c840bff41d8f4f990619e7915bb265c31f65346f26b437e77c5ed1b49784050f095833c7137a91c2bd3a97322cb69ff3c47cfadb3b65ff646d2139a63b9fb84c3a5abf30b2766f0228d41a12fc2d7211d8055fea4bb7842e81fddea81059fd481b3867b8353e0ffec82fe55ff3fcc1d8bcfa293525f58b113ddc19203c055933f51525f6b5d69c829ee9df9e5a4dd35c6bb393a42653ed9aa6774273bc2bbf7f1427c99cc48a39421d57abe46cad4d9e33b62ba9cb5f8d7965a63f9edabb99d0649f45b43e6b21f8732a224ede6e81d622e1295205449c7f9e8f0d0e1d9ab3edfffce1081736e6eaa408948c5ddeaaa8971354e7067554010b277cd87b8f6805ffd8c56638346a901e76586d2865444a7043c25832679d14facb56dfee82ae06668eeae23dc6faee6efb15008f0b097200c74158880fce73dd64fb5464f4e73", 0x1000}, {&(0x7f0000000380)="b567f6587f83639c617bfb9152feeb02658b27c6551e683e4c6e16c20b0e391e3b9a65ff504f5ac2b282aedd79288cf17a7bc5fff71c08427314991945ee3e94fad84abe77b33830b330b8ce06063077dd", 0x51}, {&(0x7f0000000440)="d08df2fe253d0d86e1159716caafb89bbaf648c91e3c713f997de68fb7c0acdf2b4b544aba3f54f8908cd7499012189d079501e30764b34b3fccc0e4154a55f02fdfda5b2c96b55f52ee0ab3c3792c8db995937cf7a51004a9bfd9a7f3c1386b4ddc1a4c63f9d5be0dbe6b1d3deb217c0dd19c249bbcdfb845afbe09092e72fb6724aa8a9cfe8afcc9794ed213c4dbdfdc1065ea97ffadba70db4977976e5ae68bad914965de91950168f5d322bce77572f7a64d0445f06ff42b85b4fe7e9007928e20df9e5d03dcaed709eb433e802157b7bce154089573f301628010a6dde477163c750c2bc2fece0fabc863b225e12bcac67b643f7e9856", 0xf9}, {&(0x7f0000000540)="47b03841044ac7d2936d2c3d92acb22483050e611c5dcf932de7152ea3626a95ba8627fb83d9d3334a23dc46c14c0361130aa0accbad49a949f90b7183602f6a9bef6bc9b0e55694e6c7ba468b911e204f72b41d191e7dd440d073ea250e2744f629b806382109bbb8ba6007f6ec3c73743b65cc8c2257d8922dcdaea2482126baf2e3f9126835951146757cbf8ea31a4defe091839ac7ce7882e7a85ef78be3f2670ea3d9c40035cb70abec996faa5af90addc990cc37da0f42c93b1e739d434489122885256f74d4bc3c71cef1b7dc1782c43a097af4a7b125b14784b2132f6e6ab75170036c2ae03d3275", 0xec}, {&(0x7f00000007c0)="10a4ed168cca66c88d7efcdb591fda83c151e4af0d1e011a7bc2b48ef14ae9de73543e08b7c468e6284e8eff7f3c7dae17b0abcb647f849c1b0244a9213ddd80a5302086784add9c86b5f900556e4d3e7eddd80a98c8d4f0bdbee2135160c2f42a43e6aee37de9150ac59f96c14cbb08fcc8c06c84ab0b1ca2114d575400bc24f2f3afc472fc81ea27f72af9fa85dc7cf333211a9017e06c1117e6265e3b7991b138d38feb8e144b3dfac592b5488073b965a3df0f715df5f3652de1399769ab4f5c1ff4c7386d41f7dadc7554ac73179d1b31752aa5aa189ad3e401d6fa8a91db2e660620f9224a0a30b37582208d", 0xef}], 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000000)={0x10, 0xfffffd1d, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x4, 0x0, 0x0, 0x3, 0x7f, 0x7}, 0x0, 0x0) [ 1230.376276] Bluetooth: hci3 command 0xfc11 tx timeout [ 1230.379816] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:59:33 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$x25(r2, &(0x7f0000000000)={0x9, @null=' \x00'}, 0x12) r3 = dup(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$UHID_SET_REPORT_REPLY(r5, &(0x7f0000000180)={0xe, {0x1, 0xff, 0x1, 0x88, "606f1483179bf9404bf48efa2e2ee51db1b899c546bedf5eb73dd5ed13a4a044882e35cf163076ee2f043ae604a9f6786562d21e059961323b5df0c49af159ef242e737d8d26cbe25794a941e3b2f458b4064cbca40f4385731f3526c26561588d45f4cc8fb0790465719795de6125ddb9d827bf466d3c7088c47f1148a37e2daf9f25b90424ff10"}}, 0x94) r6 = perf_event_open$cgroup(&(0x7f0000000100)={0x2, 0x70, 0x1f, 0x20, 0xf7, 0x0, 0x0, 0x100000001, 0x6500, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0xcaf, 0x4, @perf_config_ext={0x7, 0x100000000}, 0x5120, 0x81, 0x0, 0x1, 0x20, 0x0, 0x4}, r3, 0x5, r3, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xf) syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x3ff, 0x10242) ioctl$KDADDIO(r7, 0x400455c8, 0x9) [ 1230.536204] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1230.536208] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1230.540646] Bluetooth: hci9 command tx timeout 22:59:33 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1230.667459] Bluetooth: hci3: Frame reassembly failed (-84) [ 1230.706357] Bluetooth: hci11 command 0xfc11 tx timeout [ 1230.711810] Bluetooth: hci11: Entering manufacturer mode failed (-110) 22:59:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1231.416164] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1231.416273] Bluetooth: hci2 command 0xfc11 tx timeout [ 1231.496215] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1231.503497] Bluetooth: hci12 command tx timeout 22:59:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) 22:59:33 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x0, &(0x7f0000000140)=0x2000, 0x4) getsockname$packet(r2, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) ioctl$KDENABIO(r0, 0x4b36) socket$can_raw(0x1d, 0x3, 0x1) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=ANY=[@ANYBLOB="38005f9d8db05c000024000b0d00000000000000", @ANYRES32=r3, @ANYBLOB="00000000ffffff33877ec10008000100070000000c000a000800794e2f9d2df40af9b60600000000000bbb933670cbb8eb84c4229b86f98ff3315556b1f7427641b2b31fac92d4fdb4f6520562588fcb34cb5c46de0073148987fc982cea770b6811da800e2697dcb06766f5e37eb46e84bdf9f5ff132fac23ea5e4885e78f15"], 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', r3}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1231.643728] Bluetooth: hci2: Frame reassembly failed (-84) [ 1232.465789] Bluetooth: hci8: Frame reassembly failed (-84) 22:59:34 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xe, &(0x7f0000000380)={0x9, 0x3b}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:35 executing program 0: ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x40, 0x7800, 0x7, 0x6, {{0x32, 0x4, 0x1, 0x17, 0xc8, 0x66, 0x0, 0x40, 0x4, 0x0, @empty, @multicast2, {[@lsrr={0x83, 0x1f, 0x6d, [@multicast1, @rand_addr=0x64010102, @remote, @broadcast, @dev={0xac, 0x14, 0x14, 0x42}, @local, @multicast2]}, @timestamp={0x44, 0x24, 0x96, 0x0, 0x7, [0x7, 0x0, 0x6, 0x9, 0xb24, 0xfffffffa, 0x4, 0x200]}, @timestamp_addr={0x44, 0x1c, 0x84, 0x1, 0x1, [{@dev={0xac, 0x14, 0x14, 0x44}, 0xff}, {@empty, 0x2}, {@private=0xa010102, 0xa4ad}]}, @ssrr={0x89, 0x17, 0xad, [@dev={0xac, 0x14, 0x14, 0x30}, @remote, @dev={0xac, 0x14, 0x14, 0x3c}, @multicast2, @remote]}, @timestamp_prespec={0x44, 0x3c, 0xe6, 0x3, 0xf, [{@multicast2, 0x5}, {@multicast1, 0x6}, {@dev={0xac, 0x14, 0x14, 0x11}, 0x501}, {@empty, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x346}, {@multicast1, 0x1}, {@multicast2, 0x5}]}]}}}}}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1232.696223] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1232.696228] Bluetooth: hci3 command 0xfc11 tx timeout [ 1232.783118] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x402042, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x12000, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f0000000080)=0x7, 0x4) 22:59:35 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f0000000000)={0x6ca, "8ed783"}, 0x6) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x9) 22:59:35 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r4, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r5}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000380)='/dev/null\x00', 0x2e0540, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000080)={0xffffffe0, 0xffff, 0x1ff, 0x9, 0x80}, 0x14) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1233.656177] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1233.656218] Bluetooth: hci2 command 0xfc11 tx timeout [ 1233.756963] kauditd_printk_skb: 19308 callbacks suppressed [ 1233.756970] audit: type=1326 audit(1599173976.156:1504197): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1233.895322] audit: type=1326 audit(1599173976.156:1504198): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1233.995835] audit: type=1326 audit(1599173976.156:1504199): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:59:36 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x1005, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x4, 0xbc2, 0x0, 0x7f}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x4, 0xfffffffffffffffc, 0x0, 0x8, 0x0, 0x100000000000049}, 0x0, 0x0) [ 1234.094125] audit: type=1326 audit(1599173976.156:1504200): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1234.140535] audit: type=1326 audit(1599173976.156:1504201): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1234.196211] audit: type=1326 audit(1599173976.156:1504202): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1234.228812] audit: type=1326 audit(1599173976.156:1504203): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1234.337615] audit: type=1326 audit(1599173976.156:1504204): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1234.476378] audit: type=1326 audit(1599173976.156:1504205): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1234.536239] Bluetooth: hci8 command 0xfc11 tx timeout [ 1234.541663] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1234.665155] audit: type=1326 audit(1599173976.156:1504206): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1182 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:59:37 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x17) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000100)={0x4, [0x4, 0xb7, 0x7, 0x3]}, &(0x7f0000000140)=0xc) 22:59:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4000, 0x14c) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x100001b) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}) 22:59:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1234.809770] Bluetooth: hci8: Frame reassembly failed (-84) [ 1234.816056] Bluetooth: hci8: Frame reassembly failed (-84) [ 1234.826174] Bluetooth: hci2: Frame reassembly failed (-84) [ 1234.856750] Bluetooth: hci3 command 0xfc11 tx timeout [ 1234.866320] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:59:37 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x400000000, 0x20000000}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x3, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1235.176285] Bluetooth: hci9 command 0xfc11 tx timeout [ 1235.181544] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1235.355901] Bluetooth: hci3 sending frame failed (-49) 22:59:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000180)=0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f00000001c0)=r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) ioctl$TIOCSISO7816(r0, 0xc0285443, &(0x7f0000000100)={0x4b, 0xff, 0x6, 0x5, 0x8001}) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x10802, 0x0) 22:59:38 executing program 1: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) read$dsp(0xffffffffffffffff, &(0x7f0000000440)=""/141, 0x8d) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x32, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2000, 0xffffffff}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x800) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r0) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x20, 0x3, 0x2, 0x0, 0x5}, 0x0, &(0x7f00000001c0)={0x3ff, 0xfffffffffffffffe, 0x0, 0x7}, 0x0, 0x0) [ 1236.110801] Bluetooth: hci9: Frame reassembly failed (-84) 22:59:38 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x3fd}}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1236.856151] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1236.856223] Bluetooth: hci2 command 0xfc11 tx timeout [ 1236.868426] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1236.933823] Bluetooth: hci8 command tx timeout 22:59:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000100)=@sack_info={0x0, 0xd24, 0x400}, &(0x7f0000000140)=0xc) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000180)={r3, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2e}}}, 0x40, 0x6, 0x4, 0x8a7, 0x81, 0xfffffffa, 0x2}, &(0x7f0000000240)=0x9c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1237.416169] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1237.416194] Bluetooth: hci3 command 0xfc11 tx timeout [ 1237.490419] Bluetooth: hci2: Frame reassembly failed (-84) 22:59:39 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) getresuid(&(0x7f0000000100)=0x0, &(0x7f0000000140), &(0x7f0000000180)) lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f00000001c0)=@v3={0x3000000, [{0x0, 0x9}, {0xfffffffd}], r1}, 0x18, 0x9aa4f6e7454c0143) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 22:59:40 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x10, 0x0, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140), 0x13f, 0x2}}, 0x20) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @ipv4={[], [], @rand_addr=0x64010101}, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:40 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socket$inet6(0xa, 0x2, 0xffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1238.136195] Bluetooth: hci9 command 0xfc11 tx timeout [ 1238.141551] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1238.930356] kauditd_printk_skb: 8837 callbacks suppressed [ 1238.930364] audit: type=1326 audit(1599173980.976:1513044): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1238.962212] Bluetooth: hci11 command 0xfc11 tx timeout [ 1238.966135] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1239.047731] audit: type=1326 audit(1599173980.976:1513045): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1239.176772] audit: type=1326 audit(1599173980.976:1513046): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 22:59:41 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000140)=ANY=[@ANYBLOB="0400000000000000"]) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000100)=0x401, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1239.262109] audit: type=1326 audit(1599173980.976:1513047): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1239.354535] audit: type=1326 audit(1599173980.976:1513048): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1239.398059] audit: type=1326 audit(1599173980.976:1513049): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1239.421039] audit: type=1326 audit(1599173980.976:1513050): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1239.444594] audit: type=1326 audit(1599173980.986:1513051): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1239.468816] audit: type=1326 audit(1599173980.986:1513052): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1239.492620] audit: type=1326 audit(1599173980.986:1513053): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1367 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1239.516136] Bluetooth: hci2 command 0xfc11 tx timeout [ 1239.521538] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1239.736177] Bluetooth: hci3 command 0xfc11 tx timeout [ 1239.741611] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:59:42 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x6, 0x10000000, 0xfffffffd, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1ec}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}, 0x456}], 0x1, 0x2003, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x11f) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r4) getsockopt(r5, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r6, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r7}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x7ff, 0x0, 0x2}, 0x0, 0x0) [ 1239.976256] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1239.976474] Bluetooth: hci8 command 0xfc11 tx timeout [ 1240.328839] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1240.347465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1240.408875] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1240.445768] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1240.489168] device bridge_slave_1 left promiscuous mode [ 1240.520354] bridge0: port 2(bridge_slave_1) entered disabled state [ 1240.567532] device bridge_slave_0 left promiscuous mode [ 1240.601091] bridge0: port 1(bridge_slave_0) entered disabled state [ 1240.659774] device veth1_macvtap left promiscuous mode [ 1240.683258] device veth0_macvtap left promiscuous mode [ 1240.713658] device veth1_vlan left promiscuous mode [ 1240.753204] device veth0_vlan left promiscuous mode 22:59:43 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$OSF_MSG_ADD(r2, &(0x7f0000000fc0)={&(0x7f0000000100), 0xc, &(0x7f0000000f80)={&(0x7f0000000140)={0xe0c, 0x0, 0x5, 0x0, 0x0, 0x0, {0x1, 0x0, 0x8}, [{{0x254, 0x1, {{0x2, 0xf389}, 0x7f, 0x6, 0x0, 0x0, 0x22, 'syz1\x00', "cb746e17592b5ff78f1dac9313d95cf45a3e5fc7b02f1baf71094f89f3d73a54", "1a8b0ebd895c956c153e6d88d064a8661d99910aeeabaa928824e9fb4283bf05", [{0x9e, 0x1, {0x0, 0xffffffff}}, {0x1, 0x9}, {0x0, 0x8, {0x3, 0x1}}, {0x3, 0x387, {0x3}}, {0x0, 0x1, {0x0, 0x5}}, {0xe3, 0x1000, {0x3, 0x6}}, {0x0, 0x1000, {0x2, 0x3}}, {0x7ee7, 0x7fff, {0x3, 0x7}}, {0x4, 0x2, {0x0, 0x4}}, {0x1, 0x37, {0x1, 0x1ff}}, {0x2, 0x6, {0x1, 0xae7}}, {0x7, 0x5, {0x3}}, {0x9, 0xfff, {0x3, 0x8}}, {0x3, 0x7, {0x1, 0x80000001}}, {0x2, 0xfe00, {0x1, 0x4}}, {0x1, 0x3f, {0x3, 0x1}}, {0x9, 0x8, {0x2, 0x940a}}, {0x2, 0x0, {0x2, 0x2}}, {0x0, 0x9262, {0x3, 0x6}}, {0x3, 0x7, {0x1, 0x4}}, {0x89e5, 0x7f, {0x1, 0x6}}, {0x6, 0x9c, {0x1, 0xffffff69}}, {0x5, 0x3ff, {0x2, 0x40}}, {0x3, 0x1, {0x0, 0x800}}, {0x0, 0x6, {0x2, 0x1}}, {0xdf05, 0xe271, {0x2, 0x8}}, {0x800, 0x9}, {0x8, 0x1aa}, {0x0, 0x4b8e, {0x2, 0x9}}, {0x2, 0x8, {0x1, 0x4}}, {0x5, 0x1, {0x2, 0x8000}}, {0x3, 0x1f, {0x2, 0x5}}, {0x0, 0x3, {0x3, 0x1}}, {0xb0, 0x8, {0x0, 0x7}}, {0x1ff, 0x1080, {0x2, 0x200}}, {0x400, 0x8, {0x3, 0x7}}, {0x3, 0xb12d, {0x3, 0x6}}, {0x3ff, 0x7, {0x0, 0xd3}}, {0xb2a, 0x5, {0x1, 0x4}}, {0x0, 0x88b, {0x2, 0x8}}]}}}, {{0x254, 0x1, {{0x2}, 0x1f, 0x9, 0x9a, 0x119, 0x1, 'syz0\x00', "6626096dc7d2fdd51ca6072286abc181608f7966610fc3d308ff4e96dae45c37", "dc955cbfb95de23de87d6d526d9becb9632d83c0dd2e1f1f838a0fd3fd53abce", [{0x0, 0xce, {0x3, 0x4}}, {0x2, 0x4, {0x2, 0x10000}}, {0xfff, 0x3, {0x3, 0x9}}, {0x7ff, 0x3, {0x0, 0x7}}, {0x5, 0x8, {0x0, 0x98ea}}, {0x4c3, 0x6, {0x0, 0x2}}, {0xfffa, 0x1, {0x3, 0x7}}, {0x37b2, 0x3ff, {0x2, 0x8001}}, {0x7b9d, 0x6, {0x0, 0x8}}, {0x8000, 0x0, {0x0, 0xfffffeff}}, {0xff2d, 0x2, {0x0, 0x80000000}}, {0x1, 0xff, {0x0, 0x6}}, {0x4, 0x401, {0x0, 0x40000}}, {0x1ff, 0x8, {0x2, 0x101}}, {0x544, 0x40, {0x1, 0x7}}, {0x400, 0x0, {0x2, 0x2}}, {0x2, 0x1, {0x1, 0x4}}, {0x1, 0x2, {0x3, 0x6c68}}, {0x8, 0x2, {0x3, 0x1ff}}, {0x30, 0x8, {0x3, 0xe47}}, {0x4, 0x8, {0x0, 0x20}}, {0x5, 0x800, {0x0, 0x2ef}}, {0x4, 0x8d55}, {0x3, 0x9, {0x0, 0x4}}, {0x8, 0x0, {0x3, 0x9}}, {0x40, 0x8, {0x1, 0x834}}, {0xff, 0x9, {0x1, 0xca}}, {0x1, 0x0, {0x0, 0x7f}}, {0x2, 0x8000, {0x1, 0xfffffffe}}, {0x7, 0x1, {0x3, 0x9}}, {0x0, 0x400, {0x0, 0x3}}, {0x5, 0x2, {0x1, 0x3}}, {0x7f, 0x800, {0x2, 0x7}}, {0x7ff, 0x4, {0x0, 0x4}}, {0xf167, 0x6, {0x3, 0x400}}, {0x4, 0x0, {0x0, 0x9}}, {0x9, 0x6, {0x0, 0x8}}, {0x2, 0x1, {0x1, 0x3}}, {0xf0d3, 0x3, {0x0, 0x6}}, {0x7c, 0x1000, {0x3, 0x1}}]}}}, {{0x254, 0x1, {{0x0, 0x2}, 0x9a, 0x9, 0x4, 0x0, 0x15, 'syz1\x00', "dd0069005e6283cb9b6cb69f386d0118b50c6db17243fe494730cc7ae10b66e9", "64d80de60e9beb88e7191fac48f97b6688f9246c9b0e63709ca27f194e110014", [{0x80, 0x8000, {0x0, 0x1}}, {0x100, 0xd49c, {0x0, 0xba7}}, {0x400, 0x5, {0x1, 0x8941}}, {0x4, 0xfff, {0x0, 0x7f}}, {0x2, 0xdb, {0x2, 0x5}}, {0x7, 0x1, {0x3, 0xffffffff}}, {0x39, 0x5}, {0x1, 0x2, {0x2, 0xbb}}, {0x1, 0xfff8, {0x2, 0x1}}, {0x7, 0xae1, {0x3}}, {0x100, 0x7f, {0x2, 0x6}}, {0x8, 0x6, {0x2, 0x800}}, {0x7, 0x0, {0x0, 0x7f}}, {0x7ff, 0x374, {0x0, 0x35}}, {0x4047, 0x1, {0x1, 0x10c}}, {0xff, 0x4, {0x2, 0xb14}}, {0x4, 0x1, {0x1}}, {0xc1da, 0x7, {0x0, 0xffff}}, {0x3ff, 0x800, {0x2, 0x3ff}}, {0x4, 0xd971, {0x3, 0x15}}, {0x2, 0x5, {0x0, 0x6}}, {0x2000, 0x1, {0x3, 0x800}}, {0xd7e, 0x6, {0x89e0d3a7e982a251}}, {0xb6, 0x8, {0x0, 0x80000001}}, {0x7, 0xff, {0x2}}, {0xff, 0x3, {0x1, 0x10001}}, {0x5}, {0x2, 0xffff, {0x2, 0x56}}, {0x8, 0x7, {0x2, 0x7f}}, {0x5, 0x0, {0x0, 0xfffffff9}}, {0xfff8, 0xd1, {0x1, 0x98e9b580}}, {0x2, 0x3, {0x2, 0x4a8}}, {0x5, 0x2, {0x3, 0xe5a9}}, {0x5, 0x0, {0x3}}, {0x5, 0x6317, {0x3, 0x1}}, {0x8, 0x1151, {0x2, 0x6}}, {0xc2, 0x5, {0x2}}, {0x5bf, 0x9, {0x0, 0xf09a}}, {0x1f, 0x3, {0x2, 0x8}}, {0x7ff, 0xb, {0x2, 0x20}}]}}}, {{0x254, 0x1, {{0x0, 0x6}, 0x5, 0x4, 0x2, 0x8, 0x20, 'syz0\x00', "3b637c99b524069b053bcb2c9928739988947ef7f2b256674157996052229b7d", "4a63cd775e2022cd6d89729dda4ebc991579e190b1bf1ae53e33c20010c7764c", [{0x6, 0x1, {0x3, 0x8}}, {0x0, 0xf547, {0x0, 0x5}}, {0x8000, 0x0, {0x2, 0x2}}, {0x7b6b, 0xc6, {0x0, 0x9}}, {0xf21, 0x3, {0x2, 0x20}}, {0xfff, 0x200, {0x0, 0x8001}}, {0x3, 0x1f, {0x1, 0x9}}, {0x9, 0x25, {0x0, 0x7f}}, {0x7ff, 0x4, {0x2, 0xfffffffa}}, {0x3, 0x0, {0x0, 0x3}}, {0x5, 0x4, {0x0, 0x7}}, {0xf800, 0x8, {0x0, 0x5}}, {0x5, 0x4ec, {0x0, 0x40}}, {0x40, 0x4a92, {0x1, 0x5}}, {0x9, 0x94a6, {0x2, 0x5}}, {0x40, 0x7, {0x3}}, {0x3, 0x80, {0x1, 0x200}}, {0x8001, 0x1, {0x3, 0x1}}, {0x7fff, 0x6, {0x3, 0x8}}, {0x8bf8, 0x6, {0x1, 0x401}}, {0x4, 0x101, {0x3, 0xf5e}}, {0x5, 0x81, {0x3, 0x9865}}, {0x101, 0x400, {0x1, 0xfff}}, {0xffff, 0x5, {0x0, 0x1}}, {0x80, 0x8, {0x0, 0x8}}, {0x1, 0x1, {0x0, 0x8}}, {0x8, 0xa4c8, {0x0, 0x5}}, {0x4, 0x40, {0x2}}, {0x3a8, 0x7, {0x0, 0x270a}}, {0x4, 0x8, {0x3, 0x6}}, {0x0, 0x7fff, {0x0, 0xff}}, {0x9, 0x9, {0x2, 0x5}}, {0x7, 0xfffd, {0x2, 0xffffff0a}}, {0xffff, 0x2}, {0x101, 0x9be7, {0x0, 0x400}}, {0x3f, 0x1, {0x2, 0x9}}, {0x6, 0x7f, {0x0, 0x240000}}, {0x2, 0x7fff, {0x2, 0xfffff096}}, {0x8, 0x40, {0x1}}, {0xff81, 0xe62, {0x1, 0x20}}]}}}, {{0x254, 0x1, {{0x1, 0x4f3}, 0x82, 0xff, 0x0, 0x3ff, 0x10, 'syz1\x00', "b47ece4d5eef15a5cba9eccb18b52d0d5dcd71595afaf3b30df8fca4f742cc0b", "b65dc10f0552c69a64a0d9192b3a9aaba1455fdab06e48d45685eab91b80b4c5", [{0x1, 0x2, {0x3, 0xffffffff}}, {0x80, 0x400, {0x0, 0xffffffff}}, {0x0, 0x3ff}, {0x0, 0xde31, {0x1}}, {0x1, 0x6, {0x2, 0x1f}}, {0x6, 0x5, {0x3, 0x1ff}}, {0xffff, 0x2, {0x0, 0x6}}, {0x4, 0x4, {0x1}}, {0x9, 0x96b6, {0x2}}, {0xffff, 0x47, {0x0, 0xf2ac}}, {0x0, 0x3, {0x2, 0xfffffff9}}, {0xb, 0x4, {0x1, 0x3ff}}, {0xfffd, 0x101, {0x2, 0x3}}, {0x1, 0x97}, {0x0, 0x1, {0x3, 0x7f}}, {0x8000, 0xffff, {0x3, 0x6}}, {0x9, 0x7, {0x2, 0x80000000}}, {0x101, 0x200, {0x2, 0x7}}, {0xfffa, 0x1000, {0x0, 0x6}}, {0x1, 0x0, {0x2, 0x1}}, {0x49, 0x81, {0x3, 0x1}}, {0x1, 0x4, {0x1, 0x4}}, {0xffff, 0x9a1, {0x1, 0x2}}, {0x4, 0x1, {0x0, 0x8001}}, {0x7, 0x7f, {0x0, 0x8000}}, {0x7, 0x7ff, {0x1, 0x8}}, {0x2, 0x1, {0x1}}, {0x0, 0x7fff, {0x2, 0xfffffff8}}, {0x5, 0x7, {0x3, 0x5}}, {0x3ff, 0x8001, {0x3, 0x9}}, {0x8000, 0x2, {0x1, 0x7fff}}, {0x2267, 0x1, {0x0, 0x6}}, {0x50be, 0x5, {0x2}}, {0x9, 0x100, {0x1, 0xb0d}}, {0x7, 0x1, {0x2, 0x8}}, {0x7f, 0x0, {0x0, 0x6bdf}}, {0x3f, 0x86ce, {0x0, 0x6}}, {0x1af4, 0xff18, {0x2, 0x7}}, {0x3, 0x0, {0x3, 0x1}}, {0x8, 0x9fad, {0x2, 0x2}}]}}}, {{0x254, 0x1, {{0x1, 0xffff}, 0x8, 0x40, 0x9, 0x7, 0x21, 'syz0\x00', "133a6e42d46d269d36e5f6cad4a049d06a8d59dca1355f1aeeb01f2d3cb3ae7c", "f4d4da0f7d0b01a6a4ec0aa61b93de1b1052e5ebcab5529cdb4e63cd381d407a", [{0x4, 0x8, {0x2, 0x80}}, {0x83bb, 0xff, {0x0, 0xa0fd}}, {0x8, 0x20, {0x3, 0x3f}}, {0x7193, 0x80, {0x0, 0x1f}}, {0x3, 0x2000, {0x0, 0x4}}, {0x8, 0x97, {0x0, 0x80000000}}, {0x400, 0xffff, {0x3, 0x5}}, {0x40, 0x8, {0x3, 0x7}}, {0xd3d1, 0x9, {0x1, 0x3}}, {0x9, 0x8001, {0x3, 0x80000000}}, {0x9, 0x0, {0x3, 0xfff}}, {0x8, 0xfdd0, {0x3, 0x10001}}, {0x7f, 0x7, {0x3, 0x4}}, {0x0, 0xd7fb, {0x1, 0xff}}, {0x7f, 0x9, {0x1, 0x3f}}, {0x180, 0x3f, {0x3, 0x2}}, {0x401, 0x0, {0x0, 0xa9c1ffa4}}, {0x58, 0x0, {0x2, 0x7}}, {0x8, 0x401, {0x2, 0x2}}, {0x7, 0x7, {0x3}}, {0x7, 0x20, {0x2, 0x5}}, {0x7644, 0x8, {0x2, 0x3}}, {0x1, 0x0, {0x2, 0x7f}}, {0x5, 0xca, {0x3}}, {0x8, 0x2, {0x1, 0x6}}, {0x2, 0x5, {0x1, 0x5}}, {0x9, 0x1ff, {0x0, 0x100}}, {0x2, 0x400, {0x0, 0xdc56}}, {0x8, 0x2, {0x2, 0x10000000}}, {0x6, 0xffff, {0x3}}, {0x7, 0x7257, {0x0, 0x7fffffff}}, {0xfff, 0x1000, {0x3, 0x6cb36bf7}}, {0x800, 0x9, {0x3, 0x7fffffff}}, {0x7, 0x1f, {0x3, 0x1ff}}, {0xfff, 0x55, {0x3, 0x72a0}}, {0x0, 0x6, {0x3, 0x5}}, {0x4, 0x4, {0x3, 0xff}}, {0x20, 0x7, {0x0, 0x800}}, {0x3, 0x8, {0x1, 0x5}}, {0x0, 0xf898, {0x2, 0x2f5dd040}}]}}}]}, 0xe0c}, 0x1, 0x0, 0x0, 0x10}, 0x4040005) 22:59:43 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1241.022716] Bluetooth: hci3: Frame reassembly failed (-84) 22:59:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000100)={0xa, 0x1, 0x3, 0x86800, r2}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1241.609010] Bluetooth: hci7: Frame reassembly failed (-84) [ 1241.614826] Bluetooth: hci7: Frame reassembly failed (-84) [ 1241.779038] device hsr_slave_1 left promiscuous mode 22:59:44 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x19, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1241.816189] Bluetooth: hci2 command 0xfc11 tx timeout [ 1241.821550] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1241.877257] device hsr_slave_0 left promiscuous mode [ 1241.986372] team0 (unregistering): Port device team_slave_1 removed [ 1242.119421] team0 (unregistering): Port device team_slave_0 removed [ 1242.386148] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1242.436124] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1242.567757] bond0 (unregistering): Released all slaves 22:59:45 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x5, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1243.096217] Bluetooth: hci3 command 0xfc11 tx timeout [ 1243.101545] Bluetooth: hci3: Entering manufacturer mode failed (-110) 22:59:45 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x40000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) r4 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000fff000/0x1000)=nil) shmat(r4, &(0x7f0000001000/0x1000)=nil, 0xffffffffffffdfff) shmctl$SHM_STAT(r4, 0xd, &(0x7f0000000100)=""/169) [ 1243.963796] Bluetooth: hci7 command 0xfc11 tx timeout [ 1243.987064] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1244.099201] kauditd_printk_skb: 7350 callbacks suppressed [ 1244.099211] audit: type=1326 audit(1599173986.026:1520404): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:59:47 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000380)={0x38, 0x3, 0x10000000, 0x0, 0x3, 0x0, 0x1, 0xffffffff, 0xc731f49}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1244.601743] audit: type=1326 audit(1599173986.026:1520405): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1244.708341] audit: type=1326 audit(1599173986.026:1520406): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1244.864796] audit: type=1326 audit(1599173986.026:1520407): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1244.897764] audit: type=1326 audit(1599173986.026:1520408): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1244.928543] audit: type=1326 audit(1599173986.026:1520409): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1244.957309] audit: type=1326 audit(1599173986.026:1520410): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1244.986775] audit: type=1326 audit(1599173986.026:1520411): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1245.016751] audit: type=1326 audit(1599173986.026:1520412): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1245.039574] audit: type=1326 audit(1599173986.026:1520413): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=1426 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:59:47 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x4) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000140)={0x65f, 0x2}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r3, 0xc0096616, &(0x7f0000000240)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x8000111) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000180)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:47 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control\x00', 0x880, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1245.210334] Bluetooth: hci0: Frame reassembly failed (-84) [ 1247.256526] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 1247.336403] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1247.343074] Bluetooth: hci2 command tx timeout [ 1247.520407] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1247.539359] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1247.550664] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1247.561993] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1247.570580] device bridge_slave_1 left promiscuous mode [ 1247.580356] bridge0: port 2(bridge_slave_1) entered disabled state [ 1247.587689] device bridge_slave_0 left promiscuous mode [ 1247.593292] bridge0: port 1(bridge_slave_0) entered disabled state [ 1247.603149] device veth1_macvtap left promiscuous mode [ 1247.608850] device veth0_macvtap left promiscuous mode [ 1247.614287] device veth1_vlan left promiscuous mode [ 1247.619682] device veth0_vlan left promiscuous mode [ 1247.751867] device hsr_slave_1 left promiscuous mode [ 1247.765726] device hsr_slave_0 left promiscuous mode [ 1247.787005] team0 (unregistering): Port device team_slave_1 removed [ 1247.803316] team0 (unregistering): Port device team_slave_0 removed [ 1247.813786] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1247.830864] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1247.881146] bond0 (unregistering): Released all slaves [ 1248.852082] IPVS: ftp: loaded support on port[0] = 21 [ 1248.892749] IPVS: ftp: loaded support on port[0] = 21 [ 1248.989178] chnl_net:caif_netlink_parms(): no params data found [ 1249.112993] chnl_net:caif_netlink_parms(): no params data found [ 1249.152180] bridge0: port 1(bridge_slave_0) entered blocking state [ 1249.158830] bridge0: port 1(bridge_slave_0) entered disabled state [ 1249.165737] device bridge_slave_0 entered promiscuous mode [ 1249.172981] bridge0: port 2(bridge_slave_1) entered blocking state [ 1249.180337] bridge0: port 2(bridge_slave_1) entered disabled state [ 1249.187777] device bridge_slave_1 entered promiscuous mode [ 1249.219060] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1249.228812] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1249.251321] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1249.258693] team0: Port device team_slave_0 added [ 1249.264432] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1249.272223] team0: Port device team_slave_1 added [ 1249.309158] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1249.315490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1249.341039] Bluetooth: hci3 command 0x0409 tx timeout [ 1249.342434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1249.356975] bridge0: port 1(bridge_slave_0) entered blocking state [ 1249.363323] bridge0: port 1(bridge_slave_0) entered disabled state [ 1249.370937] device bridge_slave_0 entered promiscuous mode [ 1249.378629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1249.384870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1249.410254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1249.421309] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1249.428869] bridge0: port 2(bridge_slave_1) entered blocking state [ 1249.435263] bridge0: port 2(bridge_slave_1) entered disabled state [ 1249.442747] device bridge_slave_1 entered promiscuous mode [ 1249.449609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1249.494574] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1249.504194] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1249.515934] device hsr_slave_0 entered promiscuous mode [ 1249.522070] device hsr_slave_1 entered promiscuous mode [ 1249.528420] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1249.543842] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1249.558038] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1249.565358] team0: Port device team_slave_0 added [ 1249.577650] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1249.584964] team0: Port device team_slave_1 added [ 1249.611987] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1249.618906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1249.644572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1249.665570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1249.671858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1249.697182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1249.711886] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1249.719686] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1249.757526] device hsr_slave_0 entered promiscuous mode [ 1249.763164] device hsr_slave_1 entered promiscuous mode [ 1249.776175] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1249.783692] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1249.886568] bridge0: port 2(bridge_slave_1) entered blocking state [ 1249.892962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1249.899662] bridge0: port 1(bridge_slave_0) entered blocking state [ 1249.906000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1249.927111] bridge0: port 2(bridge_slave_1) entered blocking state [ 1249.933457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1249.940125] bridge0: port 1(bridge_slave_0) entered blocking state [ 1249.946534] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1249.977468] bridge0: port 1(bridge_slave_0) entered disabled state [ 1249.984265] bridge0: port 2(bridge_slave_1) entered disabled state [ 1249.992266] bridge0: port 1(bridge_slave_0) entered disabled state [ 1249.999712] bridge0: port 2(bridge_slave_1) entered disabled state [ 1250.016090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1250.028213] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1250.042116] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1250.051129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1250.061435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1250.070105] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1250.076170] 8021q: adding VLAN 0 to HW filter on device team0 [ 1250.088409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1250.096653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1250.104104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1250.112662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1250.120607] bridge0: port 1(bridge_slave_0) entered blocking state [ 1250.127014] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1250.135844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1250.144762] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1250.151311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1250.159971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1250.167784] bridge0: port 2(bridge_slave_1) entered blocking state [ 1250.174128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1250.184385] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1250.192187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1250.202103] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1250.209770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1250.218242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1250.225100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1250.233663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1250.243837] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1250.250179] 8021q: adding VLAN 0 to HW filter on device team0 [ 1250.258931] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1250.267589] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1250.275611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1250.283329] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1250.291168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1250.299049] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1250.307019] bridge0: port 1(bridge_slave_0) entered blocking state [ 1250.313353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1250.322639] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1250.332679] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1250.340244] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1250.348303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1250.355834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1250.364034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1250.372096] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1250.380697] bridge0: port 2(bridge_slave_1) entered blocking state [ 1250.387087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1250.394830] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1250.405129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1250.414762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1250.423345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1250.430974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1250.438549] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1250.448033] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1250.457048] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1250.466527] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1250.472545] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1250.479777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1250.488374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1250.505603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 1250.513679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1250.522983] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1250.531458] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1250.540696] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1250.550214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 1250.558448] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1250.565076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1250.573250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1250.580928] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1250.587943] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1250.595686] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 1250.604307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1250.612567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1250.624307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 1250.631380] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1250.639703] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1250.649885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1250.658374] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1250.664408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1250.682927] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1250.691300] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1250.698365] Bluetooth: hci0 command 0x0409 tx timeout [ 1250.703938] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1250.711275] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1250.725550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1250.766682] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1250.781979] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1250.790150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1250.804316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1250.828027] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1250.839371] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1250.846554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1250.854417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1250.885082] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1250.892966] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1250.899871] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1250.909666] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1250.916236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1250.924918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1250.934748] device veth0_vlan entered promiscuous mode [ 1250.942017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1250.949243] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1250.957309] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1250.964325] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1250.971189] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1250.981275] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1250.989698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1250.997887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1251.005378] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1251.012831] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1251.021233] device veth1_vlan entered promiscuous mode [ 1251.031092] device veth0_vlan entered promiscuous mode [ 1251.043507] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1251.056549] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1251.063881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1251.072025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1251.082052] device veth0_macvtap entered promiscuous mode [ 1251.088779] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1251.095641] device veth1_vlan entered promiscuous mode [ 1251.111344] device veth1_macvtap entered promiscuous mode [ 1251.117666] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1251.130094] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1251.138624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1251.150498] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1251.158613] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1251.165610] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1251.172830] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1251.180116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1251.187845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1251.198804] device veth0_macvtap entered promiscuous mode [ 1251.205099] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1251.215624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1251.225667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.234816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1251.244605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.253796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1251.263826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.274143] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1251.281278] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1251.291010] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1251.298436] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1251.306036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1251.318695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1251.329061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.338735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1251.348848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.358015] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1251.367757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.378234] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1251.385081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1251.393260] device veth1_macvtap entered promiscuous mode [ 1251.399702] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1251.407333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1251.414426] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1251.422324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1251.436652] Bluetooth: hci3 command 0x041b tx timeout [ 1251.444311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1251.457461] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1251.468028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1251.478902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.489276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1251.499045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.508437] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1251.518211] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.527355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1251.537108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.547563] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1251.554478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1251.563313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1251.571196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1251.579929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1251.590541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.600429] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1251.610464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.619645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1251.629418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.638583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1251.648363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1251.659147] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1251.666022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1251.676611] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1251.684379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1251.876392] kauditd_printk_skb: 19067 callbacks suppressed [ 1251.876401] audit: type=1326 audit(1599173994.285:1539481): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1251.935984] audit: type=1326 audit(1599173994.285:1539482): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1251.963882] audit: type=1326 audit(1599173994.295:1539483): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1251.993246] audit: type=1326 audit(1599173994.295:1539484): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1252.016505] audit: type=1326 audit(1599173994.295:1539485): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1252.039119] audit: type=1326 audit(1599173994.295:1539486): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1252.072438] Bluetooth: hci7 sending frame failed (-49) [ 1252.078887] audit: type=1326 audit(1599173994.295:1539487): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1252.103352] audit: type=1326 audit(1599173994.295:1539488): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1252.126474] audit: type=1326 audit(1599173994.295:1539489): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1252.150023] audit: type=1326 audit(1599173994.295:1539490): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1252.776814] Bluetooth: hci0 command 0x041b tx timeout [ 1253.497334] Bluetooth: hci3 command 0x040f tx timeout [ 1253.911872] Bluetooth: hci2 command 0xfc11 tx timeout [ 1253.916432] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1254.136534] Bluetooth: hci7 command 0xfc11 tx timeout [ 1254.137933] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1254.856781] Bluetooth: hci0 command 0x040f tx timeout 22:59:57 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000380)=[{&(0x7f0000000500)}, {&(0x7f0000000440)="01b70a84a5a8d082a55dc5a78fae81f6dfda6a346380a0ea68f6d42611ae16db26f2f2436d38619502efdd78d5d8d562c108e986e95737770268fe69d2bff702abae5862163aab80b8f333445b9641fdfb47da2d743aee91e81fca984fd2f5aa4a4a1527a7cb4385a2253d97a2a8bcac221df35f7e89c54b9f11116da6ac4634213afeb821706b6c861feaaecb2c48342e1766055532c4def09f1dce76a5159ad2f6e4252332dc3ade385f0441d25db73c50d7e822caf7a8b005cb5737bb3a077abb8277593d5b12273147775fac45", 0xcf}, {&(0x7f0000000900)="fe83c54abdc196eaf7356dd6e0a900a9df9de30465f651f3b46f33a51a2264b98ed5cd8249a9552b97e3fae24a8cee7336b4e810148106105f4b936c522344af95cb4a9dacaa915c4d1247e01d7161f031fa7ce53440f449c33c1c8485eb9ff452373a2014134d0b1e4584f54408a5622cd862d928c5092ef50bb4e06ebbdaf2c38ef54680f7cbfdfe730811f36b3c309aed859428576cb85d04cf0606adc970e783be8b42adab083021b2840188f7d0db37504f46005c46106a70af903949fd4890893493c261afff2c8980a7f658f532a06e87876a0e0d73d052d0ff5775257b969ef7857d2de8283e7ea85dcd00cd7aaec0ca6c44d990d4b94392602335dbd77d67d95645e79b89c4e5480c18671c0411165318f7ada438bba13b4ad1b0cc34b977112c1bdebd0726aa64eee782da528ecde18ed8356b5f43c8eccb5483948d5fffbf24de8b8b3bde0e566a350193544d3576993b37c68d05b2461318fefb950f1598af91594c74b2b1bcc0508ba857fa63214d9a3cb2cf9284f4635e48ed126925deed0850fb82a31f55b06f72e4766936c5c8265590a58e218a08d346a664fe6e267f914d40df6eb2e5e22ca0bcb355bb2020459d888105f987e7c390e056c58f87c748695ab0e22a67b23be7a1605ecb34b44cb595f35ac3ca7ea33e3223a7da5c197089d9a6c3a3477a49a28b4c2262e17c27a26a80cae63b547feaf42df93786150b55eafe7a6589c6825e3393f8eed346dd65d14a54f12e7d3a2fce225a44db320996ca73ae61b6d51cc894f257eb534c0b533ec248f9071c2b375ac27558c48a3edd01c296fe02f34510060be79c5ad14c0fd3029b8a5483962700171997f33730252efbfbdc92f013c1de9878137a8f01850dbca757ccde24091a7d257cadcaa2c6d395c975ce8051d27ea2fb7a3a60f419b04716107278f41f07afc007e2705982a2a3ec6f3ffc69c377a1e0e3a26673da107dfbf338d18221f2f3ee75d0346e51bbce06fa3d908c25bcb8b99eb74dd0775f6664c399238c2dab2f55a44c2b7f4ab308fb6cb636bad3d820a93c03b38528e7de75c9a9f544ba890e0bada58f2730d28b324ee8c34b50c62b7d497e86725266556e2af6c30f80a6c41c2c8195a88c64fed3d59824d52f626e90e2cc4641160a9bc57e600e4b42432b914e70d179f47b7c40f057d51df9b208833fc50963cfb2ba05295f262821e88373c1f39fb8e89997e8e3966debb32b122e6dafebe4d55dea9d362764a1e0f5970f8940956ebe8c34660c46b361fe5ca94a070a85000d26165db5402304e55fdea1ba9e19eb80548e566c7aa77a887355e537a01da72010a855338257fa655987b6799334bfc04fc22fb8b3885d2a79ec570fc36a7020204d52fa5d9bd87a3825de988cc09dccfa0286b973089670a414651b6d728110ef412a8675897c6138d68fcfbb9401c60756905bacd695006ddfca2cceea2cb0b1d884ba35ab532ca78bba0510c7f0cc024980d6dd31abb1e0049051e1ce4b3d7fbfc19e533b6208530a49edfb3cd01bbdcd3e0df9aab0d68f658e73cb9874e37545637b45d7c01127ac400955d05f4ece2d1f8fefe2845cb4e1714707d0048a32ed881761d19db9d586560aa0b982af480c4b540c442d36d24d8263d54be8ac80d52e6e2971ebbbc1d1010f91496301cfbc1560a886340af1477bfc8ceb28be83f018aaef11ce7aa08decd86ed142d61c0b85e8239519d8fed19a300994b9cd7cf619fb96d89277a79e6904da653144b6eac2217baf6e571d33a018f881da4d131012f83268289e20641b478bc6f523b3dbb06a82de4df40218ba31362f6e11440249c82d2ef887f45c559a603c3ce77fb8d3c24ac2d110e4602a7252e13f4f33660c1af9695f56e036a8dc7d6018fe457b2c78d40e0f3b29fc474da08064b7f93397e8023d643ae59b133302f3c8466ea7944c3f9127863da4f5be90c823c5a43c571553ff622a20d10ef3ddaf5c698906c3213b3601ff2866682350e1cf8c4a0d8aac6258867161649cf3344e406429c1c58543466b9ec44411c719f51915bbd5e57586d1a71c8e65086e9c45d3c2566cd4af17dac5fa8ccffb9cc453a6a0c0b942ac4dc4750e700d5bdbc677534601e30360aff7d6ee20f2a57389da73575b14a003457f95cd36beee3e32e4012fdb697d8da0acf09bf3059bbc6533e705cb090e32c27c43a67bb9924e66f5efbdd473bbfc518a5871744b6b1805d05c5d34d1b2315d233d0935c3f8b732efad3952b920802290da036b4551154efe7107407002a101506f4712b8cc03e1a1476c0d8a8e43be973dd219b0c7e11e2ea47a1ff362caf892bdce12f8aa06868094260f25133447feb0432fb022efc128ecdc284ba4165d9e3f540a7253636021fc8d5a881a8356122f16d7f0d7678ca832b5aa8c3d0b5c0358924a044d67987844e742db65d5570b2e5cfdffad0f3ea1d005afdf833580b5949a81e3da9b554602efac0b0d4ef07bfa485cf3713027af24d41b30512cd19ab397c0220237bdeddc43147074498a798a8615b1bb7b2a5ba3841ff3146d9f6f279129dfde0a8ea809031050f232c8db55417716e99be31fc36cb4ed6f51d5e3020010dd4f467d37151347f7f32de0cb7b5a3dd5dcf1380c3cc14a64b153e84a2efa68878ddddc442125e3f0da847f4f447260cdea023250b38b6e5752bc71b71f312e6e4a271d5a152332f3b5ad8cc9a2a22f3c6afce7c5cfc88d1c3f0d9ea6559079d78d9f50da27325854c378246cda685051bff4e4c4d8f6c0f1701cc1bb4c14b1ea23d95b54efa15d3ed97c9c848a96373fc3de2fbb3ee9249af0b8d5ba354e2e0bf28abf9b0a590b7201be6c81b5bd01e9072a7d25d34cfd36b76fa777ec5cacf8e7a67f67134d96e1b595733d3877dcd2e91b2cd6029718fae6fb1a329518ec1d1f57c1fd1dfaf0f3a32c476469b460257ba25e3448c9bd52fd40f73deac54fd2f1b0133766c54fb84e1e49abd222f2b651d921f08e7028e7fa38ad7599b1182c140ed6393b172bc7f25100d9e622000444f311c449ed2ff2239d00c3f5bf2bf21b50f8220e87fe2954a446ca28947d9a8650f87ab74af4e52413d1cad2d86527f49deb95ff2181ae9c629d78a9c0d6cbeddc9dc1e267a35bf5c5c994b3ec211d54a0962b30e6804f352fb4fe8e66c479cc4207ffcf0f94bf08d10f59529c8ee146495ec4e24d0e37ce38b685fd65ff50fab4b2ac7832a4af895e5dabd5bf2f544d674c7ab22dd517ba0e82d68ec34c8360734fb21cbddad4ec1299cccf827b2939819471bd45737ecf3d07488e9217992d5df89102ccda732823e1dcffeb983ac1d1e96124f4d5caa1eebbf28646b8c1031860370c81f5a1e51fb8fc439345f5ed0ec6fd33a2e09d3084b137fcae62d4a73e6979be5b0b3f3492c0276a1001df0ed29b1ac75a3e2124eb7856056dd6158efe70bb8ec2756d7b298848ca3971cce004870d8eff41e71205de4c2410ae41182caa27564a86320184adcc73124864a9ca20bfe6c5587edf75140e0614ba0b1f87f149b79f3dd30ca6e6d330bdd40fa0e99d1d220102496d959ab1fb81d9f8dd2d0f2e8c6f694e446cde0c16773d8df04a8fd9dfd1866828aecb37142611ef48322c2470731e45347ccaceeb3fae705dbbc83f537afcb3508896236207c23f07693dd25ae2e06437a4f73c97bd9d0a23edf902ea0e3fdb3294a4969900d59f653ef6bcad212b8c3a4865a84e323f9f6883807384a262ab37595df17420652f101ae5c9954c9cc6984bb6464fe8cc812b693c8674ae4eae6b7cf62adccb357d826d07e3e484ad3b611b29631c5540c7c5a136d680de7bc38cc4d55b6bbdefc3a502f5167db6e73b20c07a78fe3d3cc350ef66e63f82117984015e94ee74168c58ba8e69ad16b87b1be0390ace3107d55c17a9ffd1b5c9917752710f67ad575b609964556717e6265c3e5f6d8a61a9cd96c9c20f4f0d1d06b1e1e588cced422a698e0c7241822c7c2df2437e2435436690df5e5c0bf1c35474e97b5934b0b97ab364ba974fe73a04845fe2e9c0f0e80988662d1f206919ae9ced2af5a2970d98bfd69971358fbec93a90407a55c9552306b1b9a8e98239e69bbc1ff36c9bb69f13b8359d315e764fbdd0252c74ef4a9eb1a48ba30f08cb6c049f9445d96781f9df24fa3e534e2277d24d59f6167406f64e6bce2bd8b94f4e291d0dafaad51744e025d84258768060e345c118eeb1b2ddd26bff29b85e5317c0d1f777276011e302ba6824414bc1460b4528c9a4f053255ff3d456c3eb37dc6794363e78a44695d4cdd238c2462345bb009b3b48d97a3860e8a6f255a9fef92b3b8b847d38a3c2fa40f11959d6401e8a5ead599a1552ebf5894df23899010bf242004992de4162ed812815fc49c4cffa5bbcab1609c059645082dc995130a79a1e11de6b99e9c6369894ba8f89b75d1b7bf9416cdf24fee24fb07943bcf7e77805c854a167b89e5533d62a1c08c86d62668b0a331a0c135adbf888172d12c7d754f48734372e5207ee77e685ef6c0211fcdc2b037672a5e7d827e54d932a550b77e3f3f7eb146c3544277c4c03468a978fc55ce2e97480c761995de4ba21b7ba4036353953e0c2f7b73595755525ec6277184760f3e23d4c3e41dcd390fa2dc302700595da6ed69266d7b8db702799f791f85294b86b0c370aa353173d09af0a905b07f8389c1f3a55fe24a83ce51fbaa6b489c1b9fcf4b16127319b6b4fc520e9f29ccdb1a1aaa584f3fa09f0151deb2b4cce7b9ab49e7a9780f9cbc6da3c216c6a24596d6420f3c8a6e9f380788de6fa8c9c3f14677f90f9a7e4c7ac8f683f0104c62fae0a8d8ceec1f1fc6f3825d9bb83ec8ae5cd487db390e11bdf5c3d57ddbfbfbaed95bf781472477051329627ba3eb4781d40b7b8350e974f9e9e08f03cf17ec3110f327c814a5c750b5d64e54bf239bc4c0e1b1eeeed11ff86eae146b68331f898898838fdfecabc5b09df87df6daa2583f29167835a449d40c1298bf6bdf1aee1edc161477d952bf607cc7a1df886799bd1bc416192af722bbf51b60540a227acfd4c32104cfbc9979eedf4cba94ab8aa156e8b3a7eb782fc53a5f0b11edbead29dfeae1a85687c5db15a0a49b2978c21d6009e7adab6e640cc7cb1226ac572c22f896b4cd04240ef0b953cbda7b3fed3a6c50999bbfb93f27aa4c8717e09d5e3d761c0811300bb08cb1ac7ed5a9edc819aff17dae1fa8afd7b2a67d90516cbcc48bbc9a6c98c2adfae57981489d5c87a46f910faf10c99a1f9cdb53998a94d61e377504def9d2007fcb983ea7d5d5ee70ff1812cfa8e186cf3d569ada093a075eb644ef418091ac7f34c47d1c1b74c04ace463308616f8ce22e1337b66a1e254d5fa80de69e0330a42d3266822c0682187d59a882cca28554b12445e10ef718e07060169dddeb3b8b557e17c61238c9c2cc5adcb6d31b6ea4f582d2b01e29e996d0c26c0cff40da8e8b61d08f87ecfcc0fea3ceff759f8768b755d7a4e4871faf768677632b6270ddac40daa75ff7edece67930fa0e77f4a9e152598c49feb9bf3e11a08be64377811344b7dfb3fc2d1d788c2e7b2af6b0acdeb04b98927507d2c3f830ad5eaeaa01b6756b4a880b1806ac25249a09453051bd0c30338e2432d9b3ac2b6e4e58c112ee0c741d5d8beb4e17470f731b749b0703bbb88b0ac0c68759ce0431ef6fe5192cc91ed9a2b796ebe6917ded634e977044b2a06917ba4e1c324f8d677f6682b65499c712fdebe220c", 0x1000}], 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:57 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 22:59:57 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140), 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x12c, 0xb, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_NAME={0x9, 0x12, 'syz0\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e21}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1ff}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x10000}, @IPSET_ATTR_ADT={0x1c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0xff}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x7}}]}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0x8}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x1}, @IPSET_ATTR_IFACE={0x14, 0x17, 'geneve0\x00'}]}, @IPSET_ATTR_DATA={0x48, 0x7, 0x0, 0x1, [@IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x6}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}, @IPSET_ATTR_MARK={0x8}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast2}}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x10001}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e20}}, {0x14, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0xe, 0x1a, '/dev/ptmx\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0xfffe}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x7}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x6}}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x884}, 0x8084) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000000100)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:57 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = semget$private(0x0, 0x6, 0x0) semctl$IPC_INFO(r3, 0x3, 0x3, &(0x7f00000004c0)=""/163) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000180)={{0x3, r4, 0xee01, 0x0, 0xee01, 0x124, 0x8}, 0x8001, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x1003}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 22:59:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x19) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1f, &(0x7f0000000040)}) 22:59:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1255.004639] Bluetooth: hci2: Frame reassembly failed (-84) [ 1255.011138] Bluetooth: hci2: Frame reassembly failed (-84) [ 1255.035602] Bluetooth: hci7: Frame reassembly failed (-84) [ 1255.576432] Bluetooth: hci3 command 0x0419 tx timeout 22:59:58 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000003240)=[{{&(0x7f0000000380)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000440)=""/226, 0xe2}, {&(0x7f0000000540)}, {&(0x7f0000000580)=""/27, 0x1b}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/30, 0x1e}, {&(0x7f0000001600)}, {&(0x7f0000001640)=""/18, 0x12}], 0x7, &(0x7f0000001700)=""/163, 0xa3}, 0x7}, {{&(0x7f00000017c0)=@phonet, 0x80, &(0x7f0000001b00)=[{&(0x7f0000001840)=""/38, 0x26}, {&(0x7f0000001880)=""/186, 0xba}, {&(0x7f0000001940)=""/187, 0xbb}, {&(0x7f0000001a00)=""/28, 0x1c}, {&(0x7f0000001a40)=""/192, 0xc0}], 0x5, &(0x7f0000001b80)=""/224, 0xe0}, 0x351b}, {{&(0x7f0000001c80)=@ax25={{0x3, @null}, [@null, @remote, @rose, @remote, @bcast, @rose, @netrom, @rose]}, 0x80, &(0x7f0000001d00)}}, {{&(0x7f0000001d40)=@xdp, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001dc0)=""/132, 0x84}], 0x1, &(0x7f0000001ec0)=""/21, 0x15}, 0x80000000}, {{&(0x7f0000001f00)=@pppol2tp, 0x80, &(0x7f00000030c0)=[{&(0x7f0000001f80)=""/244, 0xf4}, {&(0x7f0000002080)=""/4096, 0x1000}, {&(0x7f0000003080)=""/4, 0x4}], 0x3, &(0x7f0000003100)=""/41, 0x29}, 0x72}, {{&(0x7f0000003140)=@generic, 0x80, &(0x7f00000031c0), 0x0, &(0x7f0000003200)=""/31, 0x1f}, 0x9}], 0x6, 0x40000062, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 22:59:58 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/76, &(0x7f00000000c0)=0x4c) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1256.886427] kauditd_printk_skb: 33538 callbacks suppressed [ 1256.886435] audit: type=1326 audit(1599173999.295:1573030): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2057 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1256.913945] audit: type=1326 audit(1599173999.295:1573031): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2071 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1256.937898] audit: type=1326 audit(1599173999.295:1573032): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2057 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1256.941072] Bluetooth: hci0 command 0x0419 tx timeout [ 1256.959756] audit: type=1326 audit(1599173999.295:1573033): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2071 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1256.988668] audit: type=1326 audit(1599173999.295:1573034): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2057 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1257.010990] audit: type=1326 audit(1599173999.295:1573035): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2071 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1257.016761] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1257.033960] audit: type=1326 audit(1599173999.295:1573036): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2057 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1257.042451] Bluetooth: hci2 command 0xfc11 tx timeout [ 1257.061957] audit: type=1326 audit(1599173999.295:1573038): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2057 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1257.088627] audit: type=1326 audit(1599173999.295:1573037): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2071 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1257.098184] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1257.111425] Bluetooth: hci8: Entering manufacturer mode failed (-110) 22:59:59 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x1, 0xfffff001) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1257.138834] audit: type=1326 audit(1599173999.295:1573039): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2057 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 22:59:59 executing program 3: sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, 0x0, 0x2, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20004040}, 0xc090) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x800, 0x0) 23:00:00 executing program 0: getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000240)={'raw\x00', 0xe2, "da59f3f5a924d6193fb1311423038c1d855d2bfb5b7ebc3fc16a1a0c6514fdc9598466c24390ca1cffac7c85b2918f8a3a33f3a03e46ad2e881d34c1071e88bbee083a1cbdd09e828dadb7c1edcecada47b0e50f38b15510a9462318e41840c4be097124421f976ffeb0c8408f2b128e9e973ec9793d8916633ee88a77741e94a14b0e91056ab20019342122a1d790872d72bb48adad06b5e6ad1d1ecf4390ee4edf82e4c9644121aa6579a37a8a580057a530e6ec95d90c7864227a11d652e1d4177211a68f263fb3d018b726ebe231b09307a1c25276451acfdb624836a4da4705"}, &(0x7f0000000380)=0x106) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000500)={{0x33, @empty, 0x4e21, 0x3, 'lc\x00', 0x10, 0x25, 0x5a}, {@dev={0xac, 0x14, 0x14, 0x31}, 0x4e21, 0x4, 0x7ff, 0x9}}, 0x44) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f0000000000)='./file0\x00', r3, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@remote, @in=@dev}}, {{@in=@remote}, 0x0, @in=@multicast2}}, &(0x7f00000004c0)=0xe8) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000580)='net/rt_acct\x00') ioctl$TCSETXW(r5, 0x5435, &(0x7f00000005c0)={0xffff, 0x5, [0x8f51, 0x90, 0x9, 0x20, 0x2], 0x1}) statx(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x800, 0x10, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r1, r3, r6) [ 1257.896526] Bluetooth: hci9 command 0xfc11 tx timeout [ 1257.901901] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1257.987499] Bluetooth: hci7: Frame reassembly failed (-84) 23:00:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x4) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000140)={0x65f, 0x2}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r3, 0xc0096616, &(0x7f0000000240)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x8000111) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000180)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000100)={0x29, @remote, 0x4e22, 0x3, 'sed\x00', 0xa, 0x80000001, 0xe}, 0x2c) 23:00:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1258.129839] Bluetooth: hci8: Frame reassembly failed (-84) [ 1258.176643] Bluetooth: hci9 sending frame failed (-49) 23:00:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1258.403175] Bluetooth: hci11: Frame reassembly failed (-84) [ 1259.336570] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1259.336822] Bluetooth: hci2 command 0xfc11 tx timeout [ 1260.066598] Bluetooth: hci7 command 0xfc11 tx timeout [ 1260.071888] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1260.136626] Bluetooth: hci8 command 0xfc11 tx timeout [ 1260.145533] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1260.216671] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1260.223570] Bluetooth: hci9 command tx timeout [ 1260.456539] Bluetooth: hci11 command 0xfc11 tx timeout [ 1260.461918] Bluetooth: hci11: Entering manufacturer mode failed (-110) 23:00:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TCSETX(r0, 0x5433, &(0x7f0000000100)={0x0, 0xfff, [0xc0d8, 0x3, 0xfff9, 0x5, 0x2], 0x200}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0xed, 0x7, 0x1e, 0x2}]}) 23:00:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0xe34253095fd3a6d9, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x5, &(0x7f0000000100)=[{0x8000, 0x8, 0x8, 0x4}, {0x0, 0x1f, 0x20, 0x4}, {0x41, 0xff, 0x5, 0x10000}, {0x401, 0xff, 0x4, 0x80}, {0x8, 0x8, 0x0, 0x8}]}) 23:00:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x4) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000140)={0x65f, 0x2}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r3, 0xc0096616, &(0x7f0000000240)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x8000111) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000180)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:03 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x68a002, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) 23:00:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f0000000100)={0x2, "640cbb66ee3a60d3afffee2697f10a1378a8fe1bb4dcffbf83747e69be6758a4", 0x1}) [ 1261.416571] Bluetooth: hci2 command 0xfc11 tx timeout [ 1261.416876] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:00:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNAPSHOT_CREATE_IMAGE(0xffffffffffffffff, 0x40043311, &(0x7f0000000340)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1000000100009) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) creat(&(0x7f0000000100)='\x00', 0x1e5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0xa7) ioctl$SNDCTL_DSP_NONBLOCK(r4, 0x500e, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x8000) r7 = add_key$fscrypt_provisioning(&(0x7f0000000140)='fscrypt-provisioning\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000380)=ANY=[@ANYBLOB="0100000000000000b84d5f94a8b9e0db7693b7d223629635b6d931b5068c445f8a8fdccd8debdaf06bc7e23510c0c7b9b1dd8f9d159b05ae819c5e27d7cca3c035997b1782008d7df1000000000000510e7aec03e8f780fd04d12df288d2d8b033c5ec75fcdc55a75eb9063f2fa243618f3c9d1fb451c0da7f5e25f3145af85649e4c8d230000d2f619014e93ec1977d56b844f44ec4ab5a0428bcf707daa705c2ed4ceee7fdfe3eec80a4a38ee94454bcce7f7a61e1001046cdcf298d800c6f7e8aef2cf311cdeed9fe34460d8150adc43246663883d48e877661bbbd0d1f7884075b496cb18afdd2c247ab99ff19a5a0d381971b19b94c8d3b89f78341490000000000000077995adb11127d9babd92a3e548bbab81f56094d4f561d9035e94ad6ac17c0cdcc1cf3261beeec07c84feed4b0b71ad10cdf7ef83c493e7573e6760281457b401069ca1fe3e9d65c2e6a4f642ea4471dd94deb8d2be00f4d45850b836648a1dabe88d1023dd0addc26bf6fc4c24a1c7ae3627a3473272f9cba0a36bb8c9cf8f47bf721849baca32de7675f6b1c163f12d45346f627dd119d13dcf1ecad43988b80d584cffa16854e89b39348546925abc0b821ff5de2543800"/466], 0x70, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f00000001c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x80000000}}, 0x10) keyctl$get_security(0x11, r7, &(0x7f0000000240)=""/203, 0xcb) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1261.544123] Bluetooth: hci8: Frame reassembly failed (-84) [ 1261.550503] Bluetooth: hci9: Frame reassembly failed (-84) [ 1261.896876] kauditd_printk_skb: 26162 callbacks suppressed [ 1261.896886] audit: type=1326 audit(1599174004.305:1599201): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1261.927509] audit: type=1326 audit(1599174004.305:1599202): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1261.949594] audit: type=1326 audit(1599174004.305:1599203): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1261.972134] audit: type=1326 audit(1599174004.305:1599204): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1261.994653] audit: type=1326 audit(1599174004.305:1599205): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1262.016724] audit: type=1326 audit(1599174004.305:1599206): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1262.038951] audit: type=1326 audit(1599174004.305:1599207): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1262.061586] audit: type=1326 audit(1599174004.305:1599208): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1262.084258] audit: type=1326 audit(1599174004.305:1599209): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1262.106731] audit: type=1326 audit(1599174004.305:1599210): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2210 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1263.336601] Bluetooth: hci7 command 0xfc11 tx timeout [ 1263.341874] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1263.576582] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1263.576805] Bluetooth: hci9 command 0xfc11 tx timeout [ 1263.592905] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1263.599590] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:00:06 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2470c0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xb) ioctl$TCFLSH(r0, 0x540b, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1264.136679] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1264.143462] Bluetooth: hci11 command tx timeout 23:00:06 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:06 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x3) r3 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x9) [ 1264.376710] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1264.383500] Bluetooth: hci12 command tx timeout 23:00:07 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNAPSHOT_SET_SWAP_AREA(r3, 0x400c330d, &(0x7f0000000280)={0xff, 0xa92}) ioctl$BTRFS_IOC_LOGICAL_INO(r1, 0xc0389424, &(0x7f0000000240)={0x3, 0x8, [], 0x1, &(0x7f0000000200)=[0x0]}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2f, &(0x7f0000000100)=""/137, &(0x7f00000001c0)=0x89) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50002}]}) 23:00:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) syz_genetlink_get_family_id$smc(&(0x7f0000000100)='SMC_PNETID\x00') [ 1264.665003] Bluetooth: hci7: Frame reassembly failed (-84) 23:00:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control\x00', 0x880, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1264.826048] Bluetooth: hci8: Frame reassembly failed (-84) [ 1264.844821] Bluetooth: hci9: Frame reassembly failed (-84) 23:00:09 executing program 3: getsockopt$netrom_NETROM_T4(0xffffffffffffffff, 0x103, 0x6, &(0x7f0000000000)=0x8, &(0x7f0000000080)=0x4) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r3 = signalfd4(r1, &(0x7f0000000100)={[0x8]}, 0x8, 0x800) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r3, 0x80dc5521, &(0x7f0000000140)=""/6) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1266.536674] Bluetooth: hci2 command 0xfc11 tx timeout [ 1266.542011] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1266.696709] Bluetooth: hci7 command 0xfc11 tx timeout [ 1266.702030] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1266.856735] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1266.856739] Bluetooth: hci9 command 0xfc11 tx timeout [ 1266.868607] Bluetooth: hci8 command 0xfc11 tx timeout [ 1266.873810] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1266.908340] kauditd_printk_skb: 22877 callbacks suppressed [ 1266.908734] audit: type=1326 audit(1599174009.265:1622089): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2282 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1266.978109] audit: type=1326 audit(1599174009.265:1622090): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2282 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1267.026692] audit: type=1326 audit(1599174009.265:1622063): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2255 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1267.099077] audit: type=1326 audit(1599174009.265:1622091): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2282 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1267.172270] audit: type=1326 audit(1599174009.265:1622092): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2255 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1267.251118] audit: type=1326 audit(1599174009.265:1622093): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2282 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1267.324174] audit: type=1326 audit(1599174009.265:1622094): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2255 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1267.370572] audit: type=1326 audit(1599174009.265:1622095): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2282 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1267.417245] audit: type=1326 audit(1599174009.265:1622096): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2282 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1267.463957] audit: type=1326 audit(1599174009.265:1622097): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2282 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 23:00:09 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:10 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_NUM(r3, 0x4008af10, &(0x7f0000000180)={0x2, 0x4}) dup(r1) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000100)=0x80000001) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) 23:00:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv0\x00'}) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x3618be2ca29cd74c, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xdb2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socket$pptp(0x18, 0x1, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffb}]}) syz_open_pts(r0, 0x202000) [ 1267.661468] Bluetooth: hci7: Frame reassembly failed (-84) [ 1267.668051] Bluetooth: hci7: Frame reassembly failed (-84) [ 1267.685130] Bluetooth: hci8: Frame reassembly failed (-84) 23:00:11 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) init_module(&(0x7f0000000100)='\\:\x00', 0x3, &(0x7f0000000140)='/dev/ptmx\x00') ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x4000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x17) ioctl$BTRFS_IOC_BALANCE_CTL(r0, 0x40049421, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$TIOCNXCL(r2, 0x540d) [ 1268.696750] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1268.696766] Bluetooth: hci2 command 0xfc11 tx timeout [ 1268.737423] Bluetooth: hci9: Frame reassembly failed (-84) [ 1268.774144] Bluetooth: hci11: Frame reassembly failed (-84) 23:00:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1269.736785] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1269.736789] Bluetooth: hci8 command 0xfc11 tx timeout [ 1269.748665] Bluetooth: hci7 command 0xfc11 tx timeout [ 1269.753966] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:00:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000100)={0x0, 0x8}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000140)={0x8, 0x4, 0x628}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1269.910443] Bluetooth: hci7: Frame reassembly failed (-84) 23:00:13 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1270.776753] Bluetooth: hci11 command 0xfc11 tx timeout [ 1270.776981] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1270.782155] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1270.788849] Bluetooth: hci9 command 0xfc11 tx timeout 23:00:13 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd) pipe(&(0x7f0000000000)) ioctl$VT_ACTIVATE(r1, 0x5606, 0x7) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1270.856817] Bluetooth: hci2 command 0xfc11 tx timeout [ 1270.862074] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:00:13 executing program 3: r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) dup(r0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:00:13 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$SNDRV_PCM_IOCTL_INFO(0xffffffffffffffff, 0x81204101, &(0x7f0000000100)) r1 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x400, 0x1) sendmsg$NFNL_MSG_ACCT_NEW(r1, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)=ANY=[@ANYBLOB="94000000000701010000000000000000050000000900010073797a31000000000c0006400000000000000e110c00024000000000000000042400078008000240200000800800014000000000080002400000000808000240000010000c0002400000000000000da00c00034000000000800000d61ce4d940000000020900010073797a31000000000900010073797a3100000000"], 0x94}, 0x1, 0x0, 0x0, 0x2400c050}, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000300)={0x8, 0x7, 0x0, 0x2, 0x11, "4706c461f996662f6462fbbb69f37c9ab8c8df"}) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_CONTROL(r3, 0x40086414, &(0x7f0000000280)={0x2, 0xffffffff}) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r3, 0x4008af23, &(0x7f00000002c0)={0x2, 0xc43c5c}) [ 1271.117096] Bluetooth: hci8: Frame reassembly failed (-84) [ 1271.132198] Bluetooth: hci2: Frame reassembly failed (-84) 23:00:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000140)={0x3, &(0x7f0000000100)=[{}, {}, {}]}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000180)={0x9, &(0x7f00000001c0)=[{0xbad, 0x2, 0x1, 0x1f}, {0x4, 0x9, 0x45, 0x4c}, {0x0, 0x5, 0x1, 0x80000000}, {0x93, 0x2, 0x81, 0x8000}, {0x100, 0x6, 0x81, 0x7}, {0x95f, 0xff, 0x7}, {0x0, 0x80, 0x5, 0x100}, {0x1000, 0x7f, 0x3f, 0x27}, {0x946b, 0x18, 0x1, 0xd8}]}) [ 1271.923264] kauditd_printk_skb: 22445 callbacks suppressed [ 1271.923273] audit: type=1326 audit(1599174014.325:1644543): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1271.976827] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1271.983522] Bluetooth: hci7 command tx timeout [ 1271.999886] audit: type=1326 audit(1599174014.325:1644544): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1272.025070] audit: type=1326 audit(1599174014.335:1644545): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1272.047596] audit: type=1326 audit(1599174014.335:1644546): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1272.070413] audit: type=1326 audit(1599174014.335:1644547): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1272.093295] audit: type=1326 audit(1599174014.335:1644548): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1272.116053] audit: type=1326 audit(1599174014.335:1644549): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1272.141370] Bluetooth: hci11 sending frame failed (-49) [ 1272.149454] audit: type=1326 audit(1599174014.335:1644550): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1272.171819] audit: type=1326 audit(1599174014.335:1644551): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1272.194124] audit: type=1326 audit(1599174014.335:1644552): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2372 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1273.176735] Bluetooth: hci2 command 0xfc11 tx timeout [ 1273.176861] Bluetooth: hci8 command 0xfc11 tx timeout [ 1273.187270] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1273.193935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1273.252989] Bluetooth: hci2: Frame reassembly failed (-84) 23:00:15 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0xfc, 0x0, 0x50000}]}) [ 1273.395242] Bluetooth: hci8: Frame reassembly failed (-84) [ 1273.401091] Bluetooth: hci8: Frame reassembly failed (-84) 23:00:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1273.976765] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1273.976839] Bluetooth: hci9 command 0xfc11 tx timeout 23:00:16 executing program 4: ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r4, 0xab9535e9a6578fc1, 0x0, 0x0, {0x6b}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x3}}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000007000fddbdf251c0000000800014000000000080003002b6c15822ad885a31a92787b8121e106c4e85c484aabbc6d4779c4ca80b316d742ab655196a6d6890eccd98336857676f38b4fe520c7513fc603cc852d99137c2e9cde6bef29345e5b68ef5113444be915e4db98ab13c97bd936195b7c59da6a1378b69ad928bf689607b43f0785aa07913c57d9b6efcb894f9dab532c3527d8", @ANYRES32=0x0, @ANYBLOB="44b4f48826a789446d217535ede8534d1710614e3f6924db48303b9248873cf2d1655a187f548c084143ad291428d7f24721d7c3ca66ea43940f820f80c0b2b084f27b4362d8b849e12e10373cbadf28edcff4fad8896b455ea511e0bcd9d22310cc2dee257cac2301feffff49f63a2dd1561aabf55c23cce7d1466f3923ceddd8bd2a009f9a7db677a9df80f9b8dedec800c8b2623bd1db17131041"], 0x24}, 0x1, 0x0, 0x0, 0x8041}, 0x20000809) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$VIDIOC_SUBDEV_G_SELECTION(0xffffffffffffffff, 0xc040563d, &(0x7f0000000100)={0x1, 0x0, 0x101, 0x4, {0x9, 0xfffeffff, 0x80000001, 0x9}}) [ 1274.056811] Bluetooth: hci7 command 0xfc11 tx timeout [ 1274.062282] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1274.127343] Bluetooth: hci7: Frame reassembly failed (-84) [ 1274.216888] Bluetooth: hci11 command 0xfc11 tx timeout [ 1274.222276] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1274.856931] Bluetooth: hci12 command 0xfc11 tx timeout [ 1274.862352] Bluetooth: hci12: Entering manufacturer mode failed (-110) 23:00:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4000, 0x14c) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x100001b) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}) [ 1274.936826] Bluetooth: hci13: Entering manufacturer mode failed (-110) [ 1274.936909] Bluetooth: hci13 command 0xfc11 tx timeout 23:00:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram\x00', 0x20000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x8) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f0000000140)={0x9, 0x7, 0x7}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000200)=0x6) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000001c0)={0x0, 0x3, 0x3f, 0x400}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCSSOFTCAR(r4, 0x541a, &(0x7f0000000180)=0x8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1274.996198] Bluetooth: hci9: Frame reassembly failed (-84) [ 1275.095416] Bluetooth: hci11: Frame reassembly failed (-84) [ 1275.256878] Bluetooth: hci2 command 0xfc11 tx timeout [ 1275.262227] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:00:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f0000000000)=0x15, 0x1) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1275.380168] Bluetooth: hci2: Frame reassembly failed (-84) [ 1275.416793] Bluetooth: hci8 command 0xfc11 tx timeout [ 1275.416853] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1276.136797] Bluetooth: hci7 command 0xfc11 tx timeout [ 1276.136801] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:00:18 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000000100)=0x80000000) [ 1276.605751] Bluetooth: hci7: Frame reassembly failed (-84) 23:00:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1276.926792] kauditd_printk_skb: 26061 callbacks suppressed [ 1276.926801] audit: type=1326 audit(1599174019.335:1670614): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2467 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1276.954294] audit: type=1326 audit(1599174019.335:1670615): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1276.977548] audit: type=1326 audit(1599174019.335:1670616): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2467 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1276.999452] audit: type=1326 audit(1599174019.335:1670617): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1277.016907] Bluetooth: hci9 command 0xfc11 tx timeout 23:00:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x40a00, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nvram\x00', 0x100000, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000040)='\x00\x00\x02\x13\x00\x00\x00\x05\x00x\x92\x12\xbc(^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x9e\x00gQ\xca\x0e\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91ze\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\'\x89h\xd5\xc0\xb4a \x15\x9a\x9f\xf0:\xfd\x9a|b\xe2\xff\xee\x84\x93Q\x82\x16\xbf\xe3c\x8d \x01\x00\x00\x00\x81\x00\x00\x00\xcb\xde\x05\xfe[H\x06\x00\x00\x00\x00\x00\x00\x00>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjVA\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008\xbfy:d\x9e\xc5,\x9287\x83\xb0\xd8\xdec\xae\xdd\x1eh2\xd5\xd8\xc9\x8f\xc9\xef\x97\xd0\xae\x86\x81\xf7|a\x035\xe8\xd6\x042\xe8\xa4\xe2\x93\xb4{\x8bb\xdd\x02\xc3H\t\x80\xaf\xb4/\x85(v{\t\xe0\xac\x92d\xec7\xf9\xedN\x9b=y\xc6\x9b\\\xb2\x9b\xb41\x11\xb2\xcbcxX#6\n\xb2j\x00\xe5') ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000500)='\x00\x00\x00\x13\x00\x00\x03\x00\x00k\x12\xf4V\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\"S\x15\x031\x87\xec\xc1\x9b$\x92\xad\xc4\x04\xdc\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0e\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x87=\t7\x96\x1a\xad\xd0\xd0u\xba\xfc\x00\xc2\x19\x02\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\x17Bn\x17h\x1b\xac\xfc\x82J\x00\x00\x00h\xd5\xc0\xb4a \x15\x9a\x9f\xf0:\xfd\x9a|b\xe2\xff\xee\xc4\x99G\x82\x16\xbf\xe3c\x8d \x01\x00\x00\x00\x01\x00\x00\x00\xcb\xde\x05\xfe[H\x06\x00\x00\x00\x00\x00\x00\x00>\xfdb\xbfJ\xd2\xe3\xbf96f\x94\x02!A\xa9\x18+C\xdd\xaaV\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\xf3\x7f^\x9b\xa3\x9cy\x92\xe6&\x87\x1b\xe1\xec\xcb\xa7\xeb\xaa/T\xc8\x7fs\x96\xb1 \xfa\xd2\xcd\x0e)\x89c\xd5\xe2\x1b\x91\x83\xd1&\xd4\xaf\xfc*\x1c\xc2\xfa\x972\x0e\x9c\xcd\x1e\f\x06\xc9\xadc\xb0\xea\x15s\xc9\xf7u\xd5\x00c\xf9\xa2\x83') ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x1000, 0x6f9e, 0x3f2, 0x5, 0x51, "8db8c9cdacdddc7792c17bf743c2741c88693b"}) ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000140)) [ 1277.021788] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1277.037112] audit: type=1326 audit(1599174019.335:1670618): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2467 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1277.087208] audit: type=1326 audit(1599174019.335:1670619): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1277.098446] Bluetooth: hci11 command 0xfc11 tx timeout [ 1277.114230] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1277.153480] audit: type=1326 audit(1599174019.335:1670620): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2467 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1277.177585] Bluetooth: hci12 command 0xfc11 tx timeout [ 1277.181090] audit: type=1326 audit(1599174019.335:1670621): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1277.182915] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1277.208539] audit: type=1326 audit(1599174019.335:1670622): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2467 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 23:00:19 executing program 4: ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110b, 0x2}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x13) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1277.240124] audit: type=1326 audit(1599174019.335:1670624): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2467 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1277.417130] Bluetooth: hci2 command 0xfc11 tx timeout [ 1277.422404] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:00:19 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x40) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) fcntl$lock(r1, 0x24, &(0x7f0000000000)={0x0, 0x0, 0x800, 0x101, r3}) r4 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0xfffffffffffffffc) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r8, 0x400455c8, 0x9) 23:00:19 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001340)=[{{&(0x7f0000000140)={0x2, 0x4e24, @empty}, 0x10, &(0x7f00000012c0)=[{&(0x7f0000000180)="00beea3f21672a2fb47d6b8aa11f7e3425cd0b1baad45652706a246691e99dfa2a2967befc263d736101772460ae16b5093f2402b9827c2a7dcd1dbce512055d0ededb018a4406d90152bfc4130d76f2a39f5720de816e3e01ee044adc2d5a0b013aeae7730b934fa08897c98633063a3d653724ea633aa9c0ecd6b3b661b21e44f4e856a076933ea944b8cdcc25307f03bae0993480adad7c30212fbf9be020453e590f3f41465b58c0c3d61473ffa4f435b652b9d3c0f1be90fd7a421d97eeec196256bcc78e9487316c9f13d98c10e57fb59c8bea5a0b592cc8d56a5674a3d96399c91fe6237232835d4b4f571f06982384", 0xf3}, {&(0x7f0000000280)="65beb9", 0x3}, {&(0x7f00000002c0)="565906e89e7927bb1231a2abcae45b59309cf566a8645c59a93ec257fe985b9bfe9b27777805403e0bf283ff0bd3babdbcc43b6ba4fb82745103c8831f9275efda8111cbe85387c56627faacfdc2ee232f13fabaa4c86d2ee91291a9d7b72b2c74d18abce1b988260f3ab502e16f1d0434b841ff0f7f0808567c3a91eac382b78c1b4312a2e7b01ce2863ec7eadea90603e199eca884ff5dc91e1ea45c3efb83be145b666341526ed73989e79e8c2c1d0d86117df901b7e75ca4dfebb7c21dc6601e8c91c08418d5b9f909ab120a9ca161d61a6e6c0611cbbce38777a1324fa390b6298400f4b519f22ee166258e61d15461ff0c2ad1124eb1e95b1468b69510d92c364f283fd5e8269b89e9b35d3743b536f6623f0a3f7a192bec3ace99a580c723cf6752259a9e00b481ecea5f16d85a1f37d029f29b95d8797d39803e0ecf74ed5a1479e38607f6f22278149da4a2b43e0db22c3babe03dea8c7713d93dd8d55e06fb798e088e96134246264342cd4cf306b089ecd432fa668c256d06d6aeedd1b36c28773e052f93ef9b9261e8e265a3d04d52c6e96a9f5eb1bc95089b8f19083ea8cb838689a1d0f820f71c020f913507fe06ba6230ef46778bd5a2d6094a679112b8e3e82af3eff37f744f8ca3fa6659c9f7f7a80239f4a3c998e8be530214f55e63545db1424f2230bc59ff1bc9c1352d3ee08de999a0dc5d9647be206c3581444a83e1528ff745b4d52c8caa83d9d02a84de928fbce68c487ab1d87a604c24e27ba161fc41a7c0746c3b39b85a5434b5e607c226885ac0da19b335802ecfc31034c3bbbb7cfcecafbcde895d2693f4f238fe86910b5cb0dbb389edfafbbb26ac2b53f6bd12e096565b6f336e75cbc4af5fd6e8b1cc586b41df81df4069746a7eb5c92be0247e6598f928c39273283d5768abeb8f08f8160f2e0850c263766fb9a1d98b5092990bae7e832bcaa213c3e37138b2709c3379d0d8224877e01cf1e8b88ee0726aa44859fbf2a60ac28c67a191c0ec3ea72d80dd43f60618be3d79fbb0a7148b8877bb8da841efc1359c009de262b227d061f47e6eb8ddbe302428986e904e652222877aeac364cca77eb37a46026b3df66fe3fc77f2f3edc90f6b91af9db44c89c5929e5317523a507bba91e98d6d1de0c81f61a6bbdfca6e83d834a99c20b5556ac1e6687b8489e12edbede246116da4d810546652ee638a5ce31c320de7ac2c95466338ebcca231f21d65b76bcd10e9ff1a65f000f0fa91443317d5fa74e9654e4556a0f5593960a0449471515f035aa2b7e6d608f73880ce3db73aeeb2e2822a702badd2aa050071289bf44cbac93a1e111e87bc5c0129a80e3c717ac74883de7a9f131af0956be7cc7ad58dc1dbd8f7cab660d1a194dc75f88f19cfc61bd296c9133f2cd86bbc8f8bcbc19a12b3e93a34519543d008ca7345cc2169ec54f7c881eb9b71c76ef337232e53d0c03dab9aad5c1dc0ccaf3439906b5e2e2d5e2deaef574c0396ed5322d86288589fed402c8f2a87116a554e45d91de6463eb06d02f9dbbba6d7a88ba4b016143785b95532c8572d279cf1be63722670c498a165e98ce680f3fc713d5b8768fac59da493b9ddc01511652def56d4990718670fb8a97486a02ab84a4fc5fa1a1e9721fd4426285f09d675880923b178572d0cdb00465273c55f661dcc74c076b5c080be3e320624b59acda5c0261d54efeb0acda9d0756c8eba2ad1cdee586e125a2b94a1ef205921f25b5909d6668144006de5593e8fc4de246314bd19cc603a045fce13e9a6f71b8fee3ce22b492da44deaa44df4e8b2d4c10e721c8d57b705d3d988877099590de3e9a88ae520dbbd33432be2f4f4a84fc3cb8e3b9bdb222c4a6dd48cadc7334d521c552bcd1d880a9de32865fcba376c76d2a0f24fe3bc80986d0f1161816794986407cdb43d1fa7629ca8dcdcacb21b91f3436f71deb829db018f1148e603d873e0c580a8ec3605ae11276a255730d8674bb6a8a9e7be26753648d8d70b1a4180f427cd28f9a3b63f4c7667050c91da8e5f57b6e41193bf699ab1b4119ab8c5b3c3f079af91f3839d6dac5385963e10823cff97de8cd4bfbdfbf3ccc335666d7eb5bc1601052e69874391e2e745c04e7a2cbcf94d6ad7d2a404c788112565ccd55ce3e2fad0074fede7e1f9841553cac695efad0bc73e795f1725c25f136f6f30c3371b2acac831cc1c5d670110ac74fe78548f5660f5687e0f1b23adaa5479f057a704342bf4f1f266406b55c1075f26bed8e5b698df231d51cd62994d507a3d7f9c14371b05256cec65d7924c1cd95b06583ff0e390f068a047428a39c973e840277c00dc3ce756392e79009f32066f6134e7580b758ea49c5153f950df4243bd9afc82c7cd056525a34ad1b3c6c1182980cc7e3f0eda3bf9a2a8305d39b8767f1ebb290b8157580bff9b40f71babc225004b00178bb8214100653046ac5075af2c556c7794ed27ccb49d404ad69026c80482101b24c58a8487b70b474e96c40235e0aac6c204df80040eda84eac532f22957a37086c8cfab2614ffa8caed986c5515cb5fb62a842cc0f638cca1299a0291257499dc235c61be4c875b319fcf57822bf6d8a5f6d664685ab2718878dd0514c1d09566f851c17a29124ddd974d63a0042ee43d2c0ec19ec24a4c211189af9b2a6bef20d9fff574d671ec5a00c303913e5fcba0c43394823c3733898d3e767cc357220887542bc6dc4133ed8522c48c0105e1161271cd014d0e31bc5614e3afe9e03e476673743705cc39475e2620f6340a9de67076e4d67f55e278cbacbaef8f99e1345d59e71c488143d08f8b88a5a838361d3ac948ab26bd611e149b2c58d53d2b9e09236fa58ba85b8b56844d962c7cb4d1631200ec8cc39c21dcf61cb91af13e862c9f903415a8924a9d88236bd8e897f423357cffabab3eb84c2a970434a29f1f732677f9842c9e3920df5719922aa2026466ee44a59148aaaccb8c50d095cdab49fa9eec797f183d5dd5c0e80f92d7e453df33bafe3f6518a32c3c11abcb6d5d9c433384fed6babb52d5c0cbc6f43420edf55c5d76e61d6058791893e79f54341fd34fb72fe68bac7ae5e67ab0ee4b14fbed94971b9e48921443fbaa4399e40533633e309a9b5eacf9d5b1f7e705e564b452d84cca51e913a3657f5fe6189b8e4e11be2660b81f56600cd337ef6cd6c98a9788601ce7b44a3ff0bf70feb4adc5c2d61b9ca4769da361d13528da9d0b30042fc7ba773f6e1ca47f041a146b8a8e0d5db5a91de9fd54985c14d7e2257296de379f2b740dc43e0cc3896f6cf0744f166436e22ff1588e2efc56ed70ac368c4740da1439ce032e5fe8e3d92aad4f688ce9eda54fede0df6eae016cfb9658d28acaffacc6fe69de704ffe188c8018a0b3ff0548b9a70953b00f8152dc0b8197e2c9042abcca78e4565466e54060d1577d4eb4a9e5d118bc30affb4389c0444a0a843ca96aa06e048a7ffaa74b45544465bc68bea9697bdfe077e4ffd927d71113f402007be6bc7035a971db62d625be63aac7aebdb6acead6a7f6bdbeb2b95fc1e293fa5e9342ac94d788968f11755d1db65d65a250d53a6d047dc175e0cabf378fd769abd532f3b844811f0819e572a47866cd87b087cd43c5763924b252fb05f13334fe0061c900524ba470c35ad0f0c653e7adb8dd53ca956831a7a30daf195f0f5c9f910f6c2a5b552c2b9c4a40b0b6e565bc955a59b3ad7e1055de7eb27a8dd67a69eb0ebdd68b671b5d3a1d84711bfe15555948076794bbd70123753cd530feb1f3f860567d4813b6f57b2af5bd59c288565b0398c3ad6ef810e26235bd6b935a3b2e7bc488bc00cbd9576b8e45a870b52882deccd94a680a392329a824987666fd0e811e0b1d888fca46857355477800d735a10f45f57538cf96f613b4c0083d95db170563ee3ade5d13e6d833109ac3e1e940bc927a523985db26704bb24d7903eae3e97d68aec05a59e5fd2376bf710409822cc9693b6824ee7d9ac47cc5301f70c32a32c2245c51bf40a10cc41793ed1e56c2d6d4893b10478de567782770cf62021c448a0567e55568cf8634fcb4d23d34703d60832fc936cd4e6f78715ca52bb2ffd9b8c7927ce06d8b102f37f3636740a71aea624a41cfd0fbbb11477322199855caf00327c775738ca10c122ea24b868f53d33584622b087236976efc56598a6380a78698a65f4aef1eab10e2471b0eea728928fc623129f558445537b492614f1cd863f48b52c3dda72ae1300e0761312d8d70649b4cdd673d597235cb4f1af863acdbb598a0ee74626869ee0ead9848b55f31c49ea25df05c6fb904644feeca3c8c229d7ed91f8b2cb371f7e27fcac461616788e8316bf9f125763a58c07ab7d53b449e3e4aace1458b2b83e7cb5b99d1297fe30e0b1f0184a0be76272fcaeb995e6b184d86a4ab9bc4ddc9c1a49c7021c14b7a47b0159f5e5d9da78a0530edb5be7f8c48afa871c7d645f80d2cf8f5c450f1eb45cedb727c436436f3c53041f9658fd30e9ba0c1c20ff8f42b006d62ea3322abcbd4258cebb168b2bfb1b8b1eaa8006020ac6cb9281cfd2a92b1b33d10feb7dc762412c57df5257acd56d9e475daa585367fb59b11575aaa91fd9ac8e3d8af6418018f990da6dbd4286e5ddf79414365e0c6429ac1ffe2c890cee7dda5d2a5ec97fbd6abdff5c3a51d8a712005b52b0a1b0930a299cd25e287421cc815a4965cc1a8814424a31a6e05639ed5e1e9f132ce6da5c0406a264d70f9cfc0ad4b731335355d61a24dc9c05effd0be880c07ddf6f4e352121e649f5f67eb5c66eb98f0f373f6f05de93de1b4a48e1ad8d082a5d42dad38151ecfa1b10c32fa56f027a37bc6496ded8d076569d1572bb7e8ac43ab856fe83694d751544a87061683a1a01a9b810739e97fc8572e1db1ecef9b080133a4abc1e8663beff422f6116ed8c997edfbdc329a79a25644b08df5d79133bce4b022f5b4e888e10efdf3cfd824e755077b71ac58ca7dc4295364b9e70077da8b8d30a51fd47d20affeb1b3afc5a590e93878312ffc38221b3267842c6a4b4be2ebf556efd70ac12b74e4aa2eb28e3c45ff89e7ee05d974e89238a0789922af8586296f05d428756794cc63514e8d7eabd4e319b2a0f19d8af2336c88000cb423a9bfca0c3cd76df647861ebad0a57f53e540c1cb22c8ef4e3128e9888916ca13fe23a3cfe020607e68ef7c3f586ad73f269f5e8c5927622bc408359a8f66ed28a88ef91910ee31c56b285537cbbb4eca86f388f50afe801e352165819cee26bf461ccc17b3416df39f3e73376ae2b816d303085e8ff0401fe1d7b590fb2078405ec3b2789386ce4f3974dee7c3d60198572d6659eadc4e114ff7595fac3383f5c83d80a54cf67d318b3e98db92cb4bff1779e20ed1942fd961e859b30fe552fca361942e5a8eead65942663c08e1705ea768ea7b69a5609a10eabf50b4e80ef1e010e0429896d70eb1751150dcb1233e1e93cf4adafd97d3470e0da7b62f53c04695e3fb7b31bf84679705127498088acf88b58db15962df164c3b49c4ecafb0f67e0ee6aea90b0c1647cc80e54abf4b5823c7bd3de683fe544ad96d7226d77dff670984dac92132ec7153a9aec49b4b894adcc2d96eed0283f3345c14c2af321d9911ec956a656c7b9b0cfd7290611dafa4060af967e5fc0e770ff5dd3e10654fe921d80041fd721938c8dc3476e7c2ae4c50b9ddfd57257bf15d8a2a6e5b71818dc13dab3e26d617667afaffc6", 0x1000}], 0x3, &(0x7f0000001300)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0xe}}}}, @ip_retopts={{0x18, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}, @noop]}}}], 0x38}}], 0x1, 0x4048050) r1 = dup(r0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x101200, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000080), &(0x7f0000000100)=0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) [ 1277.628199] Bluetooth: hci2: Frame reassembly failed (-84) [ 1278.616879] Bluetooth: hci7 command 0xfc11 tx timeout [ 1278.626861] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:00:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000200)=ANY=[@ANYBLOB="010000b1a045d69c00", @ANYRES32=0x0], &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5}, 0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000100)={r5, @in6={{0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, [], 0xf}, 0x3}}, 0xe640, 0x401, 0x40, 0x8, 0x0, 0x0, 0x5}, &(0x7f00000001c0)=0x9c) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1279.113935] Bluetooth: hci7: Frame reassembly failed (-84) [ 1279.177533] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1279.182433] Bluetooth: hci8 command 0xfc11 tx timeout [ 1279.656854] Bluetooth: hci2 command 0xfc11 tx timeout [ 1279.656884] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:00:22 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:22 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000100)={0x5, 0x7, 0x4, 0x3ff, 0x19, "5a9554bd1c550160188573062a19ec7ad96e0f"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xff, 0x50000}]}) [ 1279.874027] Bluetooth: hci8: Frame reassembly failed (-84) 23:00:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x40a00, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nvram\x00', 0x100000, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffe) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000040)='\x00\x00\x02\x13\x00\x00\x00\x05\x00x\x92\x12\xbc(^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x9e\x00gQ\xca\x0e\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91ze\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\'\x89h\xd5\xc0\xb4a \x15\x9a\x9f\xf0:\xfd\x9a|b\xe2\xff\xee\x84\x93Q\x82\x16\xbf\xe3c\x8d \x01\x00\x00\x00\x81\x00\x00\x00\xcb\xde\x05\xfe[H\x06\x00\x00\x00\x00\x00\x00\x00>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjVA\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008\xbfy:d\x9e\xc5,\x9287\x83\xb0\xd8\xdec\xae\xdd\x1eh2\xd5\xd8\xc9\x8f\xc9\xef\x97\xd0\xae\x86\x81\xf7|a\x035\xe8\xd6\x042\xe8\xa4\xe2\x93\xb4{\x8bb\xdd\x02\xc3H\t\x80\xaf\xb4/\x85(v{\t\xe0\xac\x92d\xec7\xf9\xedN\x9b=y\xc6\x9b\\\xb2\x9b\xb41\x11\xb2\xcbcxX#6\n\xb2j\x00\xe5') ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000500)='\x00\x00\x00\x13\x00\x00\x03\x00\x00k\x12\xf4V\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\"S\x15\x031\x87\xec\xc1\x9b$\x92\xad\xc4\x04\xdc\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0e\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x87=\t7\x96\x1a\xad\xd0\xd0u\xba\xfc\x00\xc2\x19\x02\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\x17Bn\x17h\x1b\xac\xfc\x82J\x00\x00\x00h\xd5\xc0\xb4a \x15\x9a\x9f\xf0:\xfd\x9a|b\xe2\xff\xee\xc4\x99G\x82\x16\xbf\xe3c\x8d \x01\x00\x00\x00\x01\x00\x00\x00\xcb\xde\x05\xfe[H\x06\x00\x00\x00\x00\x00\x00\x00>\xfdb\xbfJ\xd2\xe3\xbf96f\x94\x02!A\xa9\x18+C\xdd\xaaV\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\xf3\x7f^\x9b\xa3\x9cy\x92\xe6&\x87\x1b\xe1\xec\xcb\xa7\xeb\xaa/T\xc8\x7fs\x96\xb1 \xfa\xd2\xcd\x0e)\x89c\xd5\xe2\x1b\x91\x83\xd1&\xd4\xaf\xfc*\x1c\xc2\xfa\x972\x0e\x9c\xcd\x1e\f\x06\xc9\xadc\xb0\xea\x15s\xc9\xf7u\xd5\x00c\xf9\xa2\x83') ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000200)={0x1000, 0x6f9e, 0x3f2, 0x5, 0x51, "8db8c9cdacdddc7792c17bf743c2741c88693b"}) ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000140)) 23:00:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x4, 0x14000) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ttyprintk\x00', 0x2000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x1a) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1280.507619] Bluetooth: hci11: Frame reassembly failed (-84) [ 1280.513766] Bluetooth: hci11: Frame reassembly failed (-84) [ 1281.176886] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1281.176991] Bluetooth: hci7 command 0xfc11 tx timeout 23:00:24 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) epoll_wait(r3, &(0x7f0000000300)=[{}, {}, {}, {}, {}], 0x5, 0x3) mount(&(0x7f0000000080)=@nullb='/dev/nullb0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='btrfs\x00', 0x131010, &(0x7f00000002c0)='syz1\x00') ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000100)={{0x7, 0x5, 0x0, 0xffff1663, 'syz0\x00', 0x4}, 0x2, 0x40, 0xd9, 0xffffffffffffffff, 0x2, 0x9e8, 'syz1\x00', &(0x7f0000000000)=['\\(\'\x00', '/dev/ptmx\x00'], 0xe, [], [0x741, 0x4eff, 0x4, 0x4]}) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x9) [ 1281.737084] Bluetooth: hci2 command 0xfc11 tx timeout [ 1281.742662] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1281.863997] Bluetooth: hci2: Frame reassembly failed (-84) [ 1281.871307] Bluetooth: hci2: Frame reassembly failed (-84) [ 1281.896955] Bluetooth: hci8 command 0xfc11 tx timeout [ 1281.902241] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1281.937740] kauditd_printk_skb: 25342 callbacks suppressed [ 1281.937748] audit: type=1326 audit(1599174024.345:1695966): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2595 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1281.972388] audit: type=1326 audit(1599174024.345:1695967): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2595 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1281.999528] audit: type=1326 audit(1599174024.345:1695968): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2595 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1282.025265] audit: type=1326 audit(1599174024.345:1695969): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2595 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1282.052768] audit: type=1326 audit(1599174024.345:1695970): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2602 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1282.081052] audit: type=1326 audit(1599174024.345:1695971): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2602 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1282.106788] audit: type=1326 audit(1599174024.345:1695972): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2602 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1282.133546] audit: type=1326 audit(1599174024.345:1695973): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2602 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1282.160641] audit: type=1326 audit(1599174024.345:1695974): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2602 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1282.186338] audit: type=1326 audit(1599174024.345:1695975): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2602 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:00:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ptrace$getregs(0xe, 0x0, 0x9, &(0x7f0000000100)=""/218) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) getuid() r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x101000, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) dup3(r1, r2, 0x80000) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, &(0x7f0000000200)=0x1, 0x9, 0x1) [ 1282.317445] Bluetooth: hci7: Frame reassembly failed (-84) [ 1282.324454] Bluetooth: hci7: Frame reassembly failed (-84) [ 1282.460164] Bluetooth: hci9 command 0xfc11 tx timeout [ 1282.467001] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1282.536993] Bluetooth: hci11 command 0xfc11 tx timeout [ 1282.542434] Bluetooth: hci11: Entering manufacturer mode failed (-110) 23:00:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)={&(0x7f0000000200)='./file0\x00', 0x0, 0x8}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x1}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40880}, 0x0) [ 1283.427665] Bluetooth: hci8: Frame reassembly failed (-84) 23:00:26 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x200000000000011, 0x3, 0x0) getsockopt$packet_buf(r2, 0x107, 0x9, &(0x7f0000651000)=""/234, &(0x7f0000000100)=0xea) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x200200, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000001c0)='bridge_slave_1\x00', 0x10) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x0, &(0x7f0000000200)}) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{}]}) 23:00:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDDELIO(r0, 0x4b35, 0xe0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) [ 1283.687600] Bluetooth: hci9: Frame reassembly failed (-84) [ 1283.824706] Bluetooth: hci11 sending frame failed (-49) [ 1283.897065] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1283.903863] Bluetooth: hci2 command tx timeout 23:00:26 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000000)={'ip6gre0\x00', 0x1}) r1 = dup(r0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000100)={{0x0, 0x7f, 0xe29, 0x529, 0x3, 0xfffffffffffffb79, 0x8, 0x0, 0x2a2, 0x9, 0x7fff, 0x0, 0x7f, 0x8, 0x9}, 0x10, [0x0, 0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000180)={{r2, 0x9, 0x9, 0xb3ea, 0x4, 0x5, 0x7ec, 0x2, 0x100, 0x4, 0x5, 0x7, 0xbcf, 0x8, 0xa7}}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x4001ff) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$KDADDIO(r3, 0x4b34, 0x8001) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000001180), 0x1000) [ 1284.051556] Bluetooth: hci2: Frame reassembly failed (-84) [ 1284.376952] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1284.377025] Bluetooth: hci7 command 0xfc11 tx timeout 23:00:27 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xffffffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x4fffe}, {0x1000, 0x6, 0x0, 0x8005}]}) [ 1285.497058] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1285.503247] Bluetooth: hci8 command 0xfc11 tx timeout [ 1285.545474] Bluetooth: hci7: Frame reassembly failed (-84) 23:00:28 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffff8000) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x989680}, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4000, &(0x7f0000000100)=0xa6c4, 0x3, 0x3) [ 1285.736955] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1285.737205] Bluetooth: hci9 command 0xfc11 tx timeout 23:00:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDDELIO(r0, 0x4b35, 0xe0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) [ 1285.897044] Bluetooth: hci11 command 0xfc11 tx timeout [ 1285.902395] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1286.016317] Bluetooth: hci9: Frame reassembly failed (-84) [ 1286.061461] Bluetooth: hci2 command 0xfc11 tx timeout [ 1286.067535] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:00:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1286.247966] Bluetooth: hci11: Frame reassembly failed (-84) 23:00:29 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDSETLED(r0, 0x4b32, 0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TIOCGSERIAL(r0, 0x541e, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/125}) ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0xffffffff, 0x0) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000240)={0x8000, 0x6}) [ 1286.635528] Bluetooth: hci12: Frame reassembly failed (-84) [ 1286.947008] kauditd_printk_skb: 26537 callbacks suppressed [ 1286.947017] audit: type=1326 audit(1599174029.355:1722513): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2730 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1286.974834] audit: type=1326 audit(1599174029.355:1722514): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2730 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1286.998253] audit: type=1326 audit(1599174029.355:1722515): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2730 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1287.020459] audit: type=1326 audit(1599174029.355:1722516): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2730 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1287.043193] audit: type=1326 audit(1599174029.355:1722517): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2730 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1287.065684] audit: type=1326 audit(1599174029.355:1722518): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2730 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1287.088173] audit: type=1326 audit(1599174029.355:1722519): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2730 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1287.110678] audit: type=1326 audit(1599174029.355:1722520): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2730 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1287.133020] audit: type=1326 audit(1599174029.355:1722521): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2723 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1287.155258] audit: type=1326 audit(1599174029.355:1722522): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2723 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 23:00:30 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="5bc9c3a8e71e6307f0e392a95d3b0500591e7a9c95ca54b16f10e1c17510ba6a424f19fc281a", @ANYRES16=0x0, @ANYBLOB="000127bd7000fe0200"/22], 0x1c}, 0x1, 0x0, 0x0, 0x20008040}, 0x20040010) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1287.577021] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1287.577034] Bluetooth: hci7 command 0xfc11 tx timeout [ 1287.662281] Bluetooth: hci7: Frame reassembly failed (-84) [ 1287.669936] Bluetooth: hci7: Frame reassembly failed (-84) [ 1287.897016] Bluetooth: hci8 command 0xfc11 tx timeout [ 1287.902643] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:00:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000100)={0xc3}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1288.057073] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1288.062828] Bluetooth: hci9 command 0xfc11 tx timeout 23:00:30 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001380)='/dev/dlm-control\x00', 0x20100, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000013c0)={0x3, 0x1, 0x9, 0x1, 0x8, 0x0, 0x75, 0x3, 0x1f, 0x6, 0x9, 0x1, 0x5, 0x4}, 0xe) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x400001, 0x0) ioctl$KDADDIO(r4, 0x400455c8, 0xb) [ 1288.137068] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1288.137379] Bluetooth: hci2 command 0xfc11 tx timeout [ 1288.175102] Bluetooth: hci2: Frame reassembly failed (-84) [ 1288.301866] Bluetooth: hci11 command 0x1003 tx timeout [ 1288.308362] Bluetooth: hci11 sending frame failed (-49) 23:00:30 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x9) r3 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x6a0081) write$binfmt_elf64(r3, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x5, 0x9, 0x7f, 0x7, 0x3, 0x3, 0x6, 0xbf, 0x40, 0x2ac, 0xeb4, 0x9, 0x38, 0x1, 0x7ff, 0xd9, 0x2}, [{0x6, 0x2, 0x7fff, 0x0, 0xfff, 0x1c3f, 0x1, 0x4}, {0x4, 0x2, 0xcb, 0x5f, 0x8, 0x1000, 0xcf7, 0x163223a3}], "285ea57d84fb8f83c1aeda85bb058735bfd244a58c80c806ec729396523a347341d96c80b237551c35bf518a1e86bce8a1dfeaac0e21137de26f605c3a3f2f5abce6c88918779b2465f569cf791f62599db5a8362e463506fc880d36c65b117e815fd3888fff1cdb1fa9a54807224de80c1ec925f786f93eee206546", [[], [], [], [], [], []]}, 0x72c) accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000080)=0x10, 0x80000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$kcm(0x10, 0x2, 0x10) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f0000000940)={0x81, 0x1, 0x0, 0x1, 0x2, 0x6, 0xfffffff7}) sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x5c, r7, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0xe, 0x6, @private2}]}]}, 0x5c}}, 0x0) sendmsg$IPVS_CMD_GET_INFO(r5, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x1c, r7, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40800}, 0x8000) 23:00:30 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x10001) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f00000000c0)={0x8, 0xb, 0x4, 0x800, 0x4, {0x0, 0x2710}, {0x5, 0x0, 0x2, 0x1, 0x1, 0x8, "e204643d"}, 0x2, 0x4, @offset=0x2, 0x117, 0x0, r2}) close(r3) r4 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x3f) r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x80, 0x0) ioctl$KDADDIO(r6, 0x400455c8, 0x4000000000000043) 23:00:31 executing program 3: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x46802) io_setup(0x2e, &(0x7f0000000400)=0x0) io_submit(r1, 0x0, &(0x7f0000000540)) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000180)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$FUSE_GETXATTR(r2, &(0x7f0000000200)={0x18, 0x0, 0x0, {0x10000}}, 0x18) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) io_cancel(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x5, r3, &(0x7f0000000080)="15a4215fcf03aed4642add0f20861624d8b3d80b31fc3a548536309ca8e855", 0x1f, 0xfff, 0x0, 0x1, r5}, &(0x7f0000000100)) r6 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x101002, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xf) ioctl$SNDRV_PCM_IOCTL_DRAIN(r5, 0x4144, 0x0) 23:00:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = socket$rds(0x15, 0x5, 0x0) sendfile(r1, r0, &(0x7f0000000180)=0xfff, 0x8) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x86180, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) r5 = perf_event_open$cgroup(&(0x7f0000000200)={0x0, 0x70, 0x6, 0x2, 0x7, 0x7, 0x0, 0x5, 0x2010, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x6, @perf_config_ext={0x8, 0x200}, 0x12340, 0xa04, 0x5, 0x6, 0xff, 0xd3c, 0xb5}, r2, 0xf, r2, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x9) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}, &(0x7f0000000140)=0x10) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1288.697175] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1288.697258] Bluetooth: hci13: Entering manufacturer mode failed (-110) [ 1288.712231] Bluetooth: hci12 command tx timeout 23:00:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000000100)={{0x81, 0x6}, 'port0\x00', 0x62, 0x10000, 0x8a, 0x3ff, 0xffff, 0x4, 0x7f, 0x0, 0x2, 0x5}) r3 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$PIO_UNIMAPCLR(r4, 0x4b68, &(0x7f0000000000)={0x401, 0x0, 0x9}) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x9) [ 1288.782856] Bluetooth: hci8: Frame reassembly failed (-84) [ 1288.811868] Bluetooth: hci8: Frame reassembly failed (-84) [ 1289.737027] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1289.737094] Bluetooth: hci7 command 0xfc11 tx timeout 23:00:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x1, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1289.835907] Bluetooth: hci7: Frame reassembly failed (-84) [ 1290.217104] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1290.377113] Bluetooth: hci11 command 0x1001 tx timeout [ 1290.382489] Bluetooth: hci11 sending frame failed (-49) 23:00:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000140)={{{@in6=@initdev, @in=@loopback}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @loopback}}}, &(0x7f0000000240)=0xe8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0xff, 0x50000}]}) [ 1290.857104] Bluetooth: hci8 command 0xfc11 tx timeout [ 1290.867677] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1290.937168] Bluetooth: hci9 command 0xfc11 tx timeout [ 1290.942491] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1290.950837] Bluetooth: hci2: Frame reassembly failed (-84) [ 1291.897125] Bluetooth: hci7 command 0xfc11 tx timeout [ 1291.902478] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1291.957083] kauditd_printk_skb: 32282 callbacks suppressed [ 1291.957091] audit: type=1326 audit(1599174034.365:1754805): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1291.985110] audit: type=1326 audit(1599174034.365:1754806): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1292.008237] audit: type=1326 audit(1599174034.365:1754807): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1292.030066] audit: type=1326 audit(1599174034.365:1754808): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1292.052562] audit: type=1326 audit(1599174034.365:1754809): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1292.076146] audit: type=1326 audit(1599174034.365:1754810): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1292.098375] audit: type=1326 audit(1599174034.365:1754811): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1292.120415] audit: type=1326 audit(1599174034.365:1754812): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1292.142342] audit: type=1326 audit(1599174034.365:1754813): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1292.164277] audit: type=1326 audit(1599174034.365:1754814): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2808 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1292.461882] Bluetooth: hci11 command 0x1009 tx timeout [ 1293.017085] Bluetooth: hci9 command 0xfc11 tx timeout [ 1293.017200] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1293.022887] Bluetooth: hci2 command 0xfc11 tx timeout [ 1293.029082] Bluetooth: hci9: Entering manufacturer mode failed (-110) 23:00:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:38 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x3, 0x0, 0x0, 0x4, 0x0, 0x7, 0x0, 0x8001}, 0x0, &(0x7f0000000300)={0x3ff, 0x8000, 0x20, 0x2, 0x0, 0x0, 0x2}, 0x0, 0x0) 23:00:38 executing program 4: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TCSBRK(r0, 0x5409, 0x7) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x200000, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:00:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCL_GETSHIFTSTATE(r2, 0x541c, &(0x7f0000000100)={0x6, 0x7}) 23:00:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1296.521933] Bluetooth: hci2: Frame reassembly failed (-84) [ 1296.536082] Bluetooth: hci7 sending frame failed (-49) [ 1296.557965] Bluetooth: hci8: Frame reassembly failed (-84) [ 1296.969148] kauditd_printk_skb: 14071 callbacks suppressed [ 1296.969157] audit: type=1326 audit(1599174039.365:1768886): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2856 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1296.998571] audit: type=1326 audit(1599174039.365:1768887): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2855 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1297.020724] audit: type=1326 audit(1599174039.365:1768888): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2856 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1297.043656] audit: type=1326 audit(1599174039.365:1768889): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2855 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1297.066496] audit: type=1326 audit(1599174039.365:1768890): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2856 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1297.089126] audit: type=1326 audit(1599174039.365:1768891): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2855 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1297.111739] audit: type=1326 audit(1599174039.365:1768893): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2855 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1297.134224] audit: type=1326 audit(1599174039.365:1768892): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2856 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1297.156667] audit: type=1326 audit(1599174039.375:1768894): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2856 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1297.179104] audit: type=1326 audit(1599174039.375:1768895): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2856 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:00:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x180402, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) msync(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1297.363172] Bluetooth: hci11: Frame reassembly failed (-84) [ 1298.537168] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1298.537278] Bluetooth: hci2 command 0xfc11 tx timeout [ 1298.549245] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:00:41 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x9, 0x180) bind$netrom(r2, &(0x7f0000000100)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x6}, [@bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @default, @default]}, 0x48) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x80380, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) [ 1298.627361] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1298.634093] Bluetooth: hci9 command tx timeout [ 1298.639775] Bluetooth: hci8 command 0x1003 tx timeout [ 1298.649922] Bluetooth: hci8 sending frame failed (-49) [ 1298.732359] Bluetooth: hci2: Frame reassembly failed (-84) [ 1298.738374] Bluetooth: hci2: Frame reassembly failed (-84) [ 1299.417171] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1299.417195] Bluetooth: hci11 command 0xfc11 tx timeout 23:00:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x3, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000140)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) [ 1299.605947] Bluetooth: hci7: Frame reassembly failed (-84) 23:00:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000100)=0x5) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1299.754205] Bluetooth: hci9: Frame reassembly failed (-84) 23:00:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f0000000140)) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r2, 0x110, 0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) signalfd(r4, &(0x7f0000000100)={[0x9]}, 0x8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1299.943043] Bluetooth: hci11: Frame reassembly failed (-84) [ 1300.697187] Bluetooth: hci8 command 0x1001 tx timeout [ 1300.702552] Bluetooth: hci8 sending frame failed (-49) [ 1300.777260] Bluetooth: hci2 command 0xfc11 tx timeout [ 1300.787432] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1301.657233] Bluetooth: hci7 command 0xfc11 tx timeout [ 1301.673518] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1301.817217] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1301.819916] Bluetooth: hci9 command 0xfc11 tx timeout [ 1301.977256] Bluetooth: hci11 command 0xfc11 tx timeout [ 1301.977292] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1301.985179] kauditd_printk_skb: 37424 callbacks suppressed [ 1301.985187] audit: type=1326 audit(1599174044.384:1806322): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2932 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1302.016788] audit: type=1326 audit(1599174044.384:1806321): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2925 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1302.038933] audit: type=1326 audit(1599174044.384:1806323): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2932 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1302.061432] audit: type=1326 audit(1599174044.384:1806324): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2925 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1302.084021] audit: type=1326 audit(1599174044.384:1806325): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2932 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1302.106046] audit: type=1326 audit(1599174044.384:1806326): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2925 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1302.127935] audit: type=1326 audit(1599174044.384:1806327): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2932 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1302.149889] audit: type=1326 audit(1599174044.384:1806328): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2925 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1302.171781] audit: type=1326 audit(1599174044.384:1806329): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2932 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1302.193662] audit: type=1326 audit(1599174044.384:1806330): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2925 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1302.457185] Bluetooth: hci12 command 0xfc11 tx timeout [ 1302.457213] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1302.777240] Bluetooth: hci8 command 0x1009 tx timeout 23:00:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:49 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000001600)=[{{&(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/73, 0x49}, {&(0x7f0000000540)=""/174, 0xae}], 0x2, &(0x7f0000000600)=""/151, 0x97}}, {{&(0x7f00000006c0)=@nfc_llcp, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000740)=""/74, 0x4a}, {&(0x7f00000007c0)=""/173, 0xad}, {&(0x7f0000000880)=""/191, 0xbf}, {&(0x7f0000000940)=""/222, 0xde}, {&(0x7f0000000a40)=""/114, 0x72}, {&(0x7f0000000ac0)=""/233, 0xe9}], 0x6, &(0x7f0000000c40)=""/69, 0x45}, 0x401}, {{&(0x7f0000000cc0)=@in, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000d40)=""/229, 0xe5}], 0x1, &(0x7f0000000e80)=""/250, 0xfa}, 0xee}, {{&(0x7f0000000f80)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000001480)=[{&(0x7f0000001000)=""/158, 0x9e}, {&(0x7f00000010c0)=""/57, 0x39}, {&(0x7f0000001100)=""/50, 0x32}, {&(0x7f0000001140)=""/43, 0x2b}, {&(0x7f0000001180)=""/73, 0x49}, {&(0x7f0000001200)=""/61, 0x3d}, {&(0x7f0000001240)=""/192, 0xc0}, {&(0x7f0000001300)=""/99, 0x63}, {&(0x7f0000001380)=""/227, 0xe3}], 0x9, &(0x7f0000001700)=""/188, 0xbc}, 0x7ff}], 0x4, 0x100, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}, r6}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:00:49 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000080)={0x6}, 0x4) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000040)='net_prio.ifpriomap\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040000002b24ec10064b6fb14bccedfb718aef932f3889d1fdda5b9134015a860f5878c37ffe36e1165d14d435be5b317c6c8189767d2f97879f07a715bb7c169f46933d9338f4ab0483696f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) socketpair$unix(0x1, 0x1, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x20) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0xd7, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0) close(r3) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:00:49 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000100)={0x0, &(0x7f0000000040)}) 23:00:49 executing program 5: sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0xb, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="580000000114000000bd7000fddbdf2508000100010000009813456777bce9080001000200000008000100020000000800010001000000080001000000000008000100000000000800010002000000080001000034cb293dc7ad95f8000000"], 0x58}, 0x1, 0x0, 0x0, 0x8004}, 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000100)={0x4}, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:49 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @aes256, 0x1, "dfc3fa599340f328"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0x9d, 0xc, 0x81, 0xf6}]}) [ 1306.749925] Bluetooth: hci2: Frame reassembly failed (-84) [ 1306.769069] Bluetooth: hci9: Frame reassembly failed (-84) [ 1306.988119] kauditd_printk_skb: 7498 callbacks suppressed [ 1307.130256] audit: type=1326 audit(1599174049.394:1813828): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2976 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1307.218920] audit: type=1326 audit(1599174049.394:1813829): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1307.246950] audit: type=1326 audit(1599174049.404:1813830): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1307.274243] audit: type=1326 audit(1599174049.404:1813831): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1307.301942] audit: type=1326 audit(1599174049.404:1813832): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1307.335071] audit: type=1326 audit(1599174049.404:1813833): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1307.358295] audit: type=1326 audit(1599174049.404:1813834): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1307.380878] audit: type=1326 audit(1599174049.404:1813835): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1307.403355] audit: type=1326 audit(1599174049.404:1813836): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1307.425724] audit: type=1326 audit(1599174049.404:1813837): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=2981 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 23:00:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video1\x00', 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000140)) [ 1307.625593] Bluetooth: hci14 sending frame failed (-49) [ 1308.777345] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1308.783828] Bluetooth: hci7 command 0xfc11 tx timeout [ 1308.784318] Bluetooth: hci9 command tx timeout [ 1308.793861] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1308.800536] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1308.828632] Bluetooth: hci8 command 0x1003 tx timeout [ 1308.858361] Bluetooth: hci8 sending frame failed (-49) [ 1309.337441] Bluetooth: hci11 command 0xfc11 tx timeout [ 1309.342817] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1309.441614] Bluetooth: hci2: Frame reassembly failed (-84) 23:00:52 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NFQNL_MSG_VERDICT(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x11c, 0x1, 0x3, 0x401, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFQA_CT={0x68, 0xb, 0x0, 0x1, [@CTA_ID={0x8, 0xc, 0x1, 0x0, 0x1}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xb, 0x1, 'amanda\x00'}}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8ad}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x9}]}, @CTA_TUPLE_MASTER={0x18, 0xe, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_ID={0x8}, @CTA_TIMEOUT={0x8}, @CTA_TIMEOUT={0x8}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x8000}, @NFQA_EXP={0x20, 0xf, 0x0, 0x1, [@CTA_EXPECT_ZONE={0x6}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'pptp\x00'}]}, @NFQA_EXP={0xc, 0xf, 0x0, 0x1, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0xfffffff9}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x4}}, @NFQA_EXP={0x18, 0xf, 0x0, 0x1, [@CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_FN={0xa, 0xb, 'Q.931\x00'}]}, @NFQA_PAYLOAD={0x3e, 0xa, "478e7fbeff46d84f2fa873313a8a726e14c447875095c69e24d5d62ba48c1bf51c1a700bf038f1e5386183c92ab51e660aee0a7f767e514bca5f"}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x8}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4008800}, 0x20000014) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1309.577350] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1309.657326] Bluetooth: hci14 command 0xfc11 tx timeout [ 1309.662798] Bluetooth: hci14: Entering manufacturer mode failed (-110) [ 1309.669592] Bluetooth: hci13: Entering manufacturer mode failed (-110) 23:00:52 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair(0x27, 0x1, 0x1, &(0x7f0000000140)={0xffffffffffffffff}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000000)=ANY=[@ANYBLOB="01000002", @ANYRES32=0x0], &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}, 0x20) sendmmsg$inet_sctp(r1, &(0x7f0000003640)=[{&(0x7f0000000180)=@in={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f0000000300)=[{&(0x7f00000001c0)="5ae5bb9b413dc31dd48b3768a031748b6bc08a730f2cd1793f21bb", 0x1b}, {&(0x7f0000000200)="55bfc45f4b5076e35587c3e0914927e48e448646fae26754e2b5af13d509", 0x1e}, {&(0x7f0000000240)="19cea2edf5d0d8082ffde4410905b73a058d7817b19236c90a854821cd7cfee5c1408e834b78bb75f36b59b2cfd2ec35bacd5ffe6b7793f6f11a0b22aa2ab6fb2960ab746b939cd78746d084200dd0c58dd3e0551742882a01a047a63612c5cefaa78f0e8207677ed1c1c71fba5e5ee39543511bbf1eec137515cad452fd9626e2a543b0c68f481593afa1df88b7b892a07cb25235b119bb8f825a613b6b40a4096c099bf0fa52e363b4", 0xaa}], 0x3, &(0x7f0000000340)=[@authinfo={0x18, 0x84, 0x6, {0x1}}], 0x18, 0x4}, {&(0x7f0000000380)=@in6={0xa, 0x4e22, 0x6, @loopback, 0x4}, 0x1c, &(0x7f0000000900)=[{&(0x7f00000003c0)="eb523851f47b35fffaf296792453e58d45d0765b07478910833a208ad54184148b4c051c7523b4660942fbe6408e714994f82335bbbdc13b9bdba3f5848a1a9d21a87d1a24055a3dfc100c0195ee51a252f9320d11", 0x55}, {&(0x7f0000000440)="1519199ff8bf5ed598798369821b464a7046ed301b6e0fc53f3abff7310e9f5a1e06dfe490617ae4339ab236350a6569691297cd8b574a513d6fba0dffb10a9393d190eabb05163311e2d0105b11021321fd11df7ebc7bbc0084fb67d524d59f81e14a53b4f7c2ad7836e3c89db0bb70990e5f71825665f7e684", 0x7a}, {&(0x7f0000000580)="3ef456b8686c50b07b279a93df6b3193fe9b6ebcab8e4fe0d8fd6b31b245d822a8efb6cdbdfd0c8d6c0cabfdd8bde39df401d39705ba0fff48dff2dd177efe65d3ee0a9c3f938b2bd9204c0a0efeb66f2bf29df52232997c83fcdf2030eaedf18a6557e0572c5f28e6052d4c99fde7465f0ebdb27ccfffe22e0c35f70763195c61c97712874874a1c762dd0e1384a61d3d1f0bba36d5d18817141d99f8c5d3df6570cd0d50d73758fffd544b8635a15f85f0540a31dce9", 0xb7}, {&(0x7f0000000640)="94b2d688a7060d1294674d", 0xb}, {&(0x7f0000000680)="429250dfb5866c9f357b1519dcf25d67b9ead774a0651c891786f67f7aafe1b26bf2368a5f8366de691ac7b98c03f57e6bf3ec0d23aa4e5c3a8842b66992807f521bf2cbc6d9e4163f69f6f7ff0ea2637649214122eeee38fb7d6d2f84ca48ae3fbb93ae83ce05f70ebb65cc97924f092393ef5141888372e609958339e442c7b8da7f6f8f6ab4af7f8e7d8cf6a0cef76c7e2ab913aaeeb1c10f5552642b0c3ebcf8b059787e6b2f3ac78026dfee3be8c3e3e23ee24801d3a751db46f0254f52b184f788305958949160c36aa8016cc88655a8", 0xd3}, {&(0x7f0000000780)="8beda64ea346dac1aa130d2ba06a9f153bf694cb7a0f093718c6ca48924c6fbcf05e20c08b2fae2760730ad92d3c30f1acad614b0fa5734fea8f25e5e44a11c398bb31b0902e327cea1cc58e8351f709e838cf61f73c6dabca4fc13031714957b4747ec438cd99719456f94f2786", 0x6e}, {&(0x7f0000000800)="58c1a3f1554e371dd7c9a4596286d3d89620d3fdc787eacaa879a95b04123349ff3b0f9e6a4064490529fcbb18aaeaa329cdad3c4617eb4746cbd10c25340a26332e56a2a3e2ab66982cafc1033c6321f2a4d647e5f947514a1e06110924443eed4c2fcc00e0b30ce43b2829639f51a0131ff1953e23eb7ba8f56fe1bafcc5e6f6d57ae8e000ff259731a4620f062ebf2b829bfc03fd332d45e8d35fb7ad3bdeb7df4344c578733d2e0fec4cd1548c06c55cecacd13c695ffecbf8952b495602506ddd7207ffad098f7f40d1359f494d0d76d95d97ede8f0b1f202f3f8ceb7e0", 0xe0}], 0x7, &(0x7f0000000980)=[@authinfo={0x18, 0x84, 0x6, {0x3}}], 0x18, 0x20000094}, {&(0x7f00000009c0)=@in6={0xa, 0x4e20, 0x1, @mcast1, 0x200}, 0x1c, &(0x7f0000000b80)=[{&(0x7f0000000a00)="691a830fe9f2730e1136ecd9bae5518392511efb6a2fbc6186318e19192116b4f760861b9b10c90d449467c9490c6ab23ab7de2fd0826660bc710d0c36632bb9b41f7b87dc217a615c9bcd47f49cabc7943f4833f7127d396bb95e50cb29614c", 0x60}, {&(0x7f0000000a80)="ad32a449afcf84bd2dd072f49f3ce4c023427f38cdff6afd22c543c6dd72b113f279bade3eba0028f3a4cc2b99c4128c72629cec9fc73595a8f184b2fa26c045c450c0bc418cdc128cc0775122e1ad3778744b2aaaa14824622d4effba1477c8018ef7dede6e3a43069959b077069ab177675aa586247e844588ae17112dd24dc79151c17d1923ac797f2b6ace13df62ea749749d7faf0037c910af66caa8fca33eebb15c1397bfb7e8e947e2f454e6495d281ada5bea1651f55a501171216a2150452678cc27e6dfcc4e471d7e529d2d072508548d1", 0xd6}], 0x2, 0x0, 0x0, 0x4000080}, {&(0x7f0000000bc0)=@in6={0xa, 0x4e22, 0x40, @empty, 0x9}, 0x1c, &(0x7f0000000ec0)=[{&(0x7f0000000c00)="442571ef445b674112b94909239fb4152f8b485ce78197d6ce165c0bcbd41818b9c070480af52d69b36623a20ee0ce2cdbf38d33b44f559bad821401e5223bf51649a0d51bb0b7a08a38ce9336765bfe69ee224f24e416f1d4db32221b35773c204691c267333e5b41ff248a29256252e6315e7687cf2f4d23617a6b3d403ac79f984b66515fb2451285ca6844fdb9c5dc26fd7aa3a15398161e69c6f5e9e2de2935c7a90bab4176e7b7b56cf8022a9a9a75ad7bc46a7d3bc88c9a9612e9", 0xbe}, {&(0x7f0000000cc0)="70323946334db35888e32968692359a633fa3a92b9e0eda0102932c681a0c8aebfed60e179bb298aea1b9fe70c839daec4f2055f4d07e99f467e0fed714a4eb4a40fe11d6b", 0x45}, {&(0x7f0000000d40)="c8d122331d3a8342d7768feaae8a24a298ebd8233dc0cbca27eccf77829161e312abc3d515e183caf4774f78da7894c96fd830af4443f9e5901308bb9170d0fd0a1ee249dabee7bdaa89e90913c335daf5f12ce401a0bc4a0abdf9fc56895fa0a360f04feba86cdb5c2a52e6aab27628416a22acee68292f59e27168018a0e8bdd61a35fe10c656063abd7d8b3fb9fe4daba601135826bc003e6423ef36210d9a3fb7c52b56133010be2fe2180f66c208900dacf25512a55afed767d52625b1a37c6dd", 0xc3}, {&(0x7f0000000e40)="16f64c0be4b0ae8df23a7c06676ef0183a6bd4054701230ba16bba34d6ab45ad0a97c29f4f4b5511050084db1e1c7817790a5954bd384d081caad8c27a8e7b05c97e", 0x42}], 0x4, &(0x7f0000000f00)=[@dstaddrv6={0x20, 0x84, 0x8, @ipv4={[], [], @broadcast}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x1000}}], 0x38, 0x20000000}, {&(0x7f0000000f40)=@in6={0xa, 0x4e22, 0xfffeffff, @mcast2, 0xf03a}, 0x1c, &(0x7f0000003480)=[{&(0x7f0000000f80)="1d9f8cf3987eee439e95091646276b336481377a99030c2f99cd447055d5ee23ff15cb9917cf489367a47a942c5775fcaf2cc46803622c4ca53547131465dd4ce378037a1b441dbc8c97c1be9d3890a0de47c59ad722ae0138c788905485d7b26df1d76c34ec5ae2520b2755e536ec0bc516b2caf1817993ce4a315fdc386b451329ff3177375cb3267446ada085bd95a2031dd772e2af41b25c4363f3a07704e54b6528b6f561684ea9e955bb22bfd5802abf8d24d6405f6babfb8dccf9bcb6f1d3204713b2efb7d51927b689d1", 0xce}, {&(0x7f0000001080)="d463f4fb4b3ab1333aa6c4a2442a58abd1a064e2696f948e80d285dda003da97ddda74b0d0f18f1031385b135d01c554771a47ada208dad3b403f6eb2a9a3bdd0a10d7424c23fd25bb00fde50af03d55979f71fedbdb82bf847bcf94f76dd9fb22528c64e1f63463df270cf60f6a21c08441a6ebce56a49c1e0fbfa8ded5b57d92bc477400d430c44828328e9a42af822722848194cd37eb42da4bc52e7bc9df52f277297ef617dc4f61b0b485d94dfb14015a36cddea4e5b4f5e4d60479d668c018685ba6903e258e75d0bb2b631f3801e42a3cd3465a198b103f03d77a3265f680e79476f848ab8d9c4b6595c5bb51d3df20c126e2235d8c2bf1f9ec82bc90c0f972716861dc2e526c8a12a4086f220c80a60bf2974595e4e834b7ddc131bf1ac2b89f4e3e74dc8fa4dd26485b37b04222877f489290df5c87496014e2dce371ef32c1b7fb5d980c020b1295035cb56c8615a1c04617719dabed9e5a8c5973962062ad992fc99b64737cc1455c8432d00a74bf079047f302c9fa23a0c4fa2f849435ead39cac5a8b209b1365acf254098655c6624473c6cd5f6f59facda730b9a2bb878dc467052fb22f20b4527adfabec0a4671125ebc56e48d082a818979c07d05bc631a84d92dc80a4ab4515d4e6b3a33ac78631dd6e64d13094ccc4166fe9cbb4dead57f21a11b64c5da89e8233c63b4d3ee594b53d3e2828251a18bd1039dd1a13bb9b06e8fec072a653295e690f270a9cd1c875174000c10cf3aab723fe3f389bb344aa2d847dbd52fe2a77c254278ad00b68c1dc5e56000e61edc626fd0475ebfa7fe3bdae953421ccbd3b004b803e4b06fd077bfc28cddbbda733119608160db71795217614e32c9b2382b13fb03cc1c2ebd4a6ee9501dc41ff4610d45bb44b097a1792b5ddd58246518724acc42d7f3ae6f605d810bc6aea08afd65e1c8a1e95f6a2ec7ca447a4937233ed02ba196621083eb81ff47278e8e4e9d313850eb3da6753de362db9d734b420dbb6668d41307b7a2e9ed70e81f69ceef0bb2af3481a92765ff18dcad4cfb4e6988821e501a22c1c1fcece09340a4693a16b38c33ca05359ab48396075c9e9ca0d25ed39f80df9e646473c30ca33c9a55fef84d173a0c4116c745bb3873ee72ac576a20c7cf164dd6b2174bb34f62479efd0cd6efa5486219ba114af5c5a170af4190916d40e3058a67cce340c4d95c93a976296b468d9d23e34ad430e52bfc80b2bf6c74f821065d3b4c192bf3fa7252edcb9a510a910a4dee4c109978fcd0368495c404d74176fd0074bef23a014989627c8dfad250467b636994a0ca0a56f6847a8288e801d007d9b5699f06a3aab95e33d83ac62cace85ffdc08c8412c11ea7a5f7587c85997807de857b616e7bc7a2f0513c70bf6142c28500d59411bed87660791179f470f5c56e72d67bf32c080c4409ac148127f0732c0c95e5bb83142621fafe4628c18c7f428cc089e5175d1dd81b36ba04b9cc2d6ebd775d008b069032a5c57a57e32864da4e0704b555704913b70a9d4e38eef117dc263d37868301b2dfc448f09b35fc3c939b965172744c1331cc26f15194776ff6497259c0ec861a20f787cedf1223f05aa46a919e3c63a54928a843c4dfa51721480d9b76979566799a0897afd0334e4cf6b8545e4007ccf384acd57d51e754b6dbbd0db14d4165613e6aa3c8063eef46507a3d3c705706db5efa6153e86927e732513fcfbeb56200f56984761ad1b01b85ab7874ce6363eaa7ef1dfec4d6e436aae07ae0c593e5c744ebe020bfc4cd4bae761f0f23b93e026371e32337c00ae8bc0d9e32fc33aeda6cbc986ca8f0ba549b233458b54d770c38a4bb65a5ef5ae0ff0ccbf3d3c486ac2e3e71a6a3b99d56dde02cf096b93f66266fa2bde24140889b03531edef26763d12d5e1034dbd2aa1dcaa6729c378ee6a9ca7e8b50b99243ef3a33f245d220b3b2acc556b5083a7c9a850dafbfe5d3325a04c9e5a657df29cd92dd3ef5a6846d183ef51976f7f0ca71aa543974a36b561ee26ab06ae17d4412982804a0d0983a3467b160e41dca947bb519a15bc46bd0a7cc07c7ab5112202c7b77bdee30c47ad47f00bf8f358252db2dc391bd8a4fb30a8773d26567e14a93817caff9632867c2e9661aff3894d670ab2904424221df9a95315c8329586d15b9cc15939e3cc6ea6442ebfdec29a9ef60b85890300ce8a0986880cca6b047d8ade452005b44cf88bd3d346c8375d5426d889296c315c31deda0b46829ba73ebef9f0566f73251df1bdf978250b417048e2f5b2b22fc137852544f8361e86790d84ebb99bd328c2cd18c0a0a934553cdd552900f1eee576db666928323c6b1da9b10143ff18a99adb1e7f24981a5e72e83e84e87095d8f0a6776e40b8ed41607a830d83b2683309f0e7ea0aca67519da640b9c50b402656125b946d854141307d475062875e4635876ab19eb9cabb68bbd19b3219379ec221843e065a656cb6076a35b262403e9bba1364405b4b4d802e8e0bcb6c657ad139866b70153ef6f947e5d7745a7a3604a3e5d389a736fa9e853f63c6c997a9ac14cb82b5424d45cfb2e2f770df3300251240f83527cc135f35022b3b66346ecbfa6bc010a50b91fb6bc4d4d257b8b5aaefd0e5f79357469e90afec2bea5fa95c2c23e17578d397125a2c02b8fd9fd69d011bffd3f3eb5838ac431040811ca6a31e73731fa6573456098c8255596cb1c95df5c0a4b207aa392068ca7cd7f57b0094f6fc9338a0940ea81a1c641ef6d2ebc6877aac0dd38f1e1ae1bcd10c90c2cfa1d9ace593fea65540d56516f7167b412267b6e4f13d0ae99158434ebfba83e67215b5271cac5794968fb0f59a501912a1831bad75670c775b5b018fe927a22cc2652a02682f8c6712bed808c4f008b14c5f94ad4cce76a24ad20b83bb1784b2c51060989ac939c245f11e46d31134e19c10c4760d677af89bec0ec015da63a89c5f774eb34c655b76f001c16dfcb08d525c1bb3a9f272acbe0c19090475b26efe0599188d2a38a23b51f9160fb6ce4fa04ad3b04813629d1ddfb515c9bc29e0239928ca3f0858e316f17315f4ce053286e1ba3b46f3bb6b3e82b5ee96b59e80a3594c53305936592310cf39effd037cce8e7f21ae8a10dcf19ddcde93e03e58111b8fb0ca845c8ca306ab48b435638fe8628a4619f93b83aa69e666f5dc8d56a78b8fe9215c5aa4aa929c426769555f04e13a5d416b2f3fc31b78318b6340bf8a0fc3c48ac6d7870a68dec3e81c219304ac7ff479b9cd32b7dc83e358eb461b0ce0cd19ee8e0ef3f9ab4482e2014d0c1d86bf1a535631e5a3e123278e61d36665da271edb7a1d8262d1ae710054662dcc009fc28a00cc83e972bb6e26d8cdfa03bdcc20e290ebba82857073733a7a5644c18f304f87b8cde19f28c2bda952d31b22f0260d8de3158005509448c9d14c311bde408652579df5422ce95a5399ff9e47026f46e8ef173013650da74c507e618950dfaa86e7d6f91f4cb98999593fa0a003f7f5359c6b090456ca7e6a7d3f7410ff739c12bd08cfb3472c555ad872035b8230ad5e5f35003cbf4fc3a7a5eb5c683041f0cb957b1d651f6437e279fa460174730dd579c759ef8f87285e5f174704bbc1a819d4e278c749eb54aaebd37cb19203f3201f0e181ce37af9d42c7882b3d5be46e977904c3cfa044d65e7bf21d2bdcbc6baead87564d6cd87977474e981779c75e7f178dd64518798b2712892f612f7f21677ef42b18b805e3f9a1a49a85b08ff6943369c8e192b8af7fd3f76a55a2a098949feceffd5fbd3f29aeef3dfa90d9d88768f018ed5766ebc627daba86a918cebadde8df7039ad60ae0ec4ba9fabc51b985ad13491c698359ab5e840aa1edf9e3391328f2355c6047e8f97a74604c0b67c2aa4ace2a1076984aa0d8acdb2e7bf505d3fa42c93bfa6a9d6f63bd96c92458b98db7b61b45f56238494498bb609b3724c89bdc9f0f614b5f3888b53312fd1eb27b6526ce136756b67022c6b57655f49677e9140ffe10c83ad4360707bc0d2ea3c977fe73e957872ad40412acf71a919e1232e88f516da2b4fc905c3fff36e5eabdf3ed965230d8570e84bd5602534d7f0be1bc2849a3ba4585d502ea9cb1bf492fbbc694d46ba44a96fb06b24996fe5d3ce1d100fb2cc7f40ac635cfbd704b7efddfe227646db75900c91afe8477ab1ad960afffe5cad4ea3e8e3b6af492597f875149653a63a3f4f49a17daed5d4d74082293bc8f93fdbff010134af175a2a11aa251c4e2f5b32af42c7aaa7dc9fe8d42bf9b6262da57e47bcca6ed5180d382fb16172c239f846a3ba6661cdda2137fe9911cc3b29255e099d2a57865f7830e1dd7e8862898ba7affd88cad28588989cb7fcbe13c8de4962a81124a419912fd663b30406558f93a3e3fb837a50a6c53b3f6374e4790fd72873c3454adc2a01cab87424cc733d79d0b0e14df3dd4b0bd349d7374ceb08fef9e03308efe1c383fe7c32b978cf49f9db2376716ddccc0cd513caf419ea8981ccd5ac0c509331e8ea979dbd54e61148715ed740186686b13e452a6bfaf0bd22c428230b7746c6923e84dc23798984c0d7d2491335d0b0a48b238dcc9c369fdbe4e9cf520ca46908400864bcf3787813d26a57a3d447acfa1600a885da8e590a21ed3c5783806307d8ed18511c12f4cd5802427487a4d2ea210e229a2023e7070b5d5a1227e9737b09332ad76471c4da464947483625920a637100d34e67071a3f57448c8b8801b23c49999dc67c4c8857ec76c40c6469ee6f7a9047c3adfe658adfbd6815c0dc3ea0b7a117d43a9c946b72ff7a4ffd4f768b8781641ae02830015c03127dc5c973c125b5b96dc2566f00264b8b6d4f2a2b028fbd329b8552f73c3c93f1323fc708a355fb088a915d36c10e007c7dfaad130b181f92d42e1261127722d73486c531907d1e908e08752e0a0ffd8431ac1db750594760beb52edd1d2701f2df51c4429f488ddb13567a494b9555f4eb7b8a3cd65e19746fc0f8b9c036c6537bd9fe9bd715231fcbb503e916b39c249ffe31119de3ed17aeca6198b53bb8f1bdad3bcb5f35a475415a633650acdb08e7fbc0b3fe326ef3d1a44cc3dc477df6609150a3b4898e4f03aa99b65c0601eb692a70d6de36ffc0cb6cfa9444215b4bdc199d99a0d1ed5280bcf3a220f1408a4336f7dad8b283dd41f998a63195c986d9c82e31530910e4eda688d82e8927d597055d652bbee4c9814c0bb918124af0a5ff7f018eb593c3882b18f6da38bf0e42d805024806c9df82996885aa85534a59a7fc77cb7f3deb0511a7e312f3c515b58092987b67b46b7b97066e0f3e17ec65f42f1c338313c03007ae0a0194996ecfac5d9955693ca6c69cd8471ef8a1a5871d6475d3731c6e5b81096a189776deb9028a3de002811e0f89d7c8113abe136b65906f967a0766a0328a386aff4feec26d51c7efed0240ace135472020fee7ad500301bc62ee616b4ab71f2d33eb523e0c8b67a45d0e68dd5cb4baa3995e846bcc3249c4f6871cd3c03952978796e3f0af04bfa7c26b0d7568c3feff7b036774b6b2010d038ae84e05d3def079de00ab6bd291a254dc5f4bf4c0c72f7216b35e99b899afc55baa45ced462a68ed656550eedee7c1efc57708690a3d597a1d4ce1e17a6b9e91e9d191e2ed4f7aaffa348a81d88ff4de458cc2e42a93f150642da7ef354be3121222dd20607955bc9853c902032abf0b5af4582feeb469586cbae96b501ee5072c63724", 0x1000}, {&(0x7f0000002080)="1f741ea03430708df305f09c6de21be13a6faa657f341abbff930f2684b8e2d70ebeefc0891de1c9dddbc51bcf10a8606cf12e3f86b0f10f7cc91597272a80dd7514ea63378dd95fd6d75d2263047855f487662b3d", 0x55}, {&(0x7f0000002100)="c87cda1de145ca6e40bdfd839cded02db10e35e63458ef8e4f7953912c7a64f54c38ad67d99f14abdb84ea63356ab1337cf65b8c9bc8b0266d703e91fb0f871a30a3df09e4ab1dce305d7fdecf7096d0ae8627164063188402dab370f2a88ebf69707d146428b1941622e50bc6f9ef583dc65f97b1c5606ac130d86b", 0x7c}, {&(0x7f0000002180)="911031d1fe5406713367eb9e4737e41e12a2fba26e398c1e19e04b6e84bb91aee83fb43dda5e79d92305a3c8a3b498fd08b730f460a0aa7e20a969cec69cacfcf0cbde0b024450f40fa750242bf717af82706a0fa62cf3c720effb23e4efa55065dd9d0bcdcad9113df9dbc1db9d1f065a", 0x71}, {&(0x7f0000002200)="b2706e49797e1a9c07c7ad614d7b4432de2ccd1d10ccd34068b57b8866fee68c64f5a957042c542963130b744a3418af68716dc3eede3d3bc1e2f36951f78de58f9d21bf34a9c2313b6636261422de62a644bbf6e411c0ae4b1c62b3e42999813cbd9f4fb62cb5c94c1019358d58cb59e85093faa01be5ca6274b14f512b76e6e6d862282d977e979bbec707f2e32615", 0x90}, {&(0x7f00000022c0)="b5d949c1dc443d087cc66e6f7cc6bf1b35e3491a4a3800d193e46e4d4071439c32adf037a07d72a90dcde59624c46b014e71c5da71e7ba5a52e6275549138f75a2281f4db277e424ac49d423aa3a45ee900a15e92aa21e4bd6e1a39398e2ad338822ea7537b3052251401b8ce38eccb51fa6c3c48a57909e0e56cd135ab4860bc468ee9dbbd137383b54526ce19fc147af577f7738c09cd03687f90d0c101cd88166c21c14b380f5d55225fa347e781acd30e00d7dc171d303e51b0d240cba1efe3448932669c84096fceb8000c6aabd11ea6b78ebecf280df7b6104b66281880d8f742938652ae047e79b8db18e41402249196e76f6dcd8a69c89d8ddc085ec0d03b182e1cc066ffa83e93eb3b02d1bb622498852d853c423ad6a4e786171ddea6641c9f81aa897a2426a956481d45c213487a4a793250068773e62aa88ed1c956494aae637e0aab390ad87ecfad8efdf6359f8b8285156b6bc7ba521fe40b621f7f5b43162873d5d79dc4602d16ecc4d696e58f9f344b30a90f459664107a5d925498c683ef08da7c687c173fb5e042b6ed2bc63587d332806335e6e26f0b65657a8a3a230d74c53a7f208b43803e4f87162e5010459d05ab2f030c7fe578957c70ba1e81ae1772e4f08abbf957b03977d4fe59bee162a8d12411d5f2c94c7cdddbeace0a1677be6dd62ed68ac0cd88c3ae49e8c4c719f2b7bff4bf623fb042e0187542f59ea462a9e296e677be14421b7c6e3bd48032c831d614ce5f76b24ffc7e3f8d36f3a07a94d46eb8a3501c093161c0a150833dd25fa0dc47db515cefc3c1a52061c45755194ed244883eb164a2de22b46a4fee89d96b6c2ec578a8dc82824353df631ce1c242bf86be01a76996b113fec32341a21ccc61db7456da0793ea00fd66c9c5280ef27191ed14255179e00bb7323994274ce1bd0d50270002d4bbb8434487d297dfc29dd99b31480c06c40d346c17cae2ef73a8aeb616c8c07e2e799990626aa11763ed3be93b477301b8c95f878b9efcefb62625f45a0406c851b0ab6d326517ee07e22bd2074431f4c55f66c7d729e03dfeb6efe85848e3f4f56f8520c4247f2517534c96f3dc9340f0e0416a12dee2b46ab4e7b2199e0786a4bed4c868899296f9d62128fb47c0f6a3fcfe4c6ef1a830b51fd4e0cbd0f500840557040e97bc4c088be52bef5381815aa9149e3f5ec11db6ccbe5ce6ff91afbafc4f74c14f96b86d56972197341b012b0770d91ba547c8673a359ddbd05dddb340a5994c9d75c8c612b9f8ca18ed501e248a2fb6d05c9bf52d1a20beed8baab49e6f354cd4dd3215508cbadf25064864374ad859e33e6f8a24bdcda693678b6207235cefeda280b3d3c5c592ebaf5753be08ddeb9303b06cfa515c6398d9c7aa7f4d4e80660b555bdd65dbe4acbae3f417f6233064e58b23fed49aed7cb9bc7f0f72744cac545f6e8a0a602697dffa13557fcabdd9df9e2823d3321f9959040b1f71ff7185b3e34f16ae4f625305dc74fe6db63b016ac6b8cfc8fa757825acd1720704c41d6f8e5f8baaa5be54a4934a7cda2e2e015f6c40c7fe24ec32439a06adaeb3429208a3b4ad446c61290b0e1de6d0cfb799716cdd3bb61de3e7208940b84e7489964a1c272fdd95b9d511cfae549128d72eed16950dfe0b45a9dcaf053e865e771be99b7e49b548e2238059dd78f8bf23c6ae489e34160553bbb7988bc816ade54ba5811f00e2cf75103a18af50ca46ae820a6ee29f581c9faa8f89684114d29303a206220ed76581c502b9d351b176d2b7a2fd12592d9cebf77166ac475c7e05d844b818fd8a05d2f9838db9b37b9a4f2f9bc8080d302138e705fe63bce5d2356ee1338b641d0e79829b01cd5aa6fd8e7e657a19651b0843692b578d205b901b52ff72a8e4a1d04ea77ceafc4839ee3ea45b5e454f73f2ee924999f2cf9dae429d2666cf8d5ee2017f83347a5807b18225566358ac5f6dfa68bfbfbce2bf39595a306b430e64b165a4ddd4863f04ad6631c6ff3c0c009976aed5a5c4f568afc0937af5a28a39ed5ed73b375819dcc5ad3839a0682c969c4883c33b461cfdc9feca8f1baf3565bd397eccd2900c9122533d041cbb54aebeafc2eded5944fa16e4145ad081ac8812357cfa9dade270dba2efaf97234c2f96530d6fc7583296fe5bafe9c84d9f03fcb1e23fd5adf71fb6513437cedcd6cb20a93a74e594ed005b77e1a04fabcdc2d30cd84e59bc7c8ac175491f4e2ddcb070a7435a35811a99375389c3c1477f410fa50e5d2f7f83539c0500de23617d7f9f4cf853fbfa7ebc768a8303b9e84fbf9a8abe9c5cef729a4b78122b4e8aa2cf6e7b5a739e53fc4779474608958a06ebc1b1004534ae2a98ea4ab410e93b1c08da398b51af469d43c8bad5c0268ad6a1beee2b3210129f1386a1100fbbbd90bf162fa26131d4f6dd1f67b5ebfe5dac98f7b55381e12216dca55370276c47554349946a080d9aee712ab8ad492b3c98fa5893c1828c41ea7dd135c13affde8fa7ddcc122c0fdc3430f7f79c8b1dd0e89511b9d3674d3050f1bac4f9e887fc639467b8697acbadb4a504f206c556dfcf964030d34314465f23beed825092df03ea627d8c61b6aac15f1dd5275f314cf5324235ba0d2d9732917bef0676d61a651c2cf726750966dbf1597449c8f710eb834288c0861daf6608fba6165b0bb72860e88190bd0009d554dfba6945a6b297a138f1165c40e8fae9c5e7bcb0120aa50f3f3aec67d254f9bab43d4a26b9cdecec4781a6764de7807b727d06340575fec9905127c534efb03d5623c786cf491c72b085b2d6eb99dcb85f44be19349abd0a936065034ec3d15035ff83eb7a6aac06b8fe624e8e3c9f8be75c8f9c85374d32710769675781ba9a3e64a0c6dd8a186d06a507597429b909ee20213ce34a7774dd958d1ebd5a3e1ae075540597bd6210cdd6754c1ac83ee70831f61380bb8e7e36132ec0ac69407607d33852d24f67262fef782a0fa91bacf20d84ce727d7c8b854fa57155602e30ed1bd8cec4752e61ce0f270c13007692429dbc18a5cdec1c2c8d0db61afabfc180ed566606d989fb7dc0dffa698c9496ca18c9b763737318487c4b4bdd6b82224d5fbb7e07914ba4b43d980bd755a895bfc51b6d98273d7c394fe5a260cca3f7060580c01c552589545eed84a4b78a0bb5785f161172087afe0b09412ad7d155ffa54d53a33b867ecb93a5a9a1795ccbaafa007d1686637630344011852b706846bd1cb6175bd8fc109c498989f6a5313b5e746c746e392e9ca916492e6af6c861941c1f9a8fd36f2a31276e30d436d37e60acb05ced00aba537de82e6f939699fa58b214029a5e701f7a5bb1296d721bbd90e283151e744f2320b780643ea03949e88a2af6b128e4568b6e2b1a651d905e70460cb2809961a3789e2a9d7a57b84595302f865542c4d0fd021fc7a2e7eaf133df9451ac3fc78fa2286953adba27bf1780af468b5b55e027978d31ffcfe1143d691986cad789bdaa2a162b346f20a098e028e83ba800509c5f341d6c5afad2c608c8744b60e1ae50bfd9e8a0c59b61ebdf5d8b913316c04674a3a25c1a73dac656f5e484ab5b9a7fb77feab2410f8f520ca4b0362aaf7e6ba8e0915a6f2e55ce1222c1625795d48617e793a240b6502e533b590e0e9b44f8ff1d30b13560d2fbd40ba479a76cf9f34762212246cc3024c172af8e3b9aa17766ccf767520b62f4200588d5c26ee7b6efd3ccd2115966c9fdba259cefdf9f98b7fa1bf4dc833c5db7bed16dfe023c277644cefb1425e59ec9c2e2d48d77c9f8394bae8bebdad8a6ce3be76e39a4f7bd07c8b3ce03641d7761038ac30e3dbe124322fb0d7ddb000bfea8870e44af4f373ded90140da19ea02ab06b6de7b87c2e6b5a1e945998fb61223d07a9fd71d02bfd0fe0198568cf3827766014023deeadf757a2310c6727fc621794bc16bbdb74044a5bc480ef6e91a6cf0a9ed0ee341b3d2cda730e3d61462b8f1788fabfadd891b4aad0cacf8661d0d77419f79c83acd1635f335e973b428f6b5be0bdef4cd90bad9b45112fb5a73508c30c6560a6538e5ef8edddf66d37f629d8e7f23fdea290b883feecbddd2d5595c31896cc327f4e8e3e20e6c640ac91449eb886b970042b9ea9877bf6c4fe565fbc0760a114b30b83873c32fa30b0a49892ed8ee0f5b226a8df4425e5328abbd0d645df581e526e303625e9c0f400fb7722ff12315d7692a7619c47c6c48a36f459b0f29a3bbe635752aea56c12e5addc3105cf8b301a5809d4754d9e2e2b91a9934a6ece6ed34ac4b1c703769caecd7822a0db92df16174a045c59cc7ea8aca9a3ef11f6e37202354a2ba5952dd8aa2d9ae2278e985e3168604994aed6426e13cac0884a5b0d0dae2105cb9d958f294423d5faa6ec4285b90325cfbf831b9f1afd8ff77d36c17cad09b5b9ebf60b9d198d6f6700e05ed379103afd6c4879dba660039770aa87832113f32c418bf04f16f81aae6b524a66e2317ed636f493e8ea52ad53cbb270225b4fdee84df19909fad9647459955b162da6ce09621ef1225426ce8730585b7e1e10315087d9539044a598b4c60e0d263a03477e508af1bb201311dfb2ca1470ad9c3d1f83237b49076258b22fc1b102325367d38a0adca78fb0bf7c988369660695bf502545fd677818ccee658b769cfe93b52b21edfdb2573b30dd9aa422391258823859d77d5033b7e79f612e2060924a58cc44365788169a829ba3bc04b84ffcbae28f0ff97f76bdc7315976591cedc8a76e9ad6bc058a582612e954e39a28eb0f8cf7bbe63334d7134ad3f23a0cd87189a4287c9cdba8b75e5d9b1b1d8aadec1e785eb27308f32e5ac245483c3c2ef1dec2b3a35bc7c430f0b6321823adc6168f16117984ff43cb0f9c9fa4bd1dbda1610e9df427a2cd063fc41bad24ba0f1a83c4769a141bfb3b190d66d3e814021cfcef2eb52fe8535c3c64e7465d9c645ae90dbefd1c3559d89acb4fb7f5b21a341734e48279db060fc2fac7e2cd348a6e8561033baf743a7c3f9f714aa912454abaa583b000cd3ebef7240cb7f9a7d2237d761f22e874d4574e623a1136ca9aaea048fce30d72aae4aa81da209277b341efc4df29e334b91b6a0ecbbe150e8dc54a5911bba1a313c02b96a02cc01eceb4cc1d0a49a335272a34b8f2ff6b2e9f8444db0b9f678fd623e90a2d45f4705603161ed20027ca768bdfecf6fa4d86ebf781cd4fa12187d2b4b7a51e5255eb5e33bd7b5842cca0eb9a2b96a3759ddcb1ebe54e992c199ffcd3c38cd261216a26725a4c04a99240303c6d40a479819dca4917f00cf076bb7cffd389b8ed560927f5493e7b1e0546e16e0ba7b632ad3fcde230200252e50788062c657dc0d95102f91d65267e8c74b46a841c8f23f8fada5977e880f55e039b080470f8cdc9c822779b427fd6404473d673be331add33aa19a2cd0011dd0988e636012c4f82e366d8ce236c782d15d40297da438b22c5ca1a147acfbbd172e57898039235251ba34d166f9e0e2319bbdfaf902117c8bfb184e0ed0b08fcfb705807ce5d15397d8721bd9eb389f09b47bdc24b394ea687bbaed05b5529883e65f92683a9fab39d83a5da10dd482197449ae6101b776f42b305a15851154757f911ad14ea870fc5c7c078dd0a80604d76101e967f0d6df9dcb01782c9a1853bf88e9a095cc2032e8ae9c276a380f869ead7c218d2f42a84fb05b7fce1d6e6c977d1253dbfdae073565df84299875128d397a3cc0a3bdd96", 0x1000}, {&(0x7f00000032c0)="ba594d205a7af32e", 0x8}, {&(0x7f0000003300)="dd07155e1eee8395115a3fb4166a43e0e1cbe41e66c9f7afbf94a1b03b5a0490b7418e942760ca1d4737e122b186b822019c187e0db2a6e553332497fc5fbc11c0ad33507c18b57e2f0bef2418094e3b476b665ef3991f9edc61d8b204bc481abf9be22ffaff10f47dd052bfba42e094dfd32c276aba82c1fb9a80f13f9d6bccc559c8ab73af84385d425acf07f141be084163cdffebcc7eeb34586f30863ddc953ef77f22aca1f54a6f812dca9f1455b6ae4a", 0xb3}, {&(0x7f00000033c0)="7c720f3670601a4bdc737ec3fcf3cfe983f16bfbc6d87b9004a948ef260bb61117c407cb1da17ce06b27df88b8b881103ead77d164a367c9b25db6915f3cab926fb2264dfc9624762d2ba604084db00c64ec8e5196e833d3194b51a8512c4e2adef9508d59123dce589ae909c02e5de1e7fdf5a002ac57f28db2d08424bfb42ab3b025", 0x83}], 0xa, &(0x7f0000003540)=[@dstaddrv6={0x20, 0x84, 0x8, @empty}, @prinfo={0x18, 0x84, 0x5, {0x20, 0x80000001}}, @sndinfo={0x20, 0x84, 0x2, {0x3, 0x204, 0x8, 0x8, r4}}, @init={0x18, 0x84, 0x0, {0x4, 0x7fff, 0x7, 0x40}}, @init={0x18, 0x84, 0x0, {0x2, 0x26d1, 0x3, 0x7}}, @dstaddrv4={0x18, 0x84, 0x7, @broadcast}, @prinfo={0x18, 0x84, 0x5, {0x10, 0x8}}, @dstaddrv6={0x20, 0x84, 0x8, @remote}, @sndinfo={0x20, 0x84, 0x2, {0x8, 0x8002, 0x9, 0x6}}], 0xf8, 0x40000}], 0x5, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r5 = semget$private(0x0, 0x6, 0x0) semctl$IPC_INFO(r5, 0x3, 0x3, &(0x7f00000004c0)=""/163) r6 = semget$private(0x0, 0x6, 0x0) semctl$IPC_INFO(r6, 0x3, 0x3, &(0x7f00000004c0)=""/163) semop(r6, &(0x7f0000000100)=[{0x1, 0x3, 0x1800}], 0x1) [ 1309.851228] Bluetooth: hci9: Frame reassembly failed (-84) 23:00:52 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x5) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x7f, 0x20, 0xff, 0x6}, {0x6, 0x7f, 0x80, 0x300000}, {0x0, 0x0, 0x6, 0x3}]}) 23:00:53 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r5, 0xab9535e9a6578fc1, 0x0, 0x0, {0x6b}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x3}}]}, 0x20}}, 0x0) r6 = socket(0x11, 0x800000003, 0x0) bind(r6, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) fchown(r6, 0x0, 0xee00) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, r5, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0xffffffffffffffff}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0x1}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x8, 0x3}}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x20048040) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) unlink(&(0x7f0000000000)='./file0\x00') [ 1310.803267] Bluetooth: hci12: Frame reassembly failed (-84) [ 1310.947332] Bluetooth: hci8 command 0x1001 tx timeout [ 1310.952678] Bluetooth: hci8 sending frame failed (-49) 23:00:53 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = socket(0x1, 0x2, 0x6) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000100)=@raw={'raw\x00', 0x9, 0x3, 0x310, 0x120, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x240, 0xffffffff, 0xffffffff, 0x240, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@ipv6={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @local, [0xffffff00, 0xff, 0xff000000, 0xff000000], [0xffffff00, 0xffffffff, 0xff, 0xffffffff], 'erspan0\x00', 'team_slave_0\x00', {0xff}, {}, 0x3a, 0x7, 0x4, 0x4c}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x8}}, @common=@icmp6={{0x28, 'icmp6\x00'}, {0x11, "3cd0"}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1, 0x6, 0xc}}}, {{@ipv6={@empty, @initdev={0xfe, 0x88, [], 0x1, 0x0}, [0xff, 0xffffff00, 0xff], [0xffffffff, 0xff, 0xff, 0xffffffff], 'hsr0\x00', 'syzkaller0\x00', {0x20c4b0ad7804e1dc}, {}, 0x1, 0x5, 0x0, 0x42}, 0x0, 0x100, 0x120, 0x0, {}, [@common=@inet=@tcpmss={{0x28, 'tcpmss\x00'}, {0x7f, 0x8, 0x1}}, @common=@srh={{0x30, 'srh\x00'}, {0xc, 0x7, 0x9, 0x6, 0x0, 0x2001, 0x90}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r1}) [ 1311.497362] Bluetooth: hci2 command 0xfc11 tx timeout [ 1311.502676] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1311.634868] Bluetooth: hci2: Frame reassembly failed (-84) [ 1311.641029] Bluetooth: hci2: Frame reassembly failed (-84) [ 1311.657428] Bluetooth: hci7 command 0xfc11 tx timeout [ 1311.662742] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1311.907333] Bluetooth: hci9 command 0xfc11 tx timeout [ 1311.913178] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1311.997306] kauditd_printk_skb: 35824 callbacks suppressed [ 1311.997314] audit: type=1326 audit(1599174054.404:1849662): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1312.024821] audit: type=1326 audit(1599174054.404:1849663): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1312.047512] audit: type=1326 audit(1599174054.404:1849664): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1312.057437] Bluetooth: hci11 command 0xfc11 tx timeout [ 1312.069474] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1312.082162] audit: type=1326 audit(1599174054.404:1849665): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1312.104361] audit: type=1326 audit(1599174054.404:1849666): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1312.126369] audit: type=1326 audit(1599174054.404:1849667): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1312.148990] audit: type=1326 audit(1599174054.404:1849668): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1312.175050] audit: type=1326 audit(1599174054.404:1849669): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x45d5b9 code=0x50000 [ 1312.199244] audit: type=1326 audit(1599174054.404:1849670): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1312.221225] audit: type=1326 audit(1599174054.404:1849671): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3089 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1312.857336] Bluetooth: hci12 command 0xfc11 tx timeout [ 1312.862729] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1313.017488] Bluetooth: hci8 command 0x1009 tx timeout [ 1313.657427] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1313.657452] Bluetooth: hci2 command 0xfc11 tx timeout [ 1313.689021] Bluetooth: hci2: Frame reassembly failed (-84) [ 1313.694727] Bluetooth: hci2: Frame reassembly failed (-84) [ 1314.217424] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1314.217442] Bluetooth: hci7 command 0xfc11 tx timeout [ 1315.737458] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1315.744133] Bluetooth: hci2 command tx timeout [ 1315.827517] Bluetooth: hci10 command 0x0406 tx timeout 23:00:59 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000140)=0x7, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x1, 0x0, {0x6}}, 0x18) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:59 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$SNDCTL_SYNTH_ID(0xffffffffffffffff, 0xc08c5114, &(0x7f0000000440)={"47896b5651c7f5c0eb0a10fe3889de2a78915f8ade31b486b0a9bdbd49d9", 0x4, 0x3, 0x0, 0x7, 0x6, 0x101, 0x50f, 0x3, [0x10000, 0x9, 0x7fffffff, 0x685, 0xd3c, 0x9, 0x1, 0xfffffffc, 0x8, 0x80000001, 0x7, 0x8c5, 0x400, 0x40, 0x10001, 0xb7, 0x2, 0x40, 0x7]}) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:00:59 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000), 0x12) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, &(0x7f0000000100)={0x7d, "ddfbeed3af1ec9448ee40130d0bcb06c195809f2117f65fe724e7f2d0408de1cf8d76bd4be3af312575d3148134f53ff3a977398754f57cf407d2461f82d04b4787a338f7d9a5053bd62704bd6ee7e2a7cde33ea42d43dfb3a04dfecf0cc56bd6ade3b398cd21d34a6dba86d7f92885f16d060b2f4f2e64f6eb768788e9facc5"}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_G_PARM(r4, 0xc0cc5615, &(0x7f00000001c0)={0xa, @capture={0x0, 0x1, {0x6, 0xffff}, 0xe3, 0x4}}) 23:00:59 executing program 4: sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x52000800}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="4000000012da27431f7f360f0052a05e796fd5a90ae873bdbe9e189811d408cda4ebd73ef135725d08ced88fa363b1fdb7ae0c928b0135c299323981890387029db18e3002a9df00021580982669901a083dd400ab432b9863835e75af97213dec9a337cfb644e0ea2f41dd3ddc497a7524d9390ac473900452427ad81aea0950c102051df8519b3c05d7d262c44e3bc51efa6a23ac536979726b176a560c7e12247ee20309b2192d2c1c7a28bb3b6dff24ac0f244d823ab4b653ae79b5268f77b13a2fbe3b2f867a4c0e472b7229ca911abf4ed2f4fa9ba11d46b8c7bb3094baa00"/241, @ANYRES16, @ANYBLOB="200000000000fedbdf25010000002c00018014000200687372300000000000000000000000001400020073797a6b616c6c657230000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000001b00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xa, &(0x7f0000001ac0)={&(0x7f0000000440)={0x5c, 0x0, 0x204, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4}, @HEADER={0x4}, @HEADER={0x34}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0xfa, 0x7fffffff, 0x4, @local, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x27}}, 0x0, 0x7, 0x1, 0x7}}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000005c0)={{{@in=@private, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@private2}}, &(0x7f00000006c0)=0xe8) accept$packet(0xffffffffffffffff, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000780)=0x14) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000009c0)={&(0x7f00000007c0)={0x1fc, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4048885}, 0x4004) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r6, 0x400455c8, 0x9) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000100)={r6, 0x4, 0xffffffff}) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r7, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="400000001014000028bd7000ffdbdf2508004a000200000008001500050000000800030003000000080015000000000008004a000200000008004b0013b40000"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x40c0) r8 = openat$cgroup_devices(r7, &(0x7f0000000240)='devices.deny\x00', 0x2, 0x0) fsetxattr$security_capability(r8, &(0x7f0000000280)='security.capability\x00', &(0x7f00000002c0)=@v1={0x1000000, [{0x5, 0x80000000}]}, 0xc, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:00:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000240)="4f75ba4fef69472303fe7a7364624fd1a066769db8517c47d602d0dbde16e7186dec99e0e1ba0d74f8d9b08ce0a82777ce6af4f4b9c823827b238d30dcb1743af4a2c77bcef7c4b228ac18f309b4949912a00dde2549c4449f54df360d7779d7e020b5128c3244de15736a219e18fbaa6cbe8832298cbc7fe0643d5c2f9981c0f2acfdff359f0993b4d7aa53e92f68380f1f310c51e068dbe4e423e9104a58223031ea96bbe5e3672dfa0c3cc5cce17ab8e12b1b26804535fa5b57c49142c9ed211c6746fb019be151ede1b12b674df43fc87f0f134d457d3f35863e3c5d012514c5c96b65dbc76a57094ea6d7649aad357cd415cd191a8b046da28bd0240a8f") ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0) sendmsg$IPSET_CMD_SWAP(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x5b96c450566f3465}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x70, 0x6, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0) [ 1316.987103] Bluetooth: hci2: Frame reassembly failed (-84) [ 1316.994268] Bluetooth: hci2: Frame reassembly failed (-84) [ 1317.005068] Bluetooth: hci7: Frame reassembly failed (-84) [ 1317.015818] kauditd_printk_skb: 5537 callbacks suppressed [ 1317.015827] audit: type=1326 audit(1599174059.424:1855209): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1317.022608] Bluetooth: hci8: Frame reassembly failed (-84) [ 1317.066777] audit: type=1326 audit(1599174059.424:1855210): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1317.093179] audit: type=1326 audit(1599174059.424:1855211): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1317.131037] audit: type=1326 audit(1599174059.424:1855212): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1317.253430] audit: type=1326 audit(1599174059.424:1855213): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1317.337587] audit: type=1326 audit(1599174059.424:1855214): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1317.337866] audit: type=1326 audit(1599174059.424:1855215): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1317.338182] audit: type=1326 audit(1599174059.464:1855216): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3184 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1317.338920] audit: type=1326 audit(1599174059.464:1855217): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1317.431014] audit: type=1326 audit(1599174059.464:1855218): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3178 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:00 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$SNDCTL_SYNTH_ID(0xffffffffffffffff, 0xc08c5114, &(0x7f0000000440)={"47896b5651c7f5c0eb0a10fe3889de2a78915f8ade31b486b0a9bdbd49d9", 0x4, 0x3, 0x0, 0x7, 0x6, 0x101, 0x50f, 0x3, [0x10000, 0x9, 0x7fffffff, 0x685, 0xd3c, 0x9, 0x1, 0xfffffffc, 0x8, 0x80000001, 0x7, 0x8c5, 0x400, 0x40, 0x10001, 0xb7, 0x2, 0x40, 0x7]}) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r5, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x4, {0xa, 0x4e24, 0x5, @private1, 0x400}}}, 0x38) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80902, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1318.684808] Bluetooth: hci11: Frame reassembly failed (-84) [ 1318.690899] Bluetooth: hci11: Frame reassembly failed (-84) [ 1319.017408] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1319.017644] Bluetooth: hci7 command 0xfc11 tx timeout [ 1319.024112] Bluetooth: hci2 command 0xfc11 tx timeout [ 1319.034526] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1319.097539] Bluetooth: hci9 command 0xfc11 tx timeout [ 1319.102851] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1319.107428] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1319.115206] Bluetooth: hci8 command 0xfc11 tx timeout [ 1319.158860] Bluetooth: hci2: Frame reassembly failed (-84) 23:01:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$TIOCSRS485(r0, 0x542f, &(0x7f0000000180)={0x7ff, 0x5, 0x100}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDADDIO(r2, 0x400455c8, 0x5) ioctl$KDADDIO(r0, 0x4b34, 0x2f40) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x5) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000100)="10fb5f8711ade8cc22ae94b927c53851ea9306036197a0b5c919850d142eac187da5e0d329659ed7290a498107f43e6c13373c5a5ef6c0376c7b6d0a5f2ce629fc6311b7d7518450466bd54e8c53d2d132f96f2b9226a86085234972d6e7b5c286fa5d27727dc0cdef7ccf24ffbf26012d55b492501727996c05953c9d8ddb") 23:01:02 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1320.207329] Bluetooth: hci7: Frame reassembly failed (-84) [ 1320.213578] Bluetooth: hci7: Frame reassembly failed (-84) 23:01:02 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x94) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x400000f) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000140)=[0x7, 0x6, 0x9c, 0x6, 0x9, 0x9, 0x3, 0x7ff], 0x8, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETGAMMA(r2, 0xc02064a5, &(0x7f0000000280)={0x10001, 0x2, &(0x7f00000001c0)=[0x81, 0x0], &(0x7f0000000200)=[0x4, 0xffff, 0x6, 0x1945], &(0x7f0000000240)=[0x0]}) 23:01:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$KDDELIO(r0, 0x4b35, 0x8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1320.405950] Bluetooth: hci8: Frame reassembly failed (-84) [ 1320.416266] Bluetooth: hci8: Frame reassembly failed (-84) [ 1320.697583] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1320.707634] Bluetooth: hci11 command tx timeout 23:01:03 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x189503, 0x0) ioctl$TIOCOUTQ(r3, 0x5411, &(0x7f0000000080)) [ 1321.177446] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1321.177450] Bluetooth: hci2 command 0xfc11 tx timeout [ 1321.303843] Bluetooth: hci2: Frame reassembly failed (-84) [ 1321.312274] Bluetooth: hci2: Frame reassembly failed (-84) 23:01:04 executing program 1: sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x52000800}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="4000000012da27431f7f360f0052a05e796fd5a90ae873bdbe9e189811d408cda4ebd73ef135725d08ced88fa363b1fdb7ae0c928b0135c299323981890387029db18e3002a9df00021580982669901a083dd400ab432b9863835e75af97213dec9a337cfb644e0ea2f41dd3ddc497a7524d9390ac473900452427ad81aea0950c102051df8519b3c05d7d262c44e3bc51efa6a23ac536979726b176a560c7e12247ee20309b2192d2c1c7a28bb3b6dff24ac0f244d823ab4b653ae79b5268f77b13a2fbe3b2f867a4c0e472b7229ca911abf4ed2f4fa9ba11d46b8c7bb3094baa00"/241, @ANYRES16, @ANYBLOB="200000000000fedbdf25010000002c00018014000200687372300000000000000000000000001400020073797a6b616c6c657230000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000001b00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xa, &(0x7f0000001ac0)={&(0x7f0000000440)={0x5c, 0x0, 0x204, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4}, @HEADER={0x4}, @HEADER={0x34}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0xfa, 0x7fffffff, 0x4, @local, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x27}}, 0x0, 0x7, 0x1, 0x7}}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000005c0)={{{@in=@private, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@private2}}, &(0x7f00000006c0)=0xe8) accept$packet(0xffffffffffffffff, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000780)=0x14) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000009c0)={&(0x7f00000007c0)={0x1fc, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4048885}, 0x4004) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r6, 0x400455c8, 0x9) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000100)={r6, 0x4, 0xffffffff}) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r7, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="400000001014000028bd7000ffdbdf2508004a000200000008001500050000000800030003000000080015000000000008004a000200000008004b0013b40000"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x40c0) r8 = openat$cgroup_devices(r7, &(0x7f0000000240)='devices.deny\x00', 0x2, 0x0) fsetxattr$security_capability(r8, &(0x7f0000000280)='security.capability\x00', &(0x7f00000002c0)=@v1={0x1000000, [{0x5, 0x80000000}]}, 0xc, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1322.018127] kauditd_printk_skb: 23605 callbacks suppressed [ 1322.018135] audit: type=1326 audit(1599174064.414:1878824): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.047523] Bluetooth: hci9 sending frame failed (-49) [ 1322.084254] audit: type=1326 audit(1599174064.414:1878825): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.111943] audit: type=1326 audit(1599174064.414:1878826): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.139765] audit: type=1326 audit(1599174064.424:1878827): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.163812] audit: type=1326 audit(1599174064.424:1878828): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.188663] audit: type=1326 audit(1599174064.424:1878829): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.211865] audit: type=1326 audit(1599174064.424:1878830): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.217502] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1322.236254] Bluetooth: hci7 command 0xfc11 tx timeout [ 1322.247968] audit: type=1326 audit(1599174064.424:1878831): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.271473] audit: type=1326 audit(1599174064.424:1878832): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.297509] audit: type=1326 audit(1599174064.424:1878833): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3259 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1322.472901] Bluetooth: hci8 command 0xfc11 tx timeout [ 1322.478584] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:01:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x4) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1323.298233] Bluetooth: hci8: Frame reassembly failed (-84) [ 1323.337521] Bluetooth: hci2 command 0xfc11 tx timeout 23:01:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_DEASSIGN_PCI_DEVICE(r2, 0x4040ae72, &(0x7f0000000100)={0x8, 0x1, 0x7ff, 0x5, 0x80000001}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x200000000000036a, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000140)=0x1) [ 1323.348137] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1323.383514] Bluetooth: hci2 sending frame failed (-49) [ 1323.418050] Bluetooth: hci11: Frame reassembly failed (-84) 23:01:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, &(0x7f0000000100)={{r1}, "9eefb20ad777e2498ee8052e2110aa81b2bf6fcdc9be081bee76592b6cf36fdd635fd9f68645862036d99fe05988385c676a871b3cfab5e3bbca7557a77118dff9da4707930652f4adc25025561e7367ba9763625e7f2e4d123e3c9a94a695ea3af41733ea55d8356b565f100bb429040e4f9c248e91562a15143ea142b9eae3070e6c13a456c270697006d543401bbf0828a0af9dc689b86e6806eeb8b62d0338c5d8e66bb36d206ae57b0197dd5077c439f5bd42d66528f01a47c11e327d178c520eed3cc9edc92a037ad9a6accb5b1c6aac35ae50eb6bbc83f4359b1db4c9166028a2d9cb498250ae1134b3ff102588e5bf3f9152932be801f41a51ac93bca659a422acb1195cd35229d9f29e93e883098450c510501a66e85c6486292e230b71d00efe8f795d1b623e5df775a8f604f435af98c042d9b25dfa70cec8224a83ba817fc381f8aff82a47188a85cc25c5b6033cee8c64d4768832525684ea66ff920c21fe084d5d03a84fca1160e470ebc3e1b008d19b796489fb6958a0d7e18387deca9d8cab51f66f7839ea409ae0a2a182623df2158c4a1787faef7d82b576dcfe1d19e4e7d3f93abc93aa38203c12bcd6ae4623225f083cb02e95b05f2e60067830e64ddacff8cefc337a39f583c4dac2af5dc116283fceae0b939f03c926a8d5a83d9ebd665c69178691c000caf311847b25b4e41fd1d2b81058f91d53511b418e28c3a45222b7b37d50dc403246243464e14aced00791479764c91ccd29a122389a8e4e818667ab59f84b4239ddf38a1c4007146a5a0ec8d9f44e812ae77520c7cfa5df89804246bfad81b7e9a960a6ebd267e6891d59878bc7be5b6b1477c0dbb3d1d6f2bc7cb7546300069d256f60d6e006243cd35dd3bcbe813e48cfc4ba67f58ef2d152036a55f291fc3e4c0ba21bc45270661b6cc71fab021f94bbeaa9166890e7c34f9b3ddd1963e53c4cda3e5c9c4832f91235d4503a40235b3129f0c1031f588db6674cbbe2beb56e7dfc2a07c13d78f0e3376f3eec641cfd9230ed67062032809846a3f24cae5e0cf1c757726ec7562cce6358d03dbec3388fcbf8ef2f92d44f044cd44feea970e28c47d884658deb946d6a78d1b0cdf4cc855512712dce13f9d3816bed4330253937d5d6d18886f90a057a9d4676ad145899059664e7898965186b437cd905740a10a6b5b21962d1c78b755c976b413e5d424e83529decc3b9dc46337a295aa7de7498c885eb03eb3cdb19e03d7d9124110ef67d5f6559633f9e12baca326678433c057352283867a42f4d74381e14db7ff9ce8b669dbd026891638451a47828e44abe2698a2cd645e4b81ee936203c9e4cf59fc3c65eaa536a26200e6b11eb10e1e12d9f8929e98bd17b2d1a55cbaa039f55cc7c7946c8f6e605b71597e8744bf9e14932b591bad7c981f419370ce64d4e9efe57157569b50668bf703095efbd6f5667a3f1251f2dd8bb47b69004ed7d1e80577bfd2405ce463699df20aa651b8a647046f3343f753c7818dfe8c47f94ce10d7d146f46ec56741d012e067777086a1e81bb18cca95a37d07c9c75f658c6255135dd76beb4f47f3ef3ad74ab73858177b2649d6bbccb4b23dd97434627d08096d163143a8572a48672d988c0cb02049912be667ac3be4d67ebaf19b4915fb85dcc42f807c2e8e6750c21bad5fe85e09fb95dcd83461fc218ef4b0fffe33c5c0b9ada6978c020da02d5519468a0ee532f2fdc4389277993751fbe68ef6781d3d97acf878570ebc18108c33659f9ec4598778c1a04d3abda277b1d5c9e1b00aa482bfbbb41dffc18d5fd5af7550ab1ae274b82b98a4fad853bdc31442db92cffe5277d5e6bdfa944d8705e27b6bc55cd130d39fc4a30401cd2a78a5727a3e4e894ae0b9065c4909a6b74d9adeb54ea133980ecdbc573bbbacced3fedcaaf07d4630db14eed1bada70c206b45e6d9e40dfed69a6b6153225ff710a37b6878f8da93e8df33b1648f4db61121c7687f5fa5576759e90e458bed41cde9869d1865089afdfa47f0dfdb2a91e3c4b48dbea1056d10e6a5cace4d5e430d7863f83240d364f2564a913d2266f59218a6b6de57d5249085de55b59b3abb3f53e3b97aafe5d18e9535a7c8c58b4e3f5225e032a486462ba307ef299f3836b926d812d9f2bad0fe14491c6d650e5f781f95848366bfd1e0cdc91f9f2a7d0669605ec039d90aab64b06c5fc0f21086228d50f53bd83fd8deba1bf729f65c157ecd18c7efb2b195daa2a58bb9919c8d2b26129ce642f97bbf08273de25cb0dbffe4a811bf3dd9f9abd7427615d946b1d0f79de8a0a46d4ea2200241caa762227521b91db7c1ea85bda8dac746b68bfcea1b4acd201f40df031c232b052c11dab59d69c1b4616d236bd7a0d564b9a8ef70d460fea68383895615c6f04b17aca62d58bb0c53e4f33b4a86a45abf4d8c51f18124d67db4b886c88fc2065c8846438dd65fcd875feea787a5bf64c85921ac94c813aebb7e49f78ff50ff865162d76fd5906b63fea01538924aac9d71015455873fcd697b992742ecb98903c2f7efdab881f78c1df7159ab49468940792d5357fdc9feaf8d093a87a83993d853672f458a7cb7770eb1baa8653f8ce2ea7864d9b52611b4344a2921f5a6793693b817aa88c42d9c908a24777b490639fb32ae35f639b2c26e65257b656292249b1522e214245715a08a95cb018be2eb0e80d3809dd8767285d5f7bebaf30b08628833874142edb109b3efea9382e7bb9f9785b46289bdabc89aed0f479c13911e86962e5d9e0f067ae6913ba402e29ef224cd12723f94f161e3c9d5b5e8f77c1e459cf56cea9ccf5847a065fc412695a93f5765553fde2d2db6560171b305efb59bee961b662c14c31947f1d7e5efd48fa7103ab1e6c458455711392fef7917355423bdbb6c2f176b1d84cb785cd5b3a2251116513ffed0970401df899ffc247a346da63ab643ae945e98cfbc4f015963a2a7816b6aae5cfe55dd5daf54692c1b20328bb1c700046e05483e6b1114df45f33137400c47935c626af2409ae930b7019b0e93b7728ccc19cad5e8c42284352237af320a60305579684fe7f8b5d84724fea09964c728241aaf996446ac9ca5f0b4599add292fab8573f811d164446c7a97695c7349fb85c145c552beb2edd7d0568dcc463fb473c889b13ee6cd8a001599eecb8ff656dbe6a172af7d2ead071b30b73f390bbc0f374bbd89274652a684f4f5ce16f43f9a50222da14717be97a40bc2f6190caf974d705db8c831078036d469f6be39a94b80a198de89aec7a38745a5e291eae3cff1e6148d7eb95ef9e6b2e7751fc65dbe3e8ca79fed67564627c836bae972c2f88cee8edfb5b41786d99f008821aa995d51df0207792c79416078a687885eb996e33314d6fb4d435d439eb957b8ce2704b50db439cadb625e0a5999d79267009606a1720e7b9c76ec6567c12cea816ee10f21ce8e73daa051acfdb3c7ab19fc734e3ca440de7d4055bd9b3c1ec77ababacffdee42180a60761aaf8ea20f35b861aa3dab27e4e34e02f9b26bb2235ce03e09938a3d20d1db0ad49637c642027c2bd2a55b65ba8691363ba372fa2deb1570fe22de3f71e3e5ea2b38567e8cc2bcda88606acab4d836452dd36961061f8796288814609b66232c4d4847a88aaf9b8c15565780d605cd0c3f7cb18f7e61422a7057e355b414639d504b0727544cf314143ffd5aa4dd1cf135bde49ce6fd35dc3f7dc574cf8944bf971451e74c7af0f06f8b0ef1809162cd651e3412b7a0cad71aaeac71abafef696e5af0f95589652b0695975335ef5597cbb194501b40fc5f2ed65dc210d5ff1893e7d22bda467fc4bf6cd123f7a0f5c08337af7ac7af8801bc8ca7b655bdc33386f4db48665bd61c24c23e892b49c26112284345159c02d12b7f256f4a68187039a9e5751253b159a7587b82f2f9180008742f9c8e6b2796db6c0aa212572b82ea943d4f245d979be3f734b0a4b54f60829495cac788477e204db3297ca2b0069cbb9fb0a1ba934f1fdac6fb2d256739c63c14d79fe08a812d8706d4af830de83df7bceb9a3b707a752de00b9b07bbe792461a1e1b94e7443742e044726374c1fdf7b4fda99594824c9c358da5d70a7a94010a0f20f6c67092086997a04834ea130a00c5fd9a6fbbbe2e3b2a2a09a9d51b56d00fbfb247a3b7ad3485ba8b357d60016b7dc2de38884dbdb61276285cd9b8946ff4d674a4d1a3c1744a5071e2563929bf38d981456b35d062a304981a06d2404b94168d608c2ad8fb08648da7cdbbab00d5ad153209739e8ea10bc0557ed8fad5d0f68135c07a76e7ef5c924ac5febb3cdbb58bde75d37fade81f52ace81d26b305cade176698d2394cba042c6a101037a4ff7fe9f2bbcb75970ccba4a9b9076dc30c81f99ce3a917e6cc082f3bcffd0356da1b0c5d2789ecc15b40ba488baff2e9d7b0ab6f9c546c51ee81f1e620e9c4a7e0d76e6fa5a20c951da8a9a1946759ba1c302cbd0a61fcd0f4c90358c3dbaa95bfbc82dbc7ea883f9d6d547467c59a7f2740c5e012a184f03f8ea7fa21237d245cb3c75ce3b408d862d67d6a3b449e517bf7ba78051331859cbbe7f4ee0a7bbc6ec664145cb2b2f5dcb33f47756d3c76d8a3586019e1410d52f4018961c239a11d7cb86721c12c30f7ba24727f4ffb1c16a97561dfd0619f760bd9e865aa26b0177645f42d4b99df8f5253cdfdad36038b3d8d9a017a3602a6e38633ddf96f1961a0fb3c28d75c64957d663e9353564c4001511571e03abf00253cdd539f7d7f17bddaa1f55e2c09dfe50838b0ff9992c201b2e7ca312bff1886c3a4ddc9ff16476e4b8f66d00410073ee1747bb5b38c2f28568ebd59cb8937cdaf455d3318fb75b0804b97d15c29f65b02c995d7b349764a3eaf62cdbf37c3ab55926c23b034ba97ba3b0df3ac1ff7fa7639403b4298b844f8fe9fc4f97a3cd7977b62ef4147e7107a06143ba0d65ca6357cf5f8199cb23437f71cc64a523d109d525175333911485e178f550c6c16fcca1ddf31d2f953651f70155547e6bc2d378474eacdbefa4f31c21e95e3d7c7d3e5917dd49ffc24bc47e9b5a196e95071a98df7bde61084d0a8c36b631e3a9bc0e95874298d85a6c12c251524e0c0f23c4a21ea93290362720bc4b40082468055a314d8286f73014c7e5517dc4d899c2aaa06f4ecda4e1ea0768567771a4b51c56ee0cb90cec9f45ed5e462a01dbf1434a9f184b359b30b191a115a32f0d854dc77684dcaf6247c6f4c63f5aeb828322597d2c7982e8d6582a765394f8e1a787ef3e1415e0d88e56607578f7a459ba1e9e1962204e3227027b39ea0ab591622e5782be3bcaa5e7814cd8568110c959f60fff8589f8dd9583510fee1a506e8c092850417ebf55a79d62971b913454bfabdf6eb405d562ead1bc203251d2eaabd3a9773c8123c49b5b4c836d64f1b8092afc7d39cf8900ec389d0a49b6896729c8fb81efb3334bfb3dd31c1a4ac71712e9d4a4b1baecaab025f294ee74155d87b17afc971e6b040acd7d4ea95159ff952593e08bffed987ea4641aba0b0bbdcdcf0f7a7b42aef658cab3b77009e7ac02ed8f84cda3aa92f6aef9bfebbbe05b23d7a723c45da009ab55d2f8cf295f2f1fd91b9ca07ca4a0ee2571042c121b8980d3b5e47d1602bf08e186a7297644ea7a03b22d1aa407455f730f56e28948b4cda835d5d4bd691134bc6b671f76c3491e3d12bd65ffbb7200ef85f6556c43b02f0a12a94"}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r3 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x6, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001180)='/dev/dlm-control\x00', 0x200081, 0x0) r4 = syz_open_dev$audion(&(0x7f00000011c0)='/dev/audio#\x00', 0x401, 0x62001) ioctl$TIOCEXCL(r4, 0x540c) ioctl$VIDIOC_S_STD(r3, 0x40085618, &(0x7f0000000080)) getsockopt$inet6_udp_int(r2, 0x11, 0xb, &(0x7f0000001100), &(0x7f0000001140)=0x4) [ 1323.694385] Bluetooth: hci12: Frame reassembly failed (-84) [ 1324.057519] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1324.063591] Bluetooth: hci9 command 0xfc11 tx timeout [ 1324.229396] Bluetooth: hci9: Frame reassembly failed (-84) 23:01:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = open(&(0x7f00000015c0)='./file0\x00', 0x4080, 0x32) sendmsg$AUDIT_SIGNAL_INFO(r1, &(0x7f00000016c0)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x10, 0x3f2, 0x200, 0x70bd25, 0x25dfdbfb, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4028000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1325.337487] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1325.337505] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1325.347665] Bluetooth: hci7 command 0xfc11 tx timeout [ 1325.351057] Bluetooth: hci8 command tx timeout 23:01:07 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) alarm(0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1325.417594] Bluetooth: hci2 command 0xfc11 tx timeout [ 1325.427266] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1325.497518] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1325.497564] Bluetooth: hci11 command 0xfc11 tx timeout [ 1325.520014] Bluetooth: hci2: Frame reassembly failed (-84) [ 1325.737538] Bluetooth: hci12 command 0xfc11 tx timeout [ 1325.743015] Bluetooth: hci12: Entering manufacturer mode failed (-110) 23:01:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000140)={&(0x7f0000000100)=[0x6, 0x8, 0x4, 0x9, 0x7fff, 0x1, 0x80000001], 0x7, 0x800, 0x0, 0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000000180)={0xdc, 0x9, 0x5, {0x80000001, 0x3}, 0x401, 0x3}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'veth0_virt_wifi\x00', {0x2}, 0x3}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) sendmsg$NL80211_CMD_START_SCHED_SCAN(r1, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0xdc358ec0649bbea4}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3}}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c044}, 0x80) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1326.297579] Bluetooth: hci9 command 0xfc11 tx timeout [ 1326.302991] Bluetooth: hci9: Entering manufacturer mode failed (-110) 23:01:08 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1326.445810] Bluetooth: hci8: Frame reassembly failed (-84) [ 1326.453006] Bluetooth: hci8: Frame reassembly failed (-84) 23:01:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fsetxattr$security_selinux(r0, &(0x7f0000000340)='security.selinux\x00', &(0x7f0000000380)='system_u:object_r:admin_passwd_exec_t:s0\x00', 0x29, 0x3) pwritev2(r0, &(0x7f0000000300)=[{&(0x7f0000000140)="0f7fad11a894d0d7f6313cd398af5e43168e60de6389b52a9cb73c29404280672b526243c68dfd2c3619f67d431eccde66415beb78baa0480be46e1203baa249fca08ce9", 0x44}, {&(0x7f00000001c0)="45f860c9189ba4caacbf080ca63733e57d8b6124684696e717ef6c4ec1a7e1eb6196789a67070172dd37a88cce08758f", 0x30}, {&(0x7f0000000200)="4a2b4d5498b0f3ce85da5f7005e92d574f5b1d98fa96d17654582eed2236960a4807ced918cacbf82a0666dcff961879c7d9533a9f89da97db0e2a8e76315d2e76dd747dfd9e4d6aee4010a1a418de84b3dd85fabff5a7de62fc3e56474cef3b3471d9f81d3d7d9835ae52c1265068d818839ca9ad95f0a954f5fa871920d3fde8b443fe38eea4c965ecbe54906cc090f9f7a1d566e429c5f38bfbc55c999b86175a528fbba89b19d9c7183f0f876c524adf3be3b0860466afa1f5286f99e24b44fd4625914f4c47fa6b8e77b06886891acdac7251ebc7551d1745699b870ab9ffb5cf95", 0xe4}], 0x3, 0x3, 0x0, 0x8) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BLKIOMIN(r2, 0x1278, &(0x7f00000003c0)) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$FIONREAD(r4, 0x541b, &(0x7f0000000100)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1326.703670] Bluetooth: hci9: Frame reassembly failed (-84) [ 1327.030928] kauditd_printk_skb: 27281 callbacks suppressed [ 1327.030936] audit: type=1326 audit(1599174069.434:1906115): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1327.061407] audit: type=1326 audit(1599174069.434:1906116): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1327.087173] audit: type=1326 audit(1599174069.434:1906117): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1327.113820] audit: type=1326 audit(1599174069.434:1906118): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1327.139469] audit: type=1326 audit(1599174069.434:1906119): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1327.165065] audit: type=1326 audit(1599174069.434:1906120): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1327.190547] audit: type=1326 audit(1599174069.434:1906121): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1327.215925] audit: type=1326 audit(1599174069.434:1906122): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1327.241539] audit: type=1326 audit(1599174069.434:1906123): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1327.263700] Bluetooth: hci13 command 0xfc11 tx timeout [ 1327.269311] Bluetooth: hci13: Entering manufacturer mode failed (-110) [ 1327.279713] audit: type=1326 audit(1599174069.434:1906124): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3371 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 23:01:09 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) pselect6(0x40, &(0x7f0000000100)={0x100, 0x30000000, 0x20, 0x5, 0x200, 0x1, 0x2, 0x6928}, &(0x7f0000000140)={0x1, 0x100, 0xd8, 0x7ff, 0x80000000, 0xe172, 0x10001, 0x100}, &(0x7f0000000180)={0x3f, 0x59, 0x100, 0x1, 0xfa, 0x1, 0xfffffffffffffff8, 0x1}, &(0x7f00000001c0)={0x77359400}, &(0x7f0000000240)={&(0x7f0000000200)={[0x101]}, 0x8}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1327.435759] Bluetooth: hci11: Frame reassembly failed (-84) [ 1327.577578] Bluetooth: hci2 command 0xfc11 tx timeout [ 1327.583038] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:01:10 executing program 3: arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000000)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:10 executing program 1 (fault-call:18 fault-nth:0): socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1328.457746] Bluetooth: hci8 command 0xfc11 tx timeout [ 1328.460145] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1328.469868] Bluetooth: hci7 command 0xfc11 tx timeout [ 1328.475659] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1328.777887] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1328.785188] Bluetooth: hci9 command 0xfc11 tx timeout [ 1329.206080] FAULT_INJECTION: forcing a failure. [ 1329.206080] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1329.218153] CPU: 0 PID: 3425 Comm: syz-executor.1 Not tainted 4.14.196-syzkaller #0 [ 1329.226132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1329.235807] Call Trace: [ 1329.238407] dump_stack+0x1b2/0x283 [ 1329.242049] should_fail.cold+0x10a/0x154 [ 1329.246209] get_futex_key+0x82a/0x1160 [ 1329.250198] ? futex_lock_pi_atomic+0x2e0/0x2e0 [ 1329.254996] futex_wake+0xc6/0x3c0 [ 1329.258692] ? get_futex_key+0x1160/0x1160 [ 1329.263189] ? kernel_text_address+0xbd/0xf0 [ 1329.267613] do_futex+0x287/0x1930 [ 1329.271246] ? __lock_acquire+0x5fc/0x3f20 [ 1329.275566] ? futex_exit_release+0x220/0x220 [ 1329.280236] ? lock_acquire+0x170/0x3f0 [ 1329.284236] ? futex_exit_release+0x26/0x220 [ 1329.288768] ? trace_hardirqs_on+0x10/0x10 [ 1329.293015] ? futex_exit_release+0x26/0x220 [ 1329.297439] ? __mutex_lock+0x360/0x1310 [ 1329.301597] ? __delayacct_add_tsk+0x4b1/0x5b0 [ 1329.306188] ? __might_fault+0x104/0x1b0 [ 1329.310263] ? exit_mm_release+0x16/0x30 [ 1329.314359] ? lock_downgrade+0x740/0x740 [ 1329.318607] SyS_futex+0x1da/0x290 [ 1329.322161] ? lock_acquire+0x170/0x3f0 [ 1329.326147] ? do_futex+0x1930/0x1930 [ 1329.329962] mm_release+0x250/0x2d0 [ 1329.333606] do_exit+0x56f/0x27f0 [ 1329.337163] ? mm_update_next_owner+0x5b0/0x5b0 [ 1329.341843] ? get_signal+0x323/0x1ca0 [ 1329.345897] ? lock_acquire+0x170/0x3f0 [ 1329.349882] ? lock_downgrade+0x740/0x740 [ 1329.354048] do_group_exit+0x100/0x2e0 [ 1329.358113] get_signal+0x38d/0x1ca0 [ 1329.361845] ? get_pid_task+0xb8/0x130 [ 1329.365836] do_signal+0x7c/0x1550 [ 1329.369492] ? fsnotify+0x8c5/0x1140 [ 1329.373467] ? __vfs_write+0xec/0x630 [ 1329.377364] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 1329.382306] ? SyS_write+0x1b7/0x210 [ 1329.386029] ? setup_sigcontext+0x820/0x820 [ 1329.390688] ? compat_poll_select_copy_remaining+0x2c0/0x2c0 [ 1329.396502] ? lock_downgrade+0x740/0x740 [ 1329.400657] ? vfs_write+0x35d/0x4d0 [ 1329.404446] ? SyS_pselect6+0x2dd/0x3c0 [ 1329.408577] ? SyS_select+0x170/0x170 [ 1329.412387] ? fput+0xb/0x140 [ 1329.415658] ? exit_to_usermode_loop+0x41/0x200 [ 1329.420341] exit_to_usermode_loop+0x160/0x200 [ 1329.424934] do_syscall_64+0x4a3/0x640 [ 1329.428839] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1329.434195] RIP: 0033:0x45d5b9 [ 1329.437482] RSP: 002b:00007f6c687cbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1329.445197] RAX: fffffffffffffdfe RBX: 0000000000025a00 RCX: 000000000045d5b9 [ 1329.452475] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040 [ 1329.459753] RBP: 00007f6c687cbca0 R08: 0000000000000000 R09: 0000000000000000 [ 1329.467193] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000000 [ 1329.474469] R13: 00007ffd4c579e8f R14: 00007f6c687cc9c0 R15: 000000000118d12c 23:01:11 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x10000040, 0x0, 0x5, 0x0, 0x8000}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000080)=[{&(0x7f0000000340)="e640ed15e8c9057b2a77ffbff8f910489de5af0b0b2b2274c1f0520ba3d2aaca0dad92e2e9efe93a02744d00000000000001013363f78d00cff1b13d770a5ae6ec964cac28490fe1d3af4e16b5e663847cd2b0", 0x53}, {&(0x7f0000000440)="42c05c570dd93221170a540cd6764630b6461ecd3981ae427d49194e47714fa196ed0f782b44a50191fbd6f142e20ca8a414e85e4ac0db218df35e0c402bba5df73e70827dfbdb88c7ba3a27b3e0098aaab110c4b66dda1cebe80edf005b3431cb70bffb7082f2ff113ea81d833d77f7924ba5bb852df05f3c0483630f9e811ea5ae00950b1611408b9eb14559c19cbbbdef16058647e53f937cc6fabcf248ea9d2518544ae305c77959df6692f6cf28964579c49d6a742311c07ef0198a2a63b65690d3cf55", 0xc6}], 0x2, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$CAN_RAW_JOIN_FILTERS(0xffffffffffffffff, 0x65, 0x6, &(0x7f0000000180), &(0x7f00000002c0)=0x4) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1329.497518] Bluetooth: hci11 command 0xfc11 tx timeout [ 1329.497523] Bluetooth: hci11: Entering manufacturer mode failed (-110) 23:01:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, &(0x7f0000000100)={0x4}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_ENDIAN(r3, 0x4008af13, &(0x7f0000000180)={0x3, 0xeb9}) setsockopt$inet6_opts(r3, 0x29, 0x36, &(0x7f0000000140)=@fragment={0x3c, 0x0, 0x80, 0x0, 0x0, 0x1, 0x68}, 0x8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000001c0)={'wg2\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r5, 0x89f7, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f0000000200)={'syztnl1\x00', r6, 0x2f, 0x2, 0x0, 0x8, 0x4, @private0={0xfc, 0x0, [], 0x1}, @private0, 0x7, 0x8000, 0x7fffffff, 0x2}}) [ 1329.705936] Bluetooth: hci7: Frame reassembly failed (-84) [ 1329.713332] Bluetooth: hci8: Frame reassembly failed (-84) [ 1329.737545] Bluetooth: hci2 command 0xfc11 tx timeout [ 1329.742868] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1329.799931] Bluetooth: hci2 sending frame failed (-49) 23:01:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x181080, 0x20) ioctl$KDMKTONE(r1, 0x4b30, 0x100000000) [ 1330.018540] Bluetooth: hci9: Frame reassembly failed (-84) 23:01:12 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) capget(&(0x7f0000000080)={0x20071026}, &(0x7f0000000180)={0x480, 0x10000, 0x8, 0x80, 0x7, 0x6}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x6}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1330.531644] capability: warning: `syz-executor.1' uses deprecated v2 capabilities in a way that may be insecure 23:01:13 executing program 4 (fault-call:3 fault-nth:0): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:13 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x10000071, 0x4, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000080), 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1331.697140] FAULT_INJECTION: forcing a failure. [ 1331.697140] name failslab, interval 1, probability 0, space 0, times 0 [ 1331.715262] CPU: 1 PID: 3483 Comm: syz-executor.4 Not tainted 4.14.196-syzkaller #0 [ 1331.723147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1331.732506] Call Trace: [ 1331.735083] dump_stack+0x1b2/0x283 [ 1331.738704] should_fail.cold+0x10a/0x154 [ 1331.742849] should_failslab+0xd6/0x130 [ 1331.746818] kmem_cache_alloc+0x28e/0x3c0 [ 1331.750955] taskstats_exit+0x5f3/0xb50 [ 1331.754925] ? lock_downgrade+0x740/0x740 [ 1331.759064] ? taskstats_user_cmd+0xfd0/0xfd0 [ 1331.763544] ? _raw_spin_unlock_irq+0x24/0x80 [ 1331.768028] do_exit+0x52c/0x27f0 [ 1331.771476] ? mm_update_next_owner+0x5b0/0x5b0 [ 1331.776134] ? get_signal+0x323/0x1ca0 [ 1331.780010] ? lock_acquire+0x170/0x3f0 [ 1331.783972] ? lock_downgrade+0x740/0x740 [ 1331.788110] do_group_exit+0x100/0x2e0 [ 1331.791988] get_signal+0x38d/0x1ca0 [ 1331.795694] ? tty_fasync+0x2c0/0x2c0 [ 1331.799495] do_signal+0x7c/0x1550 [ 1331.803020] ? fsnotify+0x8c5/0x1140 [ 1331.806719] ? __vfs_write+0xec/0x630 [ 1331.810512] ? setup_sigcontext+0x820/0x820 [ 1331.814844] ? tty_fasync+0x2c0/0x2c0 [ 1331.818632] ? do_vfs_ioctl+0xe2/0xff0 [ 1331.822507] ? selinux_inode_setxattr+0x730/0x730 [ 1331.827337] ? ioctl_preallocate+0x1a0/0x1a0 [ 1331.831733] ? lock_downgrade+0x740/0x740 [ 1331.835881] ? check_preemption_disabled+0x35/0x240 [ 1331.840898] ? kick_process+0xe4/0x170 [ 1331.844779] ? task_work_add+0x87/0xe0 [ 1331.848656] ? exit_to_usermode_loop+0x41/0x200 [ 1331.853314] exit_to_usermode_loop+0x160/0x200 [ 1331.857886] ? SyS_ioctl+0x5c/0xb0 [ 1331.861413] do_syscall_64+0x4a3/0x640 [ 1331.865722] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1331.870901] RIP: 0033:0x45d5b9 [ 1331.874074] RSP: 002b:00007f9bcb209c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1331.881768] RAX: fffffffffffffe00 RBX: 0000000000019500 RCX: 000000000045d5b9 [ 1331.889027] RDX: 0000000000000000 RSI: 000000000000545c RDI: 0000000000000005 [ 1331.896283] RBP: 00007f9bcb209ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1331.903537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1331.910792] R13: 00007fff1974d13f R14: 00007f9bcb20a9c0 R15: 000000000118cf4c [ 1331.925655] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1331.937530] Bluetooth: hci8 command 0xfc11 tx timeout [ 1331.942742] Bluetooth: hci7 command tx timeout 23:01:14 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r4, 0x200, 0x70bd2d, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x24a080, 0x0) openat(r1, &(0x7f0000000080)='./file0\x00', 0x4000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r7, 0x400455c8, 0x9) [ 1331.947373] Bluetooth: hci2 command 0xfc11 tx timeout [ 1331.947646] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1331.957588] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1332.038100] kauditd_printk_skb: 20249 callbacks suppressed [ 1332.038107] audit: type=1326 audit(1599174074.444:1926375): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1332.067721] Bluetooth: hci9: Entering manufacturer mode failed (-110) 23:01:14 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="525aef26f3b9cb0ae924cc5e8867", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x8}}, [@filter_kind_options=@f_rsvp={{0x9, 0x1, 'rsvp\x00'}, {0xc, 0x2, [@TCA_RSVP_DST={0x8, 0x2, @dev}]}}]}, 0x3c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@gettfilter={0x24, 0x2e, 0x63ee8762c75d8929, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) r5 = socket(0x1000000010, 0x80002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg$alg(r5, &(0x7f0000000200), 0x4924924924926d3, 0x0) r6 = dup(r0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x529501, 0x0) ioctl$TIOCMIWAIT(r6, 0x545c, 0x0) ioctl$TCSETSF(r6, 0x5437, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$TIOCMIWAIT(r8, 0x545c, 0x0) [ 1332.117081] audit: type=1326 audit(1599174074.444:1926376): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1332.181329] audit: type=1326 audit(1599174074.444:1926377): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:14 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) ioctl$GIO_SCRNMAP(r2, 0x4b40, &(0x7f0000000080)=""/112) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dlm-monitor\x00', 0x4000, 0x0) setsockopt$netlink_NETLINK_RX_RING(r3, 0x10e, 0x6, &(0x7f00000004c0)={0x1f, 0x3, 0x3, 0x10001}, 0x10) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r4, 0x545c, 0x0) ioctl$TCSETSF(r4, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:14 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000440)=ANY=[@ANYBLOB="0600000000000000010000000000000000000003000000000000008008ff05000000000000fe4783550a0000004000000000000000001f201116af110a7a000000000000000000005d06de665f69c00e68dee2d48168c026a37d9e75cd8fa226a2d3641ab2a32464ee0000000000000000"]) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x4, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0xbff, 0x0, 0x0, 0x7, 0xff}, 0x0, 0x0) [ 1332.210340] audit: type=1326 audit(1599174074.444:1926368): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1332.270464] audit: type=1326 audit(1599174074.444:1926378): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1332.325621] audit: type=1326 audit(1599174074.444:1926379): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1332.360609] audit: type=1326 audit(1599174074.444:1926380): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1332.383051] audit: type=1326 audit(1599174074.444:1926381): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1332.405400] audit: type=1326 audit(1599174074.444:1926382): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1332.427835] audit: type=1326 audit(1599174074.444:1926383): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3445 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:15 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1332.912240] Bluetooth: hci7: Frame reassembly failed (-84) 23:01:15 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) write$eventfd(0xffffffffffffffff, &(0x7f0000000080)=0x1f, 0x8) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:15 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$IOC_PR_CLEAR(r2, 0x401070cd, &(0x7f0000000080)={0x80000001}) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r6, 0x400455c8, 0x9) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)) r7 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f00000001c0)={{r7}, 0x0, 0x8, @inherit={0x68, &(0x7f0000000140)={0x0, 0x4, 0x9, 0x9, {0x25, 0x2, 0x1d43, 0x9, 0x3}, [0x40, 0x6, 0x8, 0x8ac6]}}, @devid}) ioctl$TIOCMIWAIT(r6, 0x545c, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r4, 0x4040942c, &(0x7f0000000100)={0x0, 0x45e, [0x0, 0x101, 0x6, 0x2, 0x3, 0x9]}) ioctl$TCSETSF(r3, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1333.296140] Bluetooth: hci8: Frame reassembly failed (-84) 23:01:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) accept$packet(r2, &(0x7f0000000180), &(0x7f0000000140)=0x14) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fchdir(r1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) fsetxattr$trusted_overlay_opaque(r2, &(0x7f0000000140)='trusted.overlay.opaque\x00', &(0x7f0000000180)='y\x00', 0x2, 0x0) [ 1333.825023] Bluetooth: hci9: Frame reassembly failed (-84) [ 1333.936509] Bluetooth: hci11: Frame reassembly failed (-84) 23:01:16 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f0000000080)={{0x2, 0x0, @reserved="bcf7120cd8302f43526b43b6e9096158c77164c0c27b9e9c09082c6eb9abbe61"}}) sched_getaffinity(0x0, 0x8, &(0x7f0000000180)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0) [ 1334.143370] Bluetooth: hci2 command 0xfc11 tx timeout [ 1334.148628] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:01:16 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x13) ioctl$KDADDIO(r2, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0xf503, 0x0) 23:01:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x1) r3 = dup(r1) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) accept(r4, &(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, &(0x7f0000000000)=0x80) 23:01:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = dup2(r0, r0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000000)={&(0x7f0000000080)="0ebe9988cdec3e5d4a7b403067be1ad35b71b702fb98c5f6afca1fb66f74ccdad776c464f9c7f2a47be2e7851290449c69e0821150e3b323a85602946b14bee4b8c556bdaeeab8cad05a5905615c590822ff2d22212ddaea17d602a88ea6692303e5949012bcb6f55f5d0616353c22dbbd3fa6a97fc7d2164bba83dfed39d1a2d948091295f9af862e975b4ed52dfddeb607113a5f11d7105a02de698a95849c458d0fba61dd50aa4d62872a33c53f861499dac70504768c8a2172a1", &(0x7f0000000140)=""/204, &(0x7f0000000240)="4de02a4021355f72183d3130600bff2c50b99af2379c833447cd23b6bb64619c33f5ddeb57b7033bce384d9e57e5a6fe94be2e3f277c3ae6907c1e128dea9d9cd0f976f32fb999a684b8664c4857eeabbf0d25fcd27f1e", &(0x7f00000002c0)="483c9c686018d1a0824009c620d0dd6fe20914af5574a0600ffbd424c25a39064e3f76c3e98267b47fcb5be267c3b3e4858fcf0dd5658465c28bc2f0ad02e7b0e7374df6d26455a602b23bd2f609a60f45d7220d610d8891121163c76d762ec426f8b8", 0x3ff, r2, 0x4}, 0x38) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) 23:01:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/vlan/config\x00') ioctl$UFFDIO_WAKE(r5, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket$key(0xf, 0x3, 0x2) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$sock_x25_SIOCADDRT(r7, 0x890b, &(0x7f0000000100)={@null=' \x00', 0xf, 'xfrm0\x00'}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x2) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1334.937718] Bluetooth: hci7 command 0xfc11 tx timeout [ 1334.943005] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:01:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x800, 0x0) write$binfmt_aout(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="0000f302c103000066030000a4bc7ab6e632bed81dd59f40c77dd500a9020000e79d00000000000000000000a96c25eea054108adc75ec0456e581a4f1537966a24d03b5038c17e0209c80b0e47edc14e83d64863b32f99eb27e1e46f8729ca79211ef5c9e67c1ae24004bd0db548fcef7ee9bd6a59c41ded02204046b34d1f9d931a7164962cc71df269dfb01303f889d671b5241f4ef35b2b60197a5b1c1df30799cfc784da1636bfd4e5476da5b6f8ee20074a38fd1352382e29642e7ab28ddf479251d362d0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe7c622100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000bddd479470cb8bea3ef04be7e8e88198a9b2afceddaa6f4312f02802d3da67ee271a6268869d1db9289e8e8ea55107f442b4d7560d839160a31195c881b113338f46881faf715929d81073f047ba7577115e2701a24aaac3340400"/817], 0x2bc) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control\x00', 0x181c00, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x0, 0x9, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xfffffffd}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x1}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x2c}}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x6}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x805}, 0x40801) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x9) 23:01:17 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000080)) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1335.337901] Bluetooth: hci8 command 0xfc11 tx timeout [ 1335.347621] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:01:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:18 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000080)={0x7f, 0x1, 0x2}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1335.898726] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1335.898811] Bluetooth: hci9 command 0xfc11 tx timeout [ 1335.977612] Bluetooth: hci11 command 0xfc11 tx timeout [ 1335.982962] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1336.137656] Bluetooth: hci12 command 0xfc11 tx timeout [ 1336.143399] Bluetooth: hci12: Entering manufacturer mode failed (-110) 23:01:18 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvme-fabrics\x00', 0x10401, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8}, {0x6, 0x16, 0x100}, {0x5, 0x12, 0x1}}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x811) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x600000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000100)={0x6, 0x81}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1337.048321] kauditd_printk_skb: 15015 callbacks suppressed [ 1337.048330] audit: type=1326 audit(1599174079.454:1941399): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3664 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1337.075766] audit: type=1326 audit(1599174079.454:1941400): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3580 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1337.097636] audit: type=1326 audit(1599174079.454:1941401): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3664 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1337.097743] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1337.119427] audit: type=1326 audit(1599174079.454:1941402): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3580 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1337.127594] Bluetooth: hci2 command 0xfc11 tx timeout [ 1337.147757] audit: type=1326 audit(1599174079.454:1941403): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3664 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1337.194485] audit: type=1326 audit(1599174079.454:1941404): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3580 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1337.216755] audit: type=1326 audit(1599174079.454:1941405): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3664 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1337.240755] audit: type=1326 audit(1599174079.454:1941406): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3580 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1337.263414] audit: type=1326 audit(1599174079.454:1941407): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3664 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 23:01:19 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, &(0x7f0000000000)=0x7) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000100)={0x4, 0x8, 0x6, {0x5, 0x6}, 0x0, 0x8}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$can_raw(r4, &(0x7f0000000080), 0x10) [ 1337.289657] audit: type=1326 audit(1599174079.454:1941408): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3580 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:19 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0) 23:01:19 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x20100, &(0x7f0000000000)="339135e5d56f719061260b475ebab777765c203aecd31a11a4775d75ebf01a1a20b1c776b9444060871a9143b1635469b7871d1cb2658d6f", &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140)="0c4fad9c501a9552e36482ab333419fde0c8490fd712dc5e188117586b4b7c46ddb2fd2e44db880ef3f019ca8b85679cb58a5d74e53d2cec7921d49df83d679c86477a6466aae38010f4cf39ee63a4d1b72483d0e239abb7e83a98409909e761e3c682eb246b9d3a5220ae3dc2f7") r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f00000001c0)={0xffff, {{0x2, 0x4e24, @private=0xa010101}}}, 0x88) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:19 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0x19) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self\x00', 0x2000, 0x0) dup(0xffffffffffffffff) ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, &(0x7f00000001c0)={0x1, 0x7, @status={[0x8d, 0x80000000, 0xa6, 0x0, 0x5, 0x5ae]}, [0x2, 0x93, 0xffff, 0x3, 0x40, 0x102, 0x8, 0x5, 0xe2f3, 0x7fffffff, 0xb32, 0xb, 0x2, 0x5, 0x7ff, 0x7, 0x9, 0x7fffffff, 0x8, 0x1, 0x3, 0x3, 0x2, 0x6, 0x1, 0x711, 0x200, 0x8, 0x7, 0x16efd909, 0x100000003, 0x3, 0x13, 0x2, 0x4, 0x8, 0x1, 0x3ff, 0x5, 0x8000, 0xb0, 0x400000000401, 0x3ff, 0xfffffffffffffff9, 0xb1, 0xffffffffffff7fff, 0xffff, 0xfff, 0x5, 0x3, 0xb, 0x8, 0x80000000, 0x1, 0x9, 0x0, 0x1e, 0x20, 0x10000000, 0x1, 0x79a1, 0x1, 0x3f, 0x100]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(0xffffffffffffffff) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KDGKBTYPE(r4, 0x4b33, &(0x7f0000000100)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1337.381810] Bluetooth: hci2 sending frame failed (-49) [ 1337.435941] Bluetooth: hci8: Frame reassembly failed (-84) [ 1338.057663] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1338.057699] Bluetooth: hci7 command 0xfc11 tx timeout 23:01:20 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:20 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[0x0, 0x200, 0x3, 0x3, 0x7, 0x0, 0x9], 0x7, 0x0, 0x0, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-control\x00', 0x202080, 0x0) ioctl$KVM_GET_NESTED_STATE(r5, 0xc080aebe, &(0x7f0000000280)={{0x0, 0x0, 0x80}}) r6 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0xc0, 0x2, 0x8, 0x3, 0x0, 0x0, {0xc, 0x0, 0x8}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x44, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_RETRANS={0x8, 0xa, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_TCP_CLOSE_WAIT={0x8, 0x5, 0x1, 0x0, 0xe0000}, @CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_TCP_CLOSE={0x8, 0x8, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_TCP_LAST_ACK={0x8, 0x6, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_TCP_SYN_SENT={0x8, 0x1, 0x1, 0x0, 0x3ff}, @CTA_TIMEOUT_TCP_UNACK={0x8, 0xb, 0x1, 0x0, 0xffffffff}, @CTA_TIMEOUT_TCP_ESTABLISHED={0x8, 0x3, 0x1, 0x0, 0x5}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88be}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0x896c}, @CTA_TIMEOUT_DCCP_TIMEWAIT={0x8, 0x7, 0x1, 0x0, 0xfe08}, @CTA_TIMEOUT_DCCP_TIMEWAIT={0x8, 0x7, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_DCCP_OPEN={0x8, 0x4, 0x1, 0x0, 0xfffffffa}, @CTA_TIMEOUT_DCCP_CLOSING={0x8, 0x6, 0x1, 0x0, 0x40}, @CTA_TIMEOUT_DCCP_CLOSING={0x8, 0x6, 0x1, 0x0, 0x5}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0xc0}, 0x1, 0x0, 0x0, 0x40001}, 0x8000) ioctl$TCSETSF(r3, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:21 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x3, 0x10000020, 0x0, 0x5, 0x0, 0x2, 0x0, 0x4}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000000080)=@srh={0x87, 0x6, 0x4, 0x3, 0x7, 0x60, 0x6, [@rand_addr=' \x01\x00', @local, @initdev={0xfe, 0x88, [], 0x0, 0x0}]}, 0x38) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:21 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x2200, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="380000000c3a96792c5df97124000b0d00"/28, @ANYRES32=r3, @ANYBLOB="00000000ffffffff0000000008000100686866000c0002000800060000000000"], 0x38}}, 0x0) r5 = socket(0x11, 0x800000003, 0x0) bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000024000b0d000000000000e2c6506e49c9c438224a2037d1d33e6f831b315209ca6fb81cbc9d0ec9291e41bd7bb61c3611df29c7bf1e2bf52dbbdc583dc3104fa777f9b2b1391c3868af4bcc85b987ee749d8b9b3ab95fe20a42986c09c662da713419830989f36559ea9bfd93f29fefe50d46d74419d445a8eabccb4d5423619180b3761d92676f922abb734604627b5ec7b634bfcdb58e94d8d44821f330220e1dae1e0c7a9d3d5fb03889ac3e14bae7429155f00022959b21df9861a11b4eeef72a95404e8810f29e8623", @ANYRES32=r6, @ANYBLOB="00000000ffffffff0000000008000100686866000c0002000800060000000000"], 0x38}}, 0x0) r8 = socket(0x11, 0x800000003, 0x0) bind(r8, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r8, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0xc, 0x2, [@TCA_HHF_EVICT_TIMEOUT={0x8}]}}]}, 0x38}}, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x114, 0x0, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x1}, 0x804) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1339.269480] Bluetooth: hci7: Frame reassembly failed (-84) [ 1339.300427] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14860 sclass=netlink_route_socket pid=3766 comm=syz-executor.4 [ 1339.354806] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1339.417869] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1339.417936] Bluetooth: hci2 command 0xfc11 tx timeout 23:01:21 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f0000000100)={"76088c02b2f5ff3ce4e13abff79bb32ef4002d08a2b582e37a8df7ecb3cc75dfbe9eb836a0dc251746813d1e904d1c06c7892486a2bd41bdb8c5b0b414b7a31a8fd5932204c61d5f13769016afe484e86c99c4e836bc17ba92811ac24c575813feb56895ca312e47819605a864696c218ec3485973cde6a52e6d242739b766b87bd5082fcea2901569e0e6dafe1de1e69f04544b653e2c40e8e7307c18b6908b1ac82a4b09329c0723d9a96d6cc252574e8e3f4b954bb27e8d439f241ca654e2dc4082d28a2dd638e57cecc6aa6325f04927aad78c88b977e27354feb244fa64e5d2d1334380ec3a5a32073f4138b18f19b0f434f2bff554597de77cbcdeb92e7189f4b10573095114bf1a989f208252891c09d810a6bd2c063e965f02aac5e322b3467f3612eb9e11e66b0c4889ece0e11a2157de7f3c165b53ea1319dece1c8afd23ecb740ddcae17f2d749f6c02b6035cc50501855cd993c350d3a23c93f5280212d08406a536ad8402ed6906046892cb443ec033cb13b9ccff6d645fc1ece608e88f0bf424d4e06ee307195b9a7c010f5f16cb6058fd835f567013e6722b725d7ad8a42df91d3dd91569fedd1a5ab282c00bfd066ba93e83db08905cf9dbd61934f6a7904e09c751fa0b1a31fcd6ecf7251ea82091e446fbe97b90c29749ebef82d34354bb08551b1afeab35c0d44166452279ec42f26a5196f68295f2b7ca81fbbfe3b2f895b6222bec0c76442fe44b3d0b33d9d536fe1266c2da354afbe26c11114544d08304fce26f33cea88fb412618198dce6cf20410f75991e847c848e59aa6c89410f7b39137932b0d45c856c9261fac06abfe980d3bfd4024678bf905f78fa00c140bbce83486f566a88f5560bb48507e920c4a571b5b9dee6c2074b01e51be54a1195f7ea8fbb816688760a8e8a4d4db2dc999123f7bfbd762a51953164dce9bf6c731375065498cedec53645b095bce88c9f579c62c157f1190f1a188b3d2b4eec3f442b3f72fc7e889f1e72a8c48d357d76ec7933c381e977abf526f4c03936fbc42dd6e79871a8364d3f3ae8116f95a3f0859732b43cc0db9d6bb24e5516f366cc14bf02b9d5ec404609cc900a963085d95546489261592070661dc8390912bab2ead81026002594238c449e99febcb3f659fa94b42d328e618545a50185174002288151ad4bad9e2c78c34b6961de9b8c63b5d057ecdf45e67a1d98d404127f7e031972e05755cf94c869701fb82dc87e522e85f3343a8c3b3cd641c671a6fa072fb1ba3ea6bec7dd28a2e06457fca6657f0a046e8a9df18699f746cb2a18935cc705c263c1737986179a33e938c35330c4e61842e78df7e0d707cab63bf39510a1450568c5c083e55459d9be083f08b93fb1909f33e9649087ad7e9de86216eb59f4928f5efdeb870b0cf2541936b95a1b9de9cd0b9d1a"}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1339.498128] Bluetooth: hci9 command 0xfc11 tx timeout [ 1339.502142] Bluetooth: hci8 command 0xfc11 tx timeout [ 1339.508596] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1339.515274] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1340.014387] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14860 sclass=netlink_route_socket pid=3766 comm=syz-executor.4 23:01:22 executing program 4: signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x7]}, 0x8) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x0, 0x0) setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f00000000c0)='#!\x00', 0x3) r2 = dup(r0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r3, 0x545c, 0x0) ioctl$TCSETSF(r3, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 23:01:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x559c41, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000140)={0x4, 0x70, 0x9, 0x1, 0x6, 0xa3, 0x0, 0x1, 0x32445, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8000, 0x1, @perf_bp={&(0x7f0000000100)}, 0x50700, 0x0, 0x3ff, 0x4, 0x0, 0x0, 0x101}) 23:01:22 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = epoll_create(0x3) r6 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000340)) 23:01:23 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket(0x23, 0x5, 0x0) close(r3) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001240)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x44, r4, 0x11, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}]}]}, 0x44}}, 0x0) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r4, 0x200, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xd25}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x40044) 23:01:23 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_udplite(0xa, 0x2, 0x88) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x6e402, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r3, &(0x7f0000000080)={0x20000010}) 23:01:23 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x8, 0x5, 0x2000000000}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x85) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x20000050, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}, 0x0) shmctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0xee01, 0x0, 0x8c, 0x1}, 0x1, 0x7fffffff, 0x52, 0x1, r0, r0, 0x5}) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x3a7242, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x2000000000000}, 0x0, 0x0) [ 1341.337979] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1341.657675] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:01:24 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) setsockopt$netrom_NETROM_N2(r1, 0x103, 0x3, &(0x7f0000000080)=0x9, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000000)={r1, r1}) 23:01:24 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) getsockopt$IP_VS_SO_GET_INFO(r5, 0x0, 0x481, &(0x7f0000000080), &(0x7f0000000180)=0xc) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1342.058087] kauditd_printk_skb: 18219 callbacks suppressed [ 1342.058095] audit: type=1326 audit(1599174084.464:1959628): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.116848] audit: type=1326 audit(1599174084.464:1959629): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.140702] audit: type=1326 audit(1599174084.464:1959630): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.162530] audit: type=1326 audit(1599174084.464:1959631): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.184998] audit: type=1326 audit(1599174084.464:1959632): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.207157] audit: type=1326 audit(1599174084.464:1959633): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.230142] audit: type=1326 audit(1599174084.464:1959634): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.254535] audit: type=1326 audit(1599174084.464:1959635): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.276801] audit: type=1326 audit(1599174084.464:1959636): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1342.328381] audit: type=1326 audit(1599174084.464:1959637): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 23:01:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1342.762340] Bluetooth: hci7: Frame reassembly failed (-84) 23:01:25 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x4440, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$KDFONTOP_SET_DEF(r2, 0x4b72, &(0x7f0000000440)={0x2, 0x1, 0x20, 0x4, 0x17d, &(0x7f0000000040)="9fcf71f3f01b050562f5b96f1961f73ccf3a108950c586c0d4b8bdc8ade3874ea6f03006d86f9ed381809af8ede62f2ae4eff8ea6d8b7300845e7d27692d919486edcedea395c44b0247666644f3f337d2735ae5f9490e93e7f53f0cd75e88dd9dc63297be828cf3737df2638f21ee366d66421e2481f49222765ac2d04084d1ccab716e58db77ba4ba2e360950c461029901331a493d5deed7703656654a829655a631949cf4ee1ab185c294a309d32c86c789240ba9ee7cd5ba4c3e640e99b4fd4ee7c7c6fa4073eecb8b53b33e4de34be67266645f3c262fb16200171a3f2fe7b673199b587b938df19b0c78c422a6e8604c9a966a269ab41f72d25cb0a3fca2d925aa2f85322503ca1f47effcc61014fee4e246ca231129d8c339c775b681a271d1f0b0a56e6735c8a60fafb2dfdb9b67c5015c7633257cb3673db77438a17f1aec97e20542490ae1dd0aae435f1893fdf78151ac2625c31ca318585ac8579a7a364514e470a42e01d36d9433d279f5ad5bd8ff0428226cc6e5c6ef941a50c0db396c051c6e48c2dae36499a57ba84eeb1f8687ac07c63362fba1dbbff91a4506a32490abfeec5bc8b519e9c7b75a94bdfc96dd393800789edf7290c0178d9acd799a4c79a7cd58666826e46d97b89b4a4d68ddcd0aaed0a8f240c66502e1a204825b59c49aef97b0d486699564bdff932cf11e736e4a21b25e8d29b8df96e40f80ad8fd5c29c44d3407f4b2fd300f3a3065c04b8506505a38c01f75f1f97337b412ab4badbfafd1fde188a07dac3a0b714b97d2a4aedc7ab7fc3ff283d8c96048b5f621ab6a606622e54ae0d3c831b73a8146da710fb3d09398288b0bd4c1fa33d0931b20255716a0e4937cc17cc08931f42ad80e1cc2ffa8cb196092e418cf61ae2d2dc3c403c1c45b429d23269504f7202233524b430a541864db2edea853cd548d2dc5c3c4ca9c73ad10f3d104ff36637c589da7e405c863af267a193bdce39d4cf9c706fefaed7d1918426edf1ccbfc1b995abcf32f4836c3f217a527fb23fcb205961c4dd16b243053777abe2e52ecb98a7a3626fde1739c0fc2bba542127b9f5fc9e1fdfe456f196fcd5665e7d239c476e4298569101b48de4e4d05fdb6acd56453c3f2081074f4035326b7da5d1a589f0d10bbc6f2ff532c927b28a13c0b001e8bdd8df62a7e89811df15fcd29f21c988a57ac579347b155209ef5c411dc7999fcc24b55c51198f4ec0d23b049573d364d33c2e4493d5beee5dca3dea93cff80be82794d60a3c6475e4b9a9420767590601a903934a0d386283b1843ce75407757e3f961dafefc99cdb71e87cbe36f508f22f48ffb22f95a966c78a86488b1c362e087013ca2a7ed4e1974109a728e8f7cedd36d565b765abe4e7c92b38b4ee27ee6e9a16692d01bac9c94d8f38b777282fa527d8b88e02fe41c"}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1342.857685] Bluetooth: hci8 command 0xfc11 tx timeout [ 1342.857846] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:01:25 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x10, 0x800003) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) unlinkat(r3, &(0x7f0000000080)='./file0\x00', 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:26 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:26 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r3, 0xc080661a, &(0x7f0000000080)={{0x2, 0x0, @reserved="29dac6d11de35c5cdcac6fbdd014f5cecbae85b80cc329a6891c412dad360df5"}}) 23:01:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:26 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) r5 = eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) close(r5) [ 1343.817697] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1343.936375] Bluetooth: hci2: Frame reassembly failed (-84) [ 1343.971428] Bluetooth: hci9: Frame reassembly failed (-84) 23:01:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x4fa003, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, &(0x7f0000000140)={0x3, 0x10000, 0x6}, 0xc) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f00000000c0)={0x8001, 0x1f, 0x9, 0x7, 0x3, "5b7f5f1268b15d6d9b30ae21cb0783671d9cfe"}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) pread64(r0, &(0x7f0000000440), 0x0, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_dccp_int(r2, 0x21, 0x10, &(0x7f0000000180), &(0x7f00000001c0)=0x4) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6}}, &(0x7f0000000300)=0xe8) sendmsg$can_raw(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x1d, r3}, 0x10, &(0x7f00000003c0)={&(0x7f0000000380)=@can={{0x3, 0x1, 0x1, 0x1}, 0x5, 0x2, 0x0, 0x0, "29ce5f895eac2e29"}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 23:01:27 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000180)) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1344.777751] Bluetooth: hci7 command 0xfc11 tx timeout [ 1344.778181] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:01:28 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000180)={0x1f, @fixed={[], 0x12}, 0x3}, 0xa) dup(0xffffffffffffffff) getsockopt(0xffffffffffffffff, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x3, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1345.977747] Bluetooth: hci9 command 0xfc11 tx timeout [ 1345.983017] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1345.983065] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1345.996325] Bluetooth: hci2 command 0xfc11 tx timeout [ 1345.996630] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1346.006665] Bluetooth: hci8 command 0xfc11 tx timeout 23:01:28 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x200, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:28 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) ioctl$KDADDIO(r3, 0x400455c8, 0x186) [ 1346.157312] Bluetooth: hci2: Frame reassembly failed (-84) 23:01:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1346.280656] Bluetooth: hci7: Frame reassembly failed (-84) 23:01:28 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) getsockopt(r2, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:29 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x2b8100, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:29 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10000, 0xc0) r1 = dup(r0) r2 = syz_open_dev$video4linux(&(0x7f0000000140)='/dev/v4l-subdev#\x00', 0x0, 0x420084) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r4, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x3, 0x2, 0x101, 0x0, 0x0, {0xc, 0x0, 0x4}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x8000) ioctl$VIDIOC_S_EDID(r2, 0xc0285629, &(0x7f00000001c0)={0x0, 0x7fffffff, 0x1, [], &(0x7f0000000180)=0xe}) fsetxattr(r0, &(0x7f00000000c0)=ANY=[@ANYRESHEX], &(0x7f0000000000)='\x00', 0x1, 0x2) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r5, 0x545c, 0x0) ioctl$TCSETSF(r5, 0x5437, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r6, 0x400455c8, 0x9) accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)) ioctl$FITHAW(r6, 0xc0045878) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1347.068059] kauditd_printk_skb: 19930 callbacks suppressed [ 1347.068068] audit: type=1326 audit(1599174089.474:1979569): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3927 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1347.100485] audit: type=1326 audit(1599174089.484:1979570): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3927 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1347.122339] audit: type=1326 audit(1599174089.484:1979571): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3927 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1347.144363] audit: type=1326 audit(1599174089.484:1979572): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3927 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1347.166332] audit: type=1326 audit(1599174089.484:1979574): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3976 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1347.188278] audit: type=1326 audit(1599174089.484:1979575): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3976 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1347.210719] audit: type=1326 audit(1599174089.484:1979576): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3976 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1347.234121] audit: type=1326 audit(1599174089.484:1979577): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3976 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x200000000000013e, &(0x7f0000000100)=[{0xc18c, 0x8, 0x98, 0x4}, {0x7c78, 0x40, 0x8, 0x8}, {0x5, 0x0, 0x1, 0x101}, {0xe9b2, 0x2e, 0x5, 0x6}, {0x3, 0x3, 0x3f, 0xfff}]}) [ 1347.256154] audit: type=1326 audit(1599174089.484:1979578): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3976 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1347.290907] audit: type=1326 audit(1599174089.484:1979579): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3976 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:29 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) socket$inet6(0xa, 0x5, 0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:29 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) epoll_pwait(r5, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x3, &(0x7f0000000080)={[0x7f]}, 0x8) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, 0x4, 0x8000000, 0xfffffffffffffffc}, 0x0, 0x0) [ 1347.422694] Bluetooth: hci11: Frame reassembly failed (-84) [ 1347.436272] Bluetooth: hci12: Frame reassembly failed (-84) [ 1347.443661] Bluetooth: hci12: Frame reassembly failed (-84) [ 1347.936422] Bluetooth: hci13: Frame reassembly failed (-84) [ 1347.942618] Bluetooth: hci13: Frame reassembly failed (-84) [ 1348.188734] Bluetooth: hci14: Frame reassembly failed (-84) [ 1348.217763] Bluetooth: hci2 command 0xfc11 tx timeout [ 1348.217785] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:01:30 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000440)="edf6040db27153ca6419de663c3c22af0021b4cf3070459dfbdde18d337504aaf718886cd3b0b73b66bdde63b693f6f95571985db036375172274e591fc2c0228a3554f0ca8875fbe2b3f316d79497a55eea65425e8f0881e8c97cd242200fccd3a1eb248c5cd990b0fa0b7857a6c0d365596a11639bfa0f7707310d8657cf5cc9a682dee979a63b2d795ed34fb811ee8bdf5d97dbeac6661ecb95ecb12ab556afd0f6501420747ab2b9857a2b6d301cbb77bcd5fa75a1951307676435f6adb83b26fb6a1ad46981a6aa55a7e92aeb3d1ad871b222a2bf9adf1966273004035aee42e4e965d3ec717aa2a3220cf6", 0xee) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1348.297759] Bluetooth: hci7 command 0xfc11 tx timeout [ 1348.298238] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1349.020845] Bluetooth: hci8 command 0xfc11 tx timeout [ 1349.026168] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:01:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x480140, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_REFRESH(r4, 0x2402, 0x8000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getsockname$netlink(r6, &(0x7f0000000000), &(0x7f0000000080)=0xc) r7 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r7, 0xc4c85513, &(0x7f0000000140)={{0x1, 0x3, 0x1, 0x100, 'syz1\x00', 0x7}, 0x1, [0x10001, 0x7, 0x7, 0x4, 0x100, 0x7, 0x5, 0x4, 0xffffffffffffff8d, 0x7, 0x7, 0x4, 0x0, 0x0, 0x2, 0x0, 0x2, 0x6, 0x8, 0x81, 0x2, 0x9, 0x0, 0x4, 0x8, 0x4, 0x8001, 0x5, 0x4800000000000, 0x1, 0x6b8, 0x6, 0x0, 0x7, 0xfffffffffffffffb, 0x1000, 0x7fff, 0x8, 0x0, 0x24000000, 0x100, 0x5, 0x2, 0x9, 0x8f, 0xff, 0x1, 0x80000001, 0x0, 0x1ff, 0x3ff, 0x100, 0x4, 0x6, 0x1, 0x8, 0x200, 0x13d, 0x7fff, 0x2, 0x7, 0x1, 0x9, 0x4, 0x81, 0x4, 0x9, 0x7, 0x2, 0x5, 0x9, 0x0, 0x0, 0x1, 0xfff, 0x4, 0x7, 0x0, 0x4, 0x3, 0x80000001, 0x5, 0x211, 0x1000, 0x0, 0xc48, 0x1, 0x4, 0x4, 0x4, 0x7b, 0xffff, 0xffff, 0x100000001, 0x0, 0x3a3, 0x41, 0x3, 0x5fe1, 0x3971, 0xe1, 0x7cd2, 0x2, 0xb2, 0x0, 0x2605, 0x9, 0x6, 0x0, 0x7, 0x8, 0x1, 0x7, 0x9, 0x2, 0x10000, 0x7, 0x4, 0x0, 0x101, 0x0, 0x80000001, 0x800, 0x4, 0x4af, 0x0, 0x8, 0x2]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$KDADDIO(r9, 0x400455c8, 0xe799) 23:01:31 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1349.257864] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1349.257876] Bluetooth: hci9 command 0xfc11 tx timeout 23:01:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1349.356780] Bluetooth: hci2: Frame reassembly failed (-84) [ 1349.415978] Bluetooth: hci7: Frame reassembly failed (-84) [ 1349.422125] Bluetooth: hci7: Frame reassembly failed (-84) [ 1349.497844] Bluetooth: hci12 command 0xfc11 tx timeout [ 1349.497871] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1349.509941] Bluetooth: hci11 command 0xfc11 tx timeout [ 1349.515285] Bluetooth: hci11: Entering manufacturer mode failed (-110) 23:01:32 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@remote, @multicast, @void, {@mpls_uc={0x8847, {[{0x2}, {0x800}, {0x5e4, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x3}, {0xfff}, {0x9}], @llc={@llc={0xe, 0xe, "f5", "34451cdaffe40c569a7f33f7162c33ea46"}}}}}}, &(0x7f0000000080)={0x1, 0x2, [0xa78, 0x4cf, 0x3fd, 0xca0]}) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000140)=[0x9, 0x8001, 0x3, 0x401, 0x101, 0x0, 0x4d, 0x6, 0x2], 0x9, 0x80800, 0x0, 0xffffffffffffffff}) ioctl$MEDIA_REQUEST_IOC_QUEUE(r3, 0x7c80, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x26, &(0x7f00000000c0)={@remote, @initdev, @initdev}, &(0x7f0000000100)=0xc) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:32 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffefffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000180)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0) [ 1349.983222] Bluetooth: hci13 command 0xfc11 tx timeout [ 1349.988559] Bluetooth: hci13: Entering manufacturer mode failed (-110) 23:01:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) [ 1350.217766] Bluetooth: hci14 command 0xfc11 tx timeout [ 1350.228159] Bluetooth: hci14: Entering manufacturer mode failed (-110) [ 1350.338837] Bluetooth: hci8: Frame reassembly failed (-84) 23:01:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1350.672803] Bluetooth: hci9: Frame reassembly failed (-84) 23:01:33 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x0, 0x10002) getsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 23:01:33 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) iopl(0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1351.367580] Bluetooth: hci11 sending frame failed (-49) [ 1351.417889] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1351.424735] Bluetooth: hci7 command 0xfc11 tx timeout [ 1351.424882] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1351.437788] Bluetooth: hci2 command 0xfc11 tx timeout 23:01:34 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x1, 0x3ff}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0) 23:01:34 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x10000, 0x0) ioctl$VT_OPENQRY(r4, 0x5600, &(0x7f00000000c0)) r5 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$EVIOCGABS0(r5, 0x80184540, &(0x7f0000000000)=""/13) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1352.077808] kauditd_printk_skb: 19267 callbacks suppressed [ 1352.077816] audit: type=1326 audit(1599174094.484:1998846): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.105482] audit: type=1326 audit(1599174094.484:1998847): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.129804] audit: type=1326 audit(1599174094.484:1998848): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.151950] audit: type=1326 audit(1599174094.484:1998849): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.175306] audit: type=1326 audit(1599174094.484:1998850): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.197958] audit: type=1326 audit(1599174094.484:1998839): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.219914] audit: type=1326 audit(1599174094.484:1998851): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.243448] audit: type=1326 audit(1599174094.484:1998852): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.266249] audit: type=1326 audit(1599174094.484:1998854): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.289155] audit: type=1326 audit(1599174094.484:1998855): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4087 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1352.377856] Bluetooth: hci8 command 0xfc11 tx timeout [ 1352.383179] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:01:35 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1352.650185] Bluetooth: hci7: Frame reassembly failed (-84) 23:01:35 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000440)="d16d66387fb59a506b6a4d699d19d8a3ffeead54954ece18676a9fb7705f710c544e1d49e3680a5a88f28bce6d944e930b6972e66274ba1a20965f06ef6a9d17c793e03b15e3cec81912b9b2935a86865943ef7012284a30a6d6627946e762cc1ba6cc7f16e8e7bd2e39cc7d2dbe14fda6ae81e74f5d3594f23dd71b0cc8f93c6797b6dd0bf0e312f995f659f581efbd0d9784fcd7ac710dd4dc38400ce41e45a3f9f72d42e84585818745c444eedee546162241306df4f79200e4141326403339662bcab751e823c291a1d2274652356868e80d9de7a67e1c2517420f0b4ee8690100"/237, 0xed) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000340)={0x86, 0x9, "f455de7f7b242052613efa55cb03f634ce3d391034c16e5ca5ed0c60cee9d90aee1994b975a0e02c331dc13cae74a919a7c65e6b079f2a2291432599fa308019a3583458073bd014bf6517fd1fada78bfe8ec132807c5eaef58237bdd44757a625df2895ca190694381fd6a3ffff10fccb3bf4b16e8232e7b59e6e30c4cc"}, &(0x7f0000000180), 0x1400) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1352.697824] Bluetooth: hci9 command 0xfc11 tx timeout [ 1352.697862] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1353.417860] Bluetooth: hci11 command 0xfc11 tx timeout [ 1353.423217] Bluetooth: hci11: Entering manufacturer mode failed (-110) 23:01:36 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:36 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x9709343209020016, 0x0) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000000080)={0x5d, 0x2, 0x8, 0x6d, 0x9, 0x2}) 23:01:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb, 0x1, 'geneve\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE={0x8, 0x2, @loopback}]}}}]}, 0x3c}}, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1353.577843] Bluetooth: hci2 command 0xfc11 tx timeout [ 1353.583096] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:01:36 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000640)=@mangle={'mangle\x00', 0x64, 0x6, 0x648, 0xd0, 0xd0, 0x420, 0x0, 0x0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private1={0xfc, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0xc]}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'tunl0\x00', 'xfrm0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@private1}}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@icmp6={{0x28, 'icmp6\x00'}, {0x0, "ef0d"}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00'}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30, 'frag\x00'}}, @common=@hbh={{0x48, 'hbh\x00'}}]}, @inet=@TOS={0x28, 'TOS\x00'}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, [], [], 'batadv_slave_0\x00', 'syzkaller0\x00'}, 0x0, 0x118, 0x158, 0x0, {}, [@common=@dst={{0x48, 'dst\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a8) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r5) getsockopt(r5, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) 23:01:36 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1353.707302] Bluetooth: hci2: Frame reassembly failed (-84) 23:01:36 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000100)={[0x8]}, 0x8, 0x800) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) dup(0xffffffffffffffff) [ 1353.762160] xt_TPROXY: Can be used only in combination with either -p tcp or -p udp [ 1353.853904] Bluetooth: hci9: Frame reassembly failed (-84) 23:01:36 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$IP_SET_OP_GET_BYNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000000c0)={0x6, 0x7, 'syz2\x00'}, &(0x7f0000000100)=0x28) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x6, &(0x7f0000ffe000/0x2000)=nil) ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f0000000080)={0x0, 0x4, 0x1f, &(0x7f0000000000)=0xcf9}) 23:01:36 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000440)) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x80}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000080), 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000080)="33baee2549c510ad21785cdef22344dfcff959d9a4e28e6d35f92d259529e48a0cc54719b0a15a93874a8751d16a49b61d4182", 0x33}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1354.697822] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1354.704506] Bluetooth: hci7 command 0xfc11 tx timeout 23:01:37 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0) r3 = dup(r2) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4af) close(r4) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x5, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r6, 0x407, 0x0) write(r6, &(0x7f0000000340), 0x41395527) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 23:01:37 executing program 4: socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f00000001c0)='./file0\x00', 0x80, 0x8, &(0x7f00000015c0)=[{&(0x7f0000000200)="fb23e45d149810cc750a28884cd979d5ff3b43cd5fbaf6fc2f71ae798b8a789c37054b505d68550487a4280a5defc547f29f2d3fa7a2cfab986e1e15a1ad97dd81f9ce0740c6144d1f7f82", 0x4b, 0x6}, {&(0x7f0000000280)="e1686bbec9901fab288e13e6706a74ccfd9906000d81552d44e004421f6ba40eccb7de2b8761ab95855b7fcd035a5657b369cccea435e8991ac8c13d3fc2dd63a99c59040e71f699463f2ef55d8f6a9fc3d38c2ff4a9051287a970515db4c69bfa1d8cac7671a8c45c30a33f92798066cba586e408c52a5261d46141417193582631ed36986718740bb7612e7464134a62459cbcbe95ed02e8a1b05daf231734ee81f294a3a5a99341d94821afd6c38fe8356c2e2b49c807f57cb5d603ae35cbac823fbf410fd1aa367ce464484f5175ebe163ae7dcea90b8eac83", 0xdb, 0x29c0000}, {&(0x7f0000000380)="b0d1757d43a00acdae3f3a20230b32fe637c46b0e95951eaaf248f992e09d972ce8ccbfee5ff757d2b4093b44aef47ed9d516b4f86ed84165bf2c233040396a07fdc0ea4f1003a589a374db7a0f9f7496fb0b1f29075faf50853664f670120b32b5b605b1422640f9bac28ad399cab25d797b75172c350aa4475b24de61a1147a5392b05cc77d5e40e12da2bce749173f32ecc6998ed60c4ceffa63dd9863bc15367b4e2ab1deb4f91bf2c03c683b193f99d48ab978146abd3f04fd7644e3288fad9cfad35d24aeae48c81435413a78420c2c5ea7c51154020a8c11b0aea6e9ac99d742b7eb6fc1ce5bac45e69586e95e84e60470ee6af6013aa6c96951b6c5654ded83fb05d351a6c5ef9e9c408174c9af867f45cb4d769e9ff9dae163a5db093091cf2b688a54d0e9481a4313fd64f7df71518d85fd475b86e0df26e40ec765e4ccaf7d9ff89bc1ba6421f9b59081e45a7e66b94b7482cf7c876f4596fa58fb78dc653a027537befd75ba7167c4f4032ad6cc8dd8fa221eb7c15946b032ccad00026cb37e22dc477420eb94df49b6774e91a2f47ebe379f3dac9b95755d63d0878894b379c47b61c8269720c7ebb235b6d2f7520eadfc9b33a5c8507d5f4a82d40dd76a0f410b14a97c4dc0759f7389a82833fff92871085dea90df0ca844f497df368290fcb96a7eb4e470012b098ec2b71d66dc0278f740cecb19401c0860af306c275834ac2aa76ef095253b159593d80889d60814d4e5ae0ec7d68adc0e0dcd2af160b8a9bf9d1350adc428325b88986d2c8b937da18bb16c164724ea8f9b474fa7c21af26eba45071a0ec0f9581edf84ddb54d1295e3940957488afb9f0ba252a0c9f84f66b32e89a008b6d080bfd3db0acf11202a07f7089b0efee1dccfeac52c7520cce627e316084b2f0ca1c3b50adb9bcf989b6397513bde4951a44838e0c3082447db140926ab24e9f45edb96b19c03191500a82d1d0742c31e77ebbc8449785fa7a76dbe89622b3facc40e5915039f09f5426fde5aaf618a09c71c6874fb7d477962360097882823e787d15e68b5589d499964d2927ce3bd30300a00d1cf3580fb94fa10fb3344695ba23529f9d43bc2e1eb2f94e545785dbac3328ebb55be74a65dacf9e34ff24ecce83a5c74e012b4caa44bbed3ff44adc4dc32cb40588c5d51c95dc19801ad20836f65afb83e02b81c2d1573ae58d0c436373592da9ab116f3e885722059d8bd449b257ae81dee4086df509e0ffd45d3c011228f0f438523f21962223a1c8863f6c15e21684b19cc8c43c6f71a0a170284e17e7332aac42791430f959116cc502dac22aee22c378ae3b452835ecd958dd57d3b30d0b4113ad8127652ae84cc36d6495eb83a6d33aa6e5f78c6f53994f7ecbcd66b0c93367b5169735b6329f918015868bf5ce3b9a4e6a71ed1961cd59bf46f007601e279d40f11bffbf35a5895e2e712f152d07d222c2f4ab27178829eec3fa01c94092536d78b577d655ae4fbd762eb668ea47e3f8d04484dd8eff8373354b760df05eccc2f3969202ed52a4e3c878340221c5b0554929818dae81db58122afd1c71062aee2c38c0608c383f659da0f3e2ca092d5ebd9968439f6d4b4cb4268406c48d697f023f2a13bd415883f48b98fab9ad702c57ddade48814172e382189dc92a660c2b3688ce1118cb005aa3c10350e7f7d6cd74d718ece991c7ff395e755fbc2486f1a6e2ec235784760e9541164b9fd54164e0098efdad73be03a62423d4bf9df08086429ecf40589199a061d1369862cf06c500c48731634acc498159726507f1800ab0357ccaf6c9ead005c212050b9ee4b74edd03362d771ddea3a74adb2014d999edc4249ca83f52ea88c51033131a893759a22cc6e4fec2e3cb5061fbfbf791b304dfc60103dfbf14a3202627a33655840bfbad02825a8e3688551f67ad56aa4eb3934c2f417957c65c99b602e3449a1268715b81114eb99c58ba83eb15492398d379c42c45a19d059edd207f0d914c4bd2c6a07081ea646213f9d837e828cc134f72dfe5a1d4d25931c0cbcbe2723930ba2716f1ed014790469b9e01feebbf42e70762c596d65314a436834dfcbb664234f2d9792b449721145059c0b3c76ad70243ab86116a8f61c78c7efe8c1a44478d5c98e642ed830813a47bfacff412166a91db539190e6eef87385b9fffba5e28e0ef31248dc372600d676334fe3a16b19ed51cf6cf3c07c86de047e759e745250e30db98484ec2955955856ae64840c82bcdc15eee6472ba328441ba0d2aea094aaec9b9cf83ecf8ab502900bb24815800f5605a875419137eb358c89d975f501250bdebe3da907e2e092db49badfe18fcdcc307cf8a1a4f2e76f021a924d6bd6bc69bc6388f644667de31d4b2cdab56c01abcacebe61e7b24606234d3ccb643c2a5afd9b32f7723b08e13e7ac545c546c2faaae846db56de634c30d7eab545c7210e477a6228cb55108f69e5fcdf68f360c6ff016a9d40b0cfeb20c3893535a54ad4ecf904fc97ff80b6d4faa750dd15ae7563e6ad81441b648c63c19d68f92f477b7d1b80ca3554482faa40e19298deb15677885761884c4c764b74a4c3baea079ad58d7099e4906b9d927ef614b6e12023564b2e355e0a8c3dbb15b53984c119ee4f60ab3fd875259d5c0d30dd5ed61165e36587d844819cba0e3ee06986e28335738cc643e53872c665a1636363b925b1b40e012831ccf313a5f5d2f22993ac84a13f3fdc7d0564e35b09ac55424b9ccd6d9c22ada9649c95964390b0e6b109143e254cf4fa4cc1adb389e78b7ef788499c66f309441be10bc48304d7ae36a2440be9a1d33401524e518a0b7398bf9b5d43e90767c7a8859f9cfb2238b23f93e148d965cca13a9907c3599fac84a8853076c1cb6e3e58cb5ca94733e80b043c9052653e4dc7efb9768b4f80e05ff0920d12437e957e7be7961c55b723d78ba83a81bc2f8885d8961d2a02df7bc60e858dbc400cd261710f5a19acc34da2138a067643ce3658f276770daf27cb9416ac6d8fd0479a284bfadf8d47b3136b6dc923bebf9cbdd91b07cff9e1d04b83743442a2774d42dac33cf13bf415c5c446b6df4648ea3a7dd71549b21a89df84e66fc27397766b8fa54970842da84ce9fd38385a65daf2285e672ca1588ba630e6071eccb366ee3ce5825e378cffdc8c93f356f7da1ffaec34becc558f52f6676bf2e2c0f48b46c61b706468f3c7775a451957b0dcef4bde359b92dab9d5e7a4b3db6eb0074b5d7ee740bc450014f3d8bef372dbb9b94da9374a09c76e8cf93ecdfed7789940851c3b2bfa5e7604c6b770fed987747c39ea8f0b417c192510274852973bec49603945b3c6e0b348151110d37276b14c94d1e237e454c0fd90634088edfd13d51241cd8eea489b1810eaeb92297900aa8cfe706ba5206eea4be21cc440bc161124fa258143449eb59b258b0f19c0130131d34660cf703218dca6e46a1d2a647e48350a04d06f77540ea09ed4bf231ec74ee0a532a58dc50b0722fb631b9de23e1f83c508755b81c21298b42b8a9b93075c16afabe7ff9ae06395b255b76508f251c7ef4864c228817c9a13f0a41200d1085c3b0ecb6e054919c2e70286e3e37a88b06adb31d67b7abc98bdd81983fcfc45aa4084f4463c8b83fb50f89fe9ceb30d698a431e8cdc463b2fe1120ab12a7c84866e898d7469f9ad8642ce42c28eec33e2601e984cae41e74fcb29ab70a1b8faaac24d8710805fdcbd96415a34422f7afdad3ed13b88b908949fd0eb532b51ad01fb441a39c98b68017cf8a46ce7961908d60687fad792b1d79a47560cdb9e970d8042bb56240a8b99bb18bb59dcf572b2e2907a7c338fbae030fad060f89ad73abb81127f8742e8255cfc549f7ab8ef9aeb84bfed30e86664fc2f11db3a90173a8b9502673bdd4586dd06ddf1d8d5d22f53a0e7ec1550a4aa5c919bf04f437028dd390a8f4bf8065309d6643b987c60ad95ab82f906523306fb2f6cfccee5a2d727977c8a6221aba2afcc94ccfadb293b2c9ecc8136191827eeb7f079f9c9af32185698addfc2ad9722c3d30f4c6142aff6c2e2814bd143e2af9a8f1fa1daba698e02e9521285e6ab2b29d9a2bc0f27e1fb8e92872574388bb1191d03fd9fc8a237a7064fc871e7c693675984a3a06dd83de592804e9032d900567018e9218098042782912fe7ca0a2a318342564bd7ecc157337eae492b9c6d2d9f7c9661d754eac6f53b69c3e30b791ee7f4361aec94b995c9bd97a83dc3b77675553a07a7600680a52ed78cda83393ceb37fc5f8a4ccbdee9a11cc702d095e6d6f1030aa91880131119f4e207991479bc007e97787a3dbd9871d34aa89527b9098302e75d05d03b2957f41d753e7a16bd4f3aee6967ef9cf30e5c84ba6fce2a5827c456f1d8d7049e576199beda7d961d096c5b818e7a8d18c12f5c5cb197c6e5d3e044bd7daec220f7da55943af5368e629a3a8b2534bfe954ccdf1ea47344bdd6aef1a97876ffc4cf12b96f898450f2ebc6fb0952f55633d285f3a1d8d89e1873f12836dc61cb5a0c79ec26759753190f051d13f0b69c7420e307378523c5a234fb40f6aa2a4867b3ce7b06c1edc761e1ac015f7493bbf28df4726872ec54720345d31cd7d8d3df9338ffb9aacc5be35cfb53008d768e7b7cb1995464da8f39b6c6835d1a9f77350dbb9860bde95130a3e675bd9bb8fa9f54a9bfd23883e4dab49b45c223fb403d2fb4cb6ff5918c48743bf272488a90286a306a82615d8bf1e7ef4218f50cf1f42edb921b8776ac1c310da6764589cef0b3b816440b6c19866c4cdc746eb7850c54c925bf5697fc027e4040e2532931bb374a0d6c9f5a62235d583d11a2bcb14a5b867871ce611801b8b1d82cc61733710ae83ae15e4184dafca5663d11a98df40395339ac49cbbad64e533c83daf444c95ddcdded6102662cad9bf7691f39fee86a6d9a262bf0d785e342322e238ccdf9d37f706c7db0acb5f7174b3972b99fbcb0fdc38fbda35d915a3b3bb5acd7b541e336bd8ba013c74cc8e8bfb04a4f92f9b648b938e966dd180029e602e61c2e5d356d724ddeb88cdc715cdcaa862be3609288cbb4b577bd900cf77da8bc9b50dc4c7e28f276c06d1727bd35278d92fbf0fe70aedbbae38b3ee47699ed4d3e69300f5ee62a17e4d9d1f3ba6bef668aae8e5a5cfbf5885281a04f3c556b21c4ff6dfaf61cae70f918f0555ad46c29e4289af44bf3bd6b607a16e3bb194f14fafbf96d030d84fe8b94fd60fa3a103dab59ad2a497055ef45e8e374826e4b7aec25f135ff1f5229b729f8da9a2a166ffd03c16fb71f8c40cae88fcf564d4bb41ecf4ab55c57e15b77ce4175fdd9b99d1fd9bf256a7808b18cde6924a7ac7a8fd5f6c81bea1b51199f2b9da4dda801d162777ddfa59e1600d2a3b79d9927ca1a1191a12a2ac00c7543892ccd0f9489a66c976b45e5da912954d6a79d865426e64653c2a7b80ffa7afd97f2ee3ec5fb35f995836b4719d5b734f63dcd58c50c90754ac70994b6fb84ae7ff8a61a4742e5c08f45ea966ac5bf2aee17384f94277f0f7ff82a57808334d5fdcb54ab5f941f2496fbbab1f575c635815baf7c7f5d152c6bcba09c7209962a7ff90b044b6a1f333de9b28ebc84eec04fa4d7c75f93ac2cb6942f8f8a271788acadb13cc959c3cab2718490f488d2e9df0efce9bf5ca98ab078624681153263ffbe12a0707916c8c387b23d783ef3db92595ef7ca3b2dd5308742d37f5c20ff3ca8bf8879c7", 0x1000, 0x100000000}, {&(0x7f0000001380)="d3757af0e06182f6162cd55abc93ff1867fe51539502470418fafc0fc4", 0x1d, 0x9}, {&(0x7f00000013c0)="003eb71574666aebb6515741d509cebee8c0c7df860203c06a48cd9ed88ef22e29f372d3eb3a78ba28d3bae87e80be258c09105b236f010fc3cda06161c780228d1c2d5f131ec4b35de3487d4c07607415f91a52636f1180f60c35fbf2660ac3d2541c307001e27ae2a36b35334da9", 0x6f, 0x80000000}, {&(0x7f0000001440)="4f782ced2269646fa4f298a889644d4799b9d369c791425f43b7c61d5bbb10f12a8413799828fbe907a7ea1ec338ad67a03e6582eada3468d156e9", 0x3b, 0x5}, {&(0x7f0000001480)="ed76ad79", 0x4, 0xfffffffffffffff7}, {&(0x7f00000014c0)="308bbfc176ca87d8f254990807e686835bd1b2286fa209e2b02b2ed3f4b438604c2f3aa6c01c46cb50141bf7d080fad89c8d7949d3c901f7cea7a1e1b766d363b05867a6ac63cb8e3e6b49b9dcd7ee338bd464be03e41f3f2e766b62509cd64e1deddbbc616cc97532d0d72bc5d44a681a1e583fd48c8c361e574d562322edc4992bd0cf43e4eb8e9490b617c39af67f64a98dee0c9d53f3a4e7c83ce061a52616ca90f0863392e4554988cd8a15c5f36c2a94b85ba02b711a01dff134813ad826", 0xc1, 0x5}], 0x2958021, &(0x7f0000001680)={[{@acl='acl'}, {@expose_privroot='expose_privroot'}], [{@appraise='appraise'}]}) syz_mount_image$nfs(&(0x7f00000016c0)='nfs\x00', &(0x7f0000001700)='./file0\x00', 0x401, 0x2, &(0x7f0000001900)=[{&(0x7f0000001740)="2cb5349c1bb2ea5cd93ff74eb694ecf58896bf66a9e5dc24c379a9fb54c839d477a05b30723ae20f8f7c37c9bf0a6e171af77f295b15edd0a59987f524ed363584e7b10776755e54c1df0220c8ffb7f03276bfb3066a728440da35e1436613315a22dc0020c2d6b157583c8bdd8ab35a945a3c1ce9d35d7cbccc90ad58fd94cf6d2d3700616a1afbe42fe2a622b28ca78f1b6663a9e681125e8e5fc185137f3cfba075503ead95fe4ea1da20ea96a60bef4c57f0", 0xb4, 0xff}, {&(0x7f0000001800)="3d9d9be546ea78fd81abc6fadbc505b853e08c0ebd9a45add4db74a7a9aa4f81274efb65cb36109739d502c84c38e7ac5f6f55f41e7c3217d916ba624dbd815a1629d95d3f991cff420d781bae76c85c8bf3717a4910efac0cdd6f6f53d8204aa09b93e0a659f81410851b8a45638430bd9990bdb97280d63690e6fd052ab1ac39375f9c8f094159e6d5ae476f2160e879873e3d6a6d3563472887c463e9e5d0f42d8ae4e6ae1fff36a518445d20003258810a02da1db49dae3c2085215a3359842b9411fa2e9fcd413b03291f971febc3464eab451c6a8b36ced9fec84e21d5981deff72cf2b48196c23e74ca", 0xed, 0x5}], 0x20, &(0x7f0000001940)='))$\\-\x00') r3 = dup(r2) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f0000000140)={0x0, 0x3, 0x8, 0x90b, &(0x7f0000000080)=[{}, {}, {}]}) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0xa1c49e84f31406d8, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000001a40)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000001a80)={0x1279, 0x1, 0x4, 0x8, 0x8, {}, {0x1, 0x8, 0x1f, 0x1, 0x7, 0x20, "63531b9c"}, 0x1ff, 0x0, @planes=&(0x7f0000001a00)={0x1, 0x2, @fd=r1, 0x3}, 0x0, 0x0, r7}) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/qat_adf_ctl\x00', 0x800, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r3, &(0x7f0000001980)={0x20000004}) ioctl$TIOCMIWAIT(r4, 0x545c, 0x0) ioctl$TCSETSF(r4, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 1355.737860] Bluetooth: hci2 command 0xfc11 tx timeout [ 1355.737900] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1355.817964] Bluetooth: hci8 command 0xfc11 tx timeout [ 1355.818041] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1355.897960] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1355.898045] Bluetooth: hci9 command 0xfc11 tx timeout 23:01:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:38 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) getrlimit(0x9, &(0x7f0000000080)) ioctl$TCSETSF(r2, 0x5437, 0x0) r3 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x80400, 0x0) fcntl$setlease(r3, 0x400, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SIOCAX25OPTRT(r1, 0x89e7, &(0x7f00000000c0)={@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, 0x44}) 23:01:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000000)=0x8000) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x200840, 0x0) write$fb(r3, &(0x7f0000000100)="cdff9f5c8312c8e0e720fb5e431d7c5ae2bd820936895c8af74f2fec7e1ab18bc500513c275837aa20b5eaa6443073cc19c495863fbce52802611f26a460d197e355216cfe3b3250ff1261a289b8a0d8b9fca610234df4832a5c1d099d132bc5be1bc7ab282593564f50bcaba08014984552635a0771cac4100661cb9a265fe6", 0x80) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:38 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r3, 0x5386, &(0x7f0000000080)) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1356.218756] Bluetooth: hci2: Frame reassembly failed (-84) [ 1356.245896] Bluetooth: hci7: Frame reassembly failed (-84) 23:01:39 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x10040, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1356.809112] Bluetooth: hci8: Frame reassembly failed (-84) [ 1356.820872] Bluetooth: hci8: Frame reassembly failed (-84) 23:01:39 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getsockname$netlink(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000180)=0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1357.091529] kauditd_printk_skb: 23199 callbacks suppressed [ 1357.091538] audit: type=1326 audit(1599174099.494:2022054): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 23:01:39 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x1, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x8080}, 0x44045) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) vmsplice(r3, &(0x7f0000000200)=[{&(0x7f0000000180)="1b9ffa3f7e460e91863285c1da32b4d26021c21d77a9f9315ee9d991eed9e74737197ed9f1938d774e0566a18f47094c69e5c790c061f8eceaa80f7aff4f1e5df92f", 0x42}], 0x1, 0x1) [ 1357.121895] audit: type=1326 audit(1599174099.494:2022055): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1357.153300] audit: type=1326 audit(1599174099.494:2022056): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1357.175448] audit: type=1326 audit(1599174099.504:2022057): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1357.199108] audit: type=1326 audit(1599174099.504:2022058): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1357.221136] audit: type=1326 audit(1599174099.504:2022059): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1357.244115] audit: type=1326 audit(1599174099.504:2022060): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1357.270443] audit: type=1326 audit(1599174099.504:2022061): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1357.304649] audit: type=1326 audit(1599174099.504:2022062): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4337 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1357.331820] audit: type=1326 audit(1599174099.504:2022063): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4316 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 23:01:40 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) r5 = eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write(r5, &(0x7f0000000180)="1b262686c572bece339c82c86e986adc8d7615e94aaaff1cb722b27f6fd2d8da58a4c63adcd7ee2132bb260cce602fab07eb458a9d9ce656874004978c973e8b4422db821abc09cd979765ff830a6321bf63803b1f", 0x55) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f0000000080)={0x80000000000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0xf, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x0, 0x0) 23:01:40 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r2, 0x2, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x1}, @NL80211_ATTR_WIPHY={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20004850) r3 = dup(r0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r4, 0x545c, 0x0) ioctl$TCSETSF(r4, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 23:01:40 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x150) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x0, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000140)='trusted.overlay.origin\x00', &(0x7f0000000180)='y\x00', 0x2, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r3) [ 1358.297882] Bluetooth: hci7 command 0xfc11 tx timeout [ 1358.303132] Bluetooth: hci2 command 0xfc11 tx timeout [ 1358.303198] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1358.308509] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1358.403223] Bluetooth: hci2: Frame reassembly failed (-84) 23:01:41 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, &(0x7f0000000180)={0x4}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x0, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x4) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x4302, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1358.857846] Bluetooth: hci8 command 0xfc11 tx timeout [ 1358.863161] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:01:41 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x240202, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/userio\x00', 0xa0000, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r4, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r5, 0x100, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x8, 0x11, 0x7}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x935e388e441d3806}, 0x20) 23:01:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:41 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000000)={{r1}, {@void, @actul_num={@void, 0xd01, 0x74}}}) r2 = dup(r0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r3, 0x545c, 0x0) ioctl$TCSETSF(r3, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 23:01:42 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:42 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x9) prlimit64(0x0, 0x1, &(0x7f0000000280)={0xd7, 0x44000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x4}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000042, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0xffffffffffffffff, &(0x7f0000000400)={0x38, 0x1, 0x1, 0xfffffff7, 0x5, 0x5, 0x5, 0x0, 0xfffffff9}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) r4 = socket$inet6(0xa, 0x401000000001, 0x0) close(r4) 23:01:42 executing program 0: modify_ldt$read_default(0x2, &(0x7f0000000100)=""/110, 0x6e) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000200), &(0x7f0000000240)=0x4) timer_create(0x0, &(0x7f0000000180)={0x0, 0x37, 0x2, @tid=0xffffffffffffffff}, &(0x7f00000001c0)=0x0) timer_delete(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:42 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x90500, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1360.457837] Bluetooth: hci2 command 0xfc11 tx timeout [ 1360.468012] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:01:43 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x4001ff) 23:01:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1f) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x501, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r1, 0x800448d3, &(0x7f0000000140)={@none, 0x15, 0xd5, 0xd667, 0x6, 0x1, "c72e5a864b374a8c296406fb96920f9f02da246ee3a70bf4819fd17d9c497db88ccccb9610a66f8792d222356d970bc4648243480ff8ffb97c74a9c630c18116a8cce1bb10575adcefa4a7a6926f8d3ceb956088d4365613edbe7b0973317d5724f030c3bbb3d17e9633dcd2d4c8ef159b5d1ebb6dc0308d19b55bf7d0702811"}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) inotify_init1(0x80000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-control\x00', 0x90800, 0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000280)={r4, 0x3, 0x7, r1}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x5cb0d5513403fe35, &(0x7f0000000080)={0x20000000000002b2, &(0x7f0000000040)=[{0x80, 0x0, 0x0, 0x50000}]}) open(&(0x7f0000000200)='./file0\x00', 0x103000, 0x61) 23:01:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x8000, 0x0) ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000140)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000100)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) 23:01:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) setsockopt$netrom_NETROM_T1(0xffffffffffffffff, 0x103, 0x1, &(0x7f0000000100)=0x8001, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:43 executing program 1: socket$nl_route(0x10, 0x3, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000440)="11bdf9ce6e61fb765cce6b15ecaff5d1263f2b0b2c1f2f490fbed9b7457fa977b0d2a7520f832f5927c73fa4db67dd1c60e73c8683e2df034e8d00a9ec1a75ebd6a30dc26da05c196d399af5627f39209b1a2d9c22057dfcf86dafd75c9dd26d51ce6bf842f7ea26129a1e143f5ed8745c57b37ea01c87deb45865177ff65ab957189372d2073d9bb6141aa41ae26451d0c45f81e94aa5156534b4a8f38d8fa9ef19165df0245ccf48f2d404531753409ad7e83a918cdde30f1c1c305ef5e9c4ecaede398f481ada57455bd8b4cc5db26a9c12beda052b46ace7a15d262102005c0c3989a523621f4920d8446a29ccbd45456ea6ee595474a66b70dbb652d71c64e87939b880f22ea0d3f8219147b4bf6997b4a1d44fd2f39497551203ad734139", 0x121) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x3, 0x0, 0x0, 0x8000}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) splice(r0, &(0x7f0000000080)=0x4, 0xffffffffffffffff, &(0x7f0000000180)=0x4, 0x5, 0x4) ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f00000002c0)={0x7ff, 0xfffff800, 0x5, 0x9, 0x400, 0x2}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1361.577876] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1361.584538] Bluetooth: hci7 command tx timeout [ 1362.097834] kauditd_printk_skb: 21808 callbacks suppressed [ 1362.097842] audit: type=1326 audit(1599174104.504:2043872): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1362.129701] audit: type=1326 audit(1599174104.504:2043873): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1362.154997] audit: type=1326 audit(1599174104.504:2043874): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1362.181161] audit: type=1326 audit(1599174104.504:2043875): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1362.206305] audit: type=1326 audit(1599174104.504:2043876): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1362.232821] audit: type=1326 audit(1599174104.504:2043877): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1362.259250] audit: type=1326 audit(1599174104.504:2043878): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1362.285310] audit: type=1326 audit(1599174104.504:2043879): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1362.312988] audit: type=1326 audit(1599174104.504:2043880): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1362.339089] audit: type=1326 audit(1599174104.504:2043881): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4461 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1362.617829] Bluetooth: hci2 command 0xfc11 tx timeout [ 1362.623138] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:01:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:45 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={{r1}, 0x9}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:45 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x8d8) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) vmsplice(r1, &(0x7f0000000000), 0x0, 0xf) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffff}, 0x0, &(0x7f0000000300), 0x0, 0x0) 23:01:45 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet_dccp_buf(r4, 0x21, 0xe, &(0x7f0000000100)="91b99268886da141faef8946bb898cc3fb611b980c18576cb196e3821282ace6733b3bfaba7892a78980f4d6c703cd61ff4c216f705d1e6a69e29d674f09605790b843b6bee4609aa31d98b2a8bdadda8b0ff75e4eb68af9e6dfe135e485f55254a617850fe7629aa7dc1fc5dd2fae6b", 0x70) [ 1362.784599] Bluetooth: hci2: Frame reassembly failed (-84) 23:01:45 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) ioctl$TCSETSF(0xffffffffffffffff, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1362.852798] Bluetooth: hci7: Frame reassembly failed (-84) [ 1362.857980] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1362.858932] Bluetooth: hci8 command 0xfc11 tx timeout 23:01:45 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) read$snapshot(r4, &(0x7f0000000080)=""/4096, 0x1000) [ 1363.337823] Bluetooth: hci9 command 0xfc11 tx timeout [ 1363.337880] Bluetooth: hci9: Entering manufacturer mode failed (-110) 23:01:46 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000029d, 0x10060, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000340)=""/93, &(0x7f00000000c0)=0x5d) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:46 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x4}) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:46 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x40, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x2000012) ioctl$KDADDIO(r0, 0x400455c8, 0x9) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @broadcast}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:46 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000080)=0x1) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:47 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r2, 0xab9535e9a6578fc1, 0x0, 0x0, {0x6b}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x3}}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r2, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4801}, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) getsockname$ax25(r0, &(0x7f0000000100)={{0x3, @default}, [@default, @netrom, @netrom, @bcast, @bcast, @bcast, @netrom]}, &(0x7f0000000180)=0x48) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) pipe2(&(0x7f00000001c0), 0x0) 23:01:47 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000000), &(0x7f0000000080)=0x4) signalfd4(r1, &(0x7f00000000c0)={[0xffffffff7fffffff]}, 0x8, 0x800) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000140)={0xbe, 0x9, 0x4, 0x1000, 0xfff, {0x0, 0xea60}, {0x5, 0x8, 0x9, 0x80, 0x7f, 0x81, "8f940a20"}, 0x1, 0x1, @fd=r3, 0x4, 0x0, r5}) [ 1364.845112] Bluetooth: hci8: Frame reassembly failed (-84) [ 1364.857984] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1364.858088] Bluetooth: hci7 command 0xfc11 tx timeout [ 1364.866088] Bluetooth: hci2 command 0xfc11 tx timeout [ 1364.869855] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1364.919212] Bluetooth: hci2: Frame reassembly failed (-84) 23:01:48 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:48 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x50, 0x4, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x380, 0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:48 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, &(0x7f0000000240)={0x800, 0x8, [0x8, 0x40, 0x20, 0x7ff], &(0x7f0000000200)=[0x0]}) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x58c9, @empty, 0x9}}, 0x3, 0x9, 0x8000, 0x97c4, 0x5}, &(0x7f0000000000)=0x98) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000180)={0x9, [0x2fb, 0x6, 0x6, 0x6, 0xffff, 0xb91d, 0x1, 0x4c, 0x5]}, &(0x7f00000001c0)=0x16) fcntl$notify(r0, 0x402, 0xe) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r3, 0x7ff, 0x1, [0x0]}, 0xa) [ 1366.015912] Bluetooth: hci7: Frame reassembly failed (-84) [ 1366.858173] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1366.864414] Bluetooth: hci8 command 0xfc11 tx timeout [ 1366.938018] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1366.938048] Bluetooth: hci2 command 0xfc11 tx timeout 23:01:49 executing program 3: ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000000)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x4001ff) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:49 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup3(r0, r0, 0x80000) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r2 = dup(r1) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x21a000, 0x0) ioctl$TIOCMIWAIT(r3, 0x545c, 0x0) ioctl$TCSETSF(r3, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, &(0x7f0000000040)) [ 1367.109362] kauditd_printk_skb: 22775 callbacks suppressed [ 1367.109370] audit: type=1326 audit(1599174109.504:2066658): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 23:01:49 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000000)={{0x1, 0x4}, 0x1}, 0x10) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) fsetxattr(r4, &(0x7f0000000080)=@random={'os2.', ':-&!\x00'}, &(0x7f00000000c0)='/dev/ttyS3\x00', 0xb, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KDMKTONE(r6, 0x4b30, 0x5) [ 1367.147095] audit: type=1326 audit(1599174109.504:2066659): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:49 executing program 1: socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000900)=@newchain={0x32cc, 0x64, 0x410, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x9}, {0x7, 0xf}, {0xe, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_fw={{0x7, 0x1, 'fw\x00'}, {0x1cbc, 0x2, [@TCA_FW_POLICE={0x820, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x6, 0x9, 0x401, 0x610, 0xc27, 0x0, 0x1, 0xfffffc00, 0x6, 0xff, 0x7f, 0x0, 0x7, 0x2, 0xc3, 0x3, 0x3, 0x3, 0x3, 0x6, 0x200, 0x138, 0x5, 0x8, 0x8001, 0x7fff, 0x0, 0x3, 0x6, 0x5868, 0xe3e, 0x6, 0x6, 0x9, 0x3, 0x3f, 0xffffff81, 0x6, 0x4, 0x1f, 0xf6, 0x2, 0x401, 0x7, 0x285e, 0x0, 0x9, 0x400, 0x3, 0x2, 0xfffff8bc, 0x8, 0x3f, 0xe4, 0x6, 0x2, 0x4, 0x5, 0x2, 0x0, 0xcd1, 0x4, 0x28ef, 0x6, 0x9, 0x10000, 0x1, 0x40, 0x3ff, 0x5, 0x4, 0x1, 0x100, 0x80, 0x7, 0x92, 0x459, 0x9, 0x1f, 0x1, 0x5, 0x1551, 0x818b, 0x173, 0xa8, 0x1, 0x3, 0x7fffffff, 0x5, 0x0, 0xffff, 0x490, 0x5, 0x0, 0x3, 0x0, 0x2, 0x24, 0x9, 0x9, 0xd9, 0x8, 0x6, 0xfffffffd, 0x5, 0x9, 0x2, 0x4, 0x9, 0xffffffff, 0x10000, 0x40, 0x8, 0x3, 0x3f, 0x4, 0x9, 0x6, 0x8, 0x3ff, 0x8, 0x5, 0x4, 0x7, 0x1323, 0xfffff2d7, 0x7ff, 0x7ff, 0x6, 0x80000001, 0x10001, 0x7, 0x8c9a, 0x80000001, 0x1f, 0x4, 0x3, 0x409, 0x2, 0x8, 0x2, 0xd1, 0x4, 0x0, 0x6, 0x1000, 0xfffffffc, 0x0, 0x3, 0x7fff, 0xd8a, 0x0, 0x92, 0x828, 0x3, 0x1, 0x10001, 0x3, 0x6, 0x0, 0xc562, 0x0, 0x7, 0x80000000, 0x1, 0x10001, 0x4147, 0x0, 0x52d, 0x9, 0x1, 0x101, 0x7fff, 0x81, 0x40, 0x3, 0x6, 0x401, 0x4, 0xb062, 0x80, 0x0, 0x2, 0x7, 0x1f, 0x1, 0x3, 0x1f, 0x8, 0xe59, 0xbf, 0x8, 0x401, 0x4, 0x1, 0x9, 0x1, 0xff, 0xdc40, 0x0, 0x2, 0x8000, 0x1, 0x8, 0x7, 0x1, 0x0, 0x80000000, 0x101, 0x0, 0x7, 0x2, 0x599, 0x400, 0x8, 0x0, 0x3be, 0x4, 0x7fff, 0x9, 0x3, 0x401, 0x1, 0x583, 0x1, 0x7, 0xe882, 0xd5a, 0x9, 0x5467ea47, 0x8, 0x4, 0x1, 0xfffffff7, 0x81, 0x20, 0x1, 0x3, 0xfffffffb, 0x3, 0x8, 0x4, 0xff, 0x6, 0x7, 0x7, 0x1, 0x4, 0xfff, 0x0, 0x2, 0x3, 0x7, 0x3f, 0x80]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x80000001}, @TCA_POLICE_RATE={0x404, 0x2, [0xfbe1, 0x4, 0x6, 0x7fff, 0x20, 0x1f, 0x4, 0x1, 0x4, 0x1, 0x80000000, 0x5, 0x5bd8, 0x4ad, 0x7fff, 0x6, 0x7fff, 0x9, 0x4, 0x9, 0x800, 0x2, 0x81, 0x54f5, 0x8001, 0x9a4a, 0x0, 0xdc0400, 0x9, 0x8, 0x5f, 0x401, 0x2, 0x7, 0x100, 0x2, 0x1, 0x6, 0x8, 0x3, 0xb57, 0x4, 0x9, 0x8, 0x8, 0x3, 0x7f, 0x7ff, 0x7f, 0x7, 0x5, 0x5ad5, 0x9, 0xfffffe41, 0x6f08, 0x7, 0x200, 0x0, 0x8000, 0x5, 0x101, 0x7, 0x202, 0x3f, 0x8, 0x1, 0xffffffff, 0x3f, 0x1, 0x4, 0x71, 0x5, 0x7, 0x4, 0xff, 0x89, 0x4, 0x7, 0xffffffff, 0x9, 0x6, 0xffffff01, 0x5, 0x1, 0xffff8cd8, 0x0, 0x1, 0x9, 0x1, 0x3f6, 0x3f, 0x20, 0xffffffff, 0x78, 0x7, 0xffff, 0x5, 0x9697, 0x7, 0x2ff, 0x8, 0x10000, 0x4, 0xffffff80, 0x1, 0x9, 0x8, 0x3, 0x7, 0x2, 0x1, 0x0, 0xffff, 0xfffffffc, 0x1a32, 0x6, 0x8, 0x9, 0x7ff, 0x6, 0x9, 0x20, 0x80, 0x6848, 0xa530, 0x9, 0x6, 0x5, 0xffff, 0x6, 0x1, 0xe2, 0xdae, 0x1, 0x7ff, 0x1, 0x7fffffff, 0x6, 0x1, 0x8, 0x6, 0x7f, 0xffff, 0x4824, 0x6, 0xa276, 0x8, 0x92, 0x20000, 0x5, 0x2, 0x40, 0x3, 0x0, 0xfffff801, 0xfffffeff, 0x0, 0x3, 0xffff, 0x80000000, 0x3, 0x3, 0x5, 0x6, 0x1, 0xffffffff, 0x80, 0x8, 0x0, 0x7fff, 0xffff8001, 0xffff, 0x20, 0x2, 0x6d15, 0x8000, 0x40, 0x6, 0x5, 0xffffffff, 0x3f, 0x2, 0x2, 0x8, 0x7, 0xffffffff, 0x90f6, 0x2, 0x7, 0x2, 0x2, 0x2, 0x2, 0x5, 0x6, 0x10000, 0x7b67, 0x1, 0x4f0d, 0x1, 0x5, 0x8, 0x0, 0xfffffffd, 0x0, 0x25f, 0x7ff, 0x2, 0x9, 0x2f5, 0x5, 0x8, 0x7c, 0x20, 0x40, 0x6, 0x4, 0x6, 0x1, 0x1, 0x1aa, 0x7, 0xb28, 0x6, 0x5, 0x81, 0x800, 0xfffff001, 0x8, 0x6b6f6d08, 0x81, 0x1, 0xff, 0x80, 0x2, 0xffffffff, 0x8, 0x7, 0x3, 0x80, 0x20, 0x5b, 0x8, 0x10001, 0x1, 0xffff, 0x6, 0x7, 0x9, 0x3, 0x1, 0x1, 0x400, 0x8a5c, 0xfffffffc, 0x200]}, @TCA_POLICE_RESULT={0x8}]}, @TCA_FW_POLICE={0x1498, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x5, 0x7fff, 0xffff, 0xe64f, 0x4, 0x1000, 0x5, 0xe4, 0x6, 0x0, 0x1, 0x5, 0xef, 0x4, 0x4, 0xfffffffe, 0xff, 0x2, 0x80, 0x2, 0xff, 0x81, 0x8000, 0xe98f, 0x2c, 0x0, 0x2, 0x740, 0x1f, 0x800, 0x100, 0x1, 0x8, 0x4, 0x4e171ba8, 0x0, 0x81, 0x400, 0x5, 0x1, 0x2, 0x2, 0x0, 0x100, 0x3, 0x800, 0xd2d, 0x6, 0x100, 0x8, 0x1, 0x2, 0x7aa7, 0x8, 0x401, 0x4, 0x8, 0x400, 0xbe0e220b, 0x49, 0x20, 0x1, 0x1, 0xa7c6, 0x7, 0x9, 0x80, 0x1, 0xa844, 0x6, 0x1, 0x81, 0x3, 0xffffff7f, 0x8, 0x7, 0x3, 0xfffffffe, 0x2, 0x3, 0x3, 0xd4a, 0x7fffffff, 0x101, 0x8, 0x5, 0x7fff, 0xe4, 0x6, 0x7, 0x80000001, 0x0, 0x3, 0x8, 0x74b, 0x1, 0x6, 0x9, 0x1ff, 0x101, 0x5, 0x20, 0x4, 0x800, 0x7, 0x3, 0x59, 0x3ff, 0x0, 0xfec, 0x8000, 0x1, 0x0, 0xfffffffb, 0xff, 0x0, 0x4, 0x7f, 0x1, 0x5158, 0x0, 0x81, 0x4, 0x0, 0x0, 0x80000001, 0x3, 0xfffffff9, 0x8, 0x3, 0x10000, 0x5d, 0x6, 0x5, 0x7, 0xfffffff9, 0x7c, 0x1, 0x6, 0x2f9, 0xbf4, 0x8000, 0x641, 0x100, 0x8, 0x7, 0x0, 0x2, 0x8, 0x3, 0x82cc, 0xfffffff7, 0x6, 0xfff, 0x7, 0x0, 0x9, 0x5, 0x7, 0x5, 0x5, 0x600, 0xb8a9, 0xeba000, 0x81, 0x7, 0x2, 0x9ce, 0x8, 0x2, 0x401, 0x0, 0x1, 0x0, 0x0, 0x3, 0x7, 0x0, 0x7121, 0x7f, 0xffffff8c, 0x81, 0x7, 0x7288, 0x0, 0xfffffffa, 0xe128, 0x6, 0x5, 0x13, 0x4, 0x2000, 0x800, 0x71, 0x7fffffff, 0x8000, 0x1b, 0xf90, 0x80000, 0xffffffff, 0x9, 0x6, 0xb8, 0x0, 0x7, 0x3ff, 0x3, 0xfff, 0x8, 0xc02d, 0xff, 0xc0e, 0x10000, 0x3776, 0x101, 0x8001, 0x1000, 0x5, 0x7fffffff, 0x3, 0x3, 0x1, 0x200, 0x3, 0x8, 0xffff, 0x3e58e1a9, 0x0, 0x2d0, 0x5, 0x2, 0x3ff, 0xfffffffd, 0x94fc, 0x40, 0x7f, 0x3, 0x3d6, 0x2, 0x20, 0x1f, 0x46, 0x401, 0x24, 0x853, 0x7, 0x3, 0x5, 0x40, 0x1ff, 0x0, 0x1, 0x3, 0xffffff00, 0x4]}, @TCA_POLICE_RATE={0x404, 0x2, [0x8001, 0x8, 0x1, 0x40, 0x6, 0x80000001, 0x9, 0x1f, 0x4, 0x5, 0x9d, 0xfffffff9, 0x4, 0x8, 0x40, 0x4, 0x2, 0x400040, 0x6, 0x4, 0x80, 0x81, 0x7, 0x4, 0x6, 0x9, 0x0, 0xd66c, 0x100, 0x0, 0x2, 0x8, 0x0, 0x2, 0x4, 0x10000, 0x8, 0x1000, 0x0, 0x6, 0x2, 0x5, 0xc, 0x6ebc, 0x4, 0x3f, 0x4, 0x8, 0x400, 0x8, 0x6, 0x6, 0xff, 0x1, 0x6, 0x20, 0xfff, 0x3, 0x7, 0x3, 0xd35, 0x6, 0x1, 0x81, 0xe53, 0x8001, 0x3b30, 0x0, 0x0, 0x5, 0x5, 0xff, 0x20, 0x72, 0x2, 0x2, 0x9599, 0x40, 0x8, 0xfffffffa, 0x5, 0x40, 0x7, 0x7, 0x2a, 0x80000001, 0x9, 0x1f, 0x80000000, 0x7, 0x200, 0x10000, 0x3, 0x3, 0x1, 0x8001, 0x800, 0x1ff, 0x5, 0x3, 0x1000, 0xab3, 0xd24, 0x1000, 0xb7, 0x10001, 0x0, 0x3, 0x78ed, 0x1, 0x7, 0x6, 0x4, 0x0, 0x8, 0xfffffffd, 0x20, 0xf0, 0x4, 0x4, 0x8, 0x2, 0x7, 0x4, 0x8, 0x4, 0x400, 0x8, 0x7, 0xa09, 0xc0, 0x800, 0xffff, 0xf31e, 0x7, 0x2, 0x2, 0xb70, 0xffffffed, 0x40, 0x7, 0x1, 0x800, 0x2, 0x6, 0x5, 0xfffffffe, 0xffff0001, 0x67, 0x40, 0x3, 0x74d2, 0x4, 0x800, 0xa8d2, 0x10001, 0x4, 0xf77f95d, 0x1, 0x9, 0x100, 0x5, 0x6, 0x8001, 0x8, 0x5, 0xfffff622, 0x3, 0x2788, 0x1, 0x80000001, 0x6d15, 0x6, 0x400, 0x8001, 0x0, 0x1, 0x1d1e, 0x800, 0x101, 0xfffffff9, 0x0, 0x6, 0x1cfc, 0x5, 0x3, 0x0, 0x1, 0x8, 0x5, 0xffffffff, 0xde, 0x2, 0x401, 0x2, 0x3ff, 0x7, 0x1, 0x2, 0x7, 0x100, 0x8001, 0x1, 0xbc75, 0x5, 0x8e85, 0x1, 0x3, 0x4, 0x3, 0x2, 0x10001, 0x101, 0x40, 0x6, 0x6, 0x80000000, 0x4, 0xfffffffa, 0x101, 0x8, 0x5, 0x5, 0x9, 0x8, 0x6, 0x1, 0xffffff29, 0x1f, 0xffffffff, 0x3ff, 0x20, 0x2, 0x5, 0x2, 0xffff, 0x7, 0x1, 0x2, 0x4, 0x13, 0x0, 0x1, 0x8001, 0x7, 0x400, 0x3ff, 0x80000000, 0x80000000, 0xffffffff, 0x0, 0x2d, 0x3, 0x1, 0xffffffff, 0x9]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x1, 0x7, 0x8, 0x2, 0x9, 0xff, 0x80, 0x3f, 0x1b, 0xffff8001, 0x190, 0x10001, 0x0, 0x200000, 0x7f, 0x9, 0x2a88, 0x7, 0x1, 0x800, 0x4, 0x2, 0x1, 0x1, 0x40, 0x3, 0x3f, 0x6, 0x3, 0x8, 0xff, 0x4, 0x3, 0x8, 0xe35, 0x78c, 0x4, 0x4, 0x3, 0x3ff, 0x7, 0x7, 0x5, 0x6, 0x592, 0x80, 0x8, 0x5, 0x6, 0x6, 0x10000, 0x8, 0x3, 0x77e, 0x0, 0x9f5, 0x1, 0x1000, 0xfffffffb, 0x4, 0x7, 0x20, 0x6, 0x9bab, 0x8910, 0x10000, 0x7f, 0x7fff, 0xc103, 0x7, 0x6, 0x5, 0x1, 0x0, 0x1, 0x3f, 0x4, 0x7, 0x3, 0x9, 0x800, 0x800, 0x4, 0x2, 0xffff, 0xaf8, 0xe000, 0x2, 0x5, 0xfff, 0x10000, 0x10000, 0xfffffffc, 0x4, 0x2, 0x8000, 0x3, 0x7, 0xffffffd8, 0x1, 0x5, 0x0, 0x5, 0x20, 0xfffffffb, 0x3a, 0xffffffff, 0x0, 0x1ff, 0x8000, 0x101, 0x9, 0x2, 0x1000, 0x7, 0x9, 0x47fd, 0x43a3, 0x81, 0x0, 0x40, 0x5, 0x7, 0xddd9, 0x8000, 0x87c00000, 0xb15, 0x7, 0x9, 0x0, 0x5, 0xff, 0x9, 0x5, 0x434d, 0x3, 0xffffffff, 0x40, 0x3, 0x0, 0x6, 0xfffffffc, 0x1f, 0x3, 0x7fffffff, 0x5936, 0xcb, 0xfffffff9, 0x80000000, 0x2, 0x3, 0x7, 0x1, 0x5, 0x77, 0x6, 0x5, 0x10001, 0x3f, 0x1, 0x4, 0x7, 0x2, 0x6, 0x3, 0x0, 0x0, 0x1000, 0x5, 0x0, 0x7fff, 0x1f, 0x9, 0x2, 0xff, 0x4, 0x5, 0x3, 0x6, 0x0, 0x3, 0x101, 0x1d49, 0x2, 0x4, 0x1, 0x30, 0x81, 0x7, 0x6, 0x8, 0x49, 0x8, 0xfff, 0x2, 0x6, 0xfffffffa, 0x5, 0x101, 0x6, 0xff, 0x1, 0x1, 0x2, 0x3, 0x6, 0x1, 0x0, 0x5, 0x2, 0x8, 0xff, 0x4, 0x0, 0x6, 0xd37, 0x2, 0xa31, 0x101, 0x8, 0x101, 0xb3, 0x8000, 0x400, 0x3253, 0x2, 0x5, 0x48bbee10, 0x7fff, 0x2, 0x0, 0x37, 0x9, 0x20, 0x2, 0x3, 0x4, 0x8, 0x84a, 0x7, 0x3ff, 0x3, 0x80000001, 0x80000000, 0xc3, 0x2, 0x0, 0x3, 0x7fffffff, 0x2, 0x7f, 0x1, 0x1, 0x200, 0x8]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1f, 0xffffff7f, 0x1, 0x0, 0x8, 0x0, 0x3, 0xffffffff, 0x0, 0x4, 0xb5, 0x8, 0xed, 0x6, 0x40, 0x3, 0x100000, 0x81, 0x800, 0x9, 0x0, 0x0, 0x1f, 0x7, 0xff, 0x0, 0x5, 0x8001, 0x101, 0x1f, 0xa9d, 0x5, 0x7, 0x1f, 0x5, 0x7f, 0xf0400000, 0x5, 0xfffffffb, 0x0, 0x6, 0x7, 0x5, 0x1, 0x9, 0x8, 0x7, 0x6, 0xb7, 0x0, 0x400, 0x200, 0x7, 0xfffffffd, 0x1, 0x8, 0x8, 0xb0e, 0xdbf, 0xffff, 0x5, 0x8000, 0x8001, 0x4, 0x80, 0xffffff20, 0xb, 0x3, 0xf4b, 0xb4, 0x8, 0x8000, 0x2, 0x1f, 0x2, 0xe83, 0x7, 0xff, 0x7, 0x0, 0x1, 0x0, 0xb2, 0x3, 0x6, 0x6, 0x8, 0x5, 0x7, 0x80, 0x4, 0x1, 0x1ff, 0x67ec0605, 0x1, 0x6, 0x1, 0xfffffff7, 0x0, 0x7, 0x8, 0x1, 0x1, 0xd994, 0x4, 0x2dbc, 0x2, 0x3, 0x2, 0x800, 0x8, 0x1, 0x1, 0xa08a, 0x8, 0x20, 0xff, 0x6, 0x5, 0xfff, 0x800, 0x8, 0xef3, 0x2000, 0x2d, 0x3, 0xae, 0x5, 0x7fff, 0x7ff, 0x1, 0x2, 0x9, 0x3, 0x5, 0x2, 0x6, 0x3, 0x6, 0x2, 0x6, 0x10000, 0x0, 0x6, 0xbe, 0x100, 0x518, 0xc03e, 0x8, 0x1, 0x8, 0x21, 0x3, 0x213, 0x5, 0x5, 0x9, 0x200, 0x5, 0x3f, 0x400, 0x1, 0xfffffff8, 0x5, 0xfffeffff, 0x9, 0x4, 0x0, 0x9, 0x800, 0x620, 0x2, 0x3, 0x4, 0xfffffffe, 0x8, 0x10001, 0x3, 0x200, 0x4, 0x7fffffff, 0x1000, 0x3, 0x0, 0x5, 0xfffffffe, 0x25f5, 0x0, 0x53c9, 0xffffffb7, 0x1bbf0111, 0xca5, 0x6, 0x4, 0x9, 0x22, 0x7, 0x80, 0x0, 0x233, 0x5, 0x20, 0x1, 0x8, 0x3f, 0x6, 0x7ff, 0xe8ff, 0x3f, 0x6, 0x8, 0x6, 0x4, 0x399, 0x80000001, 0x0, 0x4, 0x4, 0xe2be, 0x6a9d, 0x80000001, 0xa5dd8f4, 0x3, 0x4, 0x80, 0x9, 0x0, 0x9, 0xfffffffd, 0x1f, 0xcbbb, 0x5, 0x80000000, 0x0, 0xcfb8, 0x47bf, 0xc, 0xff, 0xe, 0x8, 0xff, 0xffffffe0, 0x33, 0x5, 0x2, 0x0, 0x3, 0x6c0, 0x5, 0xcc7, 0x34fe, 0x3, 0x8d, 0x4, 0x7, 0x7]}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x101, 0x400, 0x0, 0x5, 0x101, 0xfffffffb, 0x6, 0xd9a, 0x101, 0x8, 0x4, 0x0, 0x80000001, 0x59c212c8, 0x101, 0x7, 0x6, 0x10000, 0x401, 0xd7, 0x9, 0x7, 0x5, 0x3, 0xfff, 0xaf4, 0x131a, 0xfffffe01, 0x6, 0x101, 0x9, 0x1, 0x7, 0x2, 0x80000000, 0x800, 0x3, 0x0, 0x8, 0x6, 0x4, 0x80, 0x8, 0x7ff, 0x3f, 0x4, 0x58, 0x1, 0xffff, 0x1ff, 0xcc8, 0xae5, 0x8, 0x8, 0x2, 0x871, 0x5, 0x5, 0x8, 0x7fffffff, 0xe6, 0x0, 0xfff, 0x3, 0x4, 0x4, 0x5, 0x7, 0x7fffffff, 0x1, 0x40, 0x0, 0x9, 0x8, 0x0, 0x9, 0xbb7, 0x8, 0x7, 0x5, 0x0, 0x7ff, 0x1, 0xff, 0x200, 0x7, 0x10001, 0x1, 0x1, 0x2, 0x4, 0x2, 0x0, 0x6, 0xfff, 0x4, 0x1, 0x7, 0x1, 0x8331, 0x1, 0x7fff, 0x4, 0x1, 0x5, 0x5, 0x6, 0x6, 0xffff, 0x8001, 0x3, 0x2, 0x5, 0xe, 0x7f, 0xfe2, 0xc61e, 0xfff, 0x8, 0x4, 0x1b46, 0x5, 0x9, 0x1, 0xfffffffa, 0x1, 0x2, 0x8, 0x491, 0x41, 0x1, 0x7fff, 0x7, 0x62, 0xfffffff8, 0x99e, 0x80000001, 0x7, 0x1, 0x8, 0x8, 0x6, 0xd6ad, 0x9, 0x4, 0x7, 0xff, 0x9, 0xfffffffb, 0x7, 0x7ff, 0x401, 0x9, 0x9, 0x5, 0xffffe335, 0xa72f3a6, 0x2, 0x9, 0x6, 0x10000, 0x9, 0x5, 0x20, 0x7, 0x10000, 0x80000000, 0x6, 0x8, 0x9, 0x641, 0x8000, 0x8, 0x7, 0x6, 0x7, 0x88c, 0x40, 0x6, 0x2, 0x6, 0x16b0031, 0x76ca, 0x13, 0x1000, 0x0, 0x9, 0x2d4e, 0x1, 0x8, 0x5, 0x9, 0x0, 0x6, 0x5, 0x5, 0x10001, 0x400, 0xef9, 0x3, 0x5, 0x5, 0x305, 0xe802, 0x2aa3, 0x1000, 0x4, 0xfffffffa, 0xfff, 0xffffffcd, 0x1d48, 0x8, 0x9, 0x800, 0x3, 0x0, 0x2, 0x29, 0x7, 0x5eb, 0x1f, 0x8000, 0x38, 0x7, 0xff, 0x1, 0xb53c, 0x0, 0x1, 0x7ff, 0x9, 0xfffffff7, 0x4, 0x3, 0x1, 0x7, 0x8, 0xd885, 0x101, 0xfffffff8, 0x54, 0x2, 0xfffffff7, 0xffff, 0x8, 0x6, 0x90, 0x0, 0x1, 0x9, 0x8, 0x7, 0x8001, 0x0, 0x7, 0x6]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x3ff, 0x1, 0x1, 0x3f, 0x1f, {0x3f, 0x1, 0x1f, 0x2, 0x3, 0x4000}, {0xe5, 0x1, 0x37e1, 0x8, 0xffff, 0xffff7fff}, 0x7f, 0xa9b, 0x4}}, @TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x7, 0x40, 0x9, 0x4, {0x1, 0x33bfee576e7e0da1, 0x7fff, 0x0, 0x7fff, 0xffffff00}, {0xc9, 0x1, 0x9, 0x8, 0x81, 0x8}, 0xc6dd, 0x5, 0xfffffffd}}]}]}}, @filter_kind_options=@f_flower={{0xb, 0x1, 'flower\x00'}, {0xc, 0x2, [@TCA_FLOWER_KEY_MPLS_BOS={0x5, 0x44, 0x4a}]}}, @filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x159c, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x7, 0x10}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x10, 0xb}}, @TCA_MATCHALL_ACT={0x1580, 0x2, [@m_skbedit={0x1050, 0x9, 0x0, 0x0, {{0xc, 0x1, 'skbedit\x00'}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x7, 0x20, 0x7, 0x7f, 0x6}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xb, 0x6}}]}, {0x1004, 0x6, "31860cc4931f8460c4afb8eed1b48ae8ff4cb8157720c5f240ba2c14d9709be937d8aa38932fbe258f7faf96c573501bb7b54244bd073420c5c4d72da96a22ab219e5fb28419efdb0800d874cfa41b5d757d7be6eac5a3603f1eaf1d822330cae83f4ca794e56b86d3477176c4f41fcd3c6847ef897d744642ce2a145b61765db4b57ef46f0d9fbbd5a502eeadf359ef301aa8a0ac66f5b26113d4bfc858910fa06942696c4c73c3143e7dd123da57bb725ddaa37951162bae1df1731fff95a868776434ed3957336fa4dd5291b228be403873c9b19edc0f86259d0cd1b3ec3d246f7c616755756b8a1bcb7a19093622332486ca7b05b5484a7933379d79f374a7efb6c049345d2010fe1b2a8fda7b3e3d8c02e02dbee962d93f61e91dfcc759523391ece3705f2517d9c646993acde2901a96a46efbe6ee60946dc8f676bff9d64aa413e52ac001eba10020e5ae98aec478646fdc4a8eca35ae9540cc6c7897dc360e2adef56ce0ee73861f1ab63948c53b2313fb52c38785979893511ac7d941d166680698ce413a301a468dc9fad5784aa523e0fe1c06ecfcd30395696d7d465f274d70d0093bbc062242c8c98828b0692f3e286f4cdca473a9c121fd1426769dad9f204179a8af96759a4007fafa8f400c502b20857d79b22614f84c452b835cd7abb1b6dc77be2d258fe6607613f39c2b899400e4e210203918a05e44a933f4d2d3cff96310668ad707089f47172e54bcbdaa8cdae721e7c4e59d478227474d6b6f2db88a971819ac6afe743e3c5fc5625fa0f6aae91d91be82ebf3212651708d6b022cf45b5549240fe4e6d4bc3b98ed7fcf7aef1a92ea8f746ccfe8c934d03cf88e61ab5279ee9c66f5565478e3944b854aa4e8ac9b1b876090b5a071206f73b742ba785206352e5e06a1357e8e841523703bb99306125dc3b1af741b74d8fd293cd0d92506c571a2a7b0c6e3fbc1451212143048596c23a566f8937068fd11c32494f5202316ea6eb640ca518fbd8d371d9488bc77d9aad0fcb665afb00d347b5dcbdb5b227ca1d308523b76462cfc8411a7693d8a93edeee87770167d360598d607c4f8218ef15cf2f819b7070d984c24e624122d58fdf7079d47b08e9388a9f602c04a8bfe395697c605c260bb161c0d0ac711bdb5257d1eebb262abdc26c9b515613505e80bd78b2115544ad73a0871b8743ed58880c289d75b7cabf15937b32d9bff19ad141f4ee80d255637b16ab678c38491dad7b962bcb0a6ac75802ff5aac9ff856161219b5d98308bb714e1b329a8d8e773fd24d4c69b0cc93297fa4e313da53406334272495e3993d848d974ca9a0fd39b053d0e2048a21909eb24077ff51fbce08b3e5ba04059ab8c100c16e71b7ab8bca93c887d190c22f62694cfebd6c3ec9120389af68cddf9553015797ad1c858f680363c75d081d56d796d541ae22543acd6b5b770a02180ac752e0723e4696ccb4f125a071e9055b4adb88d9d8ed3a8a3f23efe0298d7f09ae3b4ca7c7f3afcb11331a2ddf1881e3766c8d3e981863ee3450cde94fea6ffd765baca99f872553e00ac36d0cb49491daa0a01d5c8dac9ac908961d0ef8ad067af04c48e14bde6dd92b166d10f5472c1a6df224110db9e3d45d62ea1f8106b0ed52125a094e79044e44c14bc83e9a11922170ea885fe220b83e10ba982d6a4b6b267753e4bcf8fc47aa0115a139309d0d0d63b1f1d14fd6f01fa9462992b37658e36c8ef2c903a43401bf4fb1161c91f4452c78f3a22afe61ab0debefca791371996d0897edcd54a55d2e70e1200b5f67f6de653a0d78dc99927e60358cb431b808c8185633c9167523cae4be1091e917099c2fd43087f563906522458ae4de2ebca4d155a06ad5374eff463b148e42416407fa6d8a2b79d851c84dd5338b41abc77703c270c1a2bd12d834fab7bdc046f3bc28f911900469bf3a45087d357e169cef026e7f632c7a39726a9817e1d5911a60684d89fbc203429786b93701089deb4e9ea52ce90c4bb63c1e104a4ec91d88a3787d599cf9b1b706e2a11cec1dc2194d082e75a87a3ce0cb967252ec7feed6694113d657ca3e3c9881f8069cabb3a864ffea4aeefd42963b7450945a0b79484e092eeb1f29b64db798c2c9d18dd01f77c6f672196ad0aef7779cac5d9283268c80d2eb2e2088cc81b4647a6d8fdd0f338806273729307a8482ea672d42f3f880b76a41f1d1da6adddefa48c952e9e8780dd77fcc42993c2846c317ba47476bbb623d84698cd8b0ee58040aa9e153a90bb516e309937d3c191545f29a62e88109253626bb8f1e1899e24702b285132775ea6f8fee45059f5fac3e0dd88049af76c7ff9909a2505a299be807118000edb2385bed551cf52d60769f4b2a77652b29d6b7191b1d6d099f8c087037b524ba3242ffa2ad7d048524139735aec6ce72369995db007172c30dda9f1f6957702b1f4a8ce24420f554a9a9874f22b709a5cc760da42ec34ab5705af55745376d9ba2474797ff6d6e77998fd76ceb63bf50f9f016e8a2d198f1698f94f6f7c8c90a8a614ddbd775da89e232fd95176a9d40b13559560e3738e9b0be15addd8636508773707de635d399aa9ee516dacd9816516bbff27e3dfda71808113c2b3be0b46443400ae90ee9f721df881f6a01e8320e45b28fcf9325fbac5ea1fa34426ba0996f58ff4d20b2d90d47f2d8ebc99ebf574a2af78551e57ab1953712ebf74cfe70cc785a6e30e14fa054a0765962f418d81fb287573d6ebd6b45aa2a9cd64eec2eec5778bbd830354e8a33c6407eb8d0d33b649fb7172c3eca2c90dca3c563bd849518f8f77abae53d95e270e4fa71e0835cd488a447639ceb62e08847c0a2484471a2e6b06a7986c38095442052c001042f90d481b114655a3a9cc37aad7cfc591865cf52dfb26497dbd27176d69f224bae47959615b2631bda398a30db130240ab70384350cd745e11426fb956ce8469a66e9f979c839b326d68b6a4badd1fed57edc95d4eece51ea4b46edebe626d35473e7e2b61db6bbb9649e59f47012bba146cf9b8f00dba7e96b5df4d284aec6803a15ac1278b80b7f780cc3bd5a206cd3ec9e73a1e8e0dc174bce16a2362f850be50e1e746e1cfa7b45f4a57ad0c0fcdff02bc1ac46987d2a148348d7557480155130307c9f0ca17859ce64b53a63ecb42bb42e4cca67beaf83a695cfd64da75743e129b57d4d481159d0400e5d83418ef3a3995a974d4038abe0b0fbcebcc2efb8ace041d641902cc00cd09451d024403c24e5196364878f1704b9a392fb395eee37630c5a2b03f26eb3bd8f6f1ae7cc8908bb69b7a5c1c93296c414a70df884e5f9f0b9e064dcf437887a716e270cba14e6dfcf6041d1b09da441a540bc71ff43080aaf6404664a39bac2797b8ecde731305e405fbcd9ea92b61403c97c251036a7b20e1d9ce68944493558388c26fd8719780a4b1362f9d1e6b89d3fc03727d31382537c59605d2b0d81d4ae7c74b90b939e0c14e139f2fc3c95c4fdf1a45807ec25f40c015d684ab7c76f915e0a76a445033baa2fe121a6e78bfea030d78e63a3094ca376811221b165099fbe5a6fdde9c537c977529218be666f50eb053cb669166f466d019ada54ad14ea90ab8866446963452a2933682414bb225f03da89379657dd4f06519ce2400fde6a448aee7eaf0fbbad0562197c0364ad7850b414144d32a2855cefd2b612ce392c5513b3500097514c9ce549798ea7727e6906c85d01f116b6e57b7dd44f1975054df75b393606d5ad81237251282c6b9f49b1608b92b96690797d8336c3c534ed86dd14bbdcbfe6627dfaaf3fdea2407e278de780924144fe3a38843b31656e3d95b60469e87021cd43aca419f867fb81d1e7a1ee4abcc2cf9a9e90563006d6b992ea27a27c25cfb4ebc9c63e8a4c1d57df458c51577cf3b5ae592d69a5e51f0c03c42dd745f12c7f8dcce038549b3924c9407dfb5d3354c3f29887be39372f4dcaf56878165d08c498151e222b02896aa6fcb896c00870e7a38302cdda4f1e0e142e8eb78460bf9bff89f732b2175d86c2876c17332c5c03bf5e33598b60e7ee064457ae6fe480e2bd07cf82b2e18afc1b0dbf9392d6d9e2785cf2190ee07796bfa62bad7664559e45fd803678e114af633c2fbf459032d99ff0d630e09847526cd3ba1cf44a5f285aac13474a6bd32c726cd70474bc23c357b4832ab14dc94d393b73c750f38316afd7dcc6e17121df3cd9bf0e184c7488187d67679273f6c9690218002ea9789cba2d55a559fa82fcc9c991dab19ac1b53d2f12fb97c2d84455665e055ca38f55af7f3fe506e4a65734d6d7af2ac14b8ddcb9da620d0218added4d41c0771158eb6eed41d833628d3a5d2e28d6c225e662de2cde691bd6194e14b42bcd26b375108496a8dcb7b7ff69d77d2980427d641ae213b5c3b51d5b7f59f71314ffda3af96d71c99c9db4cec2bbcad6e1eb552817d985b7d979c723684825128f7d7010316e18106d531407a7148dec10553b45cefe2dfc145574b593951badece013e373cb96cda948d11970781e7084f97d0bb172c6225168498293f25bcd79cc609bfa8a02e12d123cb3353019974b866aa68912dac2be057776ed79812f514eefaf6ab8acf8f93fe13407bc98dabb99539f2193e64196b8de809d9de846e9997fc3fb0ed6ef19dd74000d13de7f146a0a2c98e34bb704b75213b0d383fc01f4c8e8f3980d2d2ca0884e9947fc31ed8ca41b02d4744052359f0bbbecd755eb33bd64a2ff3215732af1540d96e9d9a38c521e6ab36b30f73eb8882bacb4f188930a7640e8e598ff874759ff8729bcf65a4c196481d9655d1f92817e29434c3cb267aea979bba877f200718323d19123167bfa48618ae5b55f34054a900006221c5efb4e5e61491d8a3de0ee1a669ee0b2b04fd956f13f83a7c7c17db5f2f56edcf7a8dc3e7af1507a080b436feb84fad75a8821c9bba3df349ba8bda7faf0fd90e05ef651263250df406dbab0658588647c799e682baaf28da51801335e682f519bd939e2c86ae853fba5a75b0e3f92abc5a54f33417203e6724793c450438e4cab651a16afa9ce26c545e15cc47580c94d4a70da0e76546c0d2edecad7ff1c75167fcdd82ec9e00a655b98550a726f875f1147942eeb8190af36ba73873f93dc81bd066ea1bbaf41942bc59927a7ad9d5be831de8f1669211215474cc8ea3417b3278841d3a198cfacdcee9c422a1e62a8ca7cc64814c44e0b4e96375f9eb7d69b9c7eef0a57ad7d5eadecc7c98048af8069dd5204350e2ae5ad3ad53d8b9ecafdb9ad5b209dcd38769a7d489cd4d0c3f51f7251f6446b179d604368827af27af78be639ea18f6f33c42bd3b940b5638d6af4d245d3a97c594e3f2c66e52659c57e0453535c4f3d39725801fb3e3519c5d5d5c001529c331d68f98032877fbf347c03f52247e9430a9b787bd5babd9f8f32487f4d96daf359db2bf627c25b46068b8031dc307b635a014db77a5839870143803a429b582ce8af2e9809bf40bef5b4a201e8338c8f590bc5a88e29ba99df91a904215b672f15554ff599529ac76864f804f0bbbb6f16fbb6d337eb676e832b5fbfc9225e737cb58b9b5e23d5ddbc74bc9aedbbb4fc5a218e57010f31b19f4f64fea10018655f58a5a91b942235315c142c2fb03bc4584e534649223e5dae4523b86b08dad5fc9e4c3c094d98748629e893e0a6e467b8920942509b5817e653fed611faf783af886e2cd41b627a534250dbe6d7ac4c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_gact={0x100, 0x13, 0x0, 0x0, {{0x9, 0x1, 'gact\x00'}, {0x64, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x1, 0x2ce8, 0x20000000, 0x7, 0xffffffa4}}, @TCA_GACT_PARMS={0x18, 0x2, {0x57, 0x6, 0x1, 0x734, 0x9}}, @TCA_GACT_PARMS={0x18, 0x2, {0x8000, 0x1, 0x554bd40f48527177, 0x9, 0x800}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x236, 0x8}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1ecb, 0x4}}]}, {0x71, 0x6, "f7f4b57afd1d95424de6acc21fd5ec63b99026ca40f38595d4a2cb88115eaa33c2002ef64c152debc51ca1f67e3b3b19c2d0ae41ef7c8cd1cc6d8d54eac4d9a55b81f017711e36ba5ba72e1583be4f41a02ef897c67c421f1f356125d7857f5e6a568a78b721b6c7d313b80828"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_vlan={0x170, 0x19, 0x0, 0x0, {{0x9, 0x1, 'vlan\x00'}, {0x54, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x6}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0xd4f, 0x3ff, 0x4, 0x80000000, 0x7}, 0x3}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x2, 0x1, 0x4, 0x2, 0x9}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x1}]}, {0xf3, 0x6, "e5946351f8118a2e66e7343387ef36bdc9e308c92945e6aaf8f78d6decb81135ace3f095f131241236707fe70fd7b7961d46215afb12a9fa755ea5fcadefe651b003cf57181cbe829d2e241ef3e5933e1e595e061d7f651cfa58c379008f386cfd2b3238c17ff664553d4a9b5a9b63867438b5dad849644d1ff74209c836d135865a10f70882e416c60d61ecd8a866c0d8c4f95999d7109fd9fcd99cf12bd412bcee2b583549100524780258340a1c50f393f34fa9abcb35e2b911293b47062b1f2dd923be6f369111585e09dff649de027b3c9f9c7a4ed9d64a4786805c5ba647ecdda30ae90212c0191efd0ae45d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_mirred={0x178, 0x14, 0x0, 0x0, {{0xb, 0x1, 'mirred\x00'}, {0xe4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x9f13, 0x20000000, 0x0, 0x101}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xfffffc01, 0xacf6, 0x3, 0x6, 0x936}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xcfa1, 0x2, 0x1, 0x9, 0x9}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x800, 0xfff, 0x0, 0xce, 0x1}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x570, 0xc2, 0x2, 0x7ff, 0x7}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0xffff0001, 0x20000000, 0x8, 0x3}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xfffffff8, 0x0, 0xffffffffffffffff, 0x100, 0x2}, 0x1}}]}, {0x6b, 0x6, "c4d0c325a1888284b64613fbd1b3ddef1e72e374785c04c2d724d4de6e864bff9c6719fe2feca4289b828941fc8e702a59aa71f50ba0b259bfea4ff0919bebe8b1dfd575f43135f23b0af72cc38d87c8ad2ebab08690b0c49c231c4f05db21493f52134ffdb652"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_nat={0x144, 0x5, 0x0, 0x0, {{0x8, 0x1, 'nat\x00'}, {0xcc, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x6, 0x10000000, 0x8, 0x400}, @dev={0xac, 0x14, 0x14, 0xa}, @rand_addr=0x64010100, 0x3fa489bd4f6ddc8e, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8001, 0x6, 0x0, 0x56600000, 0x5}, @empty, @loopback, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x80000000, 0x6, 0x1, 0x7, 0x87}, @local, @rand_addr=0x64010100, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x474, 0xfffffff7, 0x0, 0x80000000, 0x1d}, @empty, @multicast1, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x3, 0x5, 0x9, 0x7ff}, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffff00, 0x1}}]}, {0x53, 0x6, "fbebef0ac06d37dcebf580b89883dd08f39f80b27122338bfecd7c3d35106d90580312c460e8dabbe04b7157beff6cdec36ae0cb8f91d739d4b0dc402bb22ecbbffc8c8bcf158a53445bbf675d8156"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}, @TCA_CHAIN={0x8, 0xb, 0x7}, @TCA_CHAIN={0x8, 0xb, 0x1}, @TCA_CHAIN={0x8}]}, 0x32cc}, 0x1, 0x0, 0x0, 0x40810}, 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1367.190760] audit: type=1326 audit(1599174109.504:2066660): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1367.223152] audit: type=1326 audit(1599174109.504:2066661): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1367.288080] audit: type=1326 audit(1599174109.504:2066662): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1367.331228] audit: type=1326 audit(1599174109.504:2066663): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1367.477590] audit: type=1326 audit(1599174109.504:2066664): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1367.687510] audit: type=1326 audit(1599174109.504:2066665): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1367.715394] audit: type=1326 audit(1599174109.504:2066666): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1367.784805] audit: type=1326 audit(1599174109.504:2066667): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4576 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x137603, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x4) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1368.060943] Bluetooth: hci7 command 0xfc11 tx timeout [ 1368.066383] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:01:50 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000005700)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000340)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000080)=""/49, 0x31}, {&(0x7f0000000440)=""/76, 0x4c}, {&(0x7f00000004c0)=""/220, 0xdc}, {&(0x7f0000000180)=""/27, 0x1b}, {&(0x7f00000005c0)=""/191, 0xbf}], 0x5, &(0x7f0000000700)=""/246, 0xf6}, 0x4}, {{&(0x7f0000000800)=@l2tp6, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000900)=""/143, 0x8f}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/160, 0xa0}, {&(0x7f00000002c0)=""/3, 0x3}], 0x4, &(0x7f0000001a80)=""/4096, 0x1000}, 0x80}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000002a80)=""/227, 0xe3}, {&(0x7f0000002b80)=""/210, 0xd2}], 0x2, &(0x7f0000002c80)=""/161, 0xa1}, 0x6}, {{&(0x7f0000002d40)=@l2tp6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000003fc0)=[{&(0x7f0000002dc0)=""/138, 0x8a}, {&(0x7f0000002e80)=""/229, 0xe5}, {&(0x7f0000002f80)=""/4096, 0x1000}, {&(0x7f0000003f80)=""/24, 0x18}], 0x4}, 0x4d6b}, {{&(0x7f0000004000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000005080)=[{&(0x7f0000004080)=""/4096, 0x1000}], 0x1}, 0x6}, {{&(0x7f00000050c0)=@in={0x2, 0x0, @remote}, 0x80, &(0x7f0000005680)=[{&(0x7f0000005140)=""/254, 0xfe}, {&(0x7f0000005240)=""/226, 0xe2}, {&(0x7f0000005340)=""/38, 0x26}, {&(0x7f0000005380)=""/9, 0x9}, {&(0x7f00000053c0)=""/239, 0xef}, {&(0x7f00000054c0)=""/23, 0x17}, {&(0x7f0000005500)=""/174, 0xae}, {&(0x7f00000055c0)=""/183, 0xb7}], 0x8}, 0x6}], 0x7, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) 23:01:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x7ff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$GIO_UNISCRNMAP(r2, 0x4b69, &(0x7f0000000100)=""/34) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:50 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$proc_mixer(r4, &(0x7f0000000080)=[{'LINE2', @void}, {'LINE2', @val={' \'', 'Mic Capture', '\' ', 0x4}}, {'PHONEIN', @val={' \'', 'CD Capture', '\' '}}, {'LINE3', @val={' \'', 'Master', '\' '}}], 0x7d) r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x42000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$FBIOPAN_DISPLAY(r7, 0x4606, &(0x7f0000000180)={0x2000, 0x10, 0x1000, 0x600, 0x20, 0x1, 0x18, 0x1, {0xffff, 0x5}, {0x6, 0x7, 0x1}, {0x1, 0x800, 0x1}, {0x5, 0x7f}, 0x723b51b297a7794, 0x1, 0x8000, 0x6, 0x0, 0xeb, 0x2, 0x8, 0x7, 0x81, 0x0, 0x3, 0x10, 0x200, 0x1, 0xb}) ioctl$FBIOGET_FSCREENINFO(r5, 0x4602, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1368.253388] Bluetooth: hci7: Frame reassembly failed (-84) [ 1368.264422] Bluetooth: hci7: Frame reassembly failed (-84) 23:01:51 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000003740)=[{{&(0x7f0000000340)=@ax25={{0x3, @default}, [@default, @default, @remote, @bcast, @rose, @remote, @remote, @rose]}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000440)=""/65, 0x41}], 0x1, &(0x7f00000004c0)=""/145, 0x91}, 0xed15}, {{&(0x7f0000000580)=@tipc=@id, 0x80, &(0x7f00000002c0), 0x0, &(0x7f0000001600)=""/190, 0xbe}, 0x4}, {{&(0x7f00000038c0), 0x80, &(0x7f0000001880)=[{&(0x7f00000003c0)}, {&(0x7f0000001740)=""/142, 0x8e}, {&(0x7f0000001800)=""/110, 0x6e}], 0x3, &(0x7f00000018c0)}, 0x2}, {{&(0x7f0000001900)=@nfc, 0x80, &(0x7f0000002e40)=[{&(0x7f0000001980)=""/115, 0x73}, {&(0x7f0000001a00)=""/226, 0xe2}, {&(0x7f0000001b00)=""/19, 0x13}, {&(0x7f0000001b40)=""/110, 0x6e}, {&(0x7f0000001bc0)=""/53, 0x35}, {&(0x7f0000001c00)=""/4096, 0x1000}, {&(0x7f0000002c00)=""/55, 0x37}, {&(0x7f0000002c40)=""/197, 0xc5}, {&(0x7f0000002d40)=""/62, 0x3e}, {&(0x7f0000002d80)=""/187, 0xbb}], 0xa, &(0x7f0000002f00)=""/237, 0xed}, 0x100009}, {{0x0, 0x0, &(0x7f0000003140)=[{&(0x7f0000003000)=""/40, 0x28}, {&(0x7f0000003040)=""/227, 0xe3}], 0x2, &(0x7f0000003180)=""/181, 0xb5}, 0x10001}, {{&(0x7f00000016c0)=@hci, 0x80, &(0x7f00000035c0)=[{&(0x7f00000032c0)=""/16, 0x10}, {&(0x7f0000003300)=""/221, 0xdd}, {&(0x7f0000003400)=""/162, 0xa2}, {&(0x7f00000034c0)=""/61, 0x3d}, {&(0x7f0000003500)=""/177, 0xb1}], 0x5, &(0x7f0000003640)=""/227, 0xe3}, 0x6}], 0x6, 0x10041, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1369.097994] Bluetooth: hci2 command 0xfc11 tx timeout [ 1369.102618] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:01:51 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1369.149114] Bluetooth: hci2: Frame reassembly failed (-84) [ 1369.237154] Bluetooth: hci8: Frame reassembly failed (-84) 23:01:52 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000180)={0x100000200ffff, 0xffffffff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x4001, 0x5, 0x0, 0x0, 0x0, 0x40000000}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000440)=""/227, 0xe3}, {&(0x7f0000000340)=""/106, 0x6a}, {&(0x7f0000000540)=""/126, 0x7e}, {&(0x7f00000005c0)=""/107, 0x6b}, {&(0x7f0000000080)=""/24, 0x18}, {&(0x7f0000000640)=""/65, 0x41}, {&(0x7f00000006c0)=""/249, 0xf9}, {&(0x7f00000007c0)=""/247, 0xf7}, {&(0x7f00000008c0)=""/187, 0xbb}], 0x9}, 0x820}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000002c0)=""/18, 0x12}, {&(0x7f00000003c0)=""/13, 0xd}], 0x2, &(0x7f0000000a80)=""/214, 0xd6}, 0x8}], 0x2, 0x10041, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000280)) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x4}, 0x0, 0x0) 23:01:52 executing program 4: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200)='ethtool\x00') sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x52000800}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="4000000012da27431f7f360f0052a05e796fd5a90ae873bdbe9e189811d408cda4ebd73ef135725d08ced88fa363b1fdb7ae0c928b0135c299323981890387029db18e3002a9df00021580982669901a083dd400ab432b9863835e75af97213dec9a337cfb644e0ea2f41dd3ddc497a7524d9390ac473900452427ad81aea0950c102051df8519b3c05d7d262c44e3bc51efa6a23ac536979726b176a560c7e12247ee20309b2192d2c1c7a28bb3b6dff24ac0f244d823ab4b653ae79b5268f77b13a2fbe3b2f867a4c0e472b7229ca911abf4ed2f4fa9ba11d46b8c7bb3094baa00"/241, @ANYRES16=r0, @ANYBLOB="200000000000fedbdf25010000002c00018014000200687372300000000000000000000000001400020073797a6b616c6c657230000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000001b00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xa, &(0x7f0000001ac0)={&(0x7f0000000440)={0x5c, r0, 0x204, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4}, @HEADER={0x4}, @HEADER={0x34}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r0, 0x20, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x10) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r1, 0x545c, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e24, @loopback}, 0x10) ioctl$TCSETSF(r1, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 1370.297944] Bluetooth: hci7 command 0xfc11 tx timeout [ 1370.303261] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1371.177905] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1371.177935] Bluetooth: hci2 command 0xfc11 tx timeout 23:01:53 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$SIOCPNGETOBJECT(r1, 0x89e0, &(0x7f0000000000)=0x6) 23:01:53 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) dup(0xffffffffffffffff) getsockopt(0xffffffffffffffff, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000340)={@any, 0x5, 0x9, 0x3f, 0x2, 0x3, "07c3e91991b55eaadaf615ef74b5f2a2d5cdf2ab8540a5db118aa6c27962207844fb7e50b58b57f6b4c8efddb844459841020dbe830224c5b329afcf2534b8193a1404efcf14c65150efafb61bdc441b8df22fca0fbe75989fc1ef25c7d5b64757e4f63266a5575d512607ece70b1d6778489d013658542280cb02b50ca1fb33"}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f0000000440)=""/208) 23:01:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x2002, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) ioctl$KDADDIO(r1, 0x400455c8, 0x40) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:53 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x9) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:53 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvme-fabrics\x00', 0x80, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)=@ipv6_getaddr={0x94, 0x16, 0x400, 0x70bd2a, 0x25dfdbfd, {0xa, 0x18, 0xd0, 0xfe}, [@IFA_LOCAL={0x14, 0x2, @private2}, @IFA_FLAGS={0x8, 0x8, 0x8}, @IFA_FLAGS={0x8, 0x8, 0x2}, @IFA_CACHEINFO={0x14, 0x6, {0xfff, 0x4, 0x10001, 0x80000000}}, @IFA_CACHEINFO={0x14, 0x6, {0x41, 0x9, 0x2, 0x7}}, @IFA_CACHEINFO={0x14, 0x6, {0x1242ef63, 0x3, 0x80000001, 0x4}}, @IFA_LOCAL={0x14, 0x2, @local}, @IFA_FLAGS={0x8, 0x8, 0x230}]}, 0x94}, 0x1, 0x0, 0x0, 0x8c3}, 0x4004001) r4 = openat(r1, &(0x7f0000000200)='./file0\x00', 0x80240, 0x80) ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000240)=r4) r5 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000100)={0x9, @raw_data="023aec803c6d500573651d3581616d2cdd5aa3d5bae03982ba632a6d09196011fd972835fd6c3e923f1f895e168cfd44461274af61434916e6994dd8ce05cb3da0669b40c3f934aac78c3b989ef50ffff8b0030dc35127e0ca63fdece40ee5fede32fb19d7814cadac44be32b1b17419424ca6bd00c69a747d21a35b2894c1fe3e53f66482709852ee613bd762630e360313a47c79a0cb15d4740b128817ac5055d4fa81438e2a5f088286e57f85ca04f894cf407f136b6e94e12e8d6a8dd315b5d4942c5022abf8"}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000080)={'wg1\x00'}) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1371.258174] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1371.329629] Bluetooth: hci2: Frame reassembly failed (-84) [ 1371.352844] Bluetooth: hci7: Frame reassembly failed (-84) [ 1372.120342] kauditd_printk_skb: 16514 callbacks suppressed [ 1372.120351] audit: type=1326 audit(1599174114.474:2083182): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.137984] Bluetooth: hci3 command 0x0406 tx timeout [ 1372.147813] Bluetooth: hci0 command 0x0406 tx timeout 23:01:54 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0xfffffffffffffffe) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r5) getsockopt(r5, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) pwrite64(r4, &(0x7f0000000440)="a347bb2780a45ca3e4e792532dcdd6f73a735e49e68a8c8d989b8ef18ae28aa46b41e9bb224f54245bc1bf018b2c80031b2d4f8a251133974aabe1574406cbc3e29bcb55be578c36975225d60a7e23c356df585e5741cf095a1093179cdb2993012c65c7e90560da018f07cd9ed8f3c3ea3136514d047cd85b99c05f368c146239d2ab42b3f84308908c374763097f1a33f6ae18009f2e49486c676f3a4de3145a3f6744cb365981fa7afff13a39b37083a336f3241ad55a4931171760773a23954dd94b68840ae6cc670849b143950d6e14002822f27da20a18a6f65c1ee8687e37c1d5", 0xe4, 0x7) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x8000000}, 0x0, &(0x7f0000000300)={0xfff, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0) 23:01:54 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x60900, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) r3 = syz_open_pts(r1, 0xa0000) ioctl$KDENABIO(r3, 0x4b36) r4 = accept(r0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @empty}, &(0x7f0000000000)=0x80) getpeername$l2tp(r4, &(0x7f0000000100)={0x2, 0x0, @broadcast}, &(0x7f0000000140)=0x10) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1372.239185] audit: type=1326 audit(1599174114.474:2083183): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.303877] audit: type=1326 audit(1599174114.474:2083184): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.361665] audit: type=1326 audit(1599174114.474:2083185): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.419844] audit: type=1326 audit(1599174114.474:2083186): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.475774] audit: type=1326 audit(1599174114.474:2083187): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.497697] audit: type=1326 audit(1599174114.474:2083188): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.522000] audit: type=1326 audit(1599174114.474:2083189): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.544479] audit: type=1326 audit(1599174114.474:2083190): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4697 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1372.566978] audit: type=1326 audit(1599174114.474:2083191): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4746 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1372.720319] Bluetooth: hci8: Frame reassembly failed (-84) 23:01:55 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) fallocate(r1, 0x10, 0x1000, 0x3) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:55 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000080)={0x1, 0x1}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x9d9a}, 0x0, 0x0) [ 1373.337949] Bluetooth: hci2 command 0xfc11 tx timeout [ 1373.343486] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1373.418086] Bluetooth: hci7 command 0xfc11 tx timeout [ 1373.418111] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:01:56 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x80c080, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = dup(r4) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) mount$9p_fd(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@version_9p2000='version=9p2000'}, {@cache_mmap='cache=mmap'}, {@aname={'aname', 0x3d, '*(\''}}, {@privport='privport'}, {@dfltgid={'dfltgid'}}], [], 0x6b}}) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:56 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x898000, 0x0) syncfs(r0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:56 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000080)) flistxattr(r1, &(0x7f0000000100)=""/4096, 0x1000) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) write$FUSE_INIT(r1, &(0x7f0000001100)={0x50, 0xfffffffffffffffe, 0x0, {0x7, 0x1f, 0xff, 0x80050, 0x4, 0xfff7, 0x4c, 0x4}}, 0x50) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000000)=0xfff) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:01:56 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb6}, 0x0, 0x0) sendmmsg$sock(r5, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000440)="273437ea3ef2fad70ebdb0dd36af2c18dd4f94187641e77e676b00c72fe5dce1577dfea4e56bda60c08668c8ce8e2db1da1f587d972d64fd8876615c4ebb96cbc6d9fe720d6c64d389e329a558e83a4a50b99760cfa45663e3b963e90fde3ddc3eacf26ce5367a791f8d806b5b8d41454c67707d81efb2aad99922751044fd3ef3e001f02d83819816607feaa44114e227a15781e3a5cfd24c120440ec62c46b81b40aa0ba0f08ab7a5e30bd96aa90e9d145ad337739e5067f311d0588de6923e460c2c823f7420bb65b9e9d1b8701dc0a2a02a215097c4cdc3d4fd12874856ecf3eceaf7070851a7b9b145679dc0cbf46d3104083", 0xf5}, {&(0x7f0000000340)="1977ce841820123c3081960564c359f40f796e46e550e0eac2c50c2aae282331285bc12cb59149ed7714dca97ab01493c11a6444d0bf711428ba877ebe19618879c125971117fb9421156d3c92f26dcb4153acbadd493595bd0012b1e2900f9bc7aefefe00a11a5161b031d18465f130ae4c3d6ecfdb454525eff08779534b7aa2", 0x81}, {&(0x7f0000000540)="0e66a5e73ba88659e60027737fdef12943ed2d1ef720552c52f44ee1bf97f2b4fa3fc2a945cf57c1c34199b9216ecf928f18ea5681a87eb3280564876e70211e3decd13084977f45002be017839de410dcbee56218b727ce021f0c6c334cdd5fe6fbf896918fda88a6e9c03bf8afa90bb411847458b9153a7061c462a7dd8fdaffcf5a249fa3530fb12b5f091492721452ad12e81c6e00220686be924458709b8602597fc0e4d7fa79aa7a3c6ec6eceb07410844b55bc26b92cad7f1508a5da9fd6a303aa6457a5a5ce8d381152dd0ea99bb2fe14ffde62f69213afc35275efc0bc03e5dc9f5eb51a3dd681d58778b34ad2dbaf8a1f6c8a8136ce3589cae", 0xfe}, {&(0x7f0000000140)="abbd9cc32494d6f253b40b000b0a4f8d3b17800794261d864afdafe9e03b40e4d9b9f3f8f5926298b7c8d8c5e83c4a9d348a1263dc3027651aa47d728557df70ccf42803731463eaa27f8315efdc7dab7e311d98", 0x54}, {&(0x7f00000002c0)}], 0x5, &(0x7f00000006c0)=[@timestamping={{0x14, 0x1, 0x25, 0xffff5f7e}}, @txtime={{0x18, 0x1, 0x3d, 0x5}}], 0x30}}], 0x1, 0x4000800) 23:01:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x690041, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x50000}]}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)={[{0x2d, 'cpu'}, {0x2b, 'rdma'}, {0x2d, 'cpu'}]}, 0x10) 23:01:57 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x200, 0x71bd2d, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040050}, 0x20000094) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4040, 0x0) setsockopt$inet_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "07b08f9ec59db9bc", "4b5d209a7fc8399ce0e2d29472e724a6", "7851e428", "65a4edc7ded0dd22"}, 0x28) 23:01:57 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, &(0x7f0000000100)={0x3, 0x401}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) syz_extract_tcp_res$synack(&(0x7f0000000140), 0x1, 0x0) [ 1374.649655] Bluetooth: hci7: Frame reassembly failed (-84) 23:01:57 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x4, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$PIO_FONTX(r2, 0x4b6c, &(0x7f0000000180)={0x1be, 0x10, &(0x7f0000000440)="32db17e4538d64e0d6860a29760db785fd831a69edf9e4b2e90aacf76063e5034af3c3164a76a46d444decaa0122d51f997ac70e90791aa440c6f71a310c7d9f43582700a57300f2e32cc5bfe6574ba253ef54dc2dcd26a21c6688cf389674d0b810f3163e03969b19891a6f76f40ba675f2a8539086c3e63decb785ebc394adb58c574a53c9aff427bbb6121a18f3fb8eb7351d21c596edebe351666dc61e4dfa015b265599a2cf57e283f9f3fa9846fa49a16577b9be6731c262a323ef8eaad4ffc62fdd7b1d8f7fae58cffeaea71781d5ad017bb0e2f6d81256c03cc3ea91d6f729aeb57d1e4274b9d81fe9ae70ad384425b5c5c2cb42dc871b1e70f3834b2dd6c431ee0723ca4c26e501089198bd7b94a07a8c301c3fe0a6e02ec91961c73628e3237d806bf805961d9414ce640709d0b2565aa3e73ff346a66c6ae5f9cf9943f4037d576606ac82ce3ccf8dcfe8320d3019512fd1aaf04d5cff662bd2a5ff3bc3d6f25b9e113cd796691f367ca43ad94af04c656192a6d9c777386bdf5c4a525ac6ac0812f8946aa6af26e28c3cc1216fb0e601dc1c48d27852d53eaccaeee16c411e2cd0e57a27fad26d01ec3cd445fe0b0f36d4e3b4319b76f1e98cfbdfb112792b60f50904654c7506ff20b610eea443a162d3fcff4ba381d272c30a01235431166a8d5fa25744735831d8ebc689cce35f5b9014984fb5b2620355c5ffbcfc478178f94ee2d7653c5659044179a391d17febf7b938c5a3eb296beb6807f5a1df3b64cb42c46f5f0c9915ef2d10cd5ac35eaf1866eac16715ddf3058820536228443d9973627c2409152d6ce6d38e3a4c7e3bef7b663932a7c0539801c449f183a6b510a830fa77d20d1db0d0291aa5b1cfd60d871ce8cff6cc0439c698fef09467f0d2a6df9383c99a0e8b78d61260eb3fc6ac52be8c84d8bca481cf95e8221423e7f4bf480d925faa21e1ffba42be990e44cfed4c03f73368e2d2a44cc85c3c0ea5d1ed6ccfa0126bfc8f02ed8704a200ef4733f6bcea38399bacd5426739f70d5156fab8b55ebd99c66d51c2364175f6ac587843f3bdb23a777fd3ec21af227c022be8f61b48a9acfb4a4f0ea022740040e02a10457b882ce404d9403fd26f4d9c7a76679095a29ad0826d3db5f61d8f1e5ba4551b309ccf83a7c624397b10407df28d1fc3e051c34ea13ecd460828ea107f75fa7e9b94fd997999bc97bf2953a1053ca14c3a3a395810149664c47eb3c3f5f04e112940ec6fe4e7f90d3d23313bcf121e397de4c5300b43974a554a374e30c6ec85ffeeae93dd24bccb16de43a6cc58d48dc954668b8db3dcc5027344f591e50da50df88a7dc6e03b7e19b0f5ac550bc4e26c1669e5870c7e96b9a9a2703778c63446d87d4a58da54484db0aa12e7dc9d9d6b111ac5d86df7b21720f9e96d9fcd300834fc46915b"}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3, 0x20, 0x1}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1374.778052] Bluetooth: hci8 command 0xfc11 tx timeout [ 1374.783408] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:01:57 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f00000000c0)={0x0, "4b9bec"}, 0x4) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x10080, 0x0) ioctl$TIOCMIWAIT(r4, 0x545c, 0x0) ioctl$TCSETSF(r4, 0x5437, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VT_RESIZE(r6, 0x5609, &(0x7f0000000080)={0x3, 0x8000, 0xaf6}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 1375.459749] Bluetooth: hci8: Frame reassembly failed (-84) [ 1375.465751] Bluetooth: hci8: Frame reassembly failed (-84) 23:01:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:01:58 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 23:01:58 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f0000000080)=0x1) 23:01:58 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x141002, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1375.977932] Bluetooth: hci2 command 0xfc11 tx timeout [ 1375.978044] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1376.095662] Bluetooth: hci2 sending frame failed (-49) [ 1376.697956] Bluetooth: hci7 command 0xfc11 tx timeout [ 1376.697993] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:01:59 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x1, 0x20103, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/69, &(0x7f00000000c0)=0x45) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000440)={0x0, 0x0, 0xfffffffa, 0x5}, 0x10) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x5, 0x3, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0xde, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) poll(&(0x7f0000000080)=[{r3, 0x2040}, {0xffffffffffffffff, 0x200}, {0xffffffffffffffff, 0x4002}], 0x3, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ttyS3\x00', 0x400103, 0x0) 23:01:59 executing program 4: migrate_pages(0x0, 0x7ff, &(0x7f0000000000)=0x7, &(0x7f0000000080)=0x8) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) [ 1377.131679] kauditd_printk_skb: 17928 callbacks suppressed [ 1377.131688] audit: type=1326 audit(1599174119.534:2101119): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1377.159274] audit: type=1326 audit(1599174119.534:2101120): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1377.180879] audit: type=1326 audit(1599174119.534:2101121): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1377.202546] audit: type=1326 audit(1599174119.534:2101122): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1377.224216] audit: type=1326 audit(1599174119.544:2101123): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1377.245880] audit: type=1326 audit(1599174119.544:2101124): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1377.268298] audit: type=1326 audit(1599174119.544:2101125): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1377.289941] audit: type=1326 audit(1599174119.544:2101126): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1377.311751] audit: type=1326 audit(1599174119.544:2101127): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x416e41 code=0x50000 [ 1377.333396] audit: type=1326 audit(1599174119.544:2101128): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4855 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 23:01:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/icmp6\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xe) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x20000f) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xe) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1377.497971] Bluetooth: hci8 command 0xfc11 tx timeout [ 1377.503352] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:02:00 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000140)=0x7ffc) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x2000000000000218, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x80004}]}) 23:02:00 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$NBD_DO_IT(r1, 0xab03) r2 = dup(0xffffffffffffffff) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x80080, 0x0) ioctl$HDIO_GETGEO(r2, 0x301, &(0x7f0000000000)) ioctl$TIOCMIWAIT(r3, 0x545c, 0x0) ioctl$TCSETSF(r3, 0x5437, 0x0) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x300, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 23:02:00 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0xffffffffffffffff, 0xe, &(0x7f0000000280)={0xc5, 0xfffffffffffffffd}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000180)={0x0, 0x12, "c58cc4a053283504ff8ecee98c70fe4bab9c"}, &(0x7f00000002c0)=0x1a) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1377.767658] Bluetooth: hci7: Frame reassembly failed (-84) [ 1377.977995] Bluetooth: hci9 command 0xfc11 tx timeout [ 1377.978100] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1378.147944] Bluetooth: hci2 command 0xfc11 tx timeout [ 1378.153267] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:02:00 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) semctl$GETNCNT(0xffffffffffffffff, 0x1, 0xe, &(0x7f0000000000)) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1378.269641] Bluetooth: hci2: Frame reassembly failed (-84) 23:02:01 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x1, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1378.568140] Bluetooth: hci8: Frame reassembly failed (-84) [ 1378.574623] Bluetooth: hci8: Frame reassembly failed (-84) 23:02:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) 23:02:01 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$TCSETSF(r2, 0x5437, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0xa000, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) close(r3) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1379.195755] Bluetooth: hci9: Frame reassembly failed (-84) 23:02:01 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_AGP_RELEASE(0xffffffffffffffff, 0x6431) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1379.818096] Bluetooth: hci7 command 0xfc11 tx timeout [ 1379.823520] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:02:02 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r2, 0x545c, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) ioctl$TCSETSF(r2, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1380.299104] Bluetooth: hci2 command 0xfc11 tx timeout [ 1380.309564] Bluetooth: hci2: Entering manufacturer mode failed (-110) 23:02:02 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) getsockopt(r3, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) tkill(0x0, 0x22) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff}, 0x0, 0x0) [ 1380.354577] Bluetooth: hci2: Frame reassembly failed (-84) 23:02:03 executing program 5: ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000140)={0x81, 0x23, 0xb0d6, 0x1, 0x12, 0x9}) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x800, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000240)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x9) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/bluetooth/6lowpan_control\x00', 0x2, 0x0) syncfs(r2) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f00000001c0)={0x0, 'veth0\x00', {0x1}, 0x29d}) ioctl$EVIOCSREP(0xffffffffffffffff, 0x40084503, &(0x7f0000000100)=[0x6, 0x80]) 23:02:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) getsockopt$inet_int(r0, 0x0, 0xf8d76b402c960f8a, &(0x7f0000000100), &(0x7f0000000140)=0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}, {0x2, 0x8, 0xc0, 0x4}, {0xfeff, 0x2, 0x80, 0x5}]}) [ 1380.618066] Bluetooth: hci8 command 0xfc11 tx timeout [ 1380.623369] Bluetooth: hci8: Entering manufacturer mode failed (-110) 23:02:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000100)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x2, 0x0) r1 = open(&(0x7f0000000180)='./file0\x00', 0xc780, 0xa0) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, 0x0, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@NLBL_MGMT_A_DOMAIN={0x7, 0x1, ',(\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}]}, 0x24}}, 0x4008000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1380.714674] Bluetooth: hci7: Frame reassembly failed (-84) [ 1380.723837] Bluetooth: hci7: Frame reassembly failed (-84) [ 1380.838048] Bluetooth: hci8: Frame reassembly failed (-84) 23:02:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x686000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) poll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x4000}, {r0, 0x1}], 0x2, 0xfffffffa) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x7, 0x8401) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$bt_l2cap_L2CAP_CONNINFO(r2, 0x6, 0x2, &(0x7f0000000080)={0x0, '-xK'}, 0x6) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) r4 = dup(r3) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x2000, 0x0) ioctl$TIOCMIWAIT(r5, 0x545c, 0x0) ioctl$TCSETSF(r5, 0x5437, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 1381.258025] Bluetooth: hci9 command 0xfc11 tx timeout [ 1381.258045] Bluetooth: hci9: Entering manufacturer mode failed (-110) 23:02:03 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000080)=[{r0, 0x240}], 0x1, &(0x7f0000000180)={0x0, 0x3938700}, &(0x7f00000002c0)={[0xffffffffffffffb7]}, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r5) getsockopt(r5, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x5, 0x4, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0) [ 1382.141676] kauditd_printk_skb: 20398 callbacks suppressed [ 1382.141684] audit: type=1326 audit(1599174124.544:2121527): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5061 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1382.169332] audit: type=1326 audit(1599174124.544:2121528): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5061 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1382.192291] audit: type=1326 audit(1599174124.544:2121529): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5070 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1382.215693] audit: type=1326 audit(1599174124.544:2121530): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5061 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1382.237761] audit: type=1326 audit(1599174124.544:2121531): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5061 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1382.260045] audit: type=1326 audit(1599174124.544:2121533): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5061 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1382.286089] audit: type=1326 audit(1599174124.544:2121532): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5070 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=35 compat=0 ip=0x45ba81 code=0x50000 [ 1382.308291] audit: type=1326 audit(1599174124.544:2121534): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5061 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1382.330877] audit: type=1326 audit(1599174124.544:2121535): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5070 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x4603fa code=0x50000 [ 1382.353420] audit: type=1326 audit(1599174124.544:2121536): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5061 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45d5b9 code=0x50000 [ 1382.377988] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1382.379009] Bluetooth: hci2 command 0xfc11 tx timeout 23:02:04 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x400400, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) 23:02:04 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) ioctl$BTRFS_IOC_DEV_INFO(r2, 0xd000941e, &(0x7f0000000900)={0x0, "660064d7acb7c3f624ce4adec4a1be49"}) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8000000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0) 23:02:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) [ 1382.496214] Bluetooth: hci2: Frame reassembly failed (-84) [ 1382.778221] Bluetooth: hci7 command 0xfc11 tx timeout [ 1382.778321] Bluetooth: hci7: Entering manufacturer mode failed (-110) 23:02:05 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$packet_buf(r4, 0x107, 0x5, &(0x7f0000000100)=""/7, &(0x7f0000000140)=0x7) getsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000000), &(0x7f0000000080)=0x4) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) [ 1382.858518] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1382.865929] ================================================================== [ 1382.873550] BUG: KASAN: use-after-free in hci_cmd_timeout+0x19e/0x1b0 [ 1382.880131] Read of size 2 at addr ffff88809385ccc8 by task kworker/1:1/23 [ 1382.887131] [ 1382.888751] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.14.196-syzkaller #0 [ 1382.896104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1382.905467] Workqueue: events hci_cmd_timeout [ 1382.909958] Call Trace: [ 1382.912540] dump_stack+0x1b2/0x283 [ 1382.916169] print_address_description.cold+0x54/0x1d3 [ 1382.921445] kasan_report_error.cold+0x8a/0x194 [ 1382.926111] ? hci_cmd_timeout+0x19e/0x1b0 [ 1382.930339] __asan_report_load_n_noabort+0x6b/0x80 [ 1382.935353] ? hci_cmd_timeout+0x19e/0x1b0 [ 1382.939584] hci_cmd_timeout+0x19e/0x1b0 [ 1382.943652] process_one_work+0x793/0x14a0 [ 1382.947887] ? work_busy+0x320/0x320 [ 1382.951601] ? worker_thread+0x158/0xff0 [ 1382.955660] ? _raw_spin_unlock_irq+0x24/0x80 [ 1382.960154] worker_thread+0x5cc/0xff0 [ 1382.964042] ? rescuer_thread+0xc80/0xc80 [ 1382.968185] kthread+0x30d/0x420 [ 1382.971549] ? kthread_create_on_node+0xd0/0xd0 [ 1382.976216] ret_from_fork+0x24/0x30 [ 1382.979928] [ 1382.981546] Allocated by task 28643: [ 1382.985271] kasan_kmalloc+0xeb/0x160 [ 1382.989064] __kmalloc_node_track_caller+0x4c/0x70 [ 1382.993986] __alloc_skb+0x96/0x510 [ 1382.997676] hci_prepare_cmd+0x2a/0x210 [ 1383.001647] hci_req_add_ev+0x97/0x1e0 [ 1383.005526] __hci_cmd_sync_ev+0x144/0x5b0 [ 1383.009756] btintel_enter_mfg+0x72/0xe0 [ 1383.013815] ag6xx_setup+0xe8/0x6e0 [ 1383.017450] hci_uart_setup+0x193/0x410 [ 1383.021419] hci_dev_do_open+0x33d/0xe50 [ 1383.025474] hci_power_on+0x88/0x380 [ 1383.029182] process_one_work+0x793/0x14a0 [ 1383.033411] worker_thread+0x5cc/0xff0 [ 1383.037292] kthread+0x30d/0x420 [ 1383.040654] ret_from_fork+0x24/0x30 [ 1383.044355] [ 1383.045971] Freed by task 28643: [ 1383.049337] kasan_slab_free+0xc3/0x1a0 [ 1383.053305] kfree+0xc9/0x250 [ 1383.056406] skb_release_data+0x5f6/0x820 [ 1383.060544] kfree_skb+0xe7/0x390 [ 1383.063989] hci_dev_do_open+0x697/0xe50 [ 1383.068070] hci_power_on+0x88/0x380 [ 1383.071779] process_one_work+0x793/0x14a0 [ 1383.076004] worker_thread+0x5cc/0xff0 [ 1383.079883] kthread+0x30d/0x420 [ 1383.083243] ret_from_fork+0x24/0x30 [ 1383.086942] [ 1383.088559] The buggy address belongs to the object at ffff88809385ccc0 [ 1383.088559] which belongs to the cache kmalloc-512 of size 512 [ 1383.101220] The buggy address is located 8 bytes inside of [ 1383.101220] 512-byte region [ffff88809385ccc0, ffff88809385cec0) [ 1383.113002] The buggy address belongs to the page: [ 1383.117928] page:ffffea00024e1700 count:1 mapcount:0 mapping:ffff88809385c040 index:0xffff88809385c7c0 [ 1383.127372] flags: 0xfffe0000000100(slab) [ 1383.131518] raw: 00fffe0000000100 ffff88809385c040 ffff88809385c7c0 0000000100000005 [ 1383.139396] raw: ffffea00024093e0 ffffea0002a097e0 ffff88812fe52940 0000000000000000 [ 1383.147296] page dumped because: kasan: bad access detected [ 1383.153003] [ 1383.154627] Memory state around the buggy address: [ 1383.159549] ffff88809385cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1383.166906] ffff88809385cc00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1383.174544] >ffff88809385cc80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1383.181893] ^ [ 1383.187598] ffff88809385cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1383.194951] ffff88809385cd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1383.202327] ================================================================== [ 1383.209681] Disabling lock debugging due to kernel taint [ 1383.215854] Bluetooth: hci11: Entering manufacturer mode failed (-110) 23:02:05 executing program 1: socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x50, 0x1f, &(0x7f0000000200)=""/83, &(0x7f00000000c0)=0x53) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x1, 0x0, 0x3}, 0x0) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000080), 0x8) eventfd(0x0) clone(0x200183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyS3\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8080000}, 0x0, &(0x7f0000000300)={0x3ff, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) [ 1383.415279] Kernel panic - not syncing: panic_on_warn set ... [ 1383.415279] [ 1383.422667] CPU: 1 PID: 23 Comm: kworker/1:1 Tainted: G B 4.14.196-syzkaller #0 [ 1383.431225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1383.440574] Workqueue: events hci_cmd_timeout [ 1383.445054] Call Trace: [ 1383.447723] dump_stack+0x1b2/0x283 [ 1383.451334] panic+0x1f9/0x42d [ 1383.454507] ? add_taint.cold+0x16/0x16 [ 1383.458468] ? ___preempt_schedule+0x16/0x18 [ 1383.462874] kasan_end_report+0x43/0x49 [ 1383.466831] kasan_report_error.cold+0xa7/0x194 [ 1383.471496] ? hci_cmd_timeout+0x19e/0x1b0 [ 1383.475713] __asan_report_load_n_noabort+0x6b/0x80 [ 1383.480714] ? hci_cmd_timeout+0x19e/0x1b0 [ 1383.484931] hci_cmd_timeout+0x19e/0x1b0 [ 1383.488983] process_one_work+0x793/0x14a0 [ 1383.493202] ? work_busy+0x320/0x320 [ 1383.496894] ? worker_thread+0x158/0xff0 [ 1383.500939] ? _raw_spin_unlock_irq+0x24/0x80 [ 1383.505417] worker_thread+0x5cc/0xff0 [ 1383.509291] ? rescuer_thread+0xc80/0xc80 [ 1383.513452] kthread+0x30d/0x420 [ 1383.516799] ? kthread_create_on_node+0xd0/0xd0 [ 1383.521453] ret_from_fork+0x24/0x30 [ 1383.526336] Kernel Offset: disabled [ 1383.529949] Rebooting in 86400 seconds..