, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:33:18 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:18 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:18 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:18 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 244.343250] Bluetooth: hci0: Frame reassembly failed (-84) [ 244.349135] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 246.372501] Bluetooth: hci0: command 0x1003 tx timeout [ 246.377978] Bluetooth: hci0: sending frame failed (-49) 14:33:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000300)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:33:21 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:33:21 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:21 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:21 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:21 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) [ 248.452529] Bluetooth: hci0: command 0x1001 tx timeout [ 248.458027] Bluetooth: hci0: sending frame failed (-49) [ 250.532669] Bluetooth: hci0: command 0x1009 tx timeout 14:33:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:28 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:28 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:28 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:28 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:33:28 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000300)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:33:28 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:28 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:33:28 executing program 5: mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 254.716962] Bluetooth: hci0: Frame reassembly failed (-84) [ 254.723572] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:33:28 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:28 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:29 executing program 5: mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 256.772577] Bluetooth: hci0: command 0x1003 tx timeout [ 256.778276] Bluetooth: hci0: sending frame failed (-49) [ 258.852577] Bluetooth: hci0: command 0x1001 tx timeout [ 258.860325] Bluetooth: hci0: sending frame failed (-49) [ 260.932608] Bluetooth: hci0: command 0x1009 tx timeout 14:33:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:38 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:33:38 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:38 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:38 executing program 5: mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:38 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000300)) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) 14:33:39 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:39 executing program 5: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:39 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:39 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:33:39 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:39 executing program 5: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:39 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:33:39 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:39 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:39 executing program 5: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:39 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000300)) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) 14:33:39 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r0) 14:33:39 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:39 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:39 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r0) 14:33:39 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:39 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:39 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:40 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, r0) 14:33:40 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:40 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000300)) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) 14:33:40 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:40 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:40 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, 0xffffffffffffffff) 14:33:40 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:40 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:40 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:40 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, 0xffffffffffffffff) 14:33:40 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:40 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, 0xffffffffffffffff) 14:33:41 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:33:41 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:41 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:41 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:41 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:41 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 267.529923] Bluetooth: hci0: Frame reassembly failed (-84) [ 267.541749] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:33:41 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:41 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:41 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:33:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:42 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:42 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:42 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 269.572610] Bluetooth: hci0: command 0x1003 tx timeout [ 269.583808] Bluetooth: hci0: sending frame failed (-49) [ 271.652574] Bluetooth: hci0: command 0x1001 tx timeout [ 271.658002] Bluetooth: hci0: sending frame failed (-49) [ 273.732515] Bluetooth: hci0: command 0x1009 tx timeout 14:33:51 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:51 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:51 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:51 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:51 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:51 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:33:51 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:51 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:33:51 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:33:51 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 277.810290] Bluetooth: hci0: Frame reassembly failed (-84) [ 277.847100] Bluetooth: hci0: Frame reassembly failed (-84) [ 277.855923] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 277.917447] Bluetooth: hci1: Frame reassembly failed (-84) [ 277.936894] Bluetooth: hci1: Frame reassembly failed (-84) 14:33:52 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:33:52 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 279.812505] Bluetooth: hci0: command 0x1003 tx timeout [ 279.817991] Bluetooth: hci0: sending frame failed (-49) [ 279.972563] Bluetooth: hci1: command 0x1003 tx timeout [ 279.978013] Bluetooth: hci1: sending frame failed (-49) [ 281.892631] Bluetooth: hci0: command 0x1001 tx timeout [ 281.898070] Bluetooth: hci0: sending frame failed (-49) [ 282.052590] Bluetooth: hci1: command 0x1001 tx timeout [ 282.058071] Bluetooth: hci1: sending frame failed (-49) [ 283.972590] Bluetooth: hci0: command 0x1009 tx timeout [ 284.132584] Bluetooth: hci1: command 0x1009 tx timeout 14:34:02 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:02 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:02 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:34:02 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:34:02 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:34:02 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:02 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 287.987701] Bluetooth: hci0: sending frame failed (-49) [ 287.999350] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:34:02 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:02 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:34:02 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:02 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 288.634869] Bluetooth: hci1: Frame reassembly failed (-84) [ 288.636448] Bluetooth: hci1: Frame reassembly failed (-84) [ 290.062520] Bluetooth: hci0: command 0x1003 tx timeout [ 290.068311] Bluetooth: hci0: sending frame failed (-49) [ 290.692603] Bluetooth: hci1: command 0x1003 tx timeout [ 290.700215] Bluetooth: hci1: sending frame failed (-49) [ 292.132553] Bluetooth: hci0: command 0x1001 tx timeout [ 292.139178] Bluetooth: hci0: sending frame failed (-49) [ 292.772505] Bluetooth: hci1: command 0x1001 tx timeout [ 292.777975] Bluetooth: hci1: sending frame failed (-49) [ 294.212552] Bluetooth: hci0: command 0x1009 tx timeout [ 294.852607] Bluetooth: hci1: command 0x1009 tx timeout 14:34:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:12 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(0x0) 14:34:12 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:12 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:34:12 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(0x0) 14:34:12 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:12 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:34:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:12 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") rmdir(0x0) 14:34:12 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:12 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:12 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:34:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000280)) r2 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r2, 0x1000000000013) 14:34:12 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 298.839237] Bluetooth: hci0: Frame reassembly failed (-84) [ 298.849490] Bluetooth: hci0: Frame reassembly failed (-84) 14:34:13 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 300.852634] Bluetooth: hci0: command 0x1003 tx timeout [ 300.858120] Bluetooth: hci0: sending frame failed (-49) [ 302.932684] Bluetooth: hci0: command 0x1001 tx timeout [ 302.938087] Bluetooth: hci0: sending frame failed (-49) [ 305.012689] Bluetooth: hci0: command 0x1009 tx timeout 14:34:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:23 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:23 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) read(0xffffffffffffffff, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:34:23 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:34:23 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:23 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:23 executing program 4: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:23 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) read(0xffffffffffffffff, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:34:23 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:23 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) rmdir(&(0x7f0000000340)='./file0//ile0\x00') 14:34:23 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(0x0, 0x0) 14:34:23 executing program 4: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 309.077949] Bluetooth: hci0: Frame reassembly failed (-84) [ 311.092530] Bluetooth: hci0: command 0x1003 tx timeout [ 311.099371] Bluetooth: hci0: sending frame failed (-49) [ 313.172660] Bluetooth: hci0: command 0x1001 tx timeout [ 313.178124] Bluetooth: hci0: sending frame failed (-49) [ 315.252628] Bluetooth: hci0: command 0x1009 tx timeout 14:34:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:33 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000440)={0x3ff, 0x10000, 0x5, 0x8, 0x2, [{0x9, 0x58e1, 0x2, 0x0, 0x0, 0x2}, {0x7, 0x6a6, 0xc, 0x0, 0x0, 0x2000}]}) read(0xffffffffffffffff, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:34:33 executing program 4: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:33 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:33 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(0x0, 0x0) 14:34:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:33 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") mkdir(0x0, 0x0) 14:34:33 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:33 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x80800) r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 319.365932] Bluetooth: hci1: Frame reassembly failed (-84) [ 319.379658] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 319.380799] Bluetooth: hci0: Frame reassembly failed (-84) [ 319.402711] Bluetooth: hci0: Frame reassembly failed (-84) 14:34:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:33 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 321.412559] Bluetooth: hci0: command 0x1003 tx timeout [ 321.418044] Bluetooth: hci0: sending frame failed (-49) [ 321.423560] Bluetooth: hci1: command 0x1003 tx timeout [ 321.428940] Bluetooth: hci1: sending frame failed (-49) [ 323.492563] Bluetooth: hci1: command 0x1001 tx timeout [ 323.498068] Bluetooth: hci0: command 0x1001 tx timeout [ 323.498139] Bluetooth: hci1: sending frame failed (-49) [ 323.509002] Bluetooth: hci0: sending frame failed (-49) [ 325.572570] Bluetooth: hci0: command 0x1009 tx timeout [ 325.577942] Bluetooth: hci1: command 0x1009 tx timeout 14:34:43 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:43 executing program 0: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(0x0, 0x0, &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:34:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:43 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:34:43 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:43 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:43 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:43 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 329.647061] Bluetooth: hci0: Frame reassembly failed (-84) [ 329.698476] Bluetooth: hci1: Frame reassembly failed (-84) [ 329.715590] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:34:43 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:43 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:43 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:44 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 331.652512] Bluetooth: hci0: command 0x1003 tx timeout [ 331.657987] Bluetooth: hci0: sending frame failed (-49) [ 331.732501] Bluetooth: hci1: command 0x1003 tx timeout [ 331.737936] Bluetooth: hci1: sending frame failed (-49) [ 333.732599] Bluetooth: hci0: command 0x1001 tx timeout [ 333.738063] Bluetooth: hci0: sending frame failed (-49) [ 333.812514] Bluetooth: hci1: command 0x1001 tx timeout [ 333.817945] Bluetooth: hci1: sending frame failed (-49) [ 335.812531] Bluetooth: hci0: command 0x1009 tx timeout [ 335.892540] Bluetooth: hci1: command 0x1009 tx timeout 14:34:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:34:53 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:53 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:53 executing program 3: r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:34:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:53 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:34:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:54 executing program 3: r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 339.852538] Bluetooth: hci0: Frame reassembly failed (-84) [ 339.885481] Bluetooth: hci1: Frame reassembly failed (-84) [ 339.890777] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:34:54 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:34:54 executing program 3: r0 = syz_open_dev$sndseq(0x0, 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 341.892648] Bluetooth: hci1: command 0x1003 tx timeout [ 341.897999] Bluetooth: hci0: command 0x1003 tx timeout [ 341.898060] Bluetooth: hci1: sending frame failed (-49) [ 341.909494] Bluetooth: hci0: sending frame failed (-49) [ 343.972652] Bluetooth: hci0: command 0x1001 tx timeout [ 343.978106] Bluetooth: hci0: sending frame failed (-49) [ 343.983606] Bluetooth: hci1: command 0x1001 tx timeout [ 343.988999] Bluetooth: hci1: sending frame failed (-49) [ 346.052581] Bluetooth: hci0: command 0x1009 tx timeout [ 346.052755] Bluetooth: hci1: command 0x1009 tx timeout 14:35:04 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:04 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:04 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(0xffffffffffffffff, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:35:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:04 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(0xffffffffffffffff, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:04 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:04 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 350.171966] Bluetooth: hci0: Frame reassembly failed (-84) 14:35:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(0xffffffffffffffff, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:04 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:04 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:04 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 352.212585] Bluetooth: hci0: command 0x1003 tx timeout [ 352.218260] Bluetooth: hci0: sending frame failed (-49) [ 354.292584] Bluetooth: hci0: command 0x1001 tx timeout [ 354.298005] Bluetooth: hci0: sending frame failed (-49) [ 356.372587] Bluetooth: hci0: command 0x1009 tx timeout 14:35:14 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:35:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:14 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:14 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 360.299840] Bluetooth: hci0: Frame reassembly failed (-84) 14:35:14 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 362.373230] Bluetooth: hci0: command 0x1003 tx timeout [ 362.378901] Bluetooth: hci0: sending frame failed (-49) [ 364.452545] Bluetooth: hci0: command 0x1001 tx timeout [ 364.458372] Bluetooth: hci0: sending frame failed (-49) [ 366.532543] Bluetooth: hci0: command 0x1009 tx timeout 14:35:24 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:35:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:24 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:24 executing program 1: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:24 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 370.535356] Bluetooth: hci0: sending frame failed (-49) [ 370.538375] Bluetooth: hci0: Frame reassembly failed (-84) 14:35:24 executing program 1: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 372.612690] Bluetooth: hci0: command 0x1003 tx timeout [ 372.618494] Bluetooth: hci0: sending frame failed (-49) [ 374.692609] Bluetooth: hci0: command 0x1001 tx timeout [ 374.698242] Bluetooth: hci0: sending frame failed (-49) [ 376.772572] Bluetooth: hci0: command 0x1009 tx timeout 14:35:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:35:34 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:34 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:34 executing program 1: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:34 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}], 0x1, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 380.730940] Bluetooth: hci0: Frame reassembly failed (-84) [ 380.733101] Bluetooth: hci0: Frame reassembly failed (-84) [ 380.763520] Bluetooth: hci1: Frame reassembly failed (-84) [ 380.767226] Bluetooth: hci1: Frame reassembly failed (-84) 14:35:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:34 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}], 0x1, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 382.772530] Bluetooth: hci0: command 0x1003 tx timeout [ 382.772558] Bluetooth: hci1: command 0x1003 tx timeout [ 382.781736] Bluetooth: hci0: sending frame failed (-49) [ 382.784563] Bluetooth: hci1: sending frame failed (-49) [ 384.852483] Bluetooth: hci0: command 0x1001 tx timeout [ 384.852595] Bluetooth: hci1: command 0x1001 tx timeout [ 384.859023] Bluetooth: hci0: sending frame failed (-49) [ 384.868188] Bluetooth: hci1: sending frame failed (-49) [ 386.932544] Bluetooth: hci0: command 0x1009 tx timeout [ 386.932636] Bluetooth: hci1: command 0x1009 tx timeout 14:35:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:35:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:45 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}], 0x1, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:45 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:45 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{0x0, 0x0, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 391.031849] Bluetooth: hci0: Frame reassembly failed (-84) [ 391.037916] Bluetooth: hci0: Frame reassembly failed (-84) [ 391.049622] Bluetooth: hci1: Frame reassembly failed (-84) [ 391.056137] Bluetooth: hci1: Frame reassembly failed (-84) 14:35:45 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{0x0, 0x0, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 393.092508] Bluetooth: hci0: command 0x1003 tx timeout [ 393.092515] Bluetooth: hci1: command 0x1003 tx timeout [ 393.092604] Bluetooth: hci1: sending frame failed (-49) [ 393.102138] Bluetooth: hci0: sending frame failed (-49) [ 395.172534] Bluetooth: hci0: command 0x1001 tx timeout [ 395.172541] Bluetooth: hci1: command 0x1001 tx timeout [ 395.183541] Bluetooth: hci1: sending frame failed (-49) [ 395.189096] Bluetooth: hci0: sending frame failed (-49) [ 397.252577] Bluetooth: hci1: command 0x1009 tx timeout [ 397.252584] Bluetooth: hci0: command 0x1009 tx timeout 14:35:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:55 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{0x0, 0x0, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:55 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:35:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:35:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:55 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, 0x0, 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 401.363400] Bluetooth: hci0: Frame reassembly failed (-84) [ 401.368097] Bluetooth: hci0: Frame reassembly failed (-84) [ 401.384802] Bluetooth: hci1: Frame reassembly failed (-84) 14:35:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 401.411048] Bluetooth: hci1: Frame reassembly failed (-84) 14:35:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:55 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, 0x0, 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:35:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:35:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 403.412535] Bluetooth: hci1: command 0x1003 tx timeout [ 403.418064] Bluetooth: hci1: sending frame failed (-49) [ 403.423607] Bluetooth: hci0: command 0x1003 tx timeout [ 403.429068] Bluetooth: hci0: sending frame failed (-49) [ 405.492568] Bluetooth: hci0: command 0x1001 tx timeout [ 405.492588] Bluetooth: hci1: command 0x1001 tx timeout [ 405.498006] Bluetooth: hci0: sending frame failed (-49) [ 405.508924] Bluetooth: hci1: sending frame failed (-49) [ 407.572604] Bluetooth: hci1: command 0x1009 tx timeout [ 407.578181] Bluetooth: hci0: command 0x1009 tx timeout 14:36:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:05 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, 0x0, 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:36:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:05 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 411.554012] Bluetooth: hci0: Frame reassembly failed (-84) [ 411.564549] Bluetooth: hci0: Frame reassembly failed (-84) 14:36:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:05 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:36:05 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 411.816233] Bluetooth: hci1: Frame reassembly failed (-84) [ 413.572624] Bluetooth: hci0: command 0x1003 tx timeout [ 413.579176] Bluetooth: hci0: sending frame failed (-49) [ 413.892499] Bluetooth: hci1: command 0x1003 tx timeout [ 413.898634] Bluetooth: hci1: sending frame failed (-49) [ 415.652688] Bluetooth: hci0: command 0x1001 tx timeout [ 415.658961] Bluetooth: hci0: sending frame failed (-49) [ 415.972713] Bluetooth: hci1: command 0x1001 tx timeout [ 415.981240] Bluetooth: hci1: sending frame failed (-49) [ 417.732570] Bluetooth: hci0: command 0x1009 tx timeout [ 418.052553] Bluetooth: hci1: command 0x1009 tx timeout 14:36:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:36:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:36:15 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:15 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x1, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 421.763523] Bluetooth: hci0: Frame reassembly failed (-84) [ 421.779524] Bluetooth: hci0: Frame reassembly failed (-84) 14:36:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:36:16 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x1, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:16 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:16 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x1, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 422.361974] Bluetooth: hci1: Frame reassembly failed (-84) [ 422.362096] Bluetooth: hci1: Frame reassembly failed (-84) [ 422.386201] Bluetooth: hci2: Frame reassembly failed (-84) 14:36:16 executing program 0: r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) [ 423.812490] Bluetooth: hci0: command 0x1003 tx timeout [ 423.818095] Bluetooth: hci0: sending frame failed (-49) [ 424.372492] Bluetooth: hci1: command 0x1003 tx timeout [ 424.378218] Bluetooth: hci1: sending frame failed (-49) [ 424.452530] Bluetooth: hci2: command 0x1003 tx timeout [ 424.458281] Bluetooth: hci2: sending frame failed (-49) [ 425.892552] Bluetooth: hci0: command 0x1001 tx timeout [ 425.898305] Bluetooth: hci0: sending frame failed (-49) [ 426.452522] Bluetooth: hci1: command 0x1001 tx timeout [ 426.462976] Bluetooth: hci1: sending frame failed (-49) [ 426.542571] Bluetooth: hci2: command 0x1001 tx timeout [ 426.549504] Bluetooth: hci2: sending frame failed (-49) [ 427.972528] Bluetooth: hci0: command 0x1009 tx timeout [ 428.532615] Bluetooth: hci1: command 0x1009 tx timeout [ 428.612717] Bluetooth: hci2: command 0x1009 tx timeout 14:36:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x0, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:36:25 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{0x0, 0x0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:26 executing program 0: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:36:26 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{0x0, 0x0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:26 executing program 0: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f00000000c0)=@md5={0x1, "3f2c0bb793d362f690b03a088320c6bc"}, 0x11, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) 14:36:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:36:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:26 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{0x0, 0x0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:26 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, 0x0}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) [ 432.635950] Bluetooth: hci0: Frame reassembly failed (-84) [ 432.652081] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 432.672792] Bluetooth: hci2: Frame reassembly failed (-84) [ 432.680332] Bluetooth: hci2: Frame reassembly failed (-84) 14:36:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x0, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:36:26 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, 0x0}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:26 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x80, 0x0}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x0, &(0x7f0000007b00)}}], 0x2, 0x0) mkdir(&(0x7f0000000200)='./file0//ile0\x00', 0x0) 14:36:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 434.692561] Bluetooth: hci1: command 0x1003 tx timeout [ 434.692568] Bluetooth: hci2: command 0x1003 tx timeout [ 434.692614] Bluetooth: hci0: command 0x1003 tx timeout [ 434.697994] Bluetooth: hci2: sending frame failed (-49) [ 434.714119] Bluetooth: hci0: sending frame failed (-49) [ 434.719674] Bluetooth: hci1: sending frame failed (-49) [ 436.772600] Bluetooth: hci1: command 0x1001 tx timeout [ 436.778112] Bluetooth: hci1: sending frame failed (-49) [ 436.783604] Bluetooth: hci0: command 0x1001 tx timeout [ 436.788960] Bluetooth: hci2: command 0x1001 tx timeout [ 436.789015] Bluetooth: hci0: sending frame failed (-49) [ 436.799820] Bluetooth: hci2: sending frame failed (-49) [ 438.852577] Bluetooth: hci0: command 0x1009 tx timeout [ 438.852584] Bluetooth: hci2: command 0x1009 tx timeout [ 438.863281] Bluetooth: hci1: command 0x1009 tx timeout 14:36:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:36:36 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)) 14:36:36 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(0x0, 0x0) 14:36:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x0, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:36:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:37 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)) [ 442.922219] Bluetooth: hci0: Frame reassembly failed (-84) [ 442.930250] Bluetooth: hci0: Frame reassembly failed (-84) [ 442.941802] Bluetooth: hci0: Frame reassembly failed (-84) 14:36:37 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(0x0, 0x0) 14:36:37 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)) [ 442.964844] Bluetooth: hci1: sending frame failed (-49) [ 442.984774] Bluetooth: hci2: Frame reassembly failed (-84) [ 442.990601] Bluetooth: hci2: Frame reassembly failed (-84) [ 443.000483] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:36:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:37 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160-generic\x00'}, 0x58) sendmmsg(0xffffffffffffffff, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can={0x1d, 0x0, 0x0, 0x7ffffffff000}, 0x10, &(0x7f00000000c0), 0x2}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdir(0x0, 0x0) 14:36:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 444.932617] Bluetooth: hci0: command 0x1003 tx timeout [ 444.938068] Bluetooth: hci0: sending frame failed (-49) [ 445.012505] Bluetooth: hci2: command 0x1003 tx timeout [ 445.012548] Bluetooth: hci1: command 0x1003 tx timeout [ 445.023426] Bluetooth: hci2: sending frame failed (-49) [ 445.028920] Bluetooth: hci1: sending frame failed (-49) [ 447.012530] Bluetooth: hci0: command 0x1001 tx timeout [ 447.017983] Bluetooth: hci0: sending frame failed (-49) [ 447.092538] Bluetooth: hci2: command 0x1001 tx timeout [ 447.092561] Bluetooth: hci1: command 0x1001 tx timeout [ 447.103260] Bluetooth: hci2: sending frame failed (-49) [ 447.108740] Bluetooth: hci1: sending frame failed (-49) [ 449.092629] Bluetooth: hci0: command 0x1009 tx timeout [ 449.172593] Bluetooth: hci1: command 0x1009 tx timeout [ 449.178010] Bluetooth: hci2: command 0x1009 tx timeout 14:36:47 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:36:47 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:47 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:36:47 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:47 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 453.085570] Bluetooth: hci0: Frame reassembly failed (-84) [ 453.104615] Bluetooth: hci0: Frame reassembly failed (-84) 14:36:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 453.195630] Bluetooth: hci2: Frame reassembly failed (-84) [ 453.201567] Bluetooth: hci2: Frame reassembly failed (-84) [ 453.223169] Bluetooth: hci3: Frame reassembly failed (-84) [ 453.229207] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 453.231555] Bluetooth: hci3: Frame reassembly failed (-84) 14:36:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:47 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 455.092546] Bluetooth: hci0: command 0x1003 tx timeout [ 455.098042] Bluetooth: hci0: sending frame failed (-49) [ 455.252575] Bluetooth: hci3: command 0x1003 tx timeout [ 455.258138] Bluetooth: hci3: sending frame failed (-49) [ 455.263694] Bluetooth: hci2: command 0x1003 tx timeout [ 455.269144] Bluetooth: hci2: sending frame failed (-49) [ 455.274653] Bluetooth: hci1: command 0x1003 tx timeout [ 455.280038] Bluetooth: hci1: sending frame failed (-49) [ 457.172611] Bluetooth: hci0: command 0x1001 tx timeout [ 457.178432] Bluetooth: hci0: sending frame failed (-49) [ 457.332541] Bluetooth: hci2: command 0x1001 tx timeout [ 457.332549] Bluetooth: hci1: command 0x1001 tx timeout [ 457.332630] Bluetooth: hci1: sending frame failed (-49) [ 457.338357] Bluetooth: hci3: command 0x1001 tx timeout [ 457.344292] Bluetooth: hci2: sending frame failed (-49) [ 457.361807] Bluetooth: hci3: sending frame failed (-49) [ 459.252607] Bluetooth: hci0: command 0x1009 tx timeout [ 459.412575] Bluetooth: hci3: command 0x1009 tx timeout [ 459.418151] Bluetooth: hci2: command 0x1009 tx timeout [ 459.426840] Bluetooth: hci1: command 0x1009 tx timeout 14:36:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:57 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:36:57 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:57 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:36:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:36:57 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 463.352249] Bluetooth: hci0: Frame reassembly failed (-84) [ 463.357485] Bluetooth: hci0: Frame reassembly failed (-84) [ 463.358480] Bluetooth: hci1: Frame reassembly failed (-84) 14:36:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 463.395911] Bluetooth: hci3: Frame reassembly failed (-84) [ 463.398844] Bluetooth: hci3: Frame reassembly failed (-84) 14:36:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:36:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 463.668579] Bluetooth: hci4: Frame reassembly failed (-84) [ 463.668722] Bluetooth: hci4: Frame reassembly failed (-84) 14:36:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:36:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 465.412516] Bluetooth: hci2: command 0x1003 tx timeout [ 465.412525] Bluetooth: hci3: command 0x1003 tx timeout [ 465.412562] Bluetooth: hci1: command 0x1003 tx timeout [ 465.437585] Bluetooth: hci3: sending frame failed (-49) [ 465.446352] Bluetooth: hci0: command 0x1003 tx timeout [ 465.452098] Bluetooth: hci2: sending frame failed (-49) [ 465.462321] Bluetooth: hci1: sending frame failed (-49) [ 465.468577] Bluetooth: hci0: sending frame failed (-49) [ 465.732489] Bluetooth: hci4: command 0x1003 tx timeout [ 465.738100] Bluetooth: hci4: sending frame failed (-49) [ 467.492607] Bluetooth: hci0: command 0x1001 tx timeout [ 467.498081] Bluetooth: hci1: command 0x1001 tx timeout [ 467.498170] Bluetooth: hci0: sending frame failed (-49) [ 467.503971] Bluetooth: hci2: command 0x1001 tx timeout [ 467.508885] Bluetooth: hci1: sending frame failed (-49) [ 467.514770] Bluetooth: hci3: command 0x1001 tx timeout [ 467.520079] Bluetooth: hci2: sending frame failed (-49) [ 467.530668] Bluetooth: hci3: sending frame failed (-49) [ 467.812565] Bluetooth: hci4: command 0x1001 tx timeout [ 467.818007] Bluetooth: hci4: sending frame failed (-49) [ 469.572555] Bluetooth: hci1: command 0x1009 tx timeout [ 469.572563] Bluetooth: hci3: command 0x1009 tx timeout [ 469.572635] Bluetooth: hci2: command 0x1009 tx timeout [ 469.588597] Bluetooth: hci0: command 0x1009 tx timeout [ 469.892618] Bluetooth: hci4: command 0x1009 tx timeout 14:37:07 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:37:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:37:07 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:37:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 473.637784] Bluetooth: hci0: Frame reassembly failed (-84) [ 473.644539] Bluetooth: hci0: Frame reassembly failed (-84) [ 473.671110] Bluetooth: hci1: Frame reassembly failed (-84) 14:37:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 473.685789] Bluetooth: hci2: Frame reassembly failed (-84) [ 473.697130] Bluetooth: hci2: Frame reassembly failed (-84) [ 473.698780] Bluetooth: hci2: Frame reassembly failed (-84) 14:37:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2002, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:07 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) 14:37:07 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) 14:37:08 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:37:08 executing program 0: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) 14:37:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 474.185831] Bluetooth: hci3: Frame reassembly failed (-84) [ 474.192190] Bluetooth: hci3: Frame reassembly failed (-84) [ 475.652491] Bluetooth: hci0: command 0x1003 tx timeout [ 475.658081] Bluetooth: hci0: sending frame failed (-49) [ 475.732484] Bluetooth: hci2: command 0x1003 tx timeout [ 475.732574] Bluetooth: hci1: command 0x1003 tx timeout [ 475.737971] Bluetooth: hci2: sending frame failed (-49) [ 475.749416] Bluetooth: hci1: sending frame failed (-49) [ 476.212486] Bluetooth: hci3: command 0x1003 tx timeout [ 476.217993] Bluetooth: hci3: sending frame failed (-49) [ 477.732630] Bluetooth: hci0: command 0x1001 tx timeout [ 477.738080] Bluetooth: hci0: sending frame failed (-49) [ 477.812530] Bluetooth: hci1: command 0x1001 tx timeout [ 477.817985] Bluetooth: hci1: sending frame failed (-49) [ 477.823488] Bluetooth: hci2: command 0x1001 tx timeout [ 477.828860] Bluetooth: hci2: sending frame failed (-49) [ 478.292569] Bluetooth: hci3: command 0x1001 tx timeout [ 478.298013] Bluetooth: hci3: sending frame failed (-49) [ 479.812593] Bluetooth: hci0: command 0x1009 tx timeout [ 479.892494] Bluetooth: hci1: command 0x1009 tx timeout [ 479.892533] Bluetooth: hci2: command 0x1009 tx timeout [ 480.372624] Bluetooth: hci3: command 0x1009 tx timeout 14:37:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:17 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:37:17 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:37:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:37:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 483.897804] Bluetooth: hci1: Frame reassembly failed (-84) [ 483.900500] Bluetooth: hci1: Frame reassembly failed (-84) [ 483.976888] Bluetooth: hci4: Frame reassembly failed (-84) 14:37:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 484.431699] Bluetooth: hci3: Frame reassembly failed (-84) [ 484.437761] Bluetooth: hci3: Frame reassembly failed (-84) 14:37:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 485.892502] Bluetooth: hci0: command 0x1003 tx timeout [ 485.898034] Bluetooth: hci0: sending frame failed (-49) [ 485.972533] Bluetooth: hci1: command 0x1003 tx timeout [ 485.977999] Bluetooth: hci2: command 0x1003 tx timeout [ 485.978036] Bluetooth: hci1: sending frame failed (-49) [ 485.988202] Bluetooth: hci2: sending frame failed (-49) [ 486.052502] Bluetooth: hci4: command 0x1003 tx timeout [ 486.058072] Bluetooth: hci4: sending frame failed (-49) [ 486.452487] Bluetooth: hci3: command 0x1003 tx timeout [ 486.458068] Bluetooth: hci3: sending frame failed (-49) 14:37:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 487.972598] Bluetooth: hci0: command 0x1001 tx timeout [ 487.978057] Bluetooth: hci0: sending frame failed (-49) [ 488.052482] Bluetooth: hci2: command 0x1001 tx timeout [ 488.052641] Bluetooth: hci1: command 0x1001 tx timeout [ 488.057947] Bluetooth: hci2: sending frame failed (-49) [ 488.067481] Bluetooth: hci1: sending frame failed (-49) [ 488.132530] Bluetooth: hci4: command 0x1001 tx timeout [ 488.138052] Bluetooth: hci4: sending frame failed (-49) [ 488.532536] Bluetooth: hci3: command 0x1001 tx timeout [ 488.537986] Bluetooth: hci3: sending frame failed (-49) [ 490.052621] Bluetooth: hci0: command 0x1009 tx timeout [ 490.132524] Bluetooth: hci2: command 0x1009 tx timeout [ 490.132677] Bluetooth: hci1: command 0x1009 tx timeout [ 490.212595] Bluetooth: hci4: command 0x1009 tx timeout 14:37:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, 0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 490.612946] Bluetooth: hci3: command 0x1009 tx timeout 14:37:27 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:37:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:37:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:28 executing program 4: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000180)=0x6) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(r0, r1) [ 494.013650] Bluetooth: hci0: Frame reassembly failed (-84) [ 494.019835] Bluetooth: hci0: Frame reassembly failed (-84) 14:37:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:28 executing program 5: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 14:37:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:28 executing program 4 (fault-call:3 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:37:28 executing program 5: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 14:37:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)) 14:37:28 executing program 5: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) [ 494.690020] Bluetooth: hci1: Frame reassembly failed (-84) [ 494.690688] FAULT_INJECTION: forcing a failure. [ 494.690688] name failslab, interval 1, probability 0, space 0, times 1 [ 494.731742] CPU: 1 PID: 10337 Comm: syz-executor.4 Not tainted 4.19.56 #28 [ 494.739120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.739151] Call Trace: [ 494.739230] dump_stack+0x172/0x1f0 [ 494.739279] should_fail.cold+0xa/0x1b [ 494.739296] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 494.764110] ? kasan_check_read+0x11/0x20 [ 494.768294] __should_failslab+0x121/0x190 [ 494.772579] should_failslab+0x9/0x14 [ 494.776504] kmem_cache_alloc_node+0x56/0x710 [ 494.781076] __alloc_skb+0xd5/0x5f0 [ 494.781096] ? skb_scrub_packet+0x490/0x490 [ 494.789342] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 494.794924] ? __ldsem_down_read_nested+0xf3/0x710 [ 494.794968] h4_recv_buf+0x5a6/0xde0 [ 494.794997] ? __lock_is_held+0xb6/0x140 [ 494.795020] ll_recv+0xe4/0x200 [ 494.795037] hci_uart_tty_receive+0x225/0x530 [ 494.807897] ? hci_uart_write_work+0x710/0x710 [ 494.807918] tty_ioctl+0xe91/0x1510 [ 494.807936] ? tty_vhangup+0x30/0x30 [ 494.807958] ? mark_held_locks+0x100/0x100 [ 494.815783] ? proc_cwd_link+0x1a3/0x1d0 [ 494.815820] ? __fget+0x340/0x540 [ 494.815840] ? ___might_sleep+0x163/0x280 [ 494.815857] ? __might_sleep+0x95/0x190 [ 494.815877] ? tty_vhangup+0x30/0x30 [ 494.836116] do_vfs_ioctl+0xd5f/0x1380 [ 494.836159] ? selinux_file_ioctl+0x46f/0x5e0 [ 494.836186] ? selinux_file_ioctl+0x125/0x5e0 [ 494.836201] ? ioctl_preallocate+0x210/0x210 [ 494.836213] ? selinux_file_mprotect+0x620/0x620 [ 494.843964] ? iterate_fd+0x360/0x360 [ 494.843984] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 494.843997] ? fput+0x128/0x1a0 [ 494.844018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 494.844051] ? security_file_ioctl+0x8d/0xc0 [ 494.896923] ksys_ioctl+0xab/0xd0 [ 494.900375] __x64_sys_ioctl+0x73/0xb0 [ 494.904652] do_syscall_64+0xfd/0x620 [ 494.908478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 494.913809] RIP: 0033:0x459519 [ 494.917018] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 494.936125] RSP: 002b:00007f4b37181c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 494.943851] RAX: ffffffffffffffda RBX: 00007f4b37181c90 RCX: 0000000000459519 [ 494.951134] RDX: 00000000200001c0 RSI: 0000000000005412 RDI: 0000000000000003 [ 494.958421] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 494.965707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b371826d4 [ 494.972984] R13: 00000000004c3d21 R14: 00000000004d7b50 R15: 0000000000000004 [ 494.982657] Bluetooth: hci1: Frame reassembly failed (-12) [ 496.053047] Bluetooth: hci0: command 0x1003 tx timeout [ 496.058578] Bluetooth: hci0: sending frame failed (-49) 14:37:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 496.693795] Bluetooth: hci1: command 0x1003 tx timeout [ 496.699200] Bluetooth: hci1: sending frame failed (-49) [ 496.772480] Bluetooth: hci2: command 0x1003 tx timeout [ 496.777973] Bluetooth: hci2: sending frame failed (-49) [ 498.132470] Bluetooth: hci0: command 0x1001 tx timeout [ 498.137930] Bluetooth: hci0: sending frame failed (-49) [ 498.772510] Bluetooth: hci1: command 0x1001 tx timeout [ 498.778040] Bluetooth: hci1: sending frame failed (-49) [ 498.852526] Bluetooth: hci2: command 0x1001 tx timeout [ 498.858216] Bluetooth: hci2: sending frame failed (-49) [ 500.212565] Bluetooth: hci0: command 0x1009 tx timeout [ 500.852538] Bluetooth: hci1: command 0x1009 tx timeout [ 500.932695] Bluetooth: hci2: command 0x1009 tx timeout 14:37:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) 14:37:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:38 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:37:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:38 executing program 4 (fault-call:3 fault-nth:1): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:37:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)) 14:37:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 504.910769] Bluetooth: hci1: Frame reassembly failed (-84) [ 504.918819] FAULT_INJECTION: forcing a failure. [ 504.918819] name failslab, interval 1, probability 0, space 0, times 0 [ 504.962162] CPU: 1 PID: 10387 Comm: syz-executor.4 Not tainted 4.19.56 #28 [ 504.969233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.978705] Call Trace: [ 504.978740] dump_stack+0x172/0x1f0 [ 504.978768] should_fail.cold+0xa/0x1b [ 504.978789] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 504.978810] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 504.978828] ? should_fail+0x14d/0x85c [ 504.978855] __should_failslab+0x121/0x190 [ 504.985082] should_failslab+0x9/0x14 [ 504.985098] kmem_cache_alloc_node_trace+0x5a/0x720 [ 504.985124] ? __alloc_skb+0xd5/0x5f0 [ 504.985148] __kmalloc_node_track_caller+0x3d/0x80 [ 504.985166] __kmalloc_reserve.isra.0+0x40/0xf0 [ 504.985189] __alloc_skb+0x10b/0x5f0 [ 504.994204] ? skb_scrub_packet+0x490/0x490 [ 504.994225] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 504.994249] ? __ldsem_down_read_nested+0xf3/0x710 [ 505.008119] h4_recv_buf+0x5a6/0xde0 [ 505.008144] ? __lock_is_held+0xb6/0x140 [ 505.008168] ll_recv+0xe4/0x200 [ 505.017008] hci_uart_tty_receive+0x225/0x530 [ 505.017028] ? hci_uart_write_work+0x710/0x710 [ 505.017047] tty_ioctl+0xe91/0x1510 [ 505.017065] ? tty_vhangup+0x30/0x30 [ 505.017083] ? mark_held_locks+0x100/0x100 [ 505.017113] ? proc_cwd_link+0x1a3/0x1d0 [ 505.025864] ? serial8250_tx_dma+0x940/0xa40 [ 505.025891] ? __fget+0x340/0x540 [ 505.025912] ? ___might_sleep+0x163/0x280 [ 505.031704] Bluetooth: hci2: sending frame failed (-49) [ 505.034306] ? __might_sleep+0x95/0x190 [ 505.034326] ? tty_vhangup+0x30/0x30 [ 505.034349] do_vfs_ioctl+0xd5f/0x1380 [ 505.034365] ? selinux_file_ioctl+0x46f/0x5e0 [ 505.034380] ? selinux_file_ioctl+0x125/0x5e0 [ 505.034398] ? ioctl_preallocate+0x210/0x210 [ 505.034417] ? selinux_file_mprotect+0x620/0x620 [ 505.085257] ? iterate_fd+0x360/0x360 [ 505.085279] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 505.085294] ? fput+0x128/0x1a0 [ 505.085315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 505.093189] ? security_file_ioctl+0x8d/0xc0 [ 505.093210] ksys_ioctl+0xab/0xd0 [ 505.093228] __x64_sys_ioctl+0x73/0xb0 [ 505.093246] do_syscall_64+0xfd/0x620 [ 505.093267] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 505.093280] RIP: 0033:0x459519 [ 505.093298] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 505.193947] RSP: 002b:00007f4b37181c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 505.201652] RAX: ffffffffffffffda RBX: 00007f4b37181c90 RCX: 0000000000459519 [ 505.209022] RDX: 00000000200001c0 RSI: 0000000000005412 RDI: 0000000000000003 [ 505.216299] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 505.223656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b371826d4 [ 505.231044] R13: 00000000004c3d21 R14: 00000000004d7b50 R15: 0000000000000004 [ 505.241512] Bluetooth: hci1: Frame reassembly failed (-12) [ 506.292574] Bluetooth: hci0: command 0x1003 tx timeout [ 506.298011] Bluetooth: hci0: sending frame failed (-49) [ 506.942527] Bluetooth: hci1: command 0x1003 tx timeout [ 506.947979] Bluetooth: hci1: sending frame failed (-49) [ 507.012481] Bluetooth: hci2: command 0x1003 tx timeout [ 507.017984] Bluetooth: hci2: sending frame failed (-49) [ 508.372510] Bluetooth: hci0: command 0x1001 tx timeout [ 508.377965] Bluetooth: hci0: sending frame failed (-49) [ 509.012632] Bluetooth: hci1: command 0x1001 tx timeout [ 509.018065] Bluetooth: hci1: sending frame failed (-49) [ 509.092546] Bluetooth: hci2: command 0x1001 tx timeout [ 509.097968] Bluetooth: hci2: sending frame failed (-49) [ 510.452629] Bluetooth: hci0: command 0x1009 tx timeout [ 511.092579] Bluetooth: hci1: command 0x1009 tx timeout [ 511.172556] Bluetooth: hci2: command 0x1009 tx timeout 14:37:48 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:37:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:48 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:48 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:37:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:48 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 514.511006] Bluetooth: hci0: Frame reassembly failed (-84) [ 514.517540] Bluetooth: hci0: Frame reassembly failed (-84) 14:37:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:49 executing program 4 (fault-call:3 fault-nth:2): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:37:49 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:37:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)) 14:37:49 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 515.203090] Bluetooth: hci1: Frame reassembly failed (-84) [ 515.209775] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 515.253513] Bluetooth: hci2: sending frame failed (-49) [ 516.532533] Bluetooth: hci0: command 0x1003 tx timeout [ 516.538068] Bluetooth: hci0: sending frame failed (-49) [ 517.252501] Bluetooth: hci1: command 0x1003 tx timeout [ 517.258105] Bluetooth: hci1: sending frame failed (-49) [ 517.332473] Bluetooth: hci2: command 0x1003 tx timeout [ 517.338036] Bluetooth: hci2: sending frame failed (-49) [ 518.612517] Bluetooth: hci0: command 0x1001 tx timeout [ 518.619021] Bluetooth: hci0: sending frame failed (-49) [ 519.332547] Bluetooth: hci1: command 0x1001 tx timeout [ 519.337974] Bluetooth: hci1: sending frame failed (-49) [ 519.412513] Bluetooth: hci2: command 0x1001 tx timeout [ 519.417941] Bluetooth: hci2: sending frame failed (-49) [ 520.692567] Bluetooth: hci0: command 0x1009 tx timeout [ 521.413128] Bluetooth: hci1: command 0x1009 tx timeout [ 521.492590] Bluetooth: hci2: command 0x1009 tx timeout 14:37:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:37:58 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:58 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) 14:37:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:37:58 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) 14:37:58 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 524.782956] Bluetooth: hci0: Frame reassembly failed (-84) [ 524.783382] Bluetooth: hci0: Frame reassembly failed (-84) [ 524.789266] Bluetooth: hci0: Frame reassembly failed (-84) 14:37:58 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:58 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4) 14:37:59 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:37:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:37:59 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 525.441140] Bluetooth: hci2: Frame reassembly failed (-84) [ 525.455425] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 525.464950] Bluetooth: hci3: Frame reassembly failed (-84) [ 526.852466] Bluetooth: hci0: command 0x1003 tx timeout [ 526.858053] Bluetooth: hci0: sending frame failed (-49) [ 527.412604] Bluetooth: hci1: command 0x1003 tx timeout [ 527.418195] Bluetooth: hci1: sending frame failed (-49) [ 527.492510] Bluetooth: hci3: command 0x1003 tx timeout [ 527.498058] Bluetooth: hci2: command 0x1003 tx timeout [ 527.498118] Bluetooth: hci3: sending frame failed (-49) [ 527.504409] Bluetooth: hci2: sending frame failed (-49) [ 528.932596] Bluetooth: hci0: command 0x1001 tx timeout [ 528.938026] Bluetooth: hci0: sending frame failed (-49) [ 529.492598] Bluetooth: hci1: command 0x1001 tx timeout [ 529.498306] Bluetooth: hci1: sending frame failed (-49) [ 529.572592] Bluetooth: hci3: command 0x1001 tx timeout [ 529.572646] Bluetooth: hci2: command 0x1001 tx timeout [ 529.587406] Bluetooth: hci3: sending frame failed (-49) [ 529.587472] Bluetooth: hci2: sending frame failed (-49) [ 531.012545] Bluetooth: hci0: command 0x1009 tx timeout [ 531.572551] Bluetooth: hci1: command 0x1009 tx timeout [ 531.652513] Bluetooth: hci2: command 0x1009 tx timeout [ 531.652543] Bluetooth: hci3: command 0x1009 tx timeout 14:38:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) 14:38:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 14:38:09 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:38:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 14:38:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) [ 534.994695] Bluetooth: hci0: Frame reassembly failed (-84) [ 535.013654] Bluetooth: hci0: Frame reassembly failed (-84) 14:38:09 executing program 5 (fault-call:2 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 535.139976] FAULT_INJECTION: forcing a failure. [ 535.139976] name failslab, interval 1, probability 0, space 0, times 0 [ 535.151689] CPU: 0 PID: 10493 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 535.158735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.168812] Call Trace: [ 535.171422] dump_stack+0x172/0x1f0 [ 535.175071] should_fail.cold+0xa/0x1b [ 535.178989] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 535.184265] ? lock_downgrade+0x810/0x810 [ 535.188438] ? ___might_sleep+0x163/0x280 [ 535.192707] __should_failslab+0x121/0x190 [ 535.196984] should_failslab+0x9/0x14 [ 535.201013] kmem_cache_alloc_trace+0x2cc/0x760 [ 535.205876] ? ___might_sleep+0x163/0x280 [ 535.210134] hci_alloc_dev+0x43/0x1d00 [ 535.214051] hci_uart_tty_ioctl+0x2d7/0xaf0 [ 535.218407] tty_ioctl+0x8b5/0x1510 [ 535.222839] ? hci_uart_init_work+0x140/0x140 [ 535.227817] ? tty_vhangup+0x30/0x30 [ 535.231551] ? mark_held_locks+0x100/0x100 [ 535.235823] ? proc_cwd_link+0x1d0/0x1d0 [ 535.239942] ? __fget+0x340/0x540 [ 535.243407] ? ___might_sleep+0x163/0x280 [ 535.247559] ? __might_sleep+0x95/0x190 [ 535.251536] ? tty_vhangup+0x30/0x30 [ 535.255265] do_vfs_ioctl+0xd5f/0x1380 [ 535.259189] ? selinux_file_ioctl+0x46f/0x5e0 [ 535.263742] ? selinux_file_ioctl+0x125/0x5e0 [ 535.268378] ? ioctl_preallocate+0x210/0x210 [ 535.272809] ? selinux_file_mprotect+0x620/0x620 [ 535.277645] ? iterate_fd+0x360/0x360 [ 535.281516] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 535.287085] ? fput+0x128/0x1a0 [ 535.290393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 535.295949] ? security_file_ioctl+0x8d/0xc0 [ 535.300396] ksys_ioctl+0xab/0xd0 [ 535.303964] __x64_sys_ioctl+0x73/0xb0 [ 535.308328] do_syscall_64+0xfd/0x620 [ 535.312142] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 535.317379] RIP: 0033:0x459519 [ 535.320589] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:38:09 executing program 5 (fault-call:2 fault-nth:1): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 535.339771] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 535.347947] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 535.355342] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 535.362722] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 535.370128] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 535.377522] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 535.385292] Bluetooth: Can't allocate HCI device [ 535.433153] FAULT_INJECTION: forcing a failure. [ 535.433153] name failslab, interval 1, probability 0, space 0, times 0 [ 535.447025] CPU: 1 PID: 10496 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 535.454063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.463686] Call Trace: [ 535.466364] dump_stack+0x172/0x1f0 [ 535.470001] should_fail.cold+0xa/0x1b [ 535.474065] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 535.479177] ? lock_downgrade+0x810/0x810 [ 535.483407] ? ___might_sleep+0x163/0x280 [ 535.487574] __should_failslab+0x121/0x190 [ 535.491989] should_failslab+0x9/0x14 [ 535.495826] kmem_cache_alloc_trace+0x2cc/0x760 [ 535.500595] ? pm_runtime_init+0x347/0x400 [ 535.505043] ? device_initialize+0x1a1/0x440 [ 535.509485] h4_open+0x46/0x160 [ 535.513103] hci_uart_tty_ioctl+0x704/0xaf0 [ 535.517543] tty_ioctl+0x8b5/0x1510 [ 535.521205] ? hci_uart_init_work+0x140/0x140 [ 535.525725] ? tty_vhangup+0x30/0x30 [ 535.529669] ? mark_held_locks+0x100/0x100 [ 535.533930] ? proc_cwd_link+0x1d0/0x1d0 [ 535.538016] ? __fget+0x340/0x540 [ 535.541509] ? ___might_sleep+0x163/0x280 [ 535.545815] ? __might_sleep+0x95/0x190 [ 535.549923] ? tty_vhangup+0x30/0x30 [ 535.553661] do_vfs_ioctl+0xd5f/0x1380 [ 535.557544] ? selinux_file_ioctl+0x46f/0x5e0 [ 535.562041] ? selinux_file_ioctl+0x125/0x5e0 [ 535.566593] ? ioctl_preallocate+0x210/0x210 [ 535.571024] ? selinux_file_mprotect+0x620/0x620 [ 535.575794] ? iterate_fd+0x360/0x360 [ 535.579617] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 535.585528] ? fput+0x128/0x1a0 [ 535.588879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 535.594566] ? security_file_ioctl+0x8d/0xc0 [ 535.599102] ksys_ioctl+0xab/0xd0 [ 535.602667] __x64_sys_ioctl+0x73/0xb0 [ 535.606637] do_syscall_64+0xfd/0x620 [ 535.610499] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 535.615918] RIP: 0033:0x459519 14:38:09 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x2, &(0x7f00000001c0)=0x1000000000033) 14:38:09 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 535.619690] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 535.639190] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 535.646912] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 535.654317] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 535.661810] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 535.669518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 535.676789] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 14:38:09 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:38:09 executing program 5 (fault-call:2 fault-nth:2): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 535.776174] Bluetooth: hci2: Frame reassembly failed (-84) [ 535.780467] FAULT_INJECTION: forcing a failure. [ 535.780467] name failslab, interval 1, probability 0, space 0, times 0 [ 535.807219] CPU: 0 PID: 10509 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 535.814290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.824093] Call Trace: [ 535.828043] dump_stack+0x172/0x1f0 [ 535.831859] should_fail.cold+0xa/0x1b [ 535.835770] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 535.840898] ? lock_downgrade+0x810/0x810 [ 535.845070] ? ___might_sleep+0x163/0x280 [ 535.849236] __should_failslab+0x121/0x190 [ 535.853487] should_failslab+0x9/0x14 [ 535.857291] kmem_cache_alloc_trace+0x2cc/0x760 [ 535.861983] ? pm_runtime_init+0x347/0x400 [ 535.866237] ? device_initialize+0x1a1/0x440 [ 535.870910] h4_open+0x46/0x160 [ 535.874341] hci_uart_tty_ioctl+0x704/0xaf0 [ 535.878904] tty_ioctl+0x8b5/0x1510 [ 535.882560] ? hci_uart_init_work+0x140/0x140 [ 535.887672] ? tty_vhangup+0x30/0x30 [ 535.892510] ? mark_held_locks+0x100/0x100 [ 535.897020] ? proc_cwd_link+0x1d0/0x1d0 [ 535.901088] ? __fget+0x340/0x540 [ 535.904657] ? ___might_sleep+0x163/0x280 [ 535.908823] ? __might_sleep+0x95/0x190 [ 535.912922] ? tty_vhangup+0x30/0x30 [ 535.917474] do_vfs_ioctl+0xd5f/0x1380 [ 535.921505] ? selinux_file_ioctl+0x46f/0x5e0 [ 535.926196] ? selinux_file_ioctl+0x125/0x5e0 [ 535.933120] ? ioctl_preallocate+0x210/0x210 [ 535.937645] ? selinux_file_mprotect+0x620/0x620 [ 535.942438] ? iterate_fd+0x360/0x360 [ 535.946297] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 535.952062] ? fput+0x128/0x1a0 [ 535.955416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 535.961415] ? security_file_ioctl+0x8d/0xc0 [ 535.966256] ksys_ioctl+0xab/0xd0 [ 535.970454] __x64_sys_ioctl+0x73/0xb0 [ 535.974476] do_syscall_64+0xfd/0x620 [ 535.978344] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 535.983574] RIP: 0033:0x459519 [ 535.986941] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 536.007225] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 536.016561] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 14:38:10 executing program 5 (fault-call:2 fault-nth:3): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 536.025153] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 536.033338] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 536.041266] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 536.049305] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 536.089101] FAULT_INJECTION: forcing a failure. [ 536.089101] name failslab, interval 1, probability 0, space 0, times 0 [ 536.100926] CPU: 0 PID: 10513 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 536.108803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.118577] Call Trace: [ 536.121213] dump_stack+0x172/0x1f0 [ 536.124854] should_fail.cold+0xa/0x1b [ 536.128829] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 536.133936] ? lock_downgrade+0x810/0x810 [ 536.138244] ? ___might_sleep+0x163/0x280 [ 536.142395] __should_failslab+0x121/0x190 [ 536.146670] should_failslab+0x9/0x14 [ 536.150538] __kmalloc+0x2e2/0x750 [ 536.154094] ? __alloc_workqueue_key+0x139/0xee0 [ 536.159054] __alloc_workqueue_key+0x139/0xee0 [ 536.164045] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 536.169065] ? scnprintf+0x140/0x140 [ 536.172793] hci_register_dev+0x1c6/0x880 [ 536.177040] ? __raw_spin_lock_init+0x2d/0x100 [ 536.181762] hci_uart_tty_ioctl+0x761/0xaf0 [ 536.186632] tty_ioctl+0x8b5/0x1510 [ 536.190279] ? hci_uart_init_work+0x140/0x140 [ 536.194805] ? tty_vhangup+0x30/0x30 [ 536.198835] ? mark_held_locks+0x100/0x100 [ 536.203092] ? proc_cwd_link+0x1d0/0x1d0 [ 536.207225] ? __fget+0x340/0x540 [ 536.210741] ? ___might_sleep+0x163/0x280 [ 536.215148] ? __might_sleep+0x95/0x190 [ 536.219272] ? tty_vhangup+0x30/0x30 [ 536.223014] do_vfs_ioctl+0xd5f/0x1380 [ 536.226978] ? selinux_file_ioctl+0x46f/0x5e0 [ 536.231496] ? selinux_file_ioctl+0x125/0x5e0 [ 536.236025] ? ioctl_preallocate+0x210/0x210 [ 536.240757] ? selinux_file_mprotect+0x620/0x620 [ 536.245564] ? iterate_fd+0x360/0x360 [ 536.249380] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 536.254939] ? fput+0x128/0x1a0 [ 536.258238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 536.263972] ? security_file_ioctl+0x8d/0xc0 [ 536.268398] ksys_ioctl+0xab/0xd0 [ 536.271886] __x64_sys_ioctl+0x73/0xb0 [ 536.275800] do_syscall_64+0xfd/0x620 [ 536.279626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 536.284842] RIP: 0033:0x459519 [ 536.288097] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 536.307411] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 536.315140] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 536.322433] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 536.329845] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 536.337612] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 536.345344] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 536.353331] Bluetooth: Can't register HCI device [ 537.012702] Bluetooth: hci0: command 0x1003 tx timeout [ 537.018719] Bluetooth: hci0: sending frame failed (-49) [ 537.812622] Bluetooth: hci3: command 0x1003 tx timeout [ 537.818000] Bluetooth: hci2: command 0x1003 tx timeout [ 537.818084] Bluetooth: hci3: sending frame failed (-49) [ 537.823990] Bluetooth: hci1: command 0x1003 tx timeout [ 537.828922] Bluetooth: hci2: sending frame failed (-49) [ 537.834758] Bluetooth: hci1: sending frame failed (-49) [ 539.092701] Bluetooth: hci0: command 0x1001 tx timeout [ 539.098144] Bluetooth: hci0: sending frame failed (-49) [ 539.892605] Bluetooth: hci2: command 0x1001 tx timeout [ 539.892626] Bluetooth: hci1: command 0x1001 tx timeout [ 539.897991] Bluetooth: hci3: command 0x1001 tx timeout [ 539.903385] Bluetooth: hci2: sending frame failed (-49) [ 539.914196] Bluetooth: hci1: sending frame failed (-49) [ 539.918721] Bluetooth: hci3: sending frame failed (-49) [ 541.172836] Bluetooth: hci0: command 0x1009 tx timeout [ 541.972664] Bluetooth: hci1: command 0x1009 tx timeout [ 541.972671] Bluetooth: hci3: command 0x1009 tx timeout [ 541.983678] Bluetooth: hci2: command 0x1009 tx timeout 14:38:19 executing program 5 (fault-call:2 fault-nth:4): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:38:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, 0x0, 0x0) tkill(r1, 0x1000000000013) 14:38:19 executing program 1 (fault-call:3 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 545.204454] FAULT_INJECTION: forcing a failure. [ 545.204454] name failslab, interval 1, probability 0, space 0, times 0 [ 545.220554] CPU: 1 PID: 10518 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 545.227630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.237005] Call Trace: [ 545.237040] dump_stack+0x172/0x1f0 [ 545.237065] should_fail.cold+0xa/0x1b [ 545.237087] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 545.237110] ? lock_downgrade+0x810/0x810 [ 545.237130] ? ___might_sleep+0x163/0x280 [ 545.237154] __should_failslab+0x121/0x190 [ 545.237174] should_failslab+0x9/0x14 [ 545.237191] kmem_cache_alloc_trace+0x2cc/0x760 [ 545.237216] ? __alloc_workqueue_key+0x139/0xee0 [ 545.256665] __alloc_workqueue_key+0x18e/0xee0 [ 545.256690] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 545.278673] ? scnprintf+0x140/0x140 [ 545.278708] hci_register_dev+0x1c6/0x880 [ 545.278730] ? __raw_spin_lock_init+0x2d/0x100 [ 545.293012] hci_uart_tty_ioctl+0x761/0xaf0 [ 545.293032] tty_ioctl+0x8b5/0x1510 [ 545.293048] ? hci_uart_init_work+0x140/0x140 [ 545.293064] ? tty_vhangup+0x30/0x30 [ 545.293081] ? mark_held_locks+0x100/0x100 [ 545.293098] ? proc_cwd_link+0x1d0/0x1d0 [ 545.293124] ? __fget+0x340/0x540 [ 545.293143] ? ___might_sleep+0x163/0x280 [ 545.301928] ? __might_sleep+0x95/0x190 [ 545.314676] ? tty_vhangup+0x30/0x30 [ 545.314700] do_vfs_ioctl+0xd5f/0x1380 [ 545.314716] ? selinux_file_ioctl+0x46f/0x5e0 [ 545.314729] ? selinux_file_ioctl+0x125/0x5e0 [ 545.314748] ? ioctl_preallocate+0x210/0x210 [ 545.314761] ? selinux_file_mprotect+0x620/0x620 [ 545.314785] ? iterate_fd+0x360/0x360 [ 545.314804] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 545.314816] ? fput+0x128/0x1a0 [ 545.314842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 545.329389] Bluetooth: hci4: Frame reassembly failed (-84) [ 545.330618] ? security_file_ioctl+0x8d/0xc0 [ 545.330639] ksys_ioctl+0xab/0xd0 [ 545.330661] __x64_sys_ioctl+0x73/0xb0 [ 545.337067] Bluetooth: hci4: Frame reassembly failed (-84) [ 545.338805] do_syscall_64+0xfd/0x620 [ 545.413995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 545.419192] RIP: 0033:0x459519 [ 545.422383] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 545.441297] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:38:19 executing program 5 (fault-call:2 fault-nth:5): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 545.448998] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 545.456262] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 545.463537] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 545.470817] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 545.478094] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 545.487627] Bluetooth: Can't register HCI device [ 545.534118] FAULT_INJECTION: forcing a failure. [ 545.534118] name failslab, interval 1, probability 0, space 0, times 0 [ 545.546088] CPU: 0 PID: 10527 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 545.553141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.562488] Call Trace: [ 545.565080] dump_stack+0x172/0x1f0 [ 545.568704] should_fail.cold+0xa/0x1b [ 545.572587] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 545.577695] ? lock_downgrade+0x810/0x810 [ 545.581849] ? ___might_sleep+0x163/0x280 [ 545.586090] __should_failslab+0x121/0x190 [ 545.590322] should_failslab+0x9/0x14 [ 545.594116] __kmalloc+0x2e2/0x750 [ 545.597650] ? __lock_is_held+0xb6/0x140 [ 545.601720] ? apply_wqattrs_prepare+0xfb/0xa30 [ 545.606497] apply_wqattrs_prepare+0xfb/0xa30 [ 545.611006] apply_workqueue_attrs_locked+0xcb/0x140 [ 545.616106] apply_workqueue_attrs+0x31/0x50 [ 545.620513] __alloc_workqueue_key+0x8b8/0xee0 [ 545.625140] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 545.630183] hci_register_dev+0x1c6/0x880 [ 545.634333] ? __raw_spin_lock_init+0x2d/0x100 [ 545.638916] hci_uart_tty_ioctl+0x761/0xaf0 [ 545.643233] tty_ioctl+0x8b5/0x1510 [ 545.646879] ? hci_uart_init_work+0x140/0x140 [ 545.651377] ? tty_vhangup+0x30/0x30 [ 545.655091] ? mark_held_locks+0x100/0x100 [ 545.659323] ? proc_cwd_link+0x1d0/0x1d0 [ 545.663413] ? __fget+0x340/0x540 [ 545.666867] ? ___might_sleep+0x163/0x280 [ 545.671011] ? __might_sleep+0x95/0x190 [ 545.675023] ? tty_vhangup+0x30/0x30 [ 545.678736] do_vfs_ioctl+0xd5f/0x1380 [ 545.682649] ? selinux_file_ioctl+0x46f/0x5e0 [ 545.687143] ? selinux_file_ioctl+0x125/0x5e0 [ 545.691662] ? ioctl_preallocate+0x210/0x210 [ 545.696075] ? selinux_file_mprotect+0x620/0x620 [ 545.700837] ? iterate_fd+0x360/0x360 [ 545.704660] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 545.710203] ? fput+0x128/0x1a0 [ 545.714297] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 545.719874] ? security_file_ioctl+0x8d/0xc0 [ 545.724294] ksys_ioctl+0xab/0xd0 [ 545.727746] __x64_sys_ioctl+0x73/0xb0 [ 545.731718] do_syscall_64+0xfd/0x620 [ 545.735525] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 545.740705] RIP: 0033:0x459519 [ 545.743898] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 545.762808] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 545.770510] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 545.777776] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 14:38:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, 0x0) [ 545.785043] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 545.792302] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 545.799568] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 545.807465] Bluetooth: Can't register HCI device 14:38:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:38:19 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4b47, &(0x7f00000001c0)=0x1000000000033) 14:38:20 executing program 5 (fault-call:2 fault-nth:6): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 545.941569] Bluetooth: hci0: Frame reassembly failed (-84) [ 546.000722] Bluetooth: hci1: Frame reassembly failed (-84) [ 546.003608] FAULT_INJECTION: forcing a failure. [ 546.003608] name failslab, interval 1, probability 0, space 0, times 0 [ 546.007952] Bluetooth: hci1: Frame reassembly failed (-84) [ 546.020630] CPU: 1 PID: 10544 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 546.030487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 546.039855] Call Trace: [ 546.042470] dump_stack+0x172/0x1f0 [ 546.042496] should_fail.cold+0xa/0x1b 14:38:20 executing program 2 (fault-call:3 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 546.042517] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 546.042535] ? lock_downgrade+0x810/0x810 [ 546.042552] ? ___might_sleep+0x163/0x280 [ 546.042574] __should_failslab+0x121/0x190 [ 546.042592] should_failslab+0x9/0x14 [ 546.042606] kmem_cache_alloc_trace+0x2cc/0x760 [ 546.042627] ? apply_wqattrs_prepare+0xfb/0xa30 [ 546.042647] apply_wqattrs_prepare+0x13b/0xa30 [ 546.042673] apply_workqueue_attrs_locked+0xcb/0x140 [ 546.042691] apply_workqueue_attrs+0x31/0x50 [ 546.042709] __alloc_workqueue_key+0x8b8/0xee0 [ 546.042732] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 546.042767] hci_register_dev+0x1c6/0x880 [ 546.042781] ? __raw_spin_lock_init+0x2d/0x100 [ 546.042804] hci_uart_tty_ioctl+0x761/0xaf0 [ 546.042823] tty_ioctl+0x8b5/0x1510 [ 546.042839] ? hci_uart_init_work+0x140/0x140 [ 546.042854] ? tty_vhangup+0x30/0x30 [ 546.042868] ? mark_held_locks+0x100/0x100 [ 546.042885] ? proc_cwd_link+0x1d0/0x1d0 [ 546.042910] ? __fget+0x340/0x540 [ 546.042926] ? ___might_sleep+0x163/0x280 [ 546.042942] ? __might_sleep+0x95/0x190 [ 546.042969] ? tty_vhangup+0x30/0x30 [ 546.042990] do_vfs_ioctl+0xd5f/0x1380 [ 546.043007] ? selinux_file_ioctl+0x46f/0x5e0 [ 546.043020] ? selinux_file_ioctl+0x125/0x5e0 [ 546.043039] ? ioctl_preallocate+0x210/0x210 [ 546.043052] ? selinux_file_mprotect+0x620/0x620 [ 546.043077] ? iterate_fd+0x360/0x360 [ 546.043097] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 546.043112] ? fput+0x128/0x1a0 [ 546.043135] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 546.043149] ? security_file_ioctl+0x8d/0xc0 [ 546.043166] ksys_ioctl+0xab/0xd0 [ 546.043184] __x64_sys_ioctl+0x73/0xb0 [ 546.043203] do_syscall_64+0xfd/0x620 [ 546.043222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 546.043239] RIP: 0033:0x459519 [ 546.050763] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 546.050772] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:38:20 executing program 5 (fault-call:2 fault-nth:7): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 546.050789] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 546.050799] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 546.050807] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 546.050816] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 546.050830] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 546.283505] Bluetooth: Can't register HCI device [ 546.341560] FAULT_INJECTION: forcing a failure. [ 546.341560] name failslab, interval 1, probability 0, space 0, times 0 [ 546.353180] CPU: 1 PID: 10552 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 546.360242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 546.369595] Call Trace: [ 546.372183] dump_stack+0x172/0x1f0 [ 546.375837] should_fail.cold+0xa/0x1b [ 546.379733] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 546.384831] ? lock_downgrade+0x810/0x810 [ 546.389017] ? ___might_sleep+0x163/0x280 [ 546.393179] __should_failslab+0x121/0x190 [ 546.397465] should_failslab+0x9/0x14 [ 546.401281] kmem_cache_alloc_trace+0x2cc/0x760 [ 546.406008] apply_wqattrs_prepare+0x1c7/0xa30 [ 546.410598] apply_workqueue_attrs_locked+0xcb/0x140 [ 546.415711] apply_workqueue_attrs+0x31/0x50 [ 546.420132] __alloc_workqueue_key+0x8b8/0xee0 [ 546.424729] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 546.429784] hci_register_dev+0x1c6/0x880 [ 546.436553] ? __raw_spin_lock_init+0x2d/0x100 [ 546.441164] hci_uart_tty_ioctl+0x761/0xaf0 [ 546.445511] tty_ioctl+0x8b5/0x1510 [ 546.449144] ? hci_uart_init_work+0x140/0x140 [ 546.453643] ? tty_vhangup+0x30/0x30 [ 546.457374] ? mark_held_locks+0x100/0x100 [ 546.461625] ? proc_cwd_link+0x1d0/0x1d0 [ 546.465696] ? __fget+0x340/0x540 [ 546.469168] ? ___might_sleep+0x163/0x280 [ 546.473339] ? __might_sleep+0x95/0x190 [ 546.477331] ? tty_vhangup+0x30/0x30 [ 546.481055] do_vfs_ioctl+0xd5f/0x1380 [ 546.484939] ? selinux_file_ioctl+0x46f/0x5e0 [ 546.489482] ? selinux_file_ioctl+0x125/0x5e0 [ 546.493995] ? ioctl_preallocate+0x210/0x210 [ 546.498431] ? selinux_file_mprotect+0x620/0x620 [ 546.503218] ? iterate_fd+0x360/0x360 [ 546.507038] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 546.512589] ? fput+0x128/0x1a0 [ 546.515905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 546.521464] ? security_file_ioctl+0x8d/0xc0 [ 546.525899] ksys_ioctl+0xab/0xd0 [ 546.529366] __x64_sys_ioctl+0x73/0xb0 [ 546.533262] do_syscall_64+0xfd/0x620 [ 546.537086] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 546.542318] RIP: 0033:0x459519 [ 546.545512] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 546.564408] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 546.582766] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 14:38:20 executing program 5 (fault-call:2 fault-nth:8): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 546.590080] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 546.597341] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 546.604611] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 546.611911] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 546.621047] Bluetooth: Can't register HCI device [ 546.678936] FAULT_INJECTION: forcing a failure. [ 546.678936] name failslab, interval 1, probability 0, space 0, times 0 [ 546.692532] CPU: 1 PID: 10555 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 546.699669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 546.709051] Call Trace: [ 546.711669] dump_stack+0x172/0x1f0 [ 546.715329] should_fail.cold+0xa/0x1b [ 546.719243] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 546.724376] ? lock_downgrade+0x810/0x810 [ 546.728552] ? ___might_sleep+0x163/0x280 [ 546.732728] __should_failslab+0x121/0x190 [ 546.736990] should_failslab+0x9/0x14 [ 546.740808] kmem_cache_alloc_node+0x26c/0x710 [ 546.745414] alloc_unbound_pwq+0x4c1/0xc70 [ 546.749673] apply_wqattrs_prepare+0x3c5/0xa30 [ 546.754283] apply_workqueue_attrs_locked+0xcb/0x140 [ 546.759407] apply_workqueue_attrs+0x31/0x50 [ 546.763840] __alloc_workqueue_key+0x8b8/0xee0 [ 546.768542] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 546.773601] hci_register_dev+0x1c6/0x880 [ 546.777767] ? __raw_spin_lock_init+0x2d/0x100 [ 546.782378] hci_uart_tty_ioctl+0x761/0xaf0 [ 546.786732] tty_ioctl+0x8b5/0x1510 [ 546.790377] ? hci_uart_init_work+0x140/0x140 [ 546.794894] ? tty_vhangup+0x30/0x30 [ 546.798633] ? mark_held_locks+0x100/0x100 [ 546.802895] ? proc_cwd_link+0x1d0/0x1d0 [ 546.806993] ? __fget+0x340/0x540 [ 546.810466] ? ___might_sleep+0x163/0x280 [ 546.814633] ? __might_sleep+0x95/0x190 [ 546.818975] ? tty_vhangup+0x30/0x30 [ 546.822752] do_vfs_ioctl+0xd5f/0x1380 [ 546.826755] ? selinux_file_ioctl+0x46f/0x5e0 [ 546.831454] ? selinux_file_ioctl+0x125/0x5e0 [ 546.835984] ? ioctl_preallocate+0x210/0x210 [ 546.840414] ? selinux_file_mprotect+0x620/0x620 [ 546.845211] ? iterate_fd+0x360/0x360 [ 546.849047] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 546.854615] ? fput+0x128/0x1a0 [ 546.857922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 546.863494] ? security_file_ioctl+0x8d/0xc0 [ 546.867950] ksys_ioctl+0xab/0xd0 [ 546.871449] __x64_sys_ioctl+0x73/0xb0 [ 546.875367] do_syscall_64+0xfd/0x620 [ 546.879201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 546.884418] RIP: 0033:0x459519 [ 546.887663] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 546.906616] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 546.914531] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 546.921836] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 546.929142] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 546.936445] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 546.943738] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 546.964865] Bluetooth: Can't register HCI device 14:38:21 executing program 5 (fault-call:2 fault-nth:9): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 547.084105] FAULT_INJECTION: forcing a failure. [ 547.084105] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 547.095973] CPU: 0 PID: 10558 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 547.103004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 547.112374] Call Trace: [ 547.114997] dump_stack+0x172/0x1f0 [ 547.118653] should_fail.cold+0xa/0x1b [ 547.122577] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 547.127709] ? mark_held_locks+0x100/0x100 [ 547.131970] ? apply_workqueue_attrs+0x31/0x50 [ 547.136578] __alloc_pages_nodemask+0x1ee/0x760 [ 547.141272] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 547.146657] ? __alloc_pages_slowpath+0x2870/0x2870 [ 547.151703] cache_grow_begin+0x9c/0x8b0 [ 547.155782] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 547.161362] ? check_preemption_disabled+0x48/0x290 [ 547.166407] kmem_cache_alloc_node+0x64d/0x710 [ 547.171022] alloc_unbound_pwq+0x4c1/0xc70 [ 547.175272] apply_wqattrs_prepare+0x3c5/0xa30 [ 547.179948] apply_workqueue_attrs_locked+0xcb/0x140 [ 547.185053] apply_workqueue_attrs+0x31/0x50 [ 547.189478] __alloc_workqueue_key+0x8b8/0xee0 [ 547.194154] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 547.199178] hci_register_dev+0x1c6/0x880 [ 547.203329] ? __raw_spin_lock_init+0x2d/0x100 [ 547.207922] hci_uart_tty_ioctl+0x761/0xaf0 [ 547.212255] tty_ioctl+0x8b5/0x1510 [ 547.215899] ? hci_uart_init_work+0x140/0x140 [ 547.220861] ? tty_vhangup+0x30/0x30 [ 547.224954] ? mark_held_locks+0x100/0x100 [ 547.229242] ? proc_cwd_link+0x1d0/0x1d0 [ 547.233490] ? __fget+0x340/0x540 [ 547.237004] ? ___might_sleep+0x163/0x280 [ 547.245811] ? __might_sleep+0x95/0x190 [ 547.249816] ? tty_vhangup+0x30/0x30 [ 547.254711] do_vfs_ioctl+0xd5f/0x1380 [ 547.258633] ? selinux_file_ioctl+0x46f/0x5e0 [ 547.263751] ? selinux_file_ioctl+0x125/0x5e0 [ 547.268314] ? ioctl_preallocate+0x210/0x210 [ 547.272751] ? selinux_file_mprotect+0x620/0x620 [ 547.278586] ? iterate_fd+0x360/0x360 [ 547.282433] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 547.288116] ? fput+0x128/0x1a0 [ 547.292234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 547.297990] ? security_file_ioctl+0x8d/0xc0 [ 547.302732] ksys_ioctl+0xab/0xd0 [ 547.306221] __x64_sys_ioctl+0x73/0xb0 [ 547.310210] do_syscall_64+0xfd/0x620 [ 547.314126] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 547.319441] RIP: 0033:0x459519 [ 547.323108] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 547.345695] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 547.357055] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 547.370334] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 547.378337] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 547.387786] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 547.395069] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 547.403178] Bluetooth: hci4: command 0x1003 tx timeout [ 547.408597] Bluetooth: hci4: sending frame failed (-49) [ 547.982622] Bluetooth: hci0: command 0x1003 tx timeout [ 547.988208] Bluetooth: hci0: sending frame failed (-49) [ 548.052520] Bluetooth: hci1: command 0x1003 tx timeout [ 548.058148] Bluetooth: hci1: sending frame failed (-49) 14:38:22 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, 0x0, 0x0) tkill(r1, 0x1000000000013) [ 548.372574] Bluetooth: hci3: command 0x1003 tx timeout [ 548.378090] Bluetooth: hci3: sending frame failed (-49) [ 549.492536] Bluetooth: hci2: command 0x1003 tx timeout [ 549.492747] Bluetooth: hci4: command 0x1001 tx timeout [ 549.498123] Bluetooth: hci2: sending frame failed (-49) [ 549.509044] Bluetooth: hci4: sending frame failed (-49) [ 550.062598] Bluetooth: hci0: command 0x1001 tx timeout [ 550.068144] Bluetooth: hci0: sending frame failed (-49) [ 550.132492] Bluetooth: hci1: command 0x1001 tx timeout [ 550.138026] Bluetooth: hci1: sending frame failed (-49) [ 550.452454] Bluetooth: hci3: command 0x1001 tx timeout [ 550.457975] Bluetooth: hci3: sending frame failed (-49) 14:38:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, 0x0, 0x0) tkill(r1, 0x1000000000013) [ 551.572543] Bluetooth: hci4: command 0x1009 tx timeout [ 551.577946] Bluetooth: hci2: command 0x1001 tx timeout [ 551.583523] Bluetooth: hci2: sending frame failed (-49) [ 552.132502] Bluetooth: hci0: command 0x1009 tx timeout [ 552.212464] Bluetooth: hci1: command 0x1009 tx timeout [ 552.532474] Bluetooth: hci3: command 0x1009 tx timeout [ 553.652750] Bluetooth: hci2: command 0x1009 tx timeout 14:38:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:38:29 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) [ 555.464289] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 555.466509] Bluetooth: hci4: Frame reassembly failed (-84) 14:38:30 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4b49, &(0x7f00000001c0)=0x1000000000033) 14:38:30 executing program 0 (fault-call:2 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 556.128633] Bluetooth: hci0: Frame reassembly failed (-84) [ 556.162093] FAULT_INJECTION: forcing a failure. [ 556.162093] name failslab, interval 1, probability 0, space 0, times 0 [ 556.173669] CPU: 0 PID: 10586 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 556.180708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 556.190073] Call Trace: [ 556.192684] dump_stack+0x172/0x1f0 [ 556.196334] should_fail.cold+0xa/0x1b [ 556.200242] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 556.205363] ? lock_downgrade+0x810/0x810 [ 556.209535] ? ___might_sleep+0x163/0x280 [ 556.213707] __should_failslab+0x121/0x190 [ 556.217949] should_failslab+0x9/0x14 [ 556.221749] kmem_cache_alloc_trace+0x2cc/0x760 [ 556.226433] ? ___might_sleep+0x163/0x280 [ 556.230604] hci_alloc_dev+0x43/0x1d00 [ 556.234509] hci_uart_tty_ioctl+0x2d7/0xaf0 [ 556.238844] tty_ioctl+0x8b5/0x1510 [ 556.242494] ? hci_uart_init_work+0x140/0x140 [ 556.247011] ? tty_vhangup+0x30/0x30 [ 556.250755] ? mark_held_locks+0x100/0x100 [ 556.255007] ? proc_cwd_link+0x1d0/0x1d0 [ 556.259088] ? __fget+0x340/0x540 [ 556.262555] ? ___might_sleep+0x163/0x280 [ 556.266723] ? __might_sleep+0x95/0x190 [ 556.270719] ? tty_vhangup+0x30/0x30 [ 556.274487] do_vfs_ioctl+0xd5f/0x1380 [ 556.278395] ? selinux_file_ioctl+0x46f/0x5e0 [ 556.282905] ? selinux_file_ioctl+0x125/0x5e0 [ 556.287450] ? ioctl_preallocate+0x210/0x210 [ 556.291983] ? selinux_file_mprotect+0x620/0x620 [ 556.296741] ? iterate_fd+0x360/0x360 [ 556.300540] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 556.306085] ? fput+0x128/0x1a0 [ 556.309389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 556.314941] ? security_file_ioctl+0x8d/0xc0 [ 556.319362] ksys_ioctl+0xab/0xd0 [ 556.322826] __x64_sys_ioctl+0x73/0xb0 [ 556.326731] do_syscall_64+0xfd/0x620 [ 556.330550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 556.335736] RIP: 0033:0x459519 [ 556.338945] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 556.357861] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 556.365579] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 14:38:30 executing program 0 (fault-call:2 fault-nth:1): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:38:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) [ 556.372862] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 556.380135] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 556.387454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 556.394949] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 556.405445] Bluetooth: Can't allocate HCI device [ 556.479517] FAULT_INJECTION: forcing a failure. [ 556.479517] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 556.491374] CPU: 0 PID: 10589 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 556.498494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 556.508200] Call Trace: [ 556.510807] dump_stack+0x172/0x1f0 [ 556.514478] should_fail.cold+0xa/0x1b [ 556.518368] ? mark_held_locks+0x100/0x100 [ 556.522631] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 556.527757] ? mark_held_locks+0x100/0x100 [ 556.531996] __alloc_pages_nodemask+0x1ee/0x760 [ 556.536666] ? __alloc_pages_slowpath+0x2870/0x2870 [ 556.541803] cache_grow_begin+0x9c/0x8b0 [ 556.545896] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 556.551453] ? check_preemption_disabled+0x48/0x290 [ 556.556480] kmem_cache_alloc_trace+0x685/0x760 [ 556.561155] hci_alloc_dev+0x43/0x1d00 [ 556.565072] hci_uart_tty_ioctl+0x2d7/0xaf0 [ 556.569420] tty_ioctl+0x8b5/0x1510 [ 556.573045] ? hci_uart_init_work+0x140/0x140 [ 556.577560] ? tty_vhangup+0x30/0x30 [ 556.581279] ? mark_held_locks+0x100/0x100 [ 556.585535] ? proc_cwd_link+0x1d0/0x1d0 [ 556.589642] ? __fget+0x340/0x540 [ 556.593108] ? ___might_sleep+0x163/0x280 [ 556.597265] ? __might_sleep+0x95/0x190 [ 556.601350] ? tty_vhangup+0x30/0x30 [ 556.605071] do_vfs_ioctl+0xd5f/0x1380 [ 556.608970] ? selinux_file_ioctl+0x46f/0x5e0 [ 556.613614] ? selinux_file_ioctl+0x125/0x5e0 [ 556.618110] ? ioctl_preallocate+0x210/0x210 [ 556.622533] ? selinux_file_mprotect+0x620/0x620 [ 556.627346] ? iterate_fd+0x360/0x360 [ 556.631782] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 556.637505] ? fput+0x128/0x1a0 [ 556.640862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 556.646412] ? security_file_ioctl+0x8d/0xc0 [ 556.652160] ksys_ioctl+0xab/0xd0 [ 556.655643] __x64_sys_ioctl+0x73/0xb0 [ 556.659577] do_syscall_64+0xfd/0x620 [ 556.663410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 556.668620] RIP: 0033:0x459519 [ 556.671841] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 556.690781] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 556.698549] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 556.705814] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 556.713084] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 556.720349] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 556.727610] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 14:38:30 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)) [ 556.752871] Bluetooth: hci1: sending frame failed (-49) [ 556.798014] Bluetooth: hci3: Frame reassembly failed (-84) [ 556.806025] Bluetooth: hci3: Frame reassembly failed (-84) 14:38:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) [ 557.492533] Bluetooth: hci4: command 0x1003 tx timeout [ 557.498139] Bluetooth: hci4: sending frame failed (-49) 14:38:32 executing program 5 (fault-call:2 fault-nth:10): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 558.023042] FAULT_INJECTION: forcing a failure. [ 558.023042] name failslab, interval 1, probability 0, space 0, times 0 [ 558.035266] CPU: 0 PID: 10607 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 558.042292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 558.051639] Call Trace: [ 558.054233] dump_stack+0x172/0x1f0 [ 558.057989] should_fail.cold+0xa/0x1b [ 558.061873] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 558.066980] ? lock_downgrade+0x810/0x810 [ 558.071137] ? ___might_sleep+0x163/0x280 [ 558.075307] __should_failslab+0x121/0x190 [ 558.079554] should_failslab+0x9/0x14 [ 558.083352] kmem_cache_alloc_trace+0x2cc/0x760 [ 558.088030] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 558.093059] ? pwq_adjust_max_active+0x3b6/0x5c0 [ 558.097868] ? __alloc_workqueue_key+0x139/0xee0 [ 558.102823] __alloc_workqueue_key+0x18e/0xee0 [ 558.107414] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 558.112446] hci_register_dev+0x225/0x880 [ 558.116605] hci_uart_tty_ioctl+0x761/0xaf0 [ 558.120944] tty_ioctl+0x8b5/0x1510 [ 558.124932] ? hci_uart_init_work+0x140/0x140 [ 558.129604] ? tty_vhangup+0x30/0x30 [ 558.133356] ? mark_held_locks+0x100/0x100 [ 558.137592] ? proc_cwd_link+0x1d0/0x1d0 [ 558.141664] ? __fget+0x340/0x540 [ 558.145151] ? ___might_sleep+0x163/0x280 [ 558.149308] ? __might_sleep+0x95/0x190 [ 558.153300] ? tty_vhangup+0x30/0x30 [ 558.157187] do_vfs_ioctl+0xd5f/0x1380 [ 558.161082] ? selinux_file_ioctl+0x46f/0x5e0 [ 558.165577] ? selinux_file_ioctl+0x125/0x5e0 [ 558.170081] ? ioctl_preallocate+0x210/0x210 [ 558.174510] ? selinux_file_mprotect+0x620/0x620 [ 558.179304] ? iterate_fd+0x360/0x360 [ 558.183119] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 558.188675] ? fput+0x128/0x1a0 [ 558.191970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 558.197506] ? security_file_ioctl+0x8d/0xc0 [ 558.201914] ksys_ioctl+0xab/0xd0 [ 558.205369] __x64_sys_ioctl+0x73/0xb0 [ 558.209267] do_syscall_64+0xfd/0x620 [ 558.213165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 558.218367] RIP: 0033:0x459519 [ 558.221581] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 558.240534] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 558.248246] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 558.255523] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 558.262811] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 14:38:32 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x0) 14:38:32 executing program 5 (fault-call:2 fault-nth:11): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 558.270072] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 558.277360] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 558.292573] Bluetooth: hci0: command 0x1003 tx timeout [ 558.298057] Bluetooth: hci0: sending frame failed (-49) [ 558.306665] Bluetooth: Can't register HCI device [ 558.372005] FAULT_INJECTION: forcing a failure. [ 558.372005] name failslab, interval 1, probability 0, space 0, times 0 [ 558.383886] CPU: 1 PID: 10613 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 558.391148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 558.400693] Call Trace: [ 558.403322] dump_stack+0x172/0x1f0 [ 558.406989] should_fail.cold+0xa/0x1b [ 558.410902] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 558.416037] ? lock_downgrade+0x810/0x810 [ 558.420332] ? ___might_sleep+0x163/0x280 [ 558.424613] __should_failslab+0x121/0x190 [ 558.428874] should_failslab+0x9/0x14 [ 558.432681] __kmalloc+0x2e2/0x750 [ 558.436356] ? __lock_is_held+0xb6/0x140 [ 558.440431] ? apply_wqattrs_prepare+0xfb/0xa30 [ 558.445144] apply_wqattrs_prepare+0xfb/0xa30 [ 558.449686] apply_workqueue_attrs_locked+0xcb/0x140 [ 558.454905] apply_workqueue_attrs+0x31/0x50 [ 558.459330] __alloc_workqueue_key+0x8b8/0xee0 [ 558.463952] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 558.469022] hci_register_dev+0x225/0x880 [ 558.473215] hci_uart_tty_ioctl+0x761/0xaf0 [ 558.477552] tty_ioctl+0x8b5/0x1510 [ 558.481176] ? hci_uart_init_work+0x140/0x140 [ 558.485677] ? tty_vhangup+0x30/0x30 [ 558.489419] ? mark_held_locks+0x100/0x100 [ 558.493663] ? proc_cwd_link+0x1d0/0x1d0 [ 558.497724] ? __fget+0x340/0x540 [ 558.501170] ? ___might_sleep+0x163/0x280 [ 558.505327] ? __might_sleep+0x95/0x190 [ 558.509367] ? tty_vhangup+0x30/0x30 [ 558.513132] do_vfs_ioctl+0xd5f/0x1380 [ 558.517049] ? selinux_file_ioctl+0x46f/0x5e0 [ 558.521541] ? selinux_file_ioctl+0x125/0x5e0 [ 558.526061] ? ioctl_preallocate+0x210/0x210 [ 558.530483] ? selinux_file_mprotect+0x620/0x620 [ 558.535246] ? iterate_fd+0x360/0x360 [ 558.539064] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 558.544655] ? fput+0x128/0x1a0 [ 558.547982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 558.553541] ? security_file_ioctl+0x8d/0xc0 [ 558.557971] ksys_ioctl+0xab/0xd0 [ 558.561459] __x64_sys_ioctl+0x73/0xb0 [ 558.565380] do_syscall_64+0xfd/0x620 [ 558.569203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 558.574435] RIP: 0033:0x459519 [ 558.577652] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 558.596573] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 558.604295] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 558.611598] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 14:38:32 executing program 5 (fault-call:2 fault-nth:12): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 558.619459] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 558.628182] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 558.636479] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 558.647885] Bluetooth: Can't register HCI device [ 558.697417] FAULT_INJECTION: forcing a failure. [ 558.697417] name failslab, interval 1, probability 0, space 0, times 0 [ 558.709439] CPU: 0 PID: 10617 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 558.716487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 558.725838] Call Trace: [ 558.728432] dump_stack+0x172/0x1f0 [ 558.732193] should_fail.cold+0xa/0x1b [ 558.736218] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 558.741366] ? lock_downgrade+0x810/0x810 [ 558.745531] ? ___might_sleep+0x163/0x280 [ 558.749681] __should_failslab+0x121/0x190 [ 558.754050] should_failslab+0x9/0x14 [ 558.757874] kmem_cache_alloc_trace+0x2cc/0x760 [ 558.762579] ? apply_wqattrs_prepare+0xfb/0xa30 [ 558.767249] apply_wqattrs_prepare+0x13b/0xa30 [ 558.771832] apply_workqueue_attrs_locked+0xcb/0x140 [ 558.776932] apply_workqueue_attrs+0x31/0x50 [ 558.781353] __alloc_workqueue_key+0x8b8/0xee0 [ 558.785952] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 558.791119] hci_register_dev+0x225/0x880 [ 558.795409] hci_uart_tty_ioctl+0x761/0xaf0 [ 558.799744] tty_ioctl+0x8b5/0x1510 [ 558.803384] ? hci_uart_init_work+0x140/0x140 [ 558.808004] ? tty_vhangup+0x30/0x30 [ 558.811725] ? mark_held_locks+0x100/0x100 [ 558.815989] ? proc_cwd_link+0x1d0/0x1d0 [ 558.820138] ? __fget+0x340/0x540 [ 558.823588] ? ___might_sleep+0x163/0x280 [ 558.827816] ? __might_sleep+0x95/0x190 [ 558.831809] ? tty_vhangup+0x30/0x30 [ 558.835560] do_vfs_ioctl+0xd5f/0x1380 [ 558.839492] ? selinux_file_ioctl+0x46f/0x5e0 [ 558.844181] ? selinux_file_ioctl+0x125/0x5e0 [ 558.850116] ? ioctl_preallocate+0x210/0x210 [ 558.854518] ? selinux_file_mprotect+0x620/0x620 [ 558.859307] ? iterate_fd+0x360/0x360 [ 558.863106] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 558.868650] ? fput+0x128/0x1a0 [ 558.871931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 558.877495] ? security_file_ioctl+0x8d/0xc0 [ 558.881921] ksys_ioctl+0xab/0xd0 [ 558.885499] __x64_sys_ioctl+0x73/0xb0 [ 558.889411] do_syscall_64+0xfd/0x620 [ 558.893246] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 558.898445] RIP: 0033:0x459519 [ 558.902074] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 558.921086] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 558.928839] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 558.936113] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 558.943387] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 558.950677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 558.957992] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 558.965872] Bluetooth: hci1: command 0x1003 tx timeout [ 558.971285] Bluetooth: hci1: sending frame failed (-49) [ 558.976948] Bluetooth: hci3: command 0x1003 tx timeout [ 558.984068] Bluetooth: hci3: sending frame failed (-49) [ 558.989554] Bluetooth: Can't register HCI device [ 559.572519] Bluetooth: hci4: command 0x1001 tx timeout [ 559.577934] Bluetooth: hci4: sending frame failed (-49) [ 560.372573] Bluetooth: hci0: command 0x1001 tx timeout [ 560.378019] Bluetooth: hci0: sending frame failed (-49) [ 561.012804] Bluetooth: hci3: command 0x1001 tx timeout [ 561.018193] Bluetooth: hci1: command 0x1001 tx timeout [ 561.018236] Bluetooth: hci3: sending frame failed (-49) [ 561.024090] Bluetooth: hci1: sending frame failed (-49) [ 561.652553] Bluetooth: hci4: command 0x1009 tx timeout [ 562.452751] Bluetooth: hci0: command 0x1009 tx timeout [ 563.092593] Bluetooth: hci3: command 0x1009 tx timeout [ 563.092709] Bluetooth: hci1: command 0x1009 tx timeout 14:38:39 executing program 5 (fault-call:2 fault-nth:13): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:38:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x2, &(0x7f00000001c0)=0x1000000000033) [ 565.691901] FAULT_INJECTION: forcing a failure. [ 565.691901] name failslab, interval 1, probability 0, space 0, times 0 [ 565.706057] CPU: 0 PID: 10625 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 565.713128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 565.722514] Call Trace: [ 565.725119] dump_stack+0x172/0x1f0 [ 565.728840] should_fail.cold+0xa/0x1b [ 565.732727] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 565.737846] ? lock_downgrade+0x810/0x810 [ 565.742173] ? ___might_sleep+0x163/0x280 [ 565.746333] __should_failslab+0x121/0x190 [ 565.750568] should_failslab+0x9/0x14 [ 565.754362] kmem_cache_alloc_trace+0x2cc/0x760 [ 565.759042] apply_wqattrs_prepare+0x1c7/0xa30 [ 565.763625] apply_workqueue_attrs_locked+0xcb/0x140 [ 565.768730] apply_workqueue_attrs+0x31/0x50 [ 565.773140] __alloc_workqueue_key+0x8b8/0xee0 [ 565.777888] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 565.782925] hci_register_dev+0x225/0x880 [ 565.787117] hci_uart_tty_ioctl+0x761/0xaf0 [ 565.791455] tty_ioctl+0x8b5/0x1510 [ 565.795265] ? hci_uart_init_work+0x140/0x140 [ 565.799754] ? tty_vhangup+0x30/0x30 [ 565.803468] ? mark_held_locks+0x100/0x100 [ 565.807711] ? proc_cwd_link+0x1d0/0x1d0 [ 565.811781] ? __fget+0x340/0x540 [ 565.815233] ? ___might_sleep+0x163/0x280 [ 565.819395] ? __might_sleep+0x95/0x190 [ 565.823383] ? tty_vhangup+0x30/0x30 [ 565.827093] do_vfs_ioctl+0xd5f/0x1380 [ 565.831004] ? selinux_file_ioctl+0x46f/0x5e0 [ 565.835673] ? selinux_file_ioctl+0x125/0x5e0 [ 565.840163] ? ioctl_preallocate+0x210/0x210 [ 565.844570] ? selinux_file_mprotect+0x620/0x620 [ 565.849325] ? iterate_fd+0x360/0x360 [ 565.853146] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 565.858696] ? fput+0x128/0x1a0 [ 565.862007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 565.867545] ? security_file_ioctl+0x8d/0xc0 [ 565.871950] ksys_ioctl+0xab/0xd0 [ 565.875428] __x64_sys_ioctl+0x73/0xb0 [ 565.879337] do_syscall_64+0xfd/0x620 [ 565.883161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 565.888592] RIP: 0033:0x459519 [ 565.891777] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 565.910795] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 565.918518] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 565.925788] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 565.933049] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 565.940315] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 565.948344] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 565.959302] Bluetooth: Can't register HCI device [ 565.962023] Bluetooth: hci4: Frame reassembly failed (-84) 14:38:40 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5409, &(0x7f00000001c0)=0x1000000000033) 14:38:40 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x0) [ 566.343898] Bluetooth: hci0: Frame reassembly failed (-84) 14:38:41 executing program 0 (fault-call:2 fault-nth:2): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:38:41 executing program 5 (fault-call:2 fault-nth:14): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:38:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x2, &(0x7f00000001c0)) [ 566.973633] FAULT_INJECTION: forcing a failure. [ 566.973633] name failslab, interval 1, probability 0, space 0, times 0 [ 566.989648] FAULT_INJECTION: forcing a failure. [ 566.989648] name failslab, interval 1, probability 0, space 0, times 0 [ 567.005093] CPU: 1 PID: 10642 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 567.012153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.021524] Call Trace: [ 567.024146] dump_stack+0x172/0x1f0 [ 567.027817] should_fail.cold+0xa/0x1b [ 567.031745] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 567.036889] ? lock_downgrade+0x810/0x810 [ 567.041055] ? ___might_sleep+0x163/0x280 [ 567.045325] __should_failslab+0x121/0x190 [ 567.049675] should_failslab+0x9/0x14 [ 567.053493] kmem_cache_alloc_trace+0x2cc/0x760 [ 567.058216] ? pm_runtime_init+0x347/0x400 [ 567.062470] ? device_initialize+0x1a1/0x440 [ 567.066905] ll_open+0x46/0x380 [ 567.070201] hci_uart_tty_ioctl+0x704/0xaf0 [ 567.074544] tty_ioctl+0x8b5/0x1510 [ 567.078283] ? hci_uart_init_work+0x140/0x140 [ 567.082803] ? tty_vhangup+0x30/0x30 [ 567.086661] ? mark_held_locks+0x100/0x100 [ 567.100370] ? proc_cwd_link+0x1d0/0x1d0 [ 567.104489] ? __fget+0x340/0x540 [ 567.107968] ? ___might_sleep+0x163/0x280 [ 567.112139] ? __might_sleep+0x95/0x190 [ 567.116136] ? tty_vhangup+0x30/0x30 [ 567.119879] do_vfs_ioctl+0xd5f/0x1380 [ 567.123790] ? selinux_file_ioctl+0x46f/0x5e0 [ 567.128299] ? selinux_file_ioctl+0x125/0x5e0 [ 567.132815] ? ioctl_preallocate+0x210/0x210 [ 567.137237] ? selinux_file_mprotect+0x620/0x620 [ 567.142047] ? iterate_fd+0x360/0x360 [ 567.146041] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 567.151592] ? fput+0x128/0x1a0 [ 567.154898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 567.160449] ? security_file_ioctl+0x8d/0xc0 [ 567.164879] ksys_ioctl+0xab/0xd0 [ 567.168635] __x64_sys_ioctl+0x73/0xb0 [ 567.172563] do_syscall_64+0xfd/0x620 [ 567.176392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 567.181600] RIP: 0033:0x459519 [ 567.184806] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 567.203723] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 567.211451] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 567.218735] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 567.226624] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 567.233928] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 567.241214] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 567.248546] CPU: 0 PID: 10639 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 567.255709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.255715] Call Trace: [ 567.255743] dump_stack+0x172/0x1f0 [ 567.255766] should_fail.cold+0xa/0x1b [ 567.255787] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 567.280760] ? lock_downgrade+0x810/0x810 [ 567.284931] ? ___might_sleep+0x163/0x280 [ 567.289104] __should_failslab+0x121/0x190 [ 567.289124] should_failslab+0x9/0x14 [ 567.289144] kmem_cache_alloc_trace+0x2cc/0x760 [ 567.301907] apply_wqattrs_prepare+0x1c7/0xa30 [ 567.301936] apply_workqueue_attrs_locked+0xcb/0x140 [ 567.301955] apply_workqueue_attrs+0x31/0x50 [ 567.301981] __alloc_workqueue_key+0x8b8/0xee0 [ 567.311702] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 567.311739] hci_register_dev+0x225/0x880 [ 567.311763] hci_uart_tty_ioctl+0x761/0xaf0 [ 567.334256] tty_ioctl+0x8b5/0x1510 [ 567.337912] ? hci_uart_init_work+0x140/0x140 [ 567.342437] ? tty_vhangup+0x30/0x30 [ 567.346175] ? mark_held_locks+0x100/0x100 [ 567.346195] ? proc_cwd_link+0x1d0/0x1d0 [ 567.354514] ? __fget+0x340/0x540 [ 567.354532] ? ___might_sleep+0x163/0x280 [ 567.354546] ? __might_sleep+0x95/0x190 [ 567.354561] ? tty_vhangup+0x30/0x30 [ 567.354579] do_vfs_ioctl+0xd5f/0x1380 14:38:41 executing program 0 (fault-call:2 fault-nth:3): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 567.354596] ? selinux_file_ioctl+0x46f/0x5e0 [ 567.354614] ? selinux_file_ioctl+0x125/0x5e0 [ 567.382806] ? ioctl_preallocate+0x210/0x210 [ 567.387244] ? selinux_file_mprotect+0x620/0x620 [ 567.392031] ? iterate_fd+0x360/0x360 [ 567.395856] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 567.401409] ? fput+0x128/0x1a0 [ 567.404710] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 567.410255] ? security_file_ioctl+0x8d/0xc0 [ 567.414671] ksys_ioctl+0xab/0xd0 [ 567.418152] __x64_sys_ioctl+0x73/0xb0 [ 567.422065] do_syscall_64+0xfd/0x620 [ 567.425899] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 567.431149] RIP: 0033:0x459519 [ 567.431229] FAULT_INJECTION: forcing a failure. [ 567.431229] name failslab, interval 1, probability 0, space 0, times 0 [ 567.434358] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 567.434367] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:38:41 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x0) 14:38:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4b47, &(0x7f00000001c0)) [ 567.434382] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 567.434390] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 567.434397] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 567.434405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 567.434414] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 567.479468] Bluetooth: Can't register HCI device [ 567.516401] Bluetooth: hci1: Frame reassembly failed (-84) [ 567.522180] Bluetooth: hci1: Frame reassembly failed (-84) [ 567.523708] CPU: 0 PID: 10649 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 567.534852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.534859] Call Trace: [ 567.534886] dump_stack+0x172/0x1f0 [ 567.534908] should_fail.cold+0xa/0x1b [ 567.534926] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 567.534944] ? lock_downgrade+0x810/0x810 [ 567.534960] ? ___might_sleep+0x163/0x280 [ 567.534982] __should_failslab+0x121/0x190 14:38:41 executing program 5 (fault-call:2 fault-nth:15): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 567.535000] should_failslab+0x9/0x14 [ 567.535012] __kmalloc+0x2e2/0x750 [ 567.535033] ? __alloc_workqueue_key+0x139/0xee0 [ 567.535050] __alloc_workqueue_key+0x139/0xee0 [ 567.535074] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 567.535087] ? scnprintf+0x140/0x140 [ 567.535119] hci_register_dev+0x1c6/0x880 [ 567.535133] ? __raw_spin_lock_init+0x2d/0x100 [ 567.535156] hci_uart_tty_ioctl+0x761/0xaf0 [ 567.535174] tty_ioctl+0x8b5/0x1510 [ 567.535189] ? hci_uart_init_work+0x140/0x140 [ 567.535207] ? tty_vhangup+0x30/0x30 [ 567.590928] ? mark_held_locks+0x100/0x100 [ 567.590947] ? proc_cwd_link+0x1d0/0x1d0 [ 567.590978] ? __fget+0x340/0x540 [ 567.599726] ? ___might_sleep+0x163/0x280 [ 567.629017] FAULT_INJECTION: forcing a failure. [ 567.629017] name failslab, interval 1, probability 0, space 0, times 0 [ 567.633042] ? __might_sleep+0x95/0x190 [ 567.633061] ? tty_vhangup+0x30/0x30 [ 567.633082] do_vfs_ioctl+0xd5f/0x1380 [ 567.633098] ? selinux_file_ioctl+0x46f/0x5e0 [ 567.633110] ? selinux_file_ioctl+0x125/0x5e0 [ 567.633127] ? ioctl_preallocate+0x210/0x210 [ 567.633140] ? selinux_file_mprotect+0x620/0x620 [ 567.633161] ? iterate_fd+0x360/0x360 [ 567.633178] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 567.633192] ? fput+0x128/0x1a0 [ 567.633213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 567.633226] ? security_file_ioctl+0x8d/0xc0 [ 567.633240] ksys_ioctl+0xab/0xd0 [ 567.633257] __x64_sys_ioctl+0x73/0xb0 [ 567.633281] do_syscall_64+0xfd/0x620 [ 567.715904] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 567.721231] RIP: 0033:0x459519 [ 567.724448] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 567.743415] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 567.751241] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 567.758960] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 567.766263] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 567.773551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 567.780838] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 567.788150] CPU: 1 PID: 10657 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 567.795188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.804583] Call Trace: [ 567.805820] Bluetooth: Can't register HCI device [ 567.807289] dump_stack+0x172/0x1f0 [ 567.807314] should_fail.cold+0xa/0x1b [ 567.807334] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 567.807355] ? lock_downgrade+0x810/0x810 [ 567.815753] ? ___might_sleep+0x163/0x280 [ 567.815778] __should_failslab+0x121/0x190 [ 567.815797] should_failslab+0x9/0x14 [ 567.815815] kmem_cache_alloc+0x2ae/0x700 [ 567.824819] ? unwind_get_return_address+0x61/0xa0 [ 567.824846] ? __save_stack_trace+0x99/0x100 [ 567.824866] __d_alloc+0x2e/0x9c0 [ 567.824882] ? find_held_lock+0x35/0x130 [ 567.824900] d_alloc+0x4d/0x280 [ 567.865551] ? __lock_acquire+0x6eb/0x48f0 [ 567.869791] d_alloc_parallel+0xf4/0x1bb0 [ 567.874750] ? __d_lookup_rcu+0x6b0/0x6b0 [ 567.878921] ? __d_lookup+0x40c/0x760 [ 567.882737] ? __lockdep_init_map+0x10c/0x5b0 [ 567.887244] ? __lockdep_init_map+0x10c/0x5b0 [ 567.891741] __lookup_slow+0x1ab/0x500 [ 567.895633] ? vfs_unlink+0x500/0x500 [ 567.899472] ? lockdep_hardirqs_on+0x415/0x5d0 [ 567.904059] ? d_lookup+0x19e/0x260 [ 567.907721] lookup_one_len+0x16d/0x1a0 [ 567.911796] ? lookup_one_len_unlocked+0x100/0x100 [ 567.916764] start_creating+0xbf/0x1e0 [ 567.920664] debugfs_create_dir+0x23/0x3c0 [ 567.924902] hci_register_dev+0x2b5/0x880 [ 567.929070] hci_uart_tty_ioctl+0x761/0xaf0 [ 567.933408] tty_ioctl+0x8b5/0x1510 [ 567.937060] ? hci_uart_init_work+0x140/0x140 [ 567.941549] ? tty_vhangup+0x30/0x30 [ 567.945320] ? mark_held_locks+0x100/0x100 [ 567.949558] ? proc_cwd_link+0x1d0/0x1d0 [ 567.953620] ? __fget+0x340/0x540 [ 567.957068] ? ___might_sleep+0x163/0x280 [ 567.961223] ? __might_sleep+0x95/0x190 [ 567.965189] ? tty_vhangup+0x30/0x30 [ 567.968927] do_vfs_ioctl+0xd5f/0x1380 [ 567.972811] ? selinux_file_ioctl+0x46f/0x5e0 [ 567.977299] ? selinux_file_ioctl+0x125/0x5e0 [ 567.981804] ? ioctl_preallocate+0x210/0x210 [ 567.986225] ? selinux_file_mprotect+0x620/0x620 [ 567.990984] ? iterate_fd+0x360/0x360 [ 567.994823] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 568.000487] ? fput+0x128/0x1a0 [ 568.003812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 568.009346] ? security_file_ioctl+0x8d/0xc0 [ 568.013766] ksys_ioctl+0xab/0xd0 [ 568.017251] __x64_sys_ioctl+0x73/0xb0 [ 568.021139] do_syscall_64+0xfd/0x620 [ 568.025035] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 568.030425] RIP: 0033:0x459519 [ 568.033633] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 568.052627] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 568.060354] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 568.067625] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 14:38:42 executing program 0 (fault-call:2 fault-nth:4): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 568.074900] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 568.082177] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 568.089472] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 568.103812] Bluetooth: hci4: command 0x1003 tx timeout [ 568.109206] Bluetooth: hci4: sending frame failed (-49) [ 568.115702] Bluetooth: hci3: Frame reassembly failed (-84) [ 568.161579] FAULT_INJECTION: forcing a failure. [ 568.161579] name failslab, interval 1, probability 0, space 0, times 0 [ 568.173272] CPU: 1 PID: 10664 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 568.180328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 568.189705] Call Trace: [ 568.192306] dump_stack+0x172/0x1f0 [ 568.195953] should_fail.cold+0xa/0x1b [ 568.199888] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 568.204991] ? lock_downgrade+0x810/0x810 [ 568.209133] ? ___might_sleep+0x163/0x280 [ 568.213293] __should_failslab+0x121/0x190 [ 568.217522] should_failslab+0x9/0x14 [ 568.221313] kmem_cache_alloc_trace+0x2cc/0x760 [ 568.225999] ? __alloc_workqueue_key+0x139/0xee0 [ 568.230769] __alloc_workqueue_key+0x18e/0xee0 [ 568.235370] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 568.240396] ? scnprintf+0x140/0x140 [ 568.244132] hci_register_dev+0x1c6/0x880 [ 568.248292] ? __raw_spin_lock_init+0x2d/0x100 [ 568.252871] hci_uart_tty_ioctl+0x761/0xaf0 [ 568.257201] tty_ioctl+0x8b5/0x1510 [ 568.260819] ? hci_uart_init_work+0x140/0x140 [ 568.265305] ? tty_vhangup+0x30/0x30 [ 568.269025] ? mark_held_locks+0x100/0x100 [ 568.273268] ? proc_cwd_link+0x1d0/0x1d0 [ 568.277346] ? __fget+0x340/0x540 [ 568.280796] ? ___might_sleep+0x163/0x280 [ 568.284989] ? __might_sleep+0x95/0x190 [ 568.288991] ? tty_vhangup+0x30/0x30 [ 568.292708] do_vfs_ioctl+0xd5f/0x1380 [ 568.296598] ? selinux_file_ioctl+0x46f/0x5e0 [ 568.301104] ? selinux_file_ioctl+0x125/0x5e0 [ 568.305623] ? ioctl_preallocate+0x210/0x210 [ 568.310045] ? selinux_file_mprotect+0x620/0x620 [ 568.314815] ? iterate_fd+0x360/0x360 [ 568.318886] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 568.324446] ? fput+0x128/0x1a0 [ 568.327760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 568.333292] ? security_file_ioctl+0x8d/0xc0 [ 568.337694] ksys_ioctl+0xab/0xd0 [ 568.341138] __x64_sys_ioctl+0x73/0xb0 [ 568.345034] do_syscall_64+0xfd/0x620 [ 568.348843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 568.354029] RIP: 0033:0x459519 [ 568.357236] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 568.376164] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 568.383972] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 568.391264] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 568.398527] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 14:38:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(0x0, 0x1000000000013) [ 568.406076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 568.413454] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 568.422684] Bluetooth: Can't register HCI device [ 568.430037] Bluetooth: hci0: command 0x1003 tx timeout [ 568.436033] Bluetooth: hci0: sending frame failed (-49) [ 569.572450] Bluetooth: hci1: command 0x1003 tx timeout [ 569.577906] Bluetooth: hci1: sending frame failed (-49) [ 570.132495] Bluetooth: hci4: command 0x1001 tx timeout [ 570.137919] Bluetooth: hci4: sending frame failed (-49) [ 570.143745] Bluetooth: hci3: command 0x1003 tx timeout [ 570.149123] Bluetooth: hci3: sending frame failed (-49) [ 570.452595] Bluetooth: hci0: command 0x1001 tx timeout [ 570.458035] Bluetooth: hci0: sending frame failed (-49) [ 571.652662] Bluetooth: hci1: command 0x1001 tx timeout [ 571.658133] Bluetooth: hci1: sending frame failed (-49) [ 572.212572] Bluetooth: hci3: command 0x1001 tx timeout [ 572.217924] Bluetooth: hci4: command 0x1009 tx timeout [ 572.218053] Bluetooth: hci3: sending frame failed (-49) [ 572.532768] Bluetooth: hci0: command 0x1009 tx timeout [ 573.732543] Bluetooth: hci1: command 0x1009 tx timeout [ 574.292567] Bluetooth: hci3: command 0x1009 tx timeout 14:38:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4b47, &(0x7f00000001c0)=0x1000000000033) 14:38:50 executing program 0 (fault-call:2 fault-nth:5): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:38:50 executing program 3 (fault-call:2 fault-nth:0): r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:38:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540b, &(0x7f00000001c0)=0x1000000000033) [ 576.599751] FAULT_INJECTION: forcing a failure. [ 576.599751] name failslab, interval 1, probability 0, space 0, times 0 [ 576.623868] CPU: 1 PID: 10679 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 576.630949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 576.640334] Call Trace: [ 576.643161] dump_stack+0x172/0x1f0 [ 576.648588] should_fail.cold+0xa/0x1b [ 576.656034] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 576.661868] ? lock_downgrade+0x810/0x810 [ 576.668568] ? ___might_sleep+0x163/0x280 [ 576.674282] __should_failslab+0x121/0x190 [ 576.678550] should_failslab+0x9/0x14 [ 576.682382] __kmalloc+0x2e2/0x750 [ 576.685950] ? __lock_is_held+0xb6/0x140 [ 576.690062] ? apply_wqattrs_prepare+0xfb/0xa30 [ 576.694730] apply_wqattrs_prepare+0xfb/0xa30 [ 576.699239] apply_workqueue_attrs_locked+0xcb/0x140 [ 576.704451] apply_workqueue_attrs+0x31/0x50 [ 576.709482] __alloc_workqueue_key+0x8b8/0xee0 [ 576.714449] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 576.723619] hci_register_dev+0x1c6/0x880 [ 576.727793] ? __raw_spin_lock_init+0x2d/0x100 [ 576.732481] hci_uart_tty_ioctl+0x761/0xaf0 [ 576.737084] tty_ioctl+0x8b5/0x1510 [ 576.740742] ? hci_uart_init_work+0x140/0x140 [ 576.745266] ? tty_vhangup+0x30/0x30 [ 576.749001] ? mark_held_locks+0x100/0x100 [ 576.753278] ? proc_cwd_link+0x1d0/0x1d0 [ 576.757367] ? __fget+0x340/0x540 [ 576.760831] ? ___might_sleep+0x163/0x280 [ 576.765001] ? __might_sleep+0x95/0x190 [ 576.769051] ? tty_vhangup+0x30/0x30 [ 576.772794] do_vfs_ioctl+0xd5f/0x1380 [ 576.776708] ? selinux_file_ioctl+0x46f/0x5e0 [ 576.781229] ? selinux_file_ioctl+0x125/0x5e0 [ 576.787521] ? ioctl_preallocate+0x210/0x210 [ 576.791944] ? selinux_file_mprotect+0x620/0x620 [ 576.796760] ? iterate_fd+0x360/0x360 [ 576.800563] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 576.806124] ? fput+0x128/0x1a0 [ 576.809435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 576.815010] ? security_file_ioctl+0x8d/0xc0 [ 576.819459] ksys_ioctl+0xab/0xd0 [ 576.822990] __x64_sys_ioctl+0x73/0xb0 [ 576.826915] do_syscall_64+0xfd/0x620 [ 576.830721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 576.835924] RIP: 0033:0x459519 [ 576.839185] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 576.858086] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 576.865896] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 576.873184] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 576.880504] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 576.887799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 14:38:51 executing program 0 (fault-call:2 fault-nth:6): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 576.895156] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 576.904232] Bluetooth: Can't register HCI device [ 576.921500] Bluetooth: hci2: Frame reassembly failed (-84) [ 576.941582] Bluetooth: hci4: Frame reassembly failed (-84) [ 576.976792] FAULT_INJECTION: forcing a failure. [ 576.976792] name failslab, interval 1, probability 0, space 0, times 0 [ 576.988271] CPU: 1 PID: 10690 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 576.995310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.004678] Call Trace: [ 577.007306] dump_stack+0x172/0x1f0 [ 577.010951] should_fail.cold+0xa/0x1b [ 577.014852] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 577.019973] ? lock_downgrade+0x810/0x810 [ 577.024172] ? ___might_sleep+0x163/0x280 [ 577.028370] __should_failslab+0x121/0x190 [ 577.032666] should_failslab+0x9/0x14 [ 577.036502] kmem_cache_alloc_trace+0x2cc/0x760 [ 577.041309] ? apply_wqattrs_prepare+0xfb/0xa30 [ 577.046010] apply_wqattrs_prepare+0x13b/0xa30 [ 577.050614] apply_workqueue_attrs_locked+0xcb/0x140 [ 577.055734] apply_workqueue_attrs+0x31/0x50 [ 577.060167] __alloc_workqueue_key+0x8b8/0xee0 [ 577.064771] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 577.069808] hci_register_dev+0x1c6/0x880 [ 577.073990] ? __raw_spin_lock_init+0x2d/0x100 [ 577.078602] hci_uart_tty_ioctl+0x761/0xaf0 [ 577.082951] tty_ioctl+0x8b5/0x1510 [ 577.086624] ? hci_uart_init_work+0x140/0x140 [ 577.091124] ? tty_vhangup+0x30/0x30 [ 577.094830] ? mark_held_locks+0x100/0x100 [ 577.099088] ? proc_cwd_link+0x1d0/0x1d0 [ 577.103173] ? __fget+0x340/0x540 [ 577.106751] ? ___might_sleep+0x163/0x280 [ 577.110915] ? __might_sleep+0x95/0x190 [ 577.114895] ? tty_vhangup+0x30/0x30 [ 577.118724] do_vfs_ioctl+0xd5f/0x1380 [ 577.122835] ? selinux_file_ioctl+0x46f/0x5e0 [ 577.128065] ? selinux_file_ioctl+0x125/0x5e0 [ 577.132698] ? ioctl_preallocate+0x210/0x210 [ 577.137641] ? selinux_file_mprotect+0x620/0x620 [ 577.142568] ? iterate_fd+0x360/0x360 [ 577.146493] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 577.152071] ? fput+0x128/0x1a0 [ 577.155854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 577.161531] ? security_file_ioctl+0x8d/0xc0 [ 577.165955] ksys_ioctl+0xab/0xd0 [ 577.169421] __x64_sys_ioctl+0x73/0xb0 [ 577.173321] do_syscall_64+0xfd/0x620 [ 577.177139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 577.182321] RIP: 0033:0x459519 [ 577.185515] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 577.204701] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 577.212439] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 577.219813] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 14:38:51 executing program 0 (fault-call:2 fault-nth:7): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 577.227795] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 577.235078] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 577.242348] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 577.250669] Bluetooth: Can't register HCI device [ 577.298162] FAULT_INJECTION: forcing a failure. [ 577.298162] name failslab, interval 1, probability 0, space 0, times 0 [ 577.309779] CPU: 1 PID: 10693 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 577.316849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.326218] Call Trace: [ 577.328846] dump_stack+0x172/0x1f0 [ 577.332512] should_fail.cold+0xa/0x1b [ 577.336524] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 577.341631] ? lock_downgrade+0x810/0x810 [ 577.345791] ? ___might_sleep+0x163/0x280 [ 577.349976] __should_failslab+0x121/0x190 [ 577.354266] should_failslab+0x9/0x14 [ 577.358393] kmem_cache_alloc_trace+0x2cc/0x760 [ 577.366605] apply_wqattrs_prepare+0x1c7/0xa30 [ 577.373126] apply_workqueue_attrs_locked+0xcb/0x140 [ 577.379562] apply_workqueue_attrs+0x31/0x50 [ 577.385144] __alloc_workqueue_key+0x8b8/0xee0 [ 577.390125] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 577.396852] hci_register_dev+0x1c6/0x880 [ 577.401344] ? __raw_spin_lock_init+0x2d/0x100 [ 577.411836] hci_uart_tty_ioctl+0x761/0xaf0 [ 577.411858] tty_ioctl+0x8b5/0x1510 [ 577.411873] ? hci_uart_init_work+0x140/0x140 [ 577.411889] ? tty_vhangup+0x30/0x30 [ 577.411905] ? mark_held_locks+0x100/0x100 [ 577.411920] ? proc_cwd_link+0x1d0/0x1d0 [ 577.411943] ? __fget+0x340/0x540 14:38:51 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 577.411967] ? ___might_sleep+0x163/0x280 [ 577.411985] ? __might_sleep+0x95/0x190 [ 577.412001] ? tty_vhangup+0x30/0x30 [ 577.412020] do_vfs_ioctl+0xd5f/0x1380 [ 577.412035] ? selinux_file_ioctl+0x46f/0x5e0 [ 577.412048] ? selinux_file_ioctl+0x125/0x5e0 [ 577.412070] ? ioctl_preallocate+0x210/0x210 [ 577.429663] ? selinux_file_mprotect+0x620/0x620 [ 577.429693] ? iterate_fd+0x360/0x360 [ 577.429713] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 577.429732] ? fput+0x128/0x1a0 [ 577.492473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 577.498148] ? security_file_ioctl+0x8d/0xc0 [ 577.502579] ksys_ioctl+0xab/0xd0 [ 577.506120] __x64_sys_ioctl+0x73/0xb0 [ 577.510015] do_syscall_64+0xfd/0x620 [ 577.513833] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 577.519030] RIP: 0033:0x459519 [ 577.522218] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:38:51 executing program 0 (fault-call:2 fault-nth:8): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 577.541290] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 577.550201] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 577.557491] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 577.565315] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 577.572603] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 577.579898] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 577.588345] Bluetooth: Can't register HCI device [ 577.636953] FAULT_INJECTION: forcing a failure. [ 577.636953] name failslab, interval 1, probability 0, space 0, times 0 [ 577.648916] CPU: 0 PID: 10702 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 577.656144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.665498] Call Trace: [ 577.668121] dump_stack+0x172/0x1f0 [ 577.671863] should_fail.cold+0xa/0x1b [ 577.676033] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 577.681236] ? lock_downgrade+0x810/0x810 [ 577.686327] ? ___might_sleep+0x163/0x280 [ 577.692798] __should_failslab+0x121/0x190 [ 577.697250] should_failslab+0x9/0x14 [ 577.701059] kmem_cache_alloc_node+0x26c/0x710 [ 577.707117] alloc_unbound_pwq+0x4c1/0xc70 [ 577.712630] apply_wqattrs_prepare+0x3c5/0xa30 [ 577.718776] apply_workqueue_attrs_locked+0xcb/0x140 [ 577.725957] apply_workqueue_attrs+0x31/0x50 [ 577.732419] __alloc_workqueue_key+0x8b8/0xee0 [ 577.739648] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 577.745425] hci_register_dev+0x1c6/0x880 [ 577.749629] ? __raw_spin_lock_init+0x2d/0x100 [ 577.754318] hci_uart_tty_ioctl+0x761/0xaf0 [ 577.758673] tty_ioctl+0x8b5/0x1510 [ 577.762326] ? hci_uart_init_work+0x140/0x140 [ 577.766826] ? tty_vhangup+0x30/0x30 [ 577.770822] ? mark_held_locks+0x100/0x100 [ 577.775680] ? proc_cwd_link+0x1d0/0x1d0 [ 577.779948] ? __fget+0x340/0x540 [ 577.783426] ? ___might_sleep+0x163/0x280 [ 577.787693] ? __might_sleep+0x95/0x190 [ 577.791683] ? tty_vhangup+0x30/0x30 [ 577.795415] do_vfs_ioctl+0xd5f/0x1380 [ 577.799300] ? selinux_file_ioctl+0x46f/0x5e0 [ 577.803811] ? selinux_file_ioctl+0x125/0x5e0 [ 577.808318] ? ioctl_preallocate+0x210/0x210 [ 577.812759] ? selinux_file_mprotect+0x620/0x620 [ 577.817539] ? iterate_fd+0x360/0x360 [ 577.821351] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 577.826894] ? fput+0x128/0x1a0 [ 577.830289] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 577.835925] ? security_file_ioctl+0x8d/0xc0 [ 577.840352] ksys_ioctl+0xab/0xd0 [ 577.843801] __x64_sys_ioctl+0x73/0xb0 [ 577.847873] do_syscall_64+0xfd/0x620 [ 577.851680] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 577.856876] RIP: 0033:0x459519 [ 577.860078] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 577.878978] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:38:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4b49, &(0x7f00000001c0)) [ 577.886706] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 577.893968] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 577.901239] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 577.908652] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 577.915912] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 577.924116] Bluetooth: Can't register HCI device [ 578.005810] Bluetooth: hci0: Frame reassembly failed (-84) 14:38:52 executing program 5 (fault-call:2 fault-nth:16): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:38:52 executing program 0 (fault-call:2 fault-nth:9): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:38:52 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x2, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 578.494261] FAULT_INJECTION: forcing a failure. [ 578.494261] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 578.506134] CPU: 1 PID: 10712 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 578.514047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.524028] Call Trace: [ 578.526668] dump_stack+0x172/0x1f0 [ 578.530313] should_fail.cold+0xa/0x1b [ 578.534218] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 578.539343] ? mark_held_locks+0x100/0x100 [ 578.543592] ? apply_workqueue_attrs+0x31/0x50 [ 578.548180] __alloc_pages_nodemask+0x1ee/0x760 [ 578.552870] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 578.558241] ? __alloc_pages_slowpath+0x2870/0x2870 [ 578.563287] cache_grow_begin+0x9c/0x8b0 [ 578.567369] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 578.572921] ? check_preemption_disabled+0x48/0x290 [ 578.577934] kmem_cache_alloc_node+0x64d/0x710 [ 578.582533] alloc_unbound_pwq+0x4c1/0xc70 [ 578.586784] apply_wqattrs_prepare+0x3c5/0xa30 [ 578.591407] apply_workqueue_attrs_locked+0xcb/0x140 [ 578.596521] apply_workqueue_attrs+0x31/0x50 [ 578.600943] __alloc_workqueue_key+0x8b8/0xee0 [ 578.605562] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 578.610592] hci_register_dev+0x1c6/0x880 [ 578.614914] ? __raw_spin_lock_init+0x2d/0x100 [ 578.619504] hci_uart_tty_ioctl+0x761/0xaf0 [ 578.623837] tty_ioctl+0x8b5/0x1510 [ 578.627473] ? hci_uart_init_work+0x140/0x140 [ 578.631974] ? tty_vhangup+0x30/0x30 [ 578.635685] ? mark_held_locks+0x100/0x100 [ 578.640090] ? proc_cwd_link+0x1d0/0x1d0 [ 578.644160] ? __fget+0x340/0x540 [ 578.647622] ? ___might_sleep+0x163/0x280 [ 578.651796] ? __might_sleep+0x95/0x190 [ 578.655802] ? tty_vhangup+0x30/0x30 [ 578.659546] do_vfs_ioctl+0xd5f/0x1380 [ 578.663436] ? selinux_file_ioctl+0x46f/0x5e0 [ 578.667984] ? selinux_file_ioctl+0x125/0x5e0 [ 578.672507] ? ioctl_preallocate+0x210/0x210 [ 578.676937] ? selinux_file_mprotect+0x620/0x620 [ 578.681722] ? iterate_fd+0x360/0x360 [ 578.685522] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 578.691056] ? fput+0x128/0x1a0 [ 578.694337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 578.699869] ? security_file_ioctl+0x8d/0xc0 [ 578.704294] ksys_ioctl+0xab/0xd0 [ 578.707782] __x64_sys_ioctl+0x73/0xb0 [ 578.711687] do_syscall_64+0xfd/0x620 [ 578.715496] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 578.720681] RIP: 0033:0x459519 [ 578.723868] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 578.742788] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 578.750502] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 578.757787] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 578.765068] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 578.772338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 578.779620] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 578.789970] FAULT_INJECTION: forcing a failure. [ 578.789970] name failslab, interval 1, probability 0, space 0, times 0 [ 578.803018] CPU: 1 PID: 10714 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 578.810074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.816981] Bluetooth: hci1: Frame reassembly failed (-84) [ 578.819439] Call Trace: [ 578.819474] dump_stack+0x172/0x1f0 [ 578.819503] should_fail.cold+0xa/0x1b [ 578.819526] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 578.840555] ? lock_downgrade+0x810/0x810 [ 578.844718] ? ___might_sleep+0x163/0x280 [ 578.848897] __should_failslab+0x121/0x190 [ 578.853151] should_failslab+0x9/0x14 [ 578.856951] kmem_cache_alloc+0x2ae/0x700 [ 578.861116] ? lookup_one_len+0x10e/0x1a0 [ 578.865266] alloc_inode+0xb6/0x190 [ 578.868887] new_inode_pseudo+0x19/0xf0 [ 578.872865] new_inode+0x1f/0x40 [ 578.876260] debugfs_get_inode+0x1a/0x130 [ 578.880418] debugfs_create_dir+0x77/0x3c0 [ 578.884671] hci_register_dev+0x2b5/0x880 [ 578.888818] hci_uart_tty_ioctl+0x761/0xaf0 [ 578.893148] tty_ioctl+0x8b5/0x1510 [ 578.896783] ? hci_uart_init_work+0x140/0x140 [ 578.901269] ? tty_vhangup+0x30/0x30 [ 578.905012] ? mark_held_locks+0x100/0x100 [ 578.909251] ? proc_cwd_link+0x1d0/0x1d0 [ 578.913422] ? __fget+0x340/0x540 [ 578.916890] ? ___might_sleep+0x163/0x280 [ 578.921035] ? __might_sleep+0x95/0x190 [ 578.925027] ? tty_vhangup+0x30/0x30 [ 578.928738] do_vfs_ioctl+0xd5f/0x1380 [ 578.932631] ? selinux_file_ioctl+0x46f/0x5e0 [ 578.937152] ? selinux_file_ioctl+0x125/0x5e0 [ 578.941677] ? ioctl_preallocate+0x210/0x210 [ 578.946109] ? selinux_file_mprotect+0x620/0x620 [ 578.950907] ? iterate_fd+0x360/0x360 [ 578.954724] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 578.960262] ? fput+0x128/0x1a0 [ 578.963542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 578.969080] ? security_file_ioctl+0x8d/0xc0 [ 578.973484] ksys_ioctl+0xab/0xd0 [ 578.976932] __x64_sys_ioctl+0x73/0xb0 [ 578.980836] do_syscall_64+0xfd/0x620 [ 578.984647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 578.989842] RIP: 0033:0x459519 [ 578.993034] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 579.012024] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 579.021469] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 579.029011] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 579.036297] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 579.043579] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 579.050859] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 579.063929] Bluetooth: hci2: command 0x1003 tx timeout [ 579.071212] Bluetooth: hci3: Frame reassembly failed (-84) [ 579.080645] Bluetooth: hci2: sending frame failed (-49) [ 579.080805] Bluetooth: hci4: command 0x1003 tx timeout [ 579.091660] Bluetooth: hci4: sending frame failed (-49) [ 580.052514] Bluetooth: hci0: command 0x1003 tx timeout [ 580.057968] Bluetooth: hci0: sending frame failed (-49) [ 580.852726] Bluetooth: hci1: command 0x1003 tx timeout [ 580.859296] Bluetooth: hci1: sending frame failed (-49) [ 581.093710] Bluetooth: hci2: command 0x1001 tx timeout [ 581.099077] Bluetooth: hci3: command 0x1003 tx timeout [ 581.099128] Bluetooth: hci2: sending frame failed (-49) [ 581.110007] Bluetooth: hci3: sending frame failed (-49) [ 581.172628] Bluetooth: hci4: command 0x1001 tx timeout [ 581.178217] Bluetooth: hci4: sending frame failed (-49) [ 582.132601] Bluetooth: hci0: command 0x1001 tx timeout [ 582.138044] Bluetooth: hci0: sending frame failed (-49) [ 582.932848] Bluetooth: hci1: command 0x1001 tx timeout [ 582.938268] Bluetooth: hci1: sending frame failed (-49) [ 583.172531] Bluetooth: hci3: command 0x1001 tx timeout [ 583.177944] Bluetooth: hci3: sending frame failed (-49) [ 583.183417] Bluetooth: hci2: command 0x1009 tx timeout [ 583.252615] Bluetooth: hci4: command 0x1009 tx timeout [ 584.212626] Bluetooth: hci0: command 0x1009 tx timeout [ 585.012779] Bluetooth: hci1: command 0x1009 tx timeout [ 585.252565] Bluetooth: hci3: command 0x1009 tx timeout 14:39:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4b49, &(0x7f00000001c0)=0x1000000000033) 14:39:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4b47, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540c, &(0x7f00000001c0)=0x1000000000033) 14:39:02 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5409, &(0x7f00000001c0)) [ 588.095435] Bluetooth: hci0: Frame reassembly failed (-84) 14:39:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4b49, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x541b, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:03 executing program 5 (fault-call:2 fault-nth:17): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:39:03 executing program 0 (fault-call:2 fault-nth:10): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 589.388040] FAULT_INJECTION: forcing a failure. [ 589.388040] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 589.399915] CPU: 1 PID: 10746 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 589.406956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 589.416335] Call Trace: [ 589.418943] dump_stack+0x172/0x1f0 [ 589.422587] should_fail.cold+0xa/0x1b [ 589.426494] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 589.431623] __alloc_pages_nodemask+0x1ee/0x760 [ 589.436319] ? find_held_lock+0x35/0x130 [ 589.440380] ? __alloc_pages_slowpath+0x2870/0x2870 [ 589.445405] cache_grow_begin+0x9c/0x8b0 [ 589.449567] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 589.455133] ? check_preemption_disabled+0x48/0x290 [ 589.460197] kmem_cache_alloc+0x63b/0x700 [ 589.464361] ? lookup_one_len+0x10e/0x1a0 [ 589.468509] alloc_inode+0xb6/0x190 [ 589.472144] new_inode_pseudo+0x19/0xf0 [ 589.476133] new_inode+0x1f/0x40 [ 589.479497] debugfs_get_inode+0x1a/0x130 [ 589.483649] debugfs_create_dir+0x77/0x3c0 [ 589.487891] hci_register_dev+0x2b5/0x880 [ 589.492052] hci_uart_tty_ioctl+0x761/0xaf0 [ 589.496398] tty_ioctl+0x8b5/0x1510 [ 589.500051] ? hci_uart_init_work+0x140/0x140 [ 589.504575] ? tty_vhangup+0x30/0x30 [ 589.508288] ? mark_held_locks+0x100/0x100 [ 589.512539] ? proc_cwd_link+0x1d0/0x1d0 [ 589.516654] ? __fget+0x340/0x540 [ 589.520117] ? ___might_sleep+0x163/0x280 [ 589.524300] ? __might_sleep+0x95/0x190 [ 589.528289] ? tty_vhangup+0x30/0x30 [ 589.532028] do_vfs_ioctl+0xd5f/0x1380 [ 589.535932] ? selinux_file_ioctl+0x46f/0x5e0 [ 589.540478] ? selinux_file_ioctl+0x125/0x5e0 [ 589.546907] ? ioctl_preallocate+0x210/0x210 [ 589.551342] ? selinux_file_mprotect+0x620/0x620 [ 589.556144] ? iterate_fd+0x360/0x360 [ 589.559993] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 589.562632] FAULT_INJECTION: forcing a failure. [ 589.562632] name failslab, interval 1, probability 0, space 0, times 0 [ 589.565566] ? fput+0x128/0x1a0 [ 589.565594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 589.565610] ? security_file_ioctl+0x8d/0xc0 [ 589.565630] ksys_ioctl+0xab/0xd0 [ 589.565655] __x64_sys_ioctl+0x73/0xb0 [ 589.609805] do_syscall_64+0xfd/0x620 [ 589.613642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 589.619040] RIP: 0033:0x459519 [ 589.622251] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 589.641269] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 589.649031] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 589.656853] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 589.664144] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 589.671439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 589.678739] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 589.686190] CPU: 0 PID: 10749 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 589.693241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 589.702620] Call Trace: [ 589.705256] dump_stack+0x172/0x1f0 [ 589.708909] should_fail.cold+0xa/0x1b [ 589.712826] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 589.712846] ? lock_downgrade+0x810/0x810 [ 589.712861] ? ___might_sleep+0x163/0x280 [ 589.712881] __should_failslab+0x121/0x190 [ 589.712897] should_failslab+0x9/0x14 [ 589.712911] kmem_cache_alloc_trace+0x2cc/0x760 [ 589.712928] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 589.712944] ? pwq_adjust_max_active+0x3b6/0x5c0 [ 589.712967] ? __alloc_workqueue_key+0x139/0xee0 [ 589.722293] __alloc_workqueue_key+0x18e/0xee0 [ 589.722318] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 589.722353] hci_register_dev+0x225/0x880 [ 589.739241] hci_uart_tty_ioctl+0x761/0xaf0 [ 589.739263] tty_ioctl+0x8b5/0x1510 [ 589.739281] ? hci_uart_init_work+0x140/0x140 [ 589.749071] ? tty_vhangup+0x30/0x30 [ 589.758422] ? mark_held_locks+0x100/0x100 [ 589.758441] ? proc_cwd_link+0x1d0/0x1d0 [ 589.758474] ? __fget+0x340/0x540 [ 589.780365] Bluetooth: hci1: Frame reassembly failed (-84) [ 589.783804] ? ___might_sleep+0x163/0x280 [ 589.783822] ? __might_sleep+0x95/0x190 [ 589.783839] ? tty_vhangup+0x30/0x30 [ 589.783860] do_vfs_ioctl+0xd5f/0x1380 [ 589.783877] ? selinux_file_ioctl+0x46f/0x5e0 [ 589.783892] ? selinux_file_ioctl+0x125/0x5e0 [ 589.783910] ? ioctl_preallocate+0x210/0x210 [ 589.783924] ? selinux_file_mprotect+0x620/0x620 [ 589.783948] ? iterate_fd+0x360/0x360 [ 589.783967] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 589.783982] ? fput+0x128/0x1a0 [ 589.784006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 589.784020] ? security_file_ioctl+0x8d/0xc0 [ 589.784037] ksys_ioctl+0xab/0xd0 [ 589.784060] __x64_sys_ioctl+0x73/0xb0 [ 589.865094] do_syscall_64+0xfd/0x620 [ 589.868909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 589.874097] RIP: 0033:0x459519 [ 589.877295] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 589.896210] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 589.903942] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 589.911313] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 589.918846] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 589.926142] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 14:39:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x5421, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:04 executing program 0 (fault-call:2 fault-nth:11): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 589.933534] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 589.942593] Bluetooth: hci4: command 0x1003 tx timeout [ 589.948615] Bluetooth: hci2: command 0x1003 tx timeout [ 589.948659] Bluetooth: hci4: sending frame failed (-49) [ 589.954580] Bluetooth: Can't register HCI device [ 589.965847] Bluetooth: hci2: sending frame failed (-49) [ 590.052273] FAULT_INJECTION: forcing a failure. [ 590.052273] name failslab, interval 1, probability 0, space 0, times 0 [ 590.064371] CPU: 1 PID: 10757 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 590.071393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.080865] Call Trace: [ 590.083533] dump_stack+0x172/0x1f0 [ 590.087943] should_fail.cold+0xa/0x1b [ 590.091834] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 590.097058] ? lock_downgrade+0x810/0x810 [ 590.101237] ? ___might_sleep+0x163/0x280 [ 590.105385] __should_failslab+0x121/0x190 [ 590.109636] should_failslab+0x9/0x14 [ 590.113436] kmem_cache_alloc_trace+0x2cc/0x760 [ 590.118129] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 590.123163] ? pwq_adjust_max_active+0x3b6/0x5c0 [ 590.127929] ? __alloc_workqueue_key+0x139/0xee0 [ 590.132698] __alloc_workqueue_key+0x18e/0xee0 [ 590.137285] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 590.142340] hci_register_dev+0x225/0x880 [ 590.146514] hci_uart_tty_ioctl+0x761/0xaf0 [ 590.150949] tty_ioctl+0x8b5/0x1510 [ 590.154610] ? hci_uart_init_work+0x140/0x140 [ 590.159127] ? tty_vhangup+0x30/0x30 [ 590.162846] ? mark_held_locks+0x100/0x100 [ 590.167072] ? proc_cwd_link+0x1d0/0x1d0 [ 590.171129] ? __fget+0x340/0x540 [ 590.174580] ? ___might_sleep+0x163/0x280 [ 590.178724] ? __might_sleep+0x95/0x190 [ 590.182737] ? tty_vhangup+0x30/0x30 [ 590.186467] do_vfs_ioctl+0xd5f/0x1380 [ 590.190358] ? selinux_file_ioctl+0x46f/0x5e0 [ 590.194866] ? selinux_file_ioctl+0x125/0x5e0 [ 590.199358] ? ioctl_preallocate+0x210/0x210 [ 590.203769] ? selinux_file_mprotect+0x620/0x620 [ 590.208548] ? iterate_fd+0x360/0x360 [ 590.212375] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 590.217949] ? fput+0x128/0x1a0 [ 590.221256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 590.226797] ? security_file_ioctl+0x8d/0xc0 [ 590.231215] ksys_ioctl+0xab/0xd0 [ 590.234685] __x64_sys_ioctl+0x73/0xb0 [ 590.238586] do_syscall_64+0xfd/0x620 [ 590.242398] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.247591] RIP: 0033:0x459519 [ 590.250778] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 590.269687] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 590.277413] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 590.285117] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 590.292391] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 14:39:04 executing program 0 (fault-call:2 fault-nth:12): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x5450, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 590.299677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 590.307412] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 590.316099] Bluetooth: Can't register HCI device [ 590.326077] Bluetooth: hci0: command 0x1003 tx timeout [ 590.331556] Bluetooth: hci0: sending frame failed (-49) [ 590.366919] FAULT_INJECTION: forcing a failure. [ 590.366919] name failslab, interval 1, probability 0, space 0, times 0 [ 590.379607] CPU: 1 PID: 10762 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 590.386919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.396433] Call Trace: [ 590.399104] dump_stack+0x172/0x1f0 [ 590.402740] should_fail.cold+0xa/0x1b [ 590.406639] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 590.411903] ? lock_downgrade+0x810/0x810 [ 590.416050] ? ___might_sleep+0x163/0x280 [ 590.420306] __should_failslab+0x121/0x190 [ 590.424551] should_failslab+0x9/0x14 [ 590.428359] kmem_cache_alloc_trace+0x2cc/0x760 [ 590.433123] apply_wqattrs_prepare+0x1c7/0xa30 [ 590.438869] apply_workqueue_attrs_locked+0xcb/0x140 [ 590.443990] apply_workqueue_attrs+0x31/0x50 [ 590.448453] __alloc_workqueue_key+0x8b8/0xee0 [ 590.453047] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 590.458088] hci_register_dev+0x225/0x880 [ 590.462259] hci_uart_tty_ioctl+0x761/0xaf0 [ 590.466591] tty_ioctl+0x8b5/0x1510 [ 590.470208] ? hci_uart_init_work+0x140/0x140 [ 590.474790] ? tty_vhangup+0x30/0x30 [ 590.478506] ? mark_held_locks+0x100/0x100 [ 590.482740] ? proc_cwd_link+0x1d0/0x1d0 [ 590.486820] ? loop1+0x500/0x8fc [ 590.490194] ? __fget+0x340/0x540 [ 590.493654] ? ___might_sleep+0x163/0x280 [ 590.497809] ? __might_sleep+0x95/0x190 [ 590.501961] ? tty_vhangup+0x30/0x30 [ 590.505831] do_vfs_ioctl+0xd5f/0x1380 [ 590.509731] ? selinux_file_ioctl+0x46f/0x5e0 [ 590.514327] ? selinux_file_ioctl+0x125/0x5e0 [ 590.519160] ? ioctl_preallocate+0x210/0x210 [ 590.523669] ? selinux_file_mprotect+0x620/0x620 [ 590.528473] ? iterate_fd+0x360/0x360 [ 590.532340] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 590.537888] ? fput+0x128/0x1a0 [ 590.541180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 590.546738] ? security_file_ioctl+0x8d/0xc0 [ 590.551191] ksys_ioctl+0xab/0xd0 [ 590.554655] __x64_sys_ioctl+0x73/0xb0 [ 590.558548] do_syscall_64+0xfd/0x620 [ 590.562357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.567556] RIP: 0033:0x459519 [ 590.570865] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 590.589892] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 590.597723] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 590.605090] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 590.612461] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 590.619926] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 590.627452] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 590.636231] Bluetooth: Can't register HCI device [ 591.812591] Bluetooth: hci1: command 0x1003 tx timeout [ 591.818142] Bluetooth: hci1: sending frame failed (-49) [ 591.972542] Bluetooth: hci2: command 0x1001 tx timeout [ 591.978063] Bluetooth: hci4: command 0x1001 tx timeout [ 591.978106] Bluetooth: hci2: sending frame failed (-49) [ 591.983949] Bluetooth: hci4: sending frame failed (-49) [ 592.372518] Bluetooth: hci0: command 0x1001 tx timeout [ 592.377938] Bluetooth: hci0: sending frame failed (-49) [ 593.892633] Bluetooth: hci1: command 0x1001 tx timeout [ 593.898407] Bluetooth: hci1: sending frame failed (-49) [ 594.052634] Bluetooth: hci4: command 0x1009 tx timeout [ 594.052659] Bluetooth: hci2: command 0x1009 tx timeout [ 594.452546] Bluetooth: hci0: command 0x1009 tx timeout [ 595.972786] Bluetooth: hci1: command 0x1009 tx timeout 14:39:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5409, &(0x7f00000001c0)=0x1000000000033) 14:39:11 executing program 0 (fault-call:2 fault-nth:13): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:11 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540d, &(0x7f00000001c0)=0x1000000000033) [ 597.716004] FAULT_INJECTION: forcing a failure. [ 597.716004] name failslab, interval 1, probability 0, space 0, times 0 [ 597.740930] CPU: 1 PID: 10773 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 597.755259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.766935] Call Trace: [ 597.769656] dump_stack+0x172/0x1f0 [ 597.773712] should_fail.cold+0xa/0x1b [ 597.778480] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 597.784092] ? lock_downgrade+0x810/0x810 [ 597.788423] ? ___might_sleep+0x163/0x280 [ 597.793419] __should_failslab+0x121/0x190 [ 597.798164] should_failslab+0x9/0x14 [ 597.802016] kmem_cache_alloc_trace+0x2cc/0x760 [ 597.806991] apply_wqattrs_prepare+0x1c7/0xa30 [ 597.811868] apply_workqueue_attrs_locked+0xcb/0x140 [ 597.817228] apply_workqueue_attrs+0x31/0x50 [ 597.822273] __alloc_workqueue_key+0x8b8/0xee0 [ 597.827072] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 597.833227] hci_register_dev+0x225/0x880 [ 597.838077] hci_uart_tty_ioctl+0x761/0xaf0 [ 597.842844] tty_ioctl+0x8b5/0x1510 [ 597.846958] ? hci_uart_init_work+0x140/0x140 [ 597.851762] ? tty_vhangup+0x30/0x30 [ 597.855524] ? mark_held_locks+0x100/0x100 [ 597.860193] ? proc_cwd_link+0x1d0/0x1d0 [ 597.864452] ? __fget+0x340/0x540 [ 597.868163] ? ___might_sleep+0x163/0x280 [ 597.872689] ? __might_sleep+0x95/0x190 [ 597.876774] ? tty_vhangup+0x30/0x30 [ 597.880735] do_vfs_ioctl+0xd5f/0x1380 [ 597.884880] ? selinux_file_ioctl+0x46f/0x5e0 [ 597.889644] ? selinux_file_ioctl+0x125/0x5e0 [ 597.894484] ? ioctl_preallocate+0x210/0x210 [ 597.899092] ? selinux_file_mprotect+0x620/0x620 [ 597.904231] ? iterate_fd+0x360/0x360 [ 597.908057] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 597.913708] ? fput+0x128/0x1a0 [ 597.917196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.923247] ? security_file_ioctl+0x8d/0xc0 [ 597.927708] ksys_ioctl+0xab/0xd0 [ 597.931531] __x64_sys_ioctl+0x73/0xb0 [ 597.935639] do_syscall_64+0xfd/0x620 [ 597.940179] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 597.945392] RIP: 0033:0x459519 [ 597.948849] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 597.968374] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 597.976507] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 597.984433] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 597.991972] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 597.999523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 598.006831] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 598.016447] Bluetooth: Can't register HCI device 14:39:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540b, &(0x7f00000001c0)) 14:39:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x5451, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:12 executing program 0 (fault-call:2 fault-nth:14): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 598.337747] FAULT_INJECTION: forcing a failure. [ 598.337747] name failslab, interval 1, probability 0, space 0, times 0 [ 598.351879] CPU: 0 PID: 10785 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 598.358953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 598.368330] Call Trace: [ 598.370925] dump_stack+0x172/0x1f0 [ 598.374587] should_fail.cold+0xa/0x1b [ 598.378488] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 598.383703] ? lock_downgrade+0x810/0x810 [ 598.387859] ? ___might_sleep+0x163/0x280 [ 598.392038] __should_failslab+0x121/0x190 [ 598.396302] should_failslab+0x9/0x14 [ 598.400099] kmem_cache_alloc_node+0x26c/0x710 [ 598.404716] ? trace_event_raw_event_rdev_join_mesh+0x530/0xfc0 [ 598.410807] alloc_unbound_pwq+0x4c1/0xc70 [ 598.415062] apply_wqattrs_prepare+0x3c5/0xa30 [ 598.419737] apply_workqueue_attrs_locked+0xcb/0x140 [ 598.425494] apply_workqueue_attrs+0x31/0x50 [ 598.429924] __alloc_workqueue_key+0x8b8/0xee0 [ 598.434522] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 598.439565] hci_register_dev+0x225/0x880 [ 598.443877] hci_uart_tty_ioctl+0x761/0xaf0 [ 598.448238] tty_ioctl+0x8b5/0x1510 [ 598.451917] ? hci_uart_init_work+0x140/0x140 [ 598.456414] ? tty_vhangup+0x30/0x30 [ 598.460122] ? mark_held_locks+0x100/0x100 [ 598.464348] ? proc_cwd_link+0x1d0/0x1d0 [ 598.468413] ? trace_event_raw_event_rdev_join_mesh+0xdb0/0xfc0 [ 598.474500] ? __fget+0x340/0x540 [ 598.482495] ? ___might_sleep+0x163/0x280 [ 598.486658] ? __might_sleep+0x95/0x190 [ 598.490647] ? tty_vhangup+0x30/0x30 [ 598.494374] do_vfs_ioctl+0xd5f/0x1380 [ 598.498268] ? selinux_file_ioctl+0x46f/0x5e0 [ 598.502784] ? selinux_file_ioctl+0x125/0x5e0 [ 598.507319] ? ioctl_preallocate+0x210/0x210 [ 598.511738] ? selinux_file_mprotect+0x620/0x620 [ 598.516532] ? iterate_fd+0x360/0x360 [ 598.520364] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 598.525911] ? fput+0x128/0x1a0 [ 598.529205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.534750] ? security_file_ioctl+0x8d/0xc0 [ 598.539194] ksys_ioctl+0xab/0xd0 [ 598.542668] __x64_sys_ioctl+0x73/0xb0 [ 598.546565] do_syscall_64+0xfd/0x620 [ 598.550360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 598.555545] RIP: 0033:0x459519 [ 598.558726] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 598.585471] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.593176] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 598.600635] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 598.607928] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 598.615201] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 598.622498] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 598.634167] Bluetooth: Can't register HCI device [ 598.640989] Bluetooth: hci2: Frame reassembly failed (-84) [ 600.052480] Bluetooth: hci4: command 0x1003 tx timeout [ 600.059850] Bluetooth: hci4: sending frame failed (-49) [ 600.065333] Bluetooth: hci3: command 0x1003 tx timeout [ 600.070745] Bluetooth: hci3: sending frame failed (-49) 14:39:14 executing program 5 (fault-call:2 fault-nth:18): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:39:14 executing program 0 (fault-call:2 fault-nth:15): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x5452, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 600.254702] FAULT_INJECTION: forcing a failure. [ 600.254702] name failslab, interval 1, probability 0, space 0, times 0 [ 600.267972] CPU: 1 PID: 10799 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 600.275019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.284384] Call Trace: [ 600.286990] dump_stack+0x172/0x1f0 [ 600.290635] should_fail.cold+0xa/0x1b [ 600.294538] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 600.299659] ? lock_downgrade+0x810/0x810 [ 600.303840] ? ___might_sleep+0x163/0x280 [ 600.308025] __should_failslab+0x121/0x190 [ 600.312279] should_failslab+0x9/0x14 [ 600.316089] kmem_cache_alloc+0x2ae/0x700 [ 600.320237] ? unwind_get_return_address+0x61/0xa0 [ 600.325187] ? __save_stack_trace+0x99/0x100 [ 600.329629] __d_alloc+0x2e/0x9c0 [ 600.333113] ? find_held_lock+0x35/0x130 [ 600.337190] d_alloc+0x4d/0x280 [ 600.340488] ? __lock_acquire+0x6eb/0x48f0 [ 600.344747] d_alloc_parallel+0xf4/0x1bb0 [ 600.348941] ? __d_lookup_rcu+0x6b0/0x6b0 [ 600.353151] ? __d_lookup+0x40c/0x760 [ 600.356973] ? __lockdep_init_map+0x10c/0x5b0 [ 600.361473] ? __lockdep_init_map+0x10c/0x5b0 [ 600.365984] __lookup_slow+0x1ab/0x500 [ 600.369876] ? vfs_unlink+0x500/0x500 [ 600.373701] ? lockdep_hardirqs_on+0x415/0x5d0 [ 600.378313] ? d_lookup+0x19e/0x260 [ 600.381966] lookup_one_len+0x16d/0x1a0 [ 600.385963] ? lookup_one_len_unlocked+0x100/0x100 [ 600.390921] start_creating+0xbf/0x1e0 [ 600.394833] debugfs_create_dir+0x23/0x3c0 [ 600.399073] hci_register_dev+0x2b5/0x880 [ 600.403255] hci_uart_tty_ioctl+0x761/0xaf0 [ 600.407595] tty_ioctl+0x8b5/0x1510 [ 600.411233] ? hci_uart_init_work+0x140/0x140 [ 600.415724] ? tty_vhangup+0x30/0x30 [ 600.419621] ? mark_held_locks+0x100/0x100 [ 600.423964] ? proc_cwd_link+0x1d0/0x1d0 [ 600.428051] ? __fget+0x340/0x540 [ 600.431514] ? ___might_sleep+0x163/0x280 [ 600.435657] ? __might_sleep+0x95/0x190 [ 600.439631] ? tty_vhangup+0x30/0x30 [ 600.443361] do_vfs_ioctl+0xd5f/0x1380 [ 600.447268] ? selinux_file_ioctl+0x46f/0x5e0 [ 600.451775] ? selinux_file_ioctl+0x125/0x5e0 [ 600.456371] ? ioctl_preallocate+0x210/0x210 [ 600.460778] ? selinux_file_mprotect+0x620/0x620 [ 600.465550] ? iterate_fd+0x360/0x360 [ 600.469358] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 600.474886] ? fput+0x128/0x1a0 [ 600.478174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 600.483726] ? security_file_ioctl+0x8d/0xc0 [ 600.488177] ksys_ioctl+0xab/0xd0 [ 600.491643] __x64_sys_ioctl+0x73/0xb0 [ 600.495531] do_syscall_64+0xfd/0x620 [ 600.499346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 600.504537] RIP: 0033:0x459519 [ 600.507742] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 600.526663] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 600.534414] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 600.541694] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 600.548956] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 600.557447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 600.564821] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 600.574743] FAULT_INJECTION: forcing a failure. [ 600.574743] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 600.588204] Bluetooth: hci0: Frame reassembly failed (-84) [ 600.601048] CPU: 0 PID: 10801 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 600.608215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.617582] Call Trace: [ 600.620183] dump_stack+0x172/0x1f0 [ 600.623821] should_fail.cold+0xa/0x1b [ 600.627706] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 600.632801] ? ___might_sleep+0x163/0x280 [ 600.636953] ? __might_sleep+0x95/0x190 [ 600.640934] __alloc_pages_nodemask+0x1ee/0x760 [ 600.645608] ? __alloc_pages_slowpath+0x2870/0x2870 [ 600.650654] ? lock_downgrade+0x810/0x810 [ 600.654812] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 600.660380] alloc_pages_current+0x107/0x210 [ 600.665998] __get_free_pages+0xc/0x40 [ 600.669891] inode_doinit_with_dentry+0x6f0/0x1150 [ 600.674817] ? selinux_capset+0x120/0x120 [ 600.678963] ? current_time+0xde/0x140 [ 600.682876] selinux_d_instantiate+0x28/0x40 [ 600.687297] security_d_instantiate+0x57/0xf0 [ 600.691798] d_instantiate+0x60/0xa0 [ 600.695511] debugfs_create_dir+0x11f/0x3c0 [ 600.699829] hci_register_dev+0x2b5/0x880 [ 600.704026] hci_uart_tty_ioctl+0x761/0xaf0 [ 600.708358] tty_ioctl+0x8b5/0x1510 [ 600.711989] ? hci_uart_init_work+0x140/0x140 [ 600.716479] ? tty_vhangup+0x30/0x30 [ 600.720202] ? mark_held_locks+0x100/0x100 [ 600.724439] ? proc_cwd_link+0x1d0/0x1d0 [ 600.728497] ? __fget+0x340/0x540 [ 600.731948] ? ___might_sleep+0x163/0x280 [ 600.736098] ? __might_sleep+0x95/0x190 [ 600.740080] ? tty_vhangup+0x30/0x30 [ 600.743817] do_vfs_ioctl+0xd5f/0x1380 [ 600.747742] ? selinux_file_ioctl+0x46f/0x5e0 [ 600.752227] ? selinux_file_ioctl+0x125/0x5e0 [ 600.756720] ? ioctl_preallocate+0x210/0x210 [ 600.761160] ? selinux_file_mprotect+0x620/0x620 [ 600.765939] ? iterate_fd+0x360/0x360 [ 600.769743] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 600.775273] ? fput+0x128/0x1a0 [ 600.778568] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 600.784126] ? security_file_ioctl+0x8d/0xc0 [ 600.788543] ksys_ioctl+0xab/0xd0 [ 600.792006] __x64_sys_ioctl+0x73/0xb0 [ 600.795921] do_syscall_64+0xfd/0x620 [ 600.799728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 600.804905] RIP: 0033:0x459519 [ 600.808120] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 600.827044] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 600.834759] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 600.842021] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 600.849303] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 600.856593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 600.863864] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 600.876582] Bluetooth: hci2: command 0x1003 tx timeout [ 600.881948] Bluetooth: hci2: sending frame failed (-49) 14:39:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x5460, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40049409, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 602.132652] Bluetooth: hci3: command 0x1001 tx timeout [ 602.138203] Bluetooth: hci3: sending frame failed (-49) [ 602.143844] Bluetooth: hci4: command 0x1001 tx timeout [ 602.149204] Bluetooth: hci4: sending frame failed (-49) [ 602.612481] Bluetooth: hci0: command 0x1003 tx timeout [ 602.618042] Bluetooth: hci0: sending frame failed (-49) 14:39:16 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40086602, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 602.932694] Bluetooth: hci1: command 0x1003 tx timeout [ 602.938050] Bluetooth: hci2: command 0x1001 tx timeout [ 602.938113] Bluetooth: hci1: sending frame failed (-49) [ 602.943986] Bluetooth: hci2: sending frame failed (-49) [ 604.212564] Bluetooth: hci4: command 0x1009 tx timeout [ 604.217989] Bluetooth: hci3: command 0x1009 tx timeout [ 604.692650] Bluetooth: hci0: command 0x1001 tx timeout [ 604.698072] Bluetooth: hci0: sending frame failed (-49) [ 605.012656] Bluetooth: hci1: command 0x1001 tx timeout [ 605.012771] Bluetooth: hci2: command 0x1009 tx timeout [ 605.023417] Bluetooth: hci1: sending frame failed (-49) [ 606.772614] Bluetooth: hci0: command 0x1009 tx timeout [ 607.092758] Bluetooth: hci1: command 0x1009 tx timeout 14:39:22 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40087602, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540b, &(0x7f00000001c0)=0x1000000000033) 14:39:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5413, &(0x7f00000001c0)=0x1000000000033) [ 608.591918] Bluetooth: hci3: Frame reassembly failed (-84) [ 608.601996] Bluetooth: hci3: Frame reassembly failed (-84) [ 608.636131] Bluetooth: hci4: Frame reassembly failed (-84) 14:39:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540c, &(0x7f00000001c0)) [ 609.219697] Bluetooth: hci2: Frame reassembly failed (-84) 14:39:23 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4020940d, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x402c5342, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 610.612616] Bluetooth: hci3: command 0x1003 tx timeout [ 610.618179] Bluetooth: hci3: sending frame failed (-49) [ 610.692586] Bluetooth: hci4: command 0x1003 tx timeout [ 610.698125] Bluetooth: hci4: sending frame failed (-49) 14:39:25 executing program 5 (fault-call:2 fault-nth:19): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:39:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x404c534a, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:25 executing program 0 (fault-call:2 fault-nth:16): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 611.177688] FAULT_INJECTION: forcing a failure. [ 611.177688] name failslab, interval 1, probability 0, space 0, times 0 [ 611.189591] CPU: 0 PID: 10858 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 611.196750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.206126] Call Trace: [ 611.208752] dump_stack+0x172/0x1f0 [ 611.212584] should_fail.cold+0xa/0x1b [ 611.216507] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 611.221709] ? ___might_sleep+0x163/0x280 [ 611.225870] __should_failslab+0x121/0x190 [ 611.230123] should_failslab+0x9/0x14 [ 611.233922] kmem_cache_alloc+0x2ae/0x700 [ 611.238107] ? map_id_range_down+0x1ee/0x370 [ 611.242542] ? __put_user_ns+0x70/0x70 [ 611.246526] selinux_inode_alloc_security+0xb6/0x2a0 [ 611.251637] security_inode_alloc+0x8a/0xd0 [ 611.255969] inode_init_always+0x56e/0xb40 [ 611.260221] alloc_inode+0x81/0x190 [ 611.264718] new_inode_pseudo+0x19/0xf0 [ 611.268686] new_inode+0x1f/0x40 [ 611.272056] debugfs_get_inode+0x1a/0x130 [ 611.276198] debugfs_create_dir+0x77/0x3c0 [ 611.280448] hci_register_dev+0x2b5/0x880 [ 611.284620] hci_uart_tty_ioctl+0x761/0xaf0 [ 611.288952] tty_ioctl+0x8b5/0x1510 [ 611.292585] ? hci_uart_init_work+0x140/0x140 [ 611.297120] ? tty_vhangup+0x30/0x30 [ 611.300853] ? mark_held_locks+0x100/0x100 [ 611.305318] ? proc_cwd_link+0x1d0/0x1d0 [ 611.309393] ? __fget+0x340/0x540 [ 611.312992] ? ___might_sleep+0x163/0x280 [ 611.317349] ? __might_sleep+0x95/0x190 [ 611.321415] ? tty_vhangup+0x30/0x30 [ 611.325134] do_vfs_ioctl+0xd5f/0x1380 [ 611.329051] ? selinux_file_ioctl+0x46f/0x5e0 [ 611.333552] ? selinux_file_ioctl+0x125/0x5e0 [ 611.338046] ? ioctl_preallocate+0x210/0x210 [ 611.342576] ? selinux_file_mprotect+0x620/0x620 [ 611.347350] ? iterate_fd+0x360/0x360 [ 611.351163] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 611.356700] ? fput+0x128/0x1a0 [ 611.359996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 611.365544] ? security_file_ioctl+0x8d/0xc0 [ 611.369974] ksys_ioctl+0xab/0xd0 [ 611.373458] __x64_sys_ioctl+0x73/0xb0 [ 611.377346] do_syscall_64+0xfd/0x620 [ 611.381175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 611.386397] RIP: 0033:0x459519 [ 611.389638] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 611.408620] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 611.416334] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 611.423627] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 611.430892] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 611.438155] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 611.445423] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 611.458996] FAULT_INJECTION: forcing a failure. [ 611.458996] name failslab, interval 1, probability 0, space 0, times 0 [ 611.470768] Bluetooth: hci2: command 0x1003 tx timeout [ 611.476271] Bluetooth: hci2: sending frame failed (-49) [ 611.477756] CPU: 0 PID: 10860 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 611.488671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.498123] Call Trace: [ 611.500726] dump_stack+0x172/0x1f0 [ 611.504354] should_fail.cold+0xa/0x1b [ 611.508236] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 611.513333] ? lock_downgrade+0x810/0x810 [ 611.517485] ? ___might_sleep+0x163/0x280 [ 611.521650] __should_failslab+0x121/0x190 [ 611.525884] should_failslab+0x9/0x14 [ 611.529677] __kmalloc_track_caller+0x2de/0x750 [ 611.534334] ? __d_instantiate+0x337/0x420 [ 611.538559] ? find_held_lock+0x35/0x130 [ 611.542633] ? kstrdup_const+0x66/0x80 [ 611.546643] kstrdup+0x3a/0x70 [ 611.549843] kstrdup_const+0x66/0x80 [ 611.553558] kvasprintf_const+0x10e/0x190 [ 611.557703] kobject_set_name_vargs+0x5b/0x150 [ 611.562277] dev_set_name+0xbd/0xf0 [ 611.565891] ? device_initialize+0x440/0x440 [ 611.570301] hci_register_dev+0x2fc/0x880 [ 611.574450] hci_uart_tty_ioctl+0x761/0xaf0 [ 611.578858] tty_ioctl+0x8b5/0x1510 [ 611.582497] ? hci_uart_init_work+0x140/0x140 [ 611.587002] ? tty_vhangup+0x30/0x30 [ 611.590727] ? mark_held_locks+0x100/0x100 [ 611.594956] ? proc_cwd_link+0x1d0/0x1d0 [ 611.599013] ? __fget+0x340/0x540 [ 611.602463] ? ___might_sleep+0x163/0x280 [ 611.606602] ? __might_sleep+0x95/0x190 [ 611.610569] ? tty_vhangup+0x30/0x30 [ 611.614286] do_vfs_ioctl+0xd5f/0x1380 [ 611.618166] ? selinux_file_ioctl+0x46f/0x5e0 [ 611.622653] ? selinux_file_ioctl+0x125/0x5e0 [ 611.627141] ? ioctl_preallocate+0x210/0x210 [ 611.631560] ? selinux_file_mprotect+0x620/0x620 [ 611.636316] ? iterate_fd+0x360/0x360 [ 611.640118] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 611.645658] ? fput+0x128/0x1a0 [ 611.648966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 611.654497] ? security_file_ioctl+0x8d/0xc0 [ 611.658897] ksys_ioctl+0xab/0xd0 [ 611.662366] __x64_sys_ioctl+0x73/0xb0 [ 611.666257] do_syscall_64+0xfd/0x620 [ 611.670065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 611.675244] RIP: 0033:0x459519 [ 611.678437] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 611.697480] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 611.705188] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 611.712595] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 611.719946] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 14:39:25 executing program 5 (fault-call:2 fault-nth:20): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 611.727209] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 611.734476] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 611.742848] Bluetooth: Can't register HCI device [ 611.786379] FAULT_INJECTION: forcing a failure. [ 611.786379] name failslab, interval 1, probability 0, space 0, times 0 [ 611.801794] CPU: 1 PID: 10864 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 611.808843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.818222] Call Trace: [ 611.820818] dump_stack+0x172/0x1f0 [ 611.824446] should_fail.cold+0xa/0x1b [ 611.828333] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 611.833444] ? lock_downgrade+0x810/0x810 [ 611.837607] ? ___might_sleep+0x163/0x280 [ 611.841766] __should_failslab+0x121/0x190 [ 611.846013] should_failslab+0x9/0x14 [ 611.849816] kmem_cache_alloc+0x2ae/0x700 [ 611.854125] ? kasan_check_write+0x14/0x20 [ 611.858434] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 611.863330] __kernfs_new_node+0xef/0x680 [ 611.867508] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 611.872290] ? mutex_unlock+0xd/0x10 [ 611.876012] ? kernfs_activate+0x192/0x1f0 [ 611.880258] ? kernfs_add_one+0x131/0x4d0 [ 611.884449] kernfs_new_node+0x99/0x130 [ 611.888443] __kernfs_create_file+0x51/0x340 [ 611.892861] sysfs_add_file_mode_ns+0x222/0x560 [ 611.897554] sysfs_create_file_ns+0x13a/0x1c0 [ 611.902070] ? sysfs_add_file_mode_ns+0x560/0x560 [ 611.906934] ? up_read+0x1a/0x110 [ 611.910400] device_create_file+0xfa/0x1e0 [ 611.914655] ? acpi_bind_one+0x830/0x830 [ 611.918723] device_add+0x411/0x1760 [ 611.922448] ? device_initialize+0x440/0x440 [ 611.926877] ? get_device_parent.isra.0+0x570/0x570 [ 611.931934] ? start_creating+0x163/0x1e0 14:39:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40505330, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 611.936095] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 611.941661] hci_register_dev+0x304/0x880 [ 611.945874] hci_uart_tty_ioctl+0x761/0xaf0 [ 611.950226] tty_ioctl+0x8b5/0x1510 [ 611.953871] ? hci_uart_init_work+0x140/0x140 [ 611.958394] ? tty_vhangup+0x30/0x30 [ 611.962135] ? mark_held_locks+0x100/0x100 [ 611.966398] ? proc_cwd_link+0x1d0/0x1d0 [ 611.970497] ? __fget+0x340/0x540 [ 611.973974] ? ___might_sleep+0x163/0x280 [ 611.973992] ? __might_sleep+0x95/0x190 [ 611.974008] ? tty_vhangup+0x30/0x30 [ 611.974028] do_vfs_ioctl+0xd5f/0x1380 [ 611.974045] ? selinux_file_ioctl+0x46f/0x5e0 [ 611.974058] ? selinux_file_ioctl+0x125/0x5e0 [ 611.974076] ? ioctl_preallocate+0x210/0x210 [ 611.974089] ? selinux_file_mprotect+0x620/0x620 [ 611.974114] ? iterate_fd+0x360/0x360 [ 611.974138] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 612.017361] ? fput+0x128/0x1a0 [ 612.020660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.026446] ? security_file_ioctl+0x8d/0xc0 [ 612.031839] ksys_ioctl+0xab/0xd0 [ 612.035573] __x64_sys_ioctl+0x73/0xb0 [ 612.039463] do_syscall_64+0xfd/0x620 [ 612.043274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.048463] RIP: 0033:0x459519 [ 612.051651] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 612.070558] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 612.078276] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 14:39:26 executing program 5 (fault-call:2 fault-nth:21): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 612.085553] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 612.092833] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 612.100146] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 612.107431] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 612.116895] Bluetooth: Can't register HCI device [ 612.159980] FAULT_INJECTION: forcing a failure. [ 612.159980] name failslab, interval 1, probability 0, space 0, times 0 [ 612.171832] CPU: 1 PID: 10873 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 612.178894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.188281] Call Trace: [ 612.190872] dump_stack+0x172/0x1f0 [ 612.194509] should_fail.cold+0xa/0x1b [ 612.198417] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 612.203541] ? lock_downgrade+0x810/0x810 [ 612.207699] ? ___might_sleep+0x163/0x280 [ 612.211854] __should_failslab+0x121/0x190 [ 612.216088] should_failslab+0x9/0x14 [ 612.219947] __kmalloc_track_caller+0x2de/0x750 [ 612.224673] ? __lock_acquire+0x6eb/0x48f0 [ 612.228923] ? kstrdup_const+0x66/0x80 [ 612.232818] kstrdup+0x3a/0x70 [ 612.236039] kstrdup_const+0x66/0x80 [ 612.239777] __kernfs_new_node+0xb0/0x680 [ 612.244087] ? mark_held_locks+0x100/0x100 [ 612.248335] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 612.253113] ? wait_for_completion+0x440/0x440 [ 612.257704] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 612.263163] ? find_held_lock+0x35/0x130 [ 612.267329] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 612.272803] ? kernfs_activate+0x192/0x1f0 [ 612.277043] kernfs_new_node+0x99/0x130 [ 612.281046] kernfs_create_link+0xdd/0x250 [ 612.285291] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 612.290564] sysfs_create_link+0x65/0xc0 [ 612.294639] device_add+0x7ce/0x1760 [ 612.298372] ? get_device_parent.isra.0+0x570/0x570 [ 612.304159] ? start_creating+0x163/0x1e0 [ 612.308330] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 612.314371] hci_register_dev+0x304/0x880 [ 612.318530] hci_uart_tty_ioctl+0x761/0xaf0 [ 612.322889] tty_ioctl+0x8b5/0x1510 [ 612.326638] ? hci_uart_init_work+0x140/0x140 [ 612.331275] ? tty_vhangup+0x30/0x30 [ 612.334982] ? mark_held_locks+0x100/0x100 [ 612.339219] ? proc_cwd_link+0x1d0/0x1d0 [ 612.343429] ? __fget+0x340/0x540 [ 612.346967] ? ___might_sleep+0x163/0x280 [ 612.351126] ? __might_sleep+0x95/0x190 [ 612.355123] ? tty_vhangup+0x30/0x30 [ 612.358841] do_vfs_ioctl+0xd5f/0x1380 [ 612.362859] ? selinux_file_ioctl+0x46f/0x5e0 [ 612.367361] ? selinux_file_ioctl+0x125/0x5e0 [ 612.371852] ? ioctl_preallocate+0x210/0x210 [ 612.376433] ? selinux_file_mprotect+0x620/0x620 [ 612.381251] ? iterate_fd+0x360/0x360 [ 612.385154] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 612.390915] ? fput+0x128/0x1a0 [ 612.394227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.399776] ? security_file_ioctl+0x8d/0xc0 [ 612.404198] ksys_ioctl+0xab/0xd0 [ 612.407739] __x64_sys_ioctl+0x73/0xb0 [ 612.411646] do_syscall_64+0xfd/0x620 [ 612.415670] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.421644] RIP: 0033:0x459519 [ 612.424837] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 612.443758] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 612.451498] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 14:39:26 executing program 5 (fault-call:2 fault-nth:22): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 612.459742] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 612.467069] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 612.474354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 612.481647] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 612.491286] Bluetooth: Can't register HCI device [ 612.538671] FAULT_INJECTION: forcing a failure. [ 612.538671] name failslab, interval 1, probability 0, space 0, times 0 [ 612.550077] CPU: 1 PID: 10876 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 612.557161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.566524] Call Trace: [ 612.569135] dump_stack+0x172/0x1f0 [ 612.572793] should_fail.cold+0xa/0x1b [ 612.576720] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 612.582012] ? lock_downgrade+0x810/0x810 [ 612.586195] ? ___might_sleep+0x163/0x280 [ 612.590517] __should_failslab+0x121/0x190 [ 612.595121] should_failslab+0x9/0x14 [ 612.598922] __kmalloc_track_caller+0x2de/0x750 [ 612.603709] ? __lock_acquire+0x6eb/0x48f0 [ 612.607945] ? kstrdup_const+0x66/0x80 [ 612.611830] kstrdup+0x3a/0x70 [ 612.615268] kstrdup_const+0x66/0x80 [ 612.619094] __kernfs_new_node+0xb0/0x680 [ 612.623415] ? mark_held_locks+0x100/0x100 [ 612.627760] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 612.632662] ? wait_for_completion+0x440/0x440 [ 612.637267] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 612.642742] ? find_held_lock+0x35/0x130 [ 612.646882] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 612.652351] ? kernfs_activate+0x192/0x1f0 [ 612.656618] kernfs_new_node+0x99/0x130 [ 612.660805] kernfs_create_link+0xdd/0x250 [ 612.665049] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 612.670342] sysfs_create_link+0x65/0xc0 [ 612.674425] device_add+0x7ce/0x1760 [ 612.678155] ? get_device_parent.isra.0+0x570/0x570 [ 612.683355] ? start_creating+0x163/0x1e0 [ 612.687534] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 612.693105] hci_register_dev+0x304/0x880 [ 612.697486] hci_uart_tty_ioctl+0x761/0xaf0 [ 612.701950] tty_ioctl+0x8b5/0x1510 [ 612.705593] ? hci_uart_init_work+0x140/0x140 [ 612.710161] ? tty_vhangup+0x30/0x30 [ 612.713890] ? mark_held_locks+0x100/0x100 [ 612.718142] ? proc_cwd_link+0x1d0/0x1d0 [ 612.722221] ? __fget+0x340/0x540 [ 612.725719] ? ___might_sleep+0x163/0x280 [ 612.729873] ? __might_sleep+0x95/0x190 [ 612.734035] ? tty_vhangup+0x30/0x30 [ 612.737778] do_vfs_ioctl+0xd5f/0x1380 [ 612.741735] ? selinux_file_ioctl+0x46f/0x5e0 [ 612.746335] ? selinux_file_ioctl+0x125/0x5e0 [ 612.750882] ? ioctl_preallocate+0x210/0x210 [ 612.755320] ? selinux_file_mprotect+0x620/0x620 [ 612.760113] ? iterate_fd+0x360/0x360 [ 612.764028] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 612.769625] ? fput+0x128/0x1a0 [ 612.772945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.778503] ? security_file_ioctl+0x8d/0xc0 [ 612.782953] ksys_ioctl+0xab/0xd0 [ 612.786427] __x64_sys_ioctl+0x73/0xb0 [ 612.790440] do_syscall_64+0xfd/0x620 [ 612.794282] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.799530] RIP: 0033:0x459519 [ 612.802743] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 612.821764] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 612.829505] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 612.836968] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 612.844278] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 612.844289] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 612.844303] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 612.844790] Bluetooth: hci3: command 0x1001 tx timeout [ 612.872579] Bluetooth: Can't register HCI device [ 612.877751] Bluetooth: hci3: sending frame failed (-49) [ 612.892767] Bluetooth: hci4: command 0x1001 tx timeout [ 612.898228] Bluetooth: hci4: sending frame failed (-49) [ 613.492519] Bluetooth: hci2: command 0x1001 tx timeout [ 613.497979] Bluetooth: hci2: sending frame failed (-49) [ 613.503493] Bluetooth: hci0: command 0x1003 tx timeout [ 613.509039] Bluetooth: hci0: sending frame failed (-49) [ 614.932600] Bluetooth: hci4: command 0x1009 tx timeout [ 614.937998] Bluetooth: hci3: command 0x1009 tx timeout [ 615.572633] Bluetooth: hci2: command 0x1009 tx timeout [ 615.572817] Bluetooth: hci0: command 0x1001 tx timeout [ 615.583638] Bluetooth: hci0: sending frame failed (-49) [ 617.652718] Bluetooth: hci0: command 0x1009 tx timeout 14:39:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540c, &(0x7f00000001c0)=0x1000000000033) 14:39:32 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40505331, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540d, &(0x7f00000001c0)) 14:39:33 executing program 5 (fault-call:2 fault-nth:23): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:39:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5414, &(0x7f00000001c0)=0x1000000000033) [ 619.467755] FAULT_INJECTION: forcing a failure. [ 619.467755] name failslab, interval 1, probability 0, space 0, times 0 [ 619.480614] Bluetooth: hci3: Frame reassembly failed (-84) [ 619.481135] CPU: 1 PID: 10891 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 619.493459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.493466] Call Trace: [ 619.493494] dump_stack+0x172/0x1f0 [ 619.493519] should_fail.cold+0xa/0x1b [ 619.493541] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 619.493567] ? lock_downgrade+0x810/0x810 [ 619.518184] ? ___might_sleep+0x163/0x280 [ 619.518211] __should_failslab+0x121/0x190 [ 619.518230] should_failslab+0x9/0x14 [ 619.518249] __kmalloc_track_caller+0x2de/0x750 [ 619.526647] ? console_unlock+0x6ed/0x10b0 [ 619.526667] ? find_held_lock+0x35/0x130 [ 619.526686] ? kstrdup_const+0x66/0x80 [ 619.526706] kstrdup+0x3a/0x70 [ 619.526724] kstrdup_const+0x66/0x80 [ 619.536586] Bluetooth: hci4: Frame reassembly failed (-84) [ 619.539453] __kernfs_new_node+0xb0/0x680 [ 619.539476] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 619.539501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 619.539537] ? irq_work_claim+0x98/0xc0 [ 619.539558] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 619.588189] ? irq_work_queue+0x30/0x90 [ 619.592181] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 619.597723] ? wake_up_klogd+0x99/0xd0 [ 619.601616] kernfs_new_node+0x99/0x130 [ 619.605588] kernfs_create_dir_ns+0x52/0x160 [ 619.609996] sysfs_create_dir_ns+0x131/0x290 [ 619.614402] ? sysfs_create_mount_point+0xa0/0xa0 [ 619.619257] ? class_dir_child_ns_type+0xd/0x60 [ 619.624215] kobject_add_internal.cold+0xe5/0x5d1 [ 619.629142] kobject_add+0x150/0x1c0 [ 619.632863] ? kset_create_and_add+0x1a0/0x1a0 [ 619.637546] ? kasan_check_read+0x11/0x20 [ 619.641693] ? mutex_unlock+0xd/0x10 [ 619.645409] device_add+0x3cc/0x1760 [ 619.649124] ? device_initialize+0x440/0x440 [ 619.653526] ? get_device_parent.isra.0+0x570/0x570 [ 619.658544] hci_register_dev+0x304/0x880 [ 619.662697] hci_uart_tty_ioctl+0x761/0xaf0 [ 619.667015] tty_ioctl+0x8b5/0x1510 [ 619.670649] ? hci_uart_init_work+0x140/0x140 [ 619.675154] ? tty_vhangup+0x30/0x30 [ 619.678972] ? mark_held_locks+0x100/0x100 [ 619.683207] ? proc_cwd_link+0x1d0/0x1d0 [ 619.687289] ? __fget+0x340/0x540 [ 619.690790] ? ___might_sleep+0x163/0x280 [ 619.694980] ? __might_sleep+0x95/0x190 [ 619.698975] ? tty_vhangup+0x30/0x30 [ 619.702684] do_vfs_ioctl+0xd5f/0x1380 [ 619.706577] ? selinux_file_ioctl+0x46f/0x5e0 [ 619.711093] ? selinux_file_ioctl+0x125/0x5e0 [ 619.715592] ? ioctl_preallocate+0x210/0x210 [ 619.720172] ? selinux_file_mprotect+0x620/0x620 [ 619.725099] ? iterate_fd+0x360/0x360 [ 619.728933] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 619.734509] ? fput+0x128/0x1a0 [ 619.737810] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 619.743373] ? security_file_ioctl+0x8d/0xc0 [ 619.747800] ksys_ioctl+0xab/0xd0 [ 619.751270] __x64_sys_ioctl+0x73/0xb0 [ 619.755174] do_syscall_64+0xfd/0x620 [ 619.758992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 619.764175] RIP: 0033:0x459519 [ 619.767359] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 619.786323] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.794024] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 619.801309] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 619.808575] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 14:39:33 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4058534c, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:33 executing program 5 (fault-call:2 fault-nth:24): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 619.815970] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 619.823232] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 619.839114] kobject_add_internal failed for hci2 (error: -12 parent: bluetooth) [ 619.847043] Bluetooth: Can't register HCI device [ 619.917462] FAULT_INJECTION: forcing a failure. [ 619.917462] name failslab, interval 1, probability 0, space 0, times 0 [ 619.929964] CPU: 1 PID: 10903 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 619.937119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.946469] Call Trace: [ 619.949061] dump_stack+0x172/0x1f0 [ 619.952694] should_fail.cold+0xa/0x1b [ 619.956592] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 619.961707] ? lock_downgrade+0x810/0x810 [ 619.965852] ? ___might_sleep+0x163/0x280 [ 619.970110] __should_failslab+0x121/0x190 [ 619.974342] should_failslab+0x9/0x14 [ 619.978145] kmem_cache_alloc+0x2ae/0x700 [ 619.982303] ? kernfs_find_and_get_ns+0x26/0x70 [ 619.986965] __kernfs_new_node+0xef/0x680 [ 619.991108] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 619.995865] ? lock_downgrade+0x810/0x810 [ 620.000032] ? mutex_trylock+0x1e0/0x1e0 [ 620.004123] kernfs_new_node+0x99/0x130 [ 620.008098] __kernfs_create_file+0x51/0x340 [ 620.012504] sysfs_add_file_mode_ns+0x222/0x560 [ 620.017171] sysfs_merge_group+0x1a0/0x340 [ 620.021399] ? sysfs_mount+0x1e0/0x1e0 [ 620.025329] ? kernfs_put+0x3c2/0x5d0 [ 620.029155] dpm_sysfs_add+0x164/0x210 [ 620.033047] device_add+0xa47/0x1760 [ 620.036787] ? get_device_parent.isra.0+0x570/0x570 [ 620.041818] ? start_creating+0x163/0x1e0 [ 620.045991] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 620.051560] hci_register_dev+0x304/0x880 [ 620.055718] hci_uart_tty_ioctl+0x761/0xaf0 [ 620.060049] tty_ioctl+0x8b5/0x1510 [ 620.063677] ? hci_uart_init_work+0x140/0x140 [ 620.068170] ? tty_vhangup+0x30/0x30 [ 620.071894] ? mark_held_locks+0x100/0x100 [ 620.076190] ? proc_cwd_link+0x1d0/0x1d0 [ 620.080263] ? __fget+0x340/0x540 [ 620.083709] ? ___might_sleep+0x163/0x280 [ 620.087861] ? __might_sleep+0x95/0x190 [ 620.091845] ? tty_vhangup+0x30/0x30 [ 620.095552] do_vfs_ioctl+0xd5f/0x1380 [ 620.099436] ? selinux_file_ioctl+0x46f/0x5e0 [ 620.104010] ? selinux_file_ioctl+0x125/0x5e0 [ 620.108499] ? ioctl_preallocate+0x210/0x210 [ 620.112921] ? selinux_file_mprotect+0x620/0x620 [ 620.117694] ? iterate_fd+0x360/0x360 [ 620.121488] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 620.127025] ? fput+0x128/0x1a0 [ 620.130305] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.142741] ? security_file_ioctl+0x8d/0xc0 [ 620.147235] ksys_ioctl+0xab/0xd0 [ 620.150942] __x64_sys_ioctl+0x73/0xb0 [ 620.154824] do_syscall_64+0xfd/0x620 [ 620.158623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 620.163801] RIP: 0033:0x459519 [ 620.166988] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 620.185927] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.193643] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 620.200904] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 620.208369] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 620.215634] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 620.222892] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 620.233307] Bluetooth: Can't register HCI device [ 620.852481] Bluetooth: hci1: command 0x1003 tx timeout [ 620.858051] Bluetooth: hci1: sending frame failed (-49) [ 621.492569] Bluetooth: hci4: command 0x1003 tx timeout [ 621.498253] Bluetooth: hci3: command 0x1003 tx timeout [ 621.498292] Bluetooth: hci4: sending frame failed (-49) [ 621.512947] Bluetooth: hci3: sending frame failed (-49) 14:39:36 executing program 0 (fault-call:2 fault-nth:17): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:36 executing program 5 (fault-call:2 fault-nth:25): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:39:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40605346, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 622.014455] FAULT_INJECTION: forcing a failure. [ 622.014455] name failslab, interval 1, probability 0, space 0, times 0 [ 622.036013] CPU: 0 PID: 10912 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 622.043082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.052449] Call Trace: [ 622.052480] dump_stack+0x172/0x1f0 [ 622.052508] should_fail.cold+0xa/0x1b [ 622.052531] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 622.052556] ? lock_downgrade+0x810/0x810 [ 622.052577] ? ___might_sleep+0x163/0x280 [ 622.052606] __should_failslab+0x121/0x190 [ 622.058380] FAULT_INJECTION: forcing a failure. [ 622.058380] name failslab, interval 1, probability 0, space 0, times 0 [ 622.058829] should_failslab+0x9/0x14 [ 622.058846] kmem_cache_alloc+0x2ae/0x700 [ 622.058879] __kernfs_new_node+0xef/0x680 [ 622.103987] ? mark_held_locks+0x100/0x100 [ 622.108255] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 622.113034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 622.118610] ? __kernfs_create_file+0x2a3/0x340 [ 622.123294] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 622.128770] ? find_held_lock+0x35/0x130 [ 622.132853] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 622.138335] kernfs_new_node+0x99/0x130 [ 622.142332] kernfs_create_link+0xdd/0x250 [ 622.146597] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 622.151985] sysfs_create_link+0x65/0xc0 [ 622.156068] device_add+0x4a7/0x1760 [ 622.159796] ? get_device_parent.isra.0+0x570/0x570 [ 622.164848] hci_register_dev+0x304/0x880 [ 622.169019] hci_uart_tty_ioctl+0x761/0xaf0 [ 622.173364] tty_ioctl+0x8b5/0x1510 [ 622.177007] ? hci_uart_init_work+0x140/0x140 [ 622.181511] ? tty_vhangup+0x30/0x30 [ 622.185239] ? mark_held_locks+0x100/0x100 [ 622.189486] ? proc_cwd_link+0x1d0/0x1d0 [ 622.193566] ? __fget+0x340/0x540 [ 622.197031] ? ___might_sleep+0x163/0x280 [ 622.201191] ? __might_sleep+0x95/0x190 [ 622.205188] ? tty_vhangup+0x30/0x30 [ 622.208924] do_vfs_ioctl+0xd5f/0x1380 [ 622.212836] ? selinux_file_ioctl+0x46f/0x5e0 [ 622.217351] ? selinux_file_ioctl+0x125/0x5e0 [ 622.221863] ? ioctl_preallocate+0x210/0x210 [ 622.226286] ? selinux_file_mprotect+0x620/0x620 [ 622.231066] ? iterate_fd+0x360/0x360 [ 622.234889] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 622.240443] ? fput+0x128/0x1a0 [ 622.243744] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 622.249295] ? security_file_ioctl+0x8d/0xc0 [ 622.253733] ksys_ioctl+0xab/0xd0 [ 622.257201] __x64_sys_ioctl+0x73/0xb0 [ 622.261103] do_syscall_64+0xfd/0x620 [ 622.264926] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 622.270123] RIP: 0033:0x459519 [ 622.273322] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 622.292234] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 622.299963] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 622.307255] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 622.314542] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 622.321923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 622.329212] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 622.336524] CPU: 1 PID: 10916 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 622.343567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.343573] Call Trace: [ 622.343608] dump_stack+0x172/0x1f0 [ 622.343631] should_fail.cold+0xa/0x1b [ 622.343650] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 622.343669] ? lock_downgrade+0x810/0x810 [ 622.343686] ? ___might_sleep+0x163/0x280 [ 622.343708] __should_failslab+0x121/0x190 [ 622.343726] should_failslab+0x9/0x14 [ 622.343745] __kmalloc_track_caller+0x2de/0x750 [ 622.355713] ? finish_task_switch+0x146/0x780 [ 622.355727] ? finish_task_switch+0x118/0x780 [ 622.355742] ? switch_mm_irqs_off+0x7fa/0x1370 [ 622.355762] ? kstrdup_const+0x66/0x80 [ 622.361567] Bluetooth: Can't register HCI device [ 622.363277] kstrdup+0x3a/0x70 [ 622.363295] kstrdup_const+0x66/0x80 [ 622.363313] __kernfs_new_node+0xb0/0x680 [ 622.363332] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 622.363355] ? debug_smp_processor_id+0x1c/0x20 [ 622.372681] ? tick_nohz_tick_stopped+0x1a/0x90 [ 622.372700] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 622.372714] ? __irq_work_queue_local+0xaf/0x170 [ 622.372731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 622.372748] ? irq_work_queue+0x30/0x90 [ 622.381144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 622.381160] ? wake_up_klogd+0x99/0xd0 [ 622.381173] ? vprintk_emit+0x264/0x690 [ 622.381195] kernfs_new_node+0x99/0x130 [ 622.389678] kernfs_create_dir_ns+0x52/0x160 [ 622.389698] sysfs_create_dir_ns+0x131/0x290 [ 622.389716] ? sysfs_create_mount_point+0xa0/0xa0 [ 622.487879] ? class_dir_child_ns_type+0xd/0x60 [ 622.492558] kobject_add_internal.cold+0xe5/0x5d1 [ 622.497408] kobject_add+0x150/0x1c0 [ 622.501137] ? kset_create_and_add+0x1a0/0x1a0 [ 622.505781] ? kasan_check_read+0x11/0x20 [ 622.509945] ? mutex_unlock+0xd/0x10 [ 622.513680] device_add+0x3cc/0x1760 [ 622.517400] ? device_initialize+0x440/0x440 [ 622.521827] ? get_device_parent.isra.0+0x570/0x570 [ 622.526845] ? start_creating+0x163/0x1e0 [ 622.530996] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 622.536537] hci_register_dev+0x304/0x880 [ 622.540694] hci_uart_tty_ioctl+0x761/0xaf0 [ 622.545031] tty_ioctl+0x8b5/0x1510 [ 622.548662] ? hci_uart_init_work+0x140/0x140 [ 622.553176] ? tty_vhangup+0x30/0x30 [ 622.558068] ? mark_held_locks+0x100/0x100 [ 622.562300] ? proc_cwd_link+0x1d0/0x1d0 [ 622.566372] ? __fget+0x340/0x540 [ 622.569825] ? ___might_sleep+0x163/0x280 [ 622.573970] ? __might_sleep+0x95/0x190 [ 622.577971] ? tty_vhangup+0x30/0x30 [ 622.581700] do_vfs_ioctl+0xd5f/0x1380 [ 622.585581] ? selinux_file_ioctl+0x46f/0x5e0 [ 622.590066] ? selinux_file_ioctl+0x125/0x5e0 [ 622.594572] ? ioctl_preallocate+0x210/0x210 [ 622.598969] ? selinux_file_mprotect+0x620/0x620 [ 622.603735] ? iterate_fd+0x360/0x360 [ 622.607549] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 622.613078] ? fput+0x128/0x1a0 [ 622.616392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 622.622036] ? security_file_ioctl+0x8d/0xc0 [ 622.626463] ksys_ioctl+0xab/0xd0 [ 622.629942] __x64_sys_ioctl+0x73/0xb0 [ 622.633837] do_syscall_64+0xfd/0x620 [ 622.637635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 622.642814] RIP: 0033:0x459519 [ 622.645995] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 622.665004] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 622.672724] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 622.680022] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 622.687296] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 622.694585] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 622.701869] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 14:39:36 executing program 5 (fault-call:2 fault-nth:26): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 622.712756] kobject_add_internal failed for hci2 (error: -12 parent: bluetooth) [ 622.723179] Bluetooth: Can't register HCI device 14:39:36 executing program 0 (fault-call:2 fault-nth:18): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 622.780163] FAULT_INJECTION: forcing a failure. [ 622.780163] name failslab, interval 1, probability 0, space 0, times 0 [ 622.799813] CPU: 0 PID: 10921 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 622.806883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.816266] Call Trace: [ 622.818897] dump_stack+0x172/0x1f0 [ 622.822563] should_fail.cold+0xa/0x1b [ 622.826497] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 622.831630] ? lock_downgrade+0x810/0x810 [ 622.831650] ? ___might_sleep+0x163/0x280 [ 622.831674] __should_failslab+0x121/0x190 [ 622.831696] should_failslab+0x9/0x14 [ 622.836938] FAULT_INJECTION: forcing a failure. [ 622.836938] name failslab, interval 1, probability 0, space 0, times 0 [ 622.840005] kmem_cache_alloc+0x2ae/0x700 [ 622.840027] ? lock_downgrade+0x810/0x810 [ 622.840042] ? kasan_check_read+0x11/0x20 [ 622.840065] __kernfs_new_node+0xef/0x680 [ 622.840085] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 622.881061] ? wait_for_completion+0x440/0x440 [ 622.885677] ? mutex_unlock+0xd/0x10 [ 622.889424] ? kernfs_activate+0x192/0x1f0 [ 622.893691] kernfs_new_node+0x99/0x130 [ 622.897687] __kernfs_create_file+0x51/0x340 [ 622.902119] sysfs_add_file_mode_ns+0x222/0x560 [ 622.907070] sysfs_merge_group+0x1a0/0x340 [ 622.911318] ? sysfs_mount+0x1e0/0x1e0 [ 622.915220] ? kernfs_put+0x3c2/0x5d0 [ 622.919087] dpm_sysfs_add+0x164/0x210 [ 622.922994] device_add+0xa47/0x1760 [ 622.926732] ? get_device_parent.isra.0+0x570/0x570 [ 622.931772] ? start_creating+0x163/0x1e0 [ 622.932872] Bluetooth: hci1: command 0x1001 tx timeout [ 622.935937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 622.935962] hci_register_dev+0x304/0x880 [ 622.935988] hci_uart_tty_ioctl+0x761/0xaf0 [ 622.936007] tty_ioctl+0x8b5/0x1510 [ 622.941396] Bluetooth: hci1: sending frame failed (-49) [ 622.946852] ? hci_uart_init_work+0x140/0x140 [ 622.946868] ? tty_vhangup+0x30/0x30 [ 622.946884] ? mark_held_locks+0x100/0x100 [ 622.946901] ? proc_cwd_link+0x1d0/0x1d0 [ 622.946928] ? __fget+0x340/0x540 [ 622.984416] ? ___might_sleep+0x163/0x280 [ 622.988666] ? __might_sleep+0x95/0x190 [ 622.992656] ? tty_vhangup+0x30/0x30 [ 622.996389] do_vfs_ioctl+0xd5f/0x1380 [ 623.000295] ? selinux_file_ioctl+0x46f/0x5e0 [ 623.004801] ? selinux_file_ioctl+0x125/0x5e0 [ 623.009315] ? ioctl_preallocate+0x210/0x210 [ 623.013743] ? selinux_file_mprotect+0x620/0x620 [ 623.018534] ? iterate_fd+0x360/0x360 [ 623.022360] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 623.027920] ? fput+0x128/0x1a0 [ 623.031221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 623.036782] ? security_file_ioctl+0x8d/0xc0 [ 623.041265] ksys_ioctl+0xab/0xd0 [ 623.044736] __x64_sys_ioctl+0x73/0xb0 [ 623.048640] do_syscall_64+0xfd/0x620 [ 623.052484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 623.057686] RIP: 0033:0x459519 [ 623.060888] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 623.080325] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 623.088050] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 623.095327] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 623.102606] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 623.109995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 623.117277] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 623.124611] CPU: 1 PID: 10924 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 623.131688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.141081] Call Trace: [ 623.143701] dump_stack+0x172/0x1f0 [ 623.147358] should_fail.cold+0xa/0x1b [ 623.151264] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 623.156385] ? lock_downgrade+0x810/0x810 [ 623.156403] ? ___might_sleep+0x163/0x280 [ 623.156423] __should_failslab+0x121/0x190 [ 623.156441] should_failslab+0x9/0x14 [ 623.156454] kmem_cache_alloc+0x2ae/0x700 [ 623.156468] ? memcpy+0x46/0x50 [ 623.156486] ? kstrdup+0x5a/0x70 [ 623.163894] Bluetooth: Can't register HCI device [ 623.164802] __kernfs_new_node+0xef/0x680 [ 623.164825] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 623.172854] ? debug_smp_processor_id+0x1c/0x20 [ 623.172871] ? tick_nohz_tick_stopped+0x1a/0x90 [ 623.172889] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 623.172902] ? __irq_work_queue_local+0xaf/0x170 [ 623.172927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 623.172944] ? irq_work_queue+0x30/0x90 [ 623.180374] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 623.180391] ? wake_up_klogd+0x99/0xd0 [ 623.180409] ? vprintk_emit+0x264/0x690 [ 623.188742] kernfs_new_node+0x99/0x130 [ 623.188769] kernfs_create_dir_ns+0x52/0x160 [ 623.212918] sysfs_create_dir_ns+0x131/0x290 [ 623.223215] ? sysfs_create_mount_point+0xa0/0xa0 [ 623.223239] ? class_dir_child_ns_type+0xd/0x60 [ 623.223258] kobject_add_internal.cold+0xe5/0x5d1 [ 623.223276] kobject_add+0x150/0x1c0 [ 623.223296] ? kset_create_and_add+0x1a0/0x1a0 [ 623.276494] ? kasan_check_read+0x11/0x20 [ 623.280642] ? mutex_unlock+0xd/0x10 [ 623.284368] device_add+0x3cc/0x1760 [ 623.288073] ? device_initialize+0x440/0x440 [ 623.292478] ? get_device_parent.isra.0+0x570/0x570 [ 623.297496] ? start_creating+0x163/0x1e0 [ 623.301653] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 623.307208] hci_register_dev+0x304/0x880 [ 623.311362] hci_uart_tty_ioctl+0x761/0xaf0 [ 623.315691] tty_ioctl+0x8b5/0x1510 [ 623.319330] ? hci_uart_init_work+0x140/0x140 [ 623.323857] ? tty_vhangup+0x30/0x30 [ 623.327574] ? mark_held_locks+0x100/0x100 [ 623.331809] ? proc_cwd_link+0x1d0/0x1d0 [ 623.335970] ? __fget+0x340/0x540 [ 623.339422] ? ___might_sleep+0x163/0x280 [ 623.343581] ? __might_sleep+0x95/0x190 [ 623.347562] ? tty_vhangup+0x30/0x30 [ 623.351270] do_vfs_ioctl+0xd5f/0x1380 [ 623.355173] ? selinux_file_ioctl+0x46f/0x5e0 [ 623.359660] ? selinux_file_ioctl+0x125/0x5e0 [ 623.364151] ? ioctl_preallocate+0x210/0x210 [ 623.368547] ? selinux_file_mprotect+0x620/0x620 [ 623.373323] ? iterate_fd+0x360/0x360 [ 623.377145] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 623.382680] ? fput+0x128/0x1a0 [ 623.385955] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 623.391503] ? security_file_ioctl+0x8d/0xc0 [ 623.395939] ksys_ioctl+0xab/0xd0 [ 623.399392] __x64_sys_ioctl+0x73/0xb0 [ 623.403462] do_syscall_64+0xfd/0x620 [ 623.414102] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 623.419319] RIP: 0033:0x459519 [ 623.423081] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 623.458398] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 623.466317] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 623.473586] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 623.480857] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 623.488142] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 623.495513] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 623.504990] kobject_add_internal failed for hci2 (error: -12 parent: bluetooth) [ 623.512876] Bluetooth: Can't register HCI device [ 623.572576] Bluetooth: hci3: command 0x1001 tx timeout [ 623.578005] Bluetooth: hci3: sending frame failed (-49) [ 623.578823] Bluetooth: hci4: command 0x1001 tx timeout [ 623.589199] Bluetooth: hci4: sending frame failed (-49) [ 625.012741] Bluetooth: hci1: command 0x1009 tx timeout [ 625.652534] Bluetooth: hci4: command 0x1009 tx timeout [ 625.657952] Bluetooth: hci3: command 0x1009 tx timeout 14:39:43 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x540d, &(0x7f00000001c0)=0x1000000000033) 14:39:43 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x408c5333, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:39:43 executing program 5 (fault-call:2 fault-nth:27): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:39:43 executing program 0 (fault-call:2 fault-nth:19): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:43 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5415, &(0x7f00000001c0)=0x1000000000033) 14:39:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5413, &(0x7f00000001c0)) [ 629.712167] FAULT_INJECTION: forcing a failure. [ 629.712167] name failslab, interval 1, probability 0, space 0, times 0 [ 629.725286] FAULT_INJECTION: forcing a failure. [ 629.725286] name failslab, interval 1, probability 0, space 0, times 0 [ 629.747839] CPU: 0 PID: 10936 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 629.754917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.754925] Call Trace: [ 629.754956] dump_stack+0x172/0x1f0 [ 629.754983] should_fail.cold+0xa/0x1b [ 629.755004] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 629.755025] ? lock_downgrade+0x810/0x810 [ 629.755045] ? ___might_sleep+0x163/0x280 [ 629.755069] __should_failslab+0x121/0x190 [ 629.755093] should_failslab+0x9/0x14 [ 629.767070] kmem_cache_alloc+0x2ae/0x700 [ 629.767092] ? lock_downgrade+0x810/0x810 [ 629.767107] ? kasan_check_read+0x11/0x20 [ 629.767130] __kernfs_new_node+0xef/0x680 [ 629.767151] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 629.774670] ? wait_for_completion+0x440/0x440 [ 629.774693] ? mutex_unlock+0xd/0x10 [ 629.774709] ? kernfs_activate+0x192/0x1f0 [ 629.774731] kernfs_new_node+0x99/0x130 [ 629.774755] __kernfs_create_file+0x51/0x340 [ 629.774773] sysfs_add_file_mode_ns+0x222/0x560 [ 629.774794] sysfs_merge_group+0x1a0/0x340 [ 629.774810] ? sysfs_mount+0x1e0/0x1e0 [ 629.774831] ? kernfs_put+0x3c2/0x5d0 [ 629.804716] dpm_sysfs_add+0x164/0x210 [ 629.804737] device_add+0xa47/0x1760 [ 629.804760] ? get_device_parent.isra.0+0x570/0x570 [ 629.804776] ? start_creating+0x163/0x1e0 [ 629.804796] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 629.804817] hci_register_dev+0x304/0x880 [ 629.804840] hci_uart_tty_ioctl+0x761/0xaf0 [ 629.804858] tty_ioctl+0x8b5/0x1510 [ 629.818002] ? hci_uart_init_work+0x140/0x140 [ 629.834493] ? tty_vhangup+0x30/0x30 [ 629.834513] ? mark_held_locks+0x100/0x100 [ 629.834531] ? proc_cwd_link+0x1d0/0x1d0 [ 629.834561] ? __fget+0x340/0x540 [ 629.843640] ? ___might_sleep+0x163/0x280 [ 629.843660] ? __might_sleep+0x95/0x190 [ 629.843676] ? tty_vhangup+0x30/0x30 [ 629.843696] do_vfs_ioctl+0xd5f/0x1380 [ 629.843713] ? selinux_file_ioctl+0x46f/0x5e0 [ 629.843726] ? selinux_file_ioctl+0x125/0x5e0 [ 629.843745] ? ioctl_preallocate+0x210/0x210 [ 629.843758] ? selinux_file_mprotect+0x620/0x620 [ 629.843782] ? iterate_fd+0x360/0x360 [ 629.851912] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 629.859588] ? fput+0x128/0x1a0 [ 629.859615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 629.859637] ? security_file_ioctl+0x8d/0xc0 [ 629.872513] ksys_ioctl+0xab/0xd0 [ 629.872533] __x64_sys_ioctl+0x73/0xb0 [ 629.872554] do_syscall_64+0xfd/0x620 [ 629.872577] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.872590] RIP: 0033:0x459519 [ 629.872605] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 629.872614] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 629.894783] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 629.894793] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 629.894803] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 629.894813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 629.894822] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 629.925068] CPU: 1 PID: 10939 Comm: syz-executor.0 Not tainted 4.19.56 #28 14:39:44 executing program 5 (fault-call:2 fault-nth:28): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 629.936458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.936465] Call Trace: [ 629.936492] dump_stack+0x172/0x1f0 [ 629.936517] should_fail.cold+0xa/0x1b [ 629.944028] Bluetooth: Can't register HCI device [ 629.945701] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 629.945722] ? lock_downgrade+0x810/0x810 [ 629.945742] ? ___might_sleep+0x163/0x280 [ 629.955089] __should_failslab+0x121/0x190 [ 629.955109] should_failslab+0x9/0x14 [ 629.955123] kmem_cache_alloc+0x2ae/0x700 [ 629.955138] ? kasan_check_write+0x14/0x20 [ 629.955155] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 629.955179] __kernfs_new_node+0xef/0x680 [ 629.955199] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 629.964883] ? mutex_unlock+0xd/0x10 [ 629.964901] ? kernfs_activate+0x192/0x1f0 [ 629.964930] ? kernfs_add_one+0x131/0x4d0 [ 629.964957] kernfs_new_node+0x99/0x130 [ 629.972806] __kernfs_create_file+0x51/0x340 [ 629.972827] sysfs_add_file_mode_ns+0x222/0x560 [ 629.972851] sysfs_create_file_ns+0x13a/0x1c0 [ 629.972869] ? sysfs_add_file_mode_ns+0x560/0x560 [ 629.980565] ? up_read+0x1a/0x110 [ 629.980590] device_create_file+0xfa/0x1e0 [ 629.980611] ? acpi_bind_one+0x830/0x830 [ 630.015778] device_add+0x411/0x1760 [ 630.015796] ? device_initialize+0x440/0x440 [ 630.015819] ? get_device_parent.isra.0+0x570/0x570 [ 630.030408] ? start_creating+0x163/0x1e0 [ 630.092863] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 630.092888] hci_register_dev+0x304/0x880 [ 630.092921] hci_uart_tty_ioctl+0x761/0xaf0 [ 630.092941] tty_ioctl+0x8b5/0x1510 [ 630.097489] FAULT_INJECTION: forcing a failure. [ 630.097489] name failslab, interval 1, probability 0, space 0, times 0 [ 630.101431] ? hci_uart_init_work+0x140/0x140 [ 630.101450] ? tty_vhangup+0x30/0x30 [ 630.101468] ? mark_held_locks+0x100/0x100 [ 630.101488] ? proc_cwd_link+0x1d0/0x1d0 [ 630.236744] ? __fget+0x340/0x540 [ 630.240211] ? ___might_sleep+0x163/0x280 [ 630.244375] ? __might_sleep+0x95/0x190 [ 630.248363] ? tty_vhangup+0x30/0x30 [ 630.252088] do_vfs_ioctl+0xd5f/0x1380 [ 630.255989] ? selinux_file_ioctl+0x46f/0x5e0 [ 630.260500] ? selinux_file_ioctl+0x125/0x5e0 [ 630.265014] ? ioctl_preallocate+0x210/0x210 [ 630.269437] ? selinux_file_mprotect+0x620/0x620 [ 630.274221] ? iterate_fd+0x360/0x360 [ 630.278049] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 630.283607] ? fput+0x128/0x1a0 [ 630.286918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 630.292480] ? security_file_ioctl+0x8d/0xc0 [ 630.297011] ksys_ioctl+0xab/0xd0 [ 630.300752] __x64_sys_ioctl+0x73/0xb0 [ 630.304668] do_syscall_64+0xfd/0x620 [ 630.308771] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.313998] RIP: 0033:0x459519 [ 630.317211] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 630.336402] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 630.344142] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 630.351432] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 630.358722] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 630.366028] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 630.373317] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 630.380800] CPU: 0 PID: 10954 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 630.388107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.397578] Call Trace: [ 630.397608] dump_stack+0x172/0x1f0 [ 630.397633] should_fail.cold+0xa/0x1b [ 630.397652] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 630.397671] ? lock_downgrade+0x810/0x810 [ 630.397688] ? ___might_sleep+0x163/0x280 [ 630.397709] __should_failslab+0x121/0x190 [ 630.397726] should_failslab+0x9/0x14 [ 630.397740] kmem_cache_alloc+0x2ae/0x700 [ 630.397758] ? lock_downgrade+0x810/0x810 [ 630.397773] ? kasan_check_read+0x11/0x20 [ 630.397797] __kernfs_new_node+0xef/0x680 [ 630.397817] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 630.397837] ? wait_for_completion+0x440/0x440 [ 630.397863] ? mutex_unlock+0xd/0x10 [ 630.397885] ? kernfs_activate+0x192/0x1f0 [ 630.404467] kernfs_new_node+0x99/0x130 [ 630.404492] __kernfs_create_file+0x51/0x340 [ 630.404512] sysfs_add_file_mode_ns+0x222/0x560 [ 630.404534] sysfs_merge_group+0x1a0/0x340 [ 630.404550] ? sysfs_mount+0x1e0/0x1e0 [ 630.404564] ? kernfs_put+0x3c2/0x5d0 [ 630.404593] dpm_sysfs_add+0x164/0x210 [ 630.408990] Bluetooth: Can't register HCI device [ 630.413581] device_add+0xa47/0x1760 [ 630.413606] ? get_device_parent.isra.0+0x570/0x570 [ 630.413623] ? start_creating+0x163/0x1e0 14:39:44 executing program 0 (fault-call:2 fault-nth:20): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:44 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40a85321, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 630.413643] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 630.413664] hci_register_dev+0x304/0x880 [ 630.413687] hci_uart_tty_ioctl+0x761/0xaf0 [ 630.413704] tty_ioctl+0x8b5/0x1510 [ 630.413720] ? hci_uart_init_work+0x140/0x140 [ 630.413738] ? tty_vhangup+0x30/0x30 [ 630.422059] ? mark_held_locks+0x100/0x100 [ 630.422077] ? proc_cwd_link+0x1d0/0x1d0 [ 630.422103] ? __fget+0x340/0x540 [ 630.422121] ? ___might_sleep+0x163/0x280 [ 630.422139] ? __might_sleep+0x95/0x190 [ 630.422158] ? tty_vhangup+0x30/0x30 [ 630.430208] do_vfs_ioctl+0xd5f/0x1380 [ 630.430228] ? selinux_file_ioctl+0x46f/0x5e0 [ 630.430242] ? selinux_file_ioctl+0x125/0x5e0 [ 630.430266] ? ioctl_preallocate+0x210/0x210 [ 630.438556] ? selinux_file_mprotect+0x620/0x620 [ 630.438583] ? iterate_fd+0x360/0x360 [ 630.438604] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 630.438623] ? fput+0x128/0x1a0 [ 630.477243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 630.485358] ? security_file_ioctl+0x8d/0xc0 [ 630.485376] ksys_ioctl+0xab/0xd0 [ 630.485393] __x64_sys_ioctl+0x73/0xb0 [ 630.485420] do_syscall_64+0xfd/0x620 [ 630.485441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.485454] RIP: 0033:0x459519 [ 630.485470] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 630.485484] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 [ 630.516428] ORIG_RAX: 0000000000000010 [ 630.516439] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 630.516447] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 630.516456] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 630.516465] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 630.516475] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 630.627550] Bluetooth: Can't register HCI device [ 630.629457] FAULT_INJECTION: forcing a failure. [ 630.629457] name failslab, interval 1, probability 0, space 0, times 0 14:39:44 executing program 5 (fault-call:2 fault-nth:29): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 630.659036] CPU: 1 PID: 10958 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 630.672488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.672495] Call Trace: [ 630.672524] dump_stack+0x172/0x1f0 [ 630.672547] should_fail.cold+0xa/0x1b [ 630.672566] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 630.672585] ? lock_downgrade+0x810/0x810 [ 630.672600] ? ___might_sleep+0x163/0x280 [ 630.672623] __should_failslab+0x121/0x190 [ 630.672640] should_failslab+0x9/0x14 [ 630.672653] kmem_cache_alloc+0x2ae/0x700 [ 630.672677] __kernfs_new_node+0xef/0x680 [ 630.687343] ? mark_held_locks+0x100/0x100 [ 630.687367] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 630.687387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 630.687403] ? __kernfs_create_file+0x2a3/0x340 [ 630.687418] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 630.687435] ? find_held_lock+0x35/0x130 [ 630.687449] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 630.687472] kernfs_new_node+0x99/0x130 [ 630.687492] kernfs_create_link+0xdd/0x250 [ 630.727146] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 630.727163] sysfs_create_link+0x65/0xc0 [ 630.727182] device_add+0x4a7/0x1760 [ 630.727203] ? get_device_parent.isra.0+0x570/0x570 [ 630.737532] ? start_creating+0x163/0x1e0 [ 630.737555] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 630.737579] hci_register_dev+0x304/0x880 [ 630.737608] hci_uart_tty_ioctl+0x761/0xaf0 [ 630.767344] tty_ioctl+0x8b5/0x1510 [ 630.767364] ? hci_uart_init_work+0x140/0x140 [ 630.767380] ? tty_vhangup+0x30/0x30 [ 630.767398] ? mark_held_locks+0x100/0x100 [ 630.767420] ? proc_cwd_link+0x1d0/0x1d0 [ 630.776478] ? __fget+0x340/0x540 [ 630.776496] ? ___might_sleep+0x163/0x280 [ 630.776511] ? __might_sleep+0x95/0x190 [ 630.776525] ? tty_vhangup+0x30/0x30 [ 630.776544] do_vfs_ioctl+0xd5f/0x1380 [ 630.776563] ? selinux_file_ioctl+0x46f/0x5e0 [ 630.776576] ? selinux_file_ioctl+0x125/0x5e0 [ 630.776594] ? ioctl_preallocate+0x210/0x210 [ 630.776608] ? selinux_file_mprotect+0x620/0x620 [ 630.776629] ? iterate_fd+0x360/0x360 [ 630.785190] FAULT_INJECTION: forcing a failure. [ 630.785190] name failslab, interval 1, probability 0, space 0, times 0 [ 630.786849] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 630.786866] ? fput+0x128/0x1a0 [ 630.786889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 630.786918] ? security_file_ioctl+0x8d/0xc0 [ 630.939780] ksys_ioctl+0xab/0xd0 [ 630.943319] __x64_sys_ioctl+0x73/0xb0 [ 630.947232] do_syscall_64+0xfd/0x620 [ 630.951059] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.956272] RIP: 0033:0x459519 [ 630.959484] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 630.978415] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 630.986159] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 630.993441] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 631.000726] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 631.008023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 631.015321] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 631.022642] CPU: 0 PID: 10964 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 631.029722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.039087] Call Trace: [ 631.039118] dump_stack+0x172/0x1f0 [ 631.039141] should_fail.cold+0xa/0x1b [ 631.039168] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 631.045397] ? lock_downgrade+0x810/0x810 [ 631.045420] ? ___might_sleep+0x163/0x280 [ 631.045442] __should_failslab+0x121/0x190 [ 631.045462] should_failslab+0x9/0x14 [ 631.045476] __kmalloc+0x2e2/0x750 [ 631.045516] ? rcu_read_lock_sched_held+0x110/0x130 [ 631.045533] ? kobject_get_path+0xc4/0x1b0 [ 631.045551] kobject_get_path+0xc4/0x1b0 [ 631.045569] kobject_uevent_env+0x3ab/0x101d [ 631.045592] kobject_uevent+0x20/0x26 [ 631.045613] device_add+0xb3a/0x1760 [ 631.055992] Bluetooth: Can't register HCI device [ 631.058768] ? get_device_parent.isra.0+0x570/0x570 [ 631.058785] ? start_creating+0x163/0x1e0 14:39:45 executing program 0 (fault-call:2 fault-nth:21): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 631.058806] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 631.058827] hci_register_dev+0x304/0x880 [ 631.067221] hci_uart_tty_ioctl+0x761/0xaf0 [ 631.067243] tty_ioctl+0x8b5/0x1510 [ 631.067262] ? hci_uart_init_work+0x140/0x140 [ 631.074596] ? tty_vhangup+0x30/0x30 [ 631.074614] ? mark_held_locks+0x100/0x100 [ 631.074632] ? proc_cwd_link+0x1d0/0x1d0 [ 631.074653] ? __fget+0x340/0x540 [ 631.074669] ? ___might_sleep+0x163/0x280 [ 631.074685] ? __might_sleep+0x95/0x190 [ 631.074699] ? tty_vhangup+0x30/0x30 [ 631.074718] do_vfs_ioctl+0xd5f/0x1380 [ 631.074735] ? selinux_file_ioctl+0x46f/0x5e0 [ 631.074749] ? selinux_file_ioctl+0x125/0x5e0 [ 631.074768] ? ioctl_preallocate+0x210/0x210 [ 631.088073] ? selinux_file_mprotect+0x620/0x620 [ 631.088102] ? iterate_fd+0x360/0x360 [ 631.088121] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 631.088139] ? fput+0x128/0x1a0 [ 631.148440] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 631.148461] ? security_file_ioctl+0x8d/0xc0 [ 631.156775] ksys_ioctl+0xab/0xd0 [ 631.197873] __x64_sys_ioctl+0x73/0xb0 [ 631.207863] FAULT_INJECTION: forcing a failure. [ 631.207863] name failslab, interval 1, probability 0, space 0, times 0 [ 631.212455] do_syscall_64+0xfd/0x620 [ 631.212479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 631.212490] RIP: 0033:0x459519 [ 631.212506] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 631.212514] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 631.212530] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 631.212538] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 631.212546] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 631.212554] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 631.212563] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 631.218773] Bluetooth: hci0: command 0x1003 tx timeout [ 631.227474] CPU: 1 PID: 10967 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 631.244714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.244721] Call Trace: [ 631.244748] dump_stack+0x172/0x1f0 [ 631.244774] should_fail.cold+0xa/0x1b [ 631.244795] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 631.244813] ? lock_downgrade+0x810/0x810 [ 631.244830] ? ___might_sleep+0x163/0x280 [ 631.244852] __should_failslab+0x121/0x190 [ 631.244870] should_failslab+0x9/0x14 [ 631.244889] __kmalloc_track_caller+0x2de/0x750 [ 631.267022] ? __lock_acquire+0x6eb/0x48f0 14:39:45 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40a85323, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 631.267041] ? kstrdup_const+0x66/0x80 [ 631.267059] kstrdup+0x3a/0x70 [ 631.267076] kstrdup_const+0x66/0x80 [ 631.267094] __kernfs_new_node+0xb0/0x680 [ 631.267110] ? mark_held_locks+0x100/0x100 [ 631.267127] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 631.267147] ? wait_for_completion+0x440/0x440 [ 631.267163] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 631.267184] ? find_held_lock+0x35/0x130 [ 631.282209] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 631.282230] ? kernfs_activate+0x192/0x1f0 [ 631.282252] kernfs_new_node+0x99/0x130 [ 631.282276] kernfs_create_link+0xdd/0x250 [ 631.282295] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 631.282314] sysfs_create_link+0x65/0xc0 [ 631.307390] Bluetooth: hci0: sending frame failed (-49) [ 631.312418] device_add+0x7ce/0x1760 [ 631.312442] ? get_device_parent.isra.0+0x570/0x570 [ 631.312459] ? start_creating+0x163/0x1e0 [ 631.312480] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 631.312503] hci_register_dev+0x304/0x880 [ 631.312525] hci_uart_tty_ioctl+0x761/0xaf0 [ 631.312542] tty_ioctl+0x8b5/0x1510 [ 631.312555] ? hci_uart_init_work+0x140/0x140 [ 631.312573] ? tty_vhangup+0x30/0x30 [ 631.353626] ? mark_held_locks+0x100/0x100 [ 631.353646] ? proc_cwd_link+0x1d0/0x1d0 [ 631.353672] ? __fget+0x340/0x540 [ 631.353688] ? ___might_sleep+0x163/0x280 [ 631.353704] ? __might_sleep+0x95/0x190 [ 631.353720] ? tty_vhangup+0x30/0x30 [ 631.353741] do_vfs_ioctl+0xd5f/0x1380 [ 631.362164] ? selinux_file_ioctl+0x46f/0x5e0 [ 631.362178] ? selinux_file_ioctl+0x125/0x5e0 [ 631.362199] ? ioctl_preallocate+0x210/0x210 [ 631.362213] ? selinux_file_mprotect+0x620/0x620 [ 631.362244] ? iterate_fd+0x360/0x360 [ 631.533764] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 631.539331] ? fput+0x128/0x1a0 [ 631.542642] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 631.548225] ? security_file_ioctl+0x8d/0xc0 [ 631.552648] ksys_ioctl+0xab/0xd0 [ 631.556131] __x64_sys_ioctl+0x73/0xb0 [ 631.560032] do_syscall_64+0xfd/0x620 [ 631.563826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 631.569006] RIP: 0033:0x459519 [ 631.572189] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 631.591520] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 631.599225] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 631.606491] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 631.613756] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 631.621107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 631.628383] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 631.643734] Bluetooth: Can't register HCI device [ 631.892949] Bluetooth: hci4: command 0x1003 tx timeout [ 631.905323] Bluetooth: hci4: sending frame failed (-49) [ 632.452524] Bluetooth: hci3: command 0x1003 tx timeout [ 632.457956] Bluetooth: hci3: sending frame failed (-49) [ 633.252762] Bluetooth: hci2: command 0x1003 tx timeout [ 633.258135] Bluetooth: hci0: command 0x1001 tx timeout [ 633.258195] Bluetooth: hci2: sending frame failed (-49) [ 633.269511] Bluetooth: hci0: sending frame failed (-49) [ 633.972590] Bluetooth: hci4: command 0x1001 tx timeout [ 633.979194] Bluetooth: hci4: sending frame failed (-49) [ 634.532539] Bluetooth: hci3: command 0x1001 tx timeout [ 634.537991] Bluetooth: hci3: sending frame failed (-49) [ 635.332565] Bluetooth: hci0: command 0x1009 tx timeout [ 635.338011] Bluetooth: hci2: command 0x1001 tx timeout [ 635.343481] Bluetooth: hci2: sending frame failed (-49) [ 636.052508] Bluetooth: hci4: command 0x1009 tx timeout [ 636.612541] Bluetooth: hci3: command 0x1009 tx timeout [ 637.412711] Bluetooth: hci2: command 0x1009 tx timeout 14:39:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5413, &(0x7f00000001c0)=0x1000000000033) 14:39:53 executing program 0 (fault-call:2 fault-nth:22): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:53 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x40bc5311, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 639.278714] FAULT_INJECTION: forcing a failure. [ 639.278714] name failslab, interval 1, probability 0, space 0, times 0 [ 639.291774] CPU: 0 PID: 10979 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 639.298824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 639.308296] Call Trace: [ 639.310919] dump_stack+0x172/0x1f0 [ 639.314636] should_fail.cold+0xa/0x1b [ 639.318569] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 639.323707] ? lock_downgrade+0x810/0x810 [ 639.327876] ? ___might_sleep+0x163/0x280 [ 639.332056] __should_failslab+0x121/0x190 [ 639.332076] should_failslab+0x9/0x14 [ 639.332091] kmem_cache_alloc+0x2ae/0x700 [ 639.332111] ? memcpy+0x46/0x50 [ 639.340194] ? kstrdup+0x5a/0x70 [ 639.340219] __kernfs_new_node+0xef/0x680 [ 639.340242] ? mark_held_locks+0x100/0x100 [ 639.351049] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 639.351071] ? wait_for_completion+0x440/0x440 [ 639.351090] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 639.364219] ? find_held_lock+0x35/0x130 [ 639.364238] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 639.364256] ? kernfs_activate+0x192/0x1f0 [ 639.364278] kernfs_new_node+0x99/0x130 [ 639.364299] kernfs_create_link+0xdd/0x250 [ 639.364319] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 639.364338] sysfs_create_link+0x65/0xc0 [ 639.364357] device_add+0x7ce/0x1760 [ 639.364379] ? get_device_parent.isra.0+0x570/0x570 [ 639.364395] ? start_creating+0x163/0x1e0 [ 639.364434] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 639.378650] hci_register_dev+0x304/0x880 [ 639.378682] hci_uart_tty_ioctl+0x761/0xaf0 [ 639.392422] tty_ioctl+0x8b5/0x1510 [ 639.392440] ? hci_uart_init_work+0x140/0x140 [ 639.392456] ? tty_vhangup+0x30/0x30 [ 639.392472] ? mark_held_locks+0x100/0x100 [ 639.392488] ? proc_cwd_link+0x1d0/0x1d0 [ 639.392514] ? __fget+0x340/0x540 [ 639.392530] ? ___might_sleep+0x163/0x280 [ 639.392548] ? __might_sleep+0x95/0x190 [ 639.408607] Bluetooth: hci1: Frame reassembly failed (-84) [ 639.409826] ? tty_vhangup+0x30/0x30 [ 639.409848] do_vfs_ioctl+0xd5f/0x1380 [ 639.409868] ? selinux_file_ioctl+0x46f/0x5e0 [ 639.417936] Bluetooth: hci1: Frame reassembly failed (-84) [ 639.419037] ? selinux_file_ioctl+0x125/0x5e0 [ 639.419058] ? ioctl_preallocate+0x210/0x210 [ 639.419073] ? selinux_file_mprotect+0x620/0x620 [ 639.419099] ? iterate_fd+0x360/0x360 [ 639.419118] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 639.419133] ? fput+0x128/0x1a0 [ 639.419154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 639.519765] ? security_file_ioctl+0x8d/0xc0 [ 639.524181] ksys_ioctl+0xab/0xd0 [ 639.527637] __x64_sys_ioctl+0x73/0xb0 [ 639.531517] do_syscall_64+0xfd/0x620 [ 639.535328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 639.540526] RIP: 0033:0x459519 [ 639.543717] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 639.563084] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:39:53 executing program 0 (fault-call:2 fault-nth:23): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 639.579778] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 639.587041] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 639.594314] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 639.601584] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 639.608844] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 639.617706] Bluetooth: Can't register HCI device [ 639.665866] FAULT_INJECTION: forcing a failure. [ 639.665866] name failslab, interval 1, probability 0, space 0, times 0 [ 639.677970] CPU: 0 PID: 10990 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 639.685005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 639.694388] Call Trace: [ 639.697094] dump_stack+0x172/0x1f0 [ 639.700729] should_fail.cold+0xa/0x1b [ 639.704715] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 639.710043] ? lock_downgrade+0x810/0x810 [ 639.714196] ? ___might_sleep+0x163/0x280 [ 639.718378] __should_failslab+0x121/0x190 [ 639.722637] should_failslab+0x9/0x14 [ 639.726459] kmem_cache_alloc+0x2ae/0x700 [ 639.730602] ? memcpy+0x46/0x50 [ 639.733892] ? kstrdup+0x5a/0x70 [ 639.737285] __kernfs_new_node+0xef/0x680 [ 639.741479] ? mark_held_locks+0x100/0x100 [ 639.745710] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 639.750475] ? wait_for_completion+0x440/0x440 [ 639.755069] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 639.760559] ? find_held_lock+0x35/0x130 [ 639.764618] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 639.770152] ? kernfs_activate+0x192/0x1f0 [ 639.774404] kernfs_new_node+0x99/0x130 [ 639.778398] kernfs_create_link+0xdd/0x250 [ 639.782630] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 639.787912] sysfs_create_link+0x65/0xc0 [ 639.791969] device_add+0x7ce/0x1760 [ 639.795701] ? get_device_parent.isra.0+0x570/0x570 [ 639.800733] ? start_creating+0x163/0x1e0 [ 639.804891] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 639.810464] hci_register_dev+0x304/0x880 [ 639.814640] hci_uart_tty_ioctl+0x761/0xaf0 [ 639.818968] tty_ioctl+0x8b5/0x1510 [ 639.822588] ? hci_uart_init_work+0x140/0x140 [ 639.827107] ? tty_vhangup+0x30/0x30 [ 639.830817] ? mark_held_locks+0x100/0x100 [ 639.835054] ? proc_cwd_link+0x1d0/0x1d0 [ 639.839149] ? __fget+0x340/0x540 [ 639.842602] ? ___might_sleep+0x163/0x280 [ 639.846757] ? __might_sleep+0x95/0x190 [ 639.850741] ? tty_vhangup+0x30/0x30 [ 639.854483] do_vfs_ioctl+0xd5f/0x1380 [ 639.858377] ? selinux_file_ioctl+0x46f/0x5e0 [ 639.862864] ? selinux_file_ioctl+0x125/0x5e0 [ 639.867355] ? ioctl_preallocate+0x210/0x210 [ 639.871767] ? selinux_file_mprotect+0x620/0x620 [ 639.876556] ? iterate_fd+0x360/0x360 [ 639.880367] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 639.885925] ? fput+0x128/0x1a0 [ 639.889211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 639.894751] ? security_file_ioctl+0x8d/0xc0 [ 639.899180] ksys_ioctl+0xab/0xd0 [ 639.899198] __x64_sys_ioctl+0x73/0xb0 [ 639.899218] do_syscall_64+0xfd/0x620 [ 639.899240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 639.899251] RIP: 0033:0x459519 [ 639.899266] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 639.915738] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 639.915756] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 639.915765] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 14:39:54 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5416, &(0x7f00000001c0)=0x1000000000033) [ 639.915774] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 639.915783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 639.915793] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 639.956244] Bluetooth: Can't register HCI device [ 640.058707] Bluetooth: hci0: Frame reassembly failed (-84) 14:39:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5414, &(0x7f00000001c0)) 14:39:54 executing program 0 (fault-call:2 fault-nth:24): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:54 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x80045300, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 640.571755] FAULT_INJECTION: forcing a failure. [ 640.571755] name failslab, interval 1, probability 0, space 0, times 0 [ 640.592679] CPU: 0 PID: 11002 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 640.599755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.599763] Call Trace: [ 640.599792] dump_stack+0x172/0x1f0 [ 640.599820] should_fail.cold+0xa/0x1b [ 640.599842] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 640.611792] ? lock_downgrade+0x810/0x810 [ 640.611812] ? ___might_sleep+0x163/0x280 [ 640.611835] __should_failslab+0x121/0x190 [ 640.611854] should_failslab+0x9/0x14 [ 640.619538] kmem_cache_alloc+0x2ae/0x700 [ 640.619556] ? kasan_check_write+0x14/0x20 [ 640.619575] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 640.619604] __kernfs_new_node+0xef/0x680 [ 640.633044] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 640.633064] ? mutex_unlock+0xd/0x10 [ 640.633080] ? kernfs_activate+0x192/0x1f0 [ 640.633100] ? kernfs_add_one+0x131/0x4d0 [ 640.633125] kernfs_new_node+0x99/0x130 [ 640.633145] __kernfs_create_file+0x51/0x340 [ 640.633164] sysfs_add_file_mode_ns+0x222/0x560 [ 640.641228] sysfs_create_file_ns+0x13a/0x1c0 [ 640.641247] ? sysfs_add_file_mode_ns+0x560/0x560 [ 640.641270] ? up_read+0x1a/0x110 [ 640.641291] device_create_file+0xfa/0x1e0 [ 640.641308] ? acpi_bind_one+0x830/0x830 [ 640.641324] device_add+0x411/0x1760 [ 640.641343] ? device_initialize+0x440/0x440 [ 640.649738] ? get_device_parent.isra.0+0x570/0x570 [ 640.649768] hci_register_dev+0x304/0x880 [ 640.649796] hci_uart_tty_ioctl+0x761/0xaf0 [ 640.660488] Bluetooth: hci4: Frame reassembly failed (-84) [ 640.664970] tty_ioctl+0x8b5/0x1510 [ 640.664989] ? hci_uart_init_work+0x140/0x140 [ 640.665005] ? tty_vhangup+0x30/0x30 [ 640.665023] ? mark_held_locks+0x100/0x100 [ 640.665040] ? proc_cwd_link+0x1d0/0x1d0 [ 640.665063] ? __fget+0x340/0x540 [ 640.665080] ? ___might_sleep+0x163/0x280 [ 640.665097] ? __might_sleep+0x95/0x190 [ 640.665117] ? tty_vhangup+0x30/0x30 [ 640.773831] do_vfs_ioctl+0xd5f/0x1380 [ 640.777752] ? selinux_file_ioctl+0x46f/0x5e0 [ 640.782277] ? selinux_file_ioctl+0x125/0x5e0 [ 640.786803] ? ioctl_preallocate+0x210/0x210 [ 640.791230] ? selinux_file_mprotect+0x620/0x620 [ 640.796086] ? iterate_fd+0x360/0x360 [ 640.799881] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 640.805428] ? fput+0x128/0x1a0 [ 640.808798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 640.814349] ? security_file_ioctl+0x8d/0xc0 [ 640.818788] ksys_ioctl+0xab/0xd0 [ 640.822256] __x64_sys_ioctl+0x73/0xb0 [ 640.826138] do_syscall_64+0xfd/0x620 [ 640.829960] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 640.835174] RIP: 0033:0x459519 [ 640.838577] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 640.857519] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 640.865269] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 14:39:55 executing program 0 (fault-call:2 fault-nth:25): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 640.872567] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 640.879851] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 640.887124] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 640.894381] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 640.902754] Bluetooth: Can't register HCI device [ 640.958700] FAULT_INJECTION: forcing a failure. [ 640.958700] name failslab, interval 1, probability 0, space 0, times 0 [ 640.971071] CPU: 1 PID: 11010 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 640.978117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.987471] Call Trace: [ 640.990071] dump_stack+0x172/0x1f0 [ 640.993715] should_fail.cold+0xa/0x1b [ 640.997608] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 641.002721] ? lock_downgrade+0x810/0x810 [ 641.006874] ? ___might_sleep+0x163/0x280 [ 641.011049] __should_failslab+0x121/0x190 [ 641.015317] should_failslab+0x9/0x14 [ 641.019130] kmem_cache_alloc+0x2ae/0x700 [ 641.023305] ? lock_downgrade+0x810/0x810 [ 641.027456] ? kasan_check_read+0x11/0x20 [ 641.031602] __kernfs_new_node+0xef/0x680 [ 641.035747] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 641.040670] ? wait_for_completion+0x440/0x440 [ 641.045251] ? mutex_unlock+0xd/0x10 [ 641.048957] ? kernfs_activate+0x192/0x1f0 [ 641.053203] kernfs_new_node+0x99/0x130 [ 641.057182] __kernfs_create_file+0x51/0x340 [ 641.061593] sysfs_add_file_mode_ns+0x222/0x560 [ 641.066261] sysfs_merge_group+0x1a0/0x340 [ 641.070508] ? sysfs_mount+0x1e0/0x1e0 [ 641.074425] ? kernfs_put+0x3c2/0x5d0 [ 641.078247] dpm_sysfs_add+0x164/0x210 [ 641.082151] device_add+0xa47/0x1760 [ 641.085867] ? get_device_parent.isra.0+0x570/0x570 [ 641.090881] ? start_creating+0x163/0x1e0 [ 641.095047] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 641.100614] hci_register_dev+0x304/0x880 [ 641.104805] hci_uart_tty_ioctl+0x761/0xaf0 [ 641.109153] tty_ioctl+0x8b5/0x1510 [ 641.112788] ? hci_uart_init_work+0x140/0x140 [ 641.117290] ? tty_vhangup+0x30/0x30 [ 641.121018] ? mark_held_locks+0x100/0x100 [ 641.125274] ? proc_cwd_link+0x1d0/0x1d0 [ 641.129345] ? __fget+0x340/0x540 [ 641.132811] ? ___might_sleep+0x163/0x280 [ 641.136966] ? __might_sleep+0x95/0x190 [ 641.140948] ? tty_vhangup+0x30/0x30 [ 641.144673] do_vfs_ioctl+0xd5f/0x1380 [ 641.148589] ? selinux_file_ioctl+0x46f/0x5e0 [ 641.153088] ? selinux_file_ioctl+0x125/0x5e0 [ 641.157592] ? ioctl_preallocate+0x210/0x210 [ 641.162012] ? selinux_file_mprotect+0x620/0x620 [ 641.166786] ? iterate_fd+0x360/0x360 [ 641.170622] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 641.176161] ? fput+0x128/0x1a0 [ 641.179442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 641.185149] ? security_file_ioctl+0x8d/0xc0 [ 641.189554] ksys_ioctl+0xab/0xd0 [ 641.193013] __x64_sys_ioctl+0x73/0xb0 [ 641.196920] do_syscall_64+0xfd/0x620 [ 641.200730] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 641.205938] RIP: 0033:0x459519 [ 641.209142] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 641.228041] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 641.235750] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 641.243028] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 641.250305] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 641.257568] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 641.264845] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 641.277822] Bluetooth: Can't register HCI device [ 641.412659] Bluetooth: hci1: command 0x1003 tx timeout [ 641.422069] Bluetooth: hci1: sending frame failed (-49) 14:39:55 executing program 5 (fault-call:2 fault-nth:30): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:39:55 executing program 0 (fault-call:2 fault-nth:26): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:39:55 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x80045301, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 641.843782] FAULT_INJECTION: forcing a failure. [ 641.843782] name failslab, interval 1, probability 0, space 0, times 0 [ 641.856500] CPU: 1 PID: 11016 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 641.863547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.872954] Call Trace: [ 641.875610] dump_stack+0x172/0x1f0 [ 641.879278] should_fail.cold+0xa/0x1b [ 641.883214] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 641.888341] ? lock_downgrade+0x810/0x810 [ 641.892506] ? ___might_sleep+0x163/0x280 [ 641.892531] __should_failslab+0x121/0x190 [ 641.892550] should_failslab+0x9/0x14 [ 641.892563] kmem_cache_alloc+0x2ae/0x700 [ 641.892582] ? lock_downgrade+0x810/0x810 [ 641.892594] ? kasan_check_read+0x11/0x20 [ 641.892616] __kernfs_new_node+0xef/0x680 [ 641.892637] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 641.901028] ? wait_for_completion+0x440/0x440 [ 641.901056] ? mutex_unlock+0xd/0x10 [ 641.901074] ? kernfs_activate+0x192/0x1f0 [ 641.901094] kernfs_new_node+0x99/0x130 [ 641.905853] FAULT_INJECTION: forcing a failure. [ 641.905853] name failslab, interval 1, probability 0, space 0, times 0 [ 641.909050] __kernfs_create_file+0x51/0x340 [ 641.909070] sysfs_add_file_mode_ns+0x222/0x560 [ 641.909093] sysfs_merge_group+0x1a0/0x340 [ 641.909111] ? sysfs_mount+0x1e0/0x1e0 [ 641.971320] ? kernfs_put+0x3c2/0x5d0 [ 641.975165] dpm_sysfs_add+0x164/0x210 [ 641.979069] device_add+0xa47/0x1760 [ 641.982804] ? get_device_parent.isra.0+0x570/0x570 [ 641.987831] ? start_creating+0x163/0x1e0 [ 641.992015] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 641.997573] hci_register_dev+0x304/0x880 [ 642.001752] hci_uart_tty_ioctl+0x761/0xaf0 [ 642.006147] tty_ioctl+0x8b5/0x1510 [ 642.009792] ? hci_uart_init_work+0x140/0x140 [ 642.014303] ? tty_vhangup+0x30/0x30 [ 642.018034] ? mark_held_locks+0x100/0x100 [ 642.022283] ? proc_cwd_link+0x1d0/0x1d0 [ 642.026378] ? __fget+0x340/0x540 [ 642.029946] ? ___might_sleep+0x163/0x280 [ 642.034114] ? __might_sleep+0x95/0x190 [ 642.038111] ? tty_vhangup+0x30/0x30 [ 642.041842] do_vfs_ioctl+0xd5f/0x1380 [ 642.045749] ? selinux_file_ioctl+0x46f/0x5e0 [ 642.050263] ? selinux_file_ioctl+0x125/0x5e0 [ 642.054780] ? ioctl_preallocate+0x210/0x210 [ 642.059202] ? selinux_file_mprotect+0x620/0x620 [ 642.063984] ? iterate_fd+0x360/0x360 [ 642.067803] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 642.073359] ? fput+0x128/0x1a0 [ 642.076689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.082249] ? security_file_ioctl+0x8d/0xc0 [ 642.086676] ksys_ioctl+0xab/0xd0 [ 642.090183] __x64_sys_ioctl+0x73/0xb0 [ 642.094120] do_syscall_64+0xfd/0x620 [ 642.097951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.103151] RIP: 0033:0x459519 [ 642.106352] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 642.125360] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 642.133096] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 642.140385] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 642.147680] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 642.154965] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 642.162247] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 642.169565] CPU: 0 PID: 11019 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 642.170706] Bluetooth: hci0: command 0x1003 tx timeout [ 642.176621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.176628] Call Trace: [ 642.176655] dump_stack+0x172/0x1f0 [ 642.176678] should_fail.cold+0xa/0x1b [ 642.176699] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 642.191378] ? lock_downgrade+0x810/0x810 [ 642.191396] ? ___might_sleep+0x163/0x280 [ 642.191426] __should_failslab+0x121/0x190 [ 642.191452] should_failslab+0x9/0x14 [ 642.197659] __kmalloc+0x2e2/0x750 [ 642.197682] ? rcu_read_lock_sched_held+0x110/0x130 [ 642.197698] ? kobject_get_path+0xc4/0x1b0 [ 642.197716] kobject_get_path+0xc4/0x1b0 [ 642.204052] Bluetooth: Can't register HCI device [ 642.206711] kobject_uevent_env+0x3ab/0x101d [ 642.206739] kobject_uevent+0x20/0x26 [ 642.206762] device_add+0xb3a/0x1760 [ 642.215058] ? get_device_parent.isra.0+0x570/0x570 [ 642.215076] ? start_creating+0x163/0x1e0 [ 642.215095] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 642.215116] hci_register_dev+0x304/0x880 [ 642.215139] hci_uart_tty_ioctl+0x761/0xaf0 [ 642.215158] tty_ioctl+0x8b5/0x1510 [ 642.215176] ? hci_uart_init_work+0x140/0x140 [ 642.223205] ? tty_vhangup+0x30/0x30 [ 642.223223] ? mark_held_locks+0x100/0x100 [ 642.223240] ? proc_cwd_link+0x1d0/0x1d0 [ 642.223264] ? __fget+0x340/0x540 [ 642.223280] ? ___might_sleep+0x163/0x280 [ 642.223297] ? __might_sleep+0x95/0x190 [ 642.223311] ? tty_vhangup+0x30/0x30 [ 642.223332] do_vfs_ioctl+0xd5f/0x1380 [ 642.231878] ? selinux_file_ioctl+0x46f/0x5e0 [ 642.231894] ? selinux_file_ioctl+0x125/0x5e0 [ 642.231913] ? ioctl_preallocate+0x210/0x210 [ 642.231927] ? selinux_file_mprotect+0x620/0x620 [ 642.231950] ? iterate_fd+0x360/0x360 [ 642.262006] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 642.271701] ? fput+0x128/0x1a0 [ 642.271728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.271747] ? security_file_ioctl+0x8d/0xc0 [ 642.292683] Bluetooth: hci0: sending frame failed (-49) [ 642.296261] ksys_ioctl+0xab/0xd0 [ 642.368840] __x64_sys_ioctl+0x73/0xb0 [ 642.372727] do_syscall_64+0xfd/0x620 [ 642.376633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.381814] RIP: 0033:0x459519 [ 642.384996] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 642.403894] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 642.411617] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 642.418888] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 642.426171] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 642.433451] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 642.440725] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 642.451175] Bluetooth: hci3: Frame reassembly failed (-84) [ 642.622466] Bluetooth: hci4: command 0x1003 tx timeout [ 642.627998] Bluetooth: hci4: sending frame failed (-49) [ 643.492556] Bluetooth: hci1: command 0x1001 tx timeout [ 643.498052] Bluetooth: hci1: sending frame failed (-49) [ 644.372510] Bluetooth: hci0: command 0x1001 tx timeout [ 644.377975] Bluetooth: hci0: sending frame failed (-49) [ 644.452561] Bluetooth: hci3: command 0x1003 tx timeout [ 644.457981] Bluetooth: hci3: sending frame failed (-49) [ 644.692591] Bluetooth: hci4: command 0x1001 tx timeout [ 644.698010] Bluetooth: hci4: sending frame failed (-49) [ 645.572637] Bluetooth: hci1: command 0x1009 tx timeout [ 646.452625] Bluetooth: hci0: command 0x1009 tx timeout [ 646.532627] Bluetooth: hci3: command 0x1001 tx timeout [ 646.538058] Bluetooth: hci3: sending frame failed (-49) [ 646.772558] Bluetooth: hci4: command 0x1009 tx timeout [ 648.612592] Bluetooth: hci3: command 0x1009 tx timeout 14:40:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5414, &(0x7f00000001c0)=0x1000000000033) 14:40:03 executing program 0 (fault-call:2 fault-nth:27): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:40:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x80086601, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 649.531282] FAULT_INJECTION: forcing a failure. [ 649.531282] name failslab, interval 1, probability 0, space 0, times 0 [ 649.545368] Bluetooth: hci2: Frame reassembly failed (-84) [ 649.553837] CPU: 0 PID: 11026 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 649.560990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 649.570458] Call Trace: [ 649.573081] dump_stack+0x172/0x1f0 [ 649.576745] should_fail.cold+0xa/0x1b [ 649.580778] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 649.586786] ? lock_downgrade+0x810/0x810 [ 649.590944] ? ___might_sleep+0x163/0x280 [ 649.595139] __should_failslab+0x121/0x190 [ 649.599400] should_failslab+0x9/0x14 [ 649.603580] kmem_cache_alloc+0x2ae/0x700 [ 649.607758] ? lock_downgrade+0x810/0x810 [ 649.611911] ? kasan_check_read+0x11/0x20 [ 649.616077] __kernfs_new_node+0xef/0x680 [ 649.620238] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 649.625027] ? wait_for_completion+0x440/0x440 [ 649.629644] ? mutex_unlock+0xd/0x10 [ 649.633364] ? kernfs_activate+0x192/0x1f0 [ 649.637613] kernfs_new_node+0x99/0x130 [ 649.641584] __kernfs_create_file+0x51/0x340 [ 649.646005] sysfs_add_file_mode_ns+0x222/0x560 [ 649.650687] sysfs_merge_group+0x1a0/0x340 [ 649.654933] ? sysfs_mount+0x1e0/0x1e0 [ 649.658927] ? kernfs_put+0x3c2/0x5d0 [ 649.662749] dpm_sysfs_add+0x164/0x210 [ 649.666643] device_add+0xa47/0x1760 [ 649.670370] ? get_device_parent.isra.0+0x570/0x570 [ 649.675398] ? start_creating+0x163/0x1e0 [ 649.679562] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 649.685117] hci_register_dev+0x304/0x880 [ 649.689475] hci_uart_tty_ioctl+0x761/0xaf0 [ 649.693807] tty_ioctl+0x8b5/0x1510 [ 649.697443] ? hci_uart_init_work+0x140/0x140 [ 649.701935] ? tty_vhangup+0x30/0x30 [ 649.705655] ? mark_held_locks+0x100/0x100 [ 649.709992] ? proc_cwd_link+0x1d0/0x1d0 [ 649.714086] ? __fget+0x340/0x540 [ 649.717553] ? ___might_sleep+0x163/0x280 [ 649.721704] ? __might_sleep+0x95/0x190 [ 649.725694] ? tty_vhangup+0x30/0x30 [ 649.729423] do_vfs_ioctl+0xd5f/0x1380 [ 649.733316] ? selinux_file_ioctl+0x46f/0x5e0 [ 649.737822] ? selinux_file_ioctl+0x125/0x5e0 [ 649.742314] ? ioctl_preallocate+0x210/0x210 [ 649.746719] ? selinux_file_mprotect+0x620/0x620 [ 649.751826] ? iterate_fd+0x360/0x360 [ 649.755645] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 649.761296] ? fput+0x128/0x1a0 [ 649.764592] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 649.770154] ? security_file_ioctl+0x8d/0xc0 [ 649.774582] ksys_ioctl+0xab/0xd0 [ 649.778051] __x64_sys_ioctl+0x73/0xb0 [ 649.782072] do_syscall_64+0xfd/0x620 [ 649.786000] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 649.791207] RIP: 0033:0x459519 [ 649.794406] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 649.813336] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 649.821065] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 14:40:03 executing program 0 (fault-call:2 fault-nth:28): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 649.828332] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 649.835610] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 649.842906] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 649.850209] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 649.858340] Bluetooth: Can't register HCI device [ 649.909196] FAULT_INJECTION: forcing a failure. [ 649.909196] name failslab, interval 1, probability 0, space 0, times 0 [ 649.921789] CPU: 1 PID: 11035 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 649.928896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 649.938444] Call Trace: [ 649.941067] dump_stack+0x172/0x1f0 [ 649.945142] should_fail.cold+0xa/0x1b [ 649.949209] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 649.954317] ? lock_downgrade+0x810/0x810 [ 649.958464] ? ___might_sleep+0x163/0x280 [ 649.962614] __should_failslab+0x121/0x190 [ 649.966856] should_failslab+0x9/0x14 [ 649.970656] kmem_cache_alloc+0x2ae/0x700 [ 649.974806] ? lock_downgrade+0x810/0x810 [ 649.978961] ? kasan_check_read+0x11/0x20 [ 649.983110] __kernfs_new_node+0xef/0x680 [ 649.987256] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 649.992014] ? wait_for_completion+0x440/0x440 [ 649.996598] ? mutex_unlock+0xd/0x10 [ 650.000316] ? kernfs_activate+0x192/0x1f0 [ 650.004574] kernfs_new_node+0x99/0x130 [ 650.008553] __kernfs_create_file+0x51/0x340 [ 650.012984] sysfs_add_file_mode_ns+0x222/0x560 [ 650.017658] sysfs_merge_group+0x1a0/0x340 [ 650.021899] ? sysfs_mount+0x1e0/0x1e0 [ 650.025789] ? kernfs_put+0x3c2/0x5d0 [ 650.029634] dpm_sysfs_add+0x164/0x210 [ 650.033521] device_add+0xa47/0x1760 [ 650.037235] ? get_device_parent.isra.0+0x570/0x570 [ 650.042251] ? start_creating+0x163/0x1e0 [ 650.046405] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 650.051986] hci_register_dev+0x304/0x880 [ 650.056143] hci_uart_tty_ioctl+0x761/0xaf0 [ 650.060471] tty_ioctl+0x8b5/0x1510 [ 650.064100] ? hci_uart_init_work+0x140/0x140 [ 650.068708] ? tty_vhangup+0x30/0x30 [ 650.072430] ? mark_held_locks+0x100/0x100 [ 650.076675] ? proc_cwd_link+0x1d0/0x1d0 [ 650.080734] ? __fget+0x340/0x540 [ 650.084184] ? ___might_sleep+0x163/0x280 [ 650.088334] ? __might_sleep+0x95/0x190 [ 650.092300] ? tty_vhangup+0x30/0x30 [ 650.096009] do_vfs_ioctl+0xd5f/0x1380 [ 650.099890] ? selinux_file_ioctl+0x46f/0x5e0 [ 650.104395] ? selinux_file_ioctl+0x125/0x5e0 [ 650.108932] ? ioctl_preallocate+0x210/0x210 [ 650.113346] ? selinux_file_mprotect+0x620/0x620 [ 650.118109] ? iterate_fd+0x360/0x360 [ 650.121905] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 650.127448] ? fput+0x128/0x1a0 [ 650.130732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 650.136354] ? security_file_ioctl+0x8d/0xc0 [ 650.140757] ksys_ioctl+0xab/0xd0 [ 650.144204] __x64_sys_ioctl+0x73/0xb0 [ 650.148106] do_syscall_64+0xfd/0x620 [ 650.151905] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 650.157094] RIP: 0033:0x459519 [ 650.160297] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 650.179198] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 650.187120] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 650.194391] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 650.201662] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 14:40:04 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5418, &(0x7f00000001c0)=0x1000000000033) [ 650.208962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 650.216524] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 650.227669] Bluetooth: Can't register HCI device [ 650.304373] Bluetooth: hci0: Frame reassembly failed (-84) 14:40:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5415, &(0x7f00000001c0)) 14:40:04 executing program 0 (fault-call:2 fault-nth:29): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:40:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x80087601, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 650.806197] FAULT_INJECTION: forcing a failure. [ 650.806197] name failslab, interval 1, probability 0, space 0, times 0 [ 650.825200] CPU: 1 PID: 11046 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 650.832268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 650.841856] Call Trace: [ 650.844481] dump_stack+0x172/0x1f0 [ 650.848167] should_fail.cold+0xa/0x1b [ 650.848194] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 650.848222] ? lock_downgrade+0x810/0x810 [ 650.857260] ? ___might_sleep+0x163/0x280 [ 650.857285] __should_failslab+0x121/0x190 [ 650.857306] should_failslab+0x9/0x14 [ 650.865604] kmem_cache_alloc_trace+0x2cc/0x760 [ 650.865620] ? kasan_check_write+0x14/0x20 [ 650.865638] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 650.865661] kobject_uevent_env+0x387/0x101d [ 650.865688] kobject_uevent+0x20/0x26 [ 650.865710] device_add+0xb3a/0x1760 [ 650.878517] ? get_device_parent.isra.0+0x570/0x570 [ 650.878535] ? start_creating+0x163/0x1e0 [ 650.878560] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 650.887734] hci_register_dev+0x304/0x880 [ 650.887761] hci_uart_tty_ioctl+0x761/0xaf0 [ 650.887781] tty_ioctl+0x8b5/0x1510 [ 650.895998] ? hci_uart_init_work+0x140/0x140 [ 650.896018] ? tty_vhangup+0x30/0x30 [ 650.896036] ? mark_held_locks+0x100/0x100 [ 650.896057] ? proc_cwd_link+0x1d0/0x1d0 [ 650.905266] Bluetooth: hci4: Frame reassembly failed (-84) [ 650.909042] ? __fget+0x340/0x540 [ 650.909063] ? ___might_sleep+0x163/0x280 [ 650.909081] ? __might_sleep+0x95/0x190 [ 650.909100] ? tty_vhangup+0x30/0x30 [ 650.963982] do_vfs_ioctl+0xd5f/0x1380 [ 650.967890] ? selinux_file_ioctl+0x46f/0x5e0 [ 650.972401] ? selinux_file_ioctl+0x125/0x5e0 [ 650.976898] ? ioctl_preallocate+0x210/0x210 [ 650.981301] ? selinux_file_mprotect+0x620/0x620 [ 650.986052] ? iterate_fd+0x360/0x360 [ 650.989856] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 650.995429] ? fput+0x128/0x1a0 [ 650.998736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 651.004273] ? security_file_ioctl+0x8d/0xc0 [ 651.008675] ksys_ioctl+0xab/0xd0 [ 651.012121] __x64_sys_ioctl+0x73/0xb0 [ 651.016017] do_syscall_64+0xfd/0x620 [ 651.019813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 651.025011] RIP: 0033:0x459519 [ 651.028192] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 651.058293] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 651.066002] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 651.073282] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 651.080553] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 651.087847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 651.095134] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 651.106407] Bluetooth: hci1: Frame reassembly failed (-84) 14:40:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0045878, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 651.572504] Bluetooth: hci2: command 0x1003 tx timeout [ 651.578070] Bluetooth: hci2: sending frame failed (-49) [ 652.372541] Bluetooth: hci0: command 0x1003 tx timeout [ 652.377986] Bluetooth: hci0: sending frame failed (-49) 14:40:06 executing program 5 (fault-call:2 fault-nth:31): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:40:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0045878, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 652.740863] FAULT_INJECTION: forcing a failure. [ 652.740863] name failslab, interval 1, probability 0, space 0, times 0 [ 652.753704] CPU: 1 PID: 11066 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 652.760740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 652.772339] Call Trace: [ 652.774955] dump_stack+0x172/0x1f0 [ 652.778895] should_fail.cold+0xa/0x1b [ 652.783070] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 652.788237] ? lock_downgrade+0x810/0x810 [ 652.792396] ? ___might_sleep+0x163/0x280 [ 652.796558] __should_failslab+0x121/0x190 [ 652.800793] should_failslab+0x9/0x14 [ 652.804591] kmem_cache_alloc_node_trace+0x274/0x720 [ 652.809707] ? __alloc_skb+0xd5/0x5f0 [ 652.813535] __kmalloc_node_track_caller+0x3d/0x80 [ 652.818468] __kmalloc_reserve.isra.0+0x40/0xf0 [ 652.823152] __alloc_skb+0x10b/0x5f0 [ 652.826881] ? skb_scrub_packet+0x490/0x490 [ 652.831469] ? kasan_check_read+0x11/0x20 [ 652.835646] alloc_uevent_skb+0x83/0x1e2 [ 652.839721] kobject_uevent_env+0xaa3/0x101d [ 652.844134] kobject_uevent+0x20/0x26 [ 652.847935] device_add+0xb3a/0x1760 [ 652.851646] ? get_device_parent.isra.0+0x570/0x570 [ 652.852520] Bluetooth: hci4: command 0x1003 tx timeout [ 652.856678] ? start_creating+0x163/0x1e0 [ 652.866245] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 652.871784] hci_register_dev+0x304/0x880 [ 652.873568] Bluetooth: hci4: sending frame failed (-49) [ 652.875947] hci_uart_tty_ioctl+0x761/0xaf0 [ 652.875969] tty_ioctl+0x8b5/0x1510 [ 652.875986] ? hci_uart_init_work+0x140/0x140 [ 652.876002] ? tty_vhangup+0x30/0x30 [ 652.876020] ? mark_held_locks+0x100/0x100 [ 652.876041] ? proc_cwd_link+0x1d0/0x1d0 [ 652.905890] ? __fget+0x340/0x540 [ 652.909346] ? ___might_sleep+0x163/0x280 [ 652.913490] ? __might_sleep+0x95/0x190 [ 652.917458] ? tty_vhangup+0x30/0x30 [ 652.921176] do_vfs_ioctl+0xd5f/0x1380 [ 652.925085] ? selinux_file_ioctl+0x46f/0x5e0 [ 652.929570] ? selinux_file_ioctl+0x125/0x5e0 [ 652.934062] ? ioctl_preallocate+0x210/0x210 [ 652.938468] ? selinux_file_mprotect+0x620/0x620 [ 652.943241] ? iterate_fd+0x360/0x360 [ 652.947065] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 652.952637] ? fput+0x128/0x1a0 [ 652.955964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 652.961497] ? security_file_ioctl+0x8d/0xc0 [ 652.965899] ksys_ioctl+0xab/0xd0 [ 652.969351] __x64_sys_ioctl+0x73/0xb0 [ 652.973235] do_syscall_64+0xfd/0x620 [ 652.977062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 652.982258] RIP: 0033:0x459519 [ 652.985468] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 653.004386] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 653.012101] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 653.019382] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 653.026667] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 653.033944] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 653.041210] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 653.056926] Bluetooth: hci3: Frame reassembly failed (-84) [ 653.172602] Bluetooth: hci1: command 0x1003 tx timeout [ 653.178214] Bluetooth: hci1: sending frame failed (-49) 14:40:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0105303, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 653.652473] Bluetooth: hci2: command 0x1001 tx timeout [ 653.657983] Bluetooth: hci2: sending frame failed (-49) [ 654.452493] Bluetooth: hci0: command 0x1001 tx timeout [ 654.457934] Bluetooth: hci0: sending frame failed (-49) [ 654.932585] Bluetooth: hci4: command 0x1001 tx timeout [ 654.938012] Bluetooth: hci4: sending frame failed (-49) [ 655.092526] Bluetooth: hci3: command 0x1003 tx timeout [ 655.098056] Bluetooth: hci3: sending frame failed (-49) [ 655.252607] Bluetooth: hci1: command 0x1001 tx timeout [ 655.258000] Bluetooth: hci1: sending frame failed (-49) [ 655.732535] Bluetooth: hci2: command 0x1009 tx timeout [ 656.532594] Bluetooth: hci0: command 0x1009 tx timeout [ 657.012614] Bluetooth: hci4: command 0x1009 tx timeout [ 657.172964] Bluetooth: hci3: command 0x1001 tx timeout [ 657.178457] Bluetooth: hci3: sending frame failed (-49) [ 657.332556] Bluetooth: hci1: command 0x1009 tx timeout [ 659.252701] Bluetooth: hci3: command 0x1009 tx timeout 14:40:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0189436, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:40:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5415, &(0x7f00000001c0)=0x1000000000033) [ 659.782960] Bluetooth: hci2: Frame reassembly failed (-84) [ 659.788792] Bluetooth: hci2: Frame reassembly failed (-84) 14:40:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541b, &(0x7f00000001c0)=0x1000000000033) 14:40:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc020660b, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:40:15 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5416, &(0x7f00000001c0)) 14:40:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc02c5341, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:40:15 executing program 0 (fault-call:2 fault-nth:30): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 661.676233] FAULT_INJECTION: forcing a failure. [ 661.676233] name failslab, interval 1, probability 0, space 0, times 0 [ 661.688649] CPU: 0 PID: 11103 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 661.695687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 661.705240] Call Trace: [ 661.707913] dump_stack+0x172/0x1f0 [ 661.711552] should_fail.cold+0xa/0x1b [ 661.715481] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 661.720588] ? lock_downgrade+0x810/0x810 [ 661.725009] ? ___might_sleep+0x163/0x280 [ 661.729424] __should_failslab+0x121/0x190 [ 661.733673] should_failslab+0x9/0x14 [ 661.737543] kmem_cache_alloc_trace+0x2cc/0x760 [ 661.742222] ? kasan_check_write+0x14/0x20 [ 661.746528] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 661.751421] kobject_uevent_env+0x387/0x101d [ 661.755859] kobject_uevent+0x20/0x26 [ 661.759793] device_add+0xb3a/0x1760 [ 661.763672] ? get_device_parent.isra.0+0x570/0x570 [ 661.768707] ? start_creating+0x163/0x1e0 [ 661.772877] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 661.778568] hci_register_dev+0x304/0x880 [ 661.782780] hci_uart_tty_ioctl+0x761/0xaf0 [ 661.787135] tty_ioctl+0x8b5/0x1510 [ 661.790901] ? hci_uart_init_work+0x140/0x140 [ 661.796242] ? tty_vhangup+0x30/0x30 [ 661.800161] ? mark_held_locks+0x100/0x100 [ 661.804488] ? proc_cwd_link+0x1d0/0x1d0 [ 661.808582] ? __fget+0x340/0x540 [ 661.812116] ? ___might_sleep+0x163/0x280 [ 661.812525] Bluetooth: hci2: command 0x1003 tx timeout [ 661.816300] ? __might_sleep+0x95/0x190 [ 661.816317] ? tty_vhangup+0x30/0x30 [ 661.826314] Bluetooth: hci2: sending frame failed (-49) [ 661.829411] do_vfs_ioctl+0xd5f/0x1380 [ 661.829426] ? selinux_file_ioctl+0x46f/0x5e0 [ 661.829434] ? selinux_file_ioctl+0x125/0x5e0 [ 661.829448] ? ioctl_preallocate+0x210/0x210 [ 661.852337] ? selinux_file_mprotect+0x620/0x620 [ 661.857149] ? iterate_fd+0x360/0x360 [ 661.860992] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 661.866878] ? fput+0x128/0x1a0 [ 661.870181] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.875735] ? security_file_ioctl+0x8d/0xc0 [ 661.880174] ksys_ioctl+0xab/0xd0 [ 661.886156] __x64_sys_ioctl+0x73/0xb0 [ 661.890081] do_syscall_64+0xfd/0x620 [ 661.893923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.899141] RIP: 0033:0x459519 [ 661.902368] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 661.921878] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 661.929617] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 661.936953] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 661.944593] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 661.951992] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 661.959276] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 661.967778] Bluetooth: hci1: Frame reassembly failed (-84) 14:40:16 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0305302, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 662.452525] Bluetooth: hci0: command 0x1003 tx timeout [ 662.458054] Bluetooth: hci0: sending frame failed (-49) 14:40:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc04c5349, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 663.092461] Bluetooth: hci4: command 0x1003 tx timeout [ 663.098066] Bluetooth: hci4: sending frame failed (-49) 14:40:17 executing program 5 (fault-call:2 fault-nth:32): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 663.600892] FAULT_INJECTION: forcing a failure. [ 663.600892] name failslab, interval 1, probability 0, space 0, times 0 [ 663.613046] CPU: 1 PID: 11118 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 663.620247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.631632] Call Trace: [ 663.634224] dump_stack+0x172/0x1f0 [ 663.638141] should_fail.cold+0xa/0x1b [ 663.642240] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 663.647353] ? lock_downgrade+0x810/0x810 [ 663.651506] ? ___might_sleep+0x163/0x280 [ 663.656017] __should_failslab+0x121/0x190 [ 663.660257] should_failslab+0x9/0x14 [ 663.664055] kmem_cache_alloc_node_trace+0x274/0x720 [ 663.669150] ? __alloc_skb+0xd5/0x5f0 [ 663.672959] __kmalloc_node_track_caller+0x3d/0x80 [ 663.677893] __kmalloc_reserve.isra.0+0x40/0xf0 [ 663.682581] __alloc_skb+0x10b/0x5f0 [ 663.686366] ? skb_scrub_packet+0x490/0x490 [ 663.690687] ? kasan_check_read+0x11/0x20 [ 663.694825] alloc_uevent_skb+0x83/0x1e2 [ 663.698873] kobject_uevent_env+0xaa3/0x101d [ 663.703535] kobject_uevent+0x20/0x26 [ 663.707331] device_add+0xb3a/0x1760 [ 663.711051] ? get_device_parent.isra.0+0x570/0x570 [ 663.716066] ? start_creating+0x163/0x1e0 [ 663.720249] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 663.725793] hci_register_dev+0x304/0x880 [ 663.730362] hci_uart_tty_ioctl+0x761/0xaf0 [ 663.735219] tty_ioctl+0x8b5/0x1510 [ 663.739083] ? hci_uart_init_work+0x140/0x140 [ 663.743772] ? tty_vhangup+0x30/0x30 [ 663.747850] ? mark_held_locks+0x100/0x100 [ 663.753820] ? proc_cwd_link+0x1d0/0x1d0 [ 663.758168] ? __fget+0x340/0x540 [ 663.762041] ? ___might_sleep+0x163/0x280 [ 663.766506] ? __might_sleep+0x95/0x190 [ 663.770497] ? tty_vhangup+0x30/0x30 [ 663.774252] do_vfs_ioctl+0xd5f/0x1380 [ 663.778150] ? selinux_file_ioctl+0x46f/0x5e0 [ 663.782757] ? selinux_file_ioctl+0x125/0x5e0 [ 663.787272] ? ioctl_preallocate+0x210/0x210 [ 663.791731] ? selinux_file_mprotect+0x620/0x620 [ 663.796805] ? iterate_fd+0x360/0x360 [ 663.800608] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 663.806464] ? fput+0x128/0x1a0 [ 663.809861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.815426] ? security_file_ioctl+0x8d/0xc0 [ 663.819947] ksys_ioctl+0xab/0xd0 [ 663.823524] __x64_sys_ioctl+0x73/0xb0 [ 663.827504] do_syscall_64+0xfd/0x620 [ 663.831491] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.836715] RIP: 0033:0x459519 [ 663.839926] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 663.859087] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 663.866829] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 663.874103] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 663.881464] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 663.888906] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 14:40:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0505350, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 663.896208] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 663.904481] Bluetooth: hci2: command 0x1001 tx timeout [ 663.910311] Bluetooth: hci2: sending frame failed (-49) [ 663.917214] Bluetooth: hci3: Frame reassembly failed (-84) [ 663.972584] Bluetooth: hci1: command 0x1003 tx timeout [ 663.980109] Bluetooth: hci1: sending frame failed (-49) [ 664.532518] Bluetooth: hci0: command 0x1001 tx timeout [ 664.538144] Bluetooth: hci0: sending frame failed (-49) 14:40:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc058534b, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 665.172549] Bluetooth: hci4: command 0x1001 tx timeout [ 665.178549] Bluetooth: hci4: sending frame failed (-49) 14:40:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc05c5340, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 665.972743] Bluetooth: hci3: command 0x1003 tx timeout [ 665.978250] Bluetooth: hci2: command 0x1009 tx timeout [ 665.978284] Bluetooth: hci3: sending frame failed (-49) [ 666.052444] Bluetooth: hci1: command 0x1001 tx timeout [ 666.058081] Bluetooth: hci1: sending frame failed (-49) [ 666.612512] Bluetooth: hci0: command 0x1009 tx timeout [ 667.252614] Bluetooth: hci4: command 0x1009 tx timeout [ 668.052618] Bluetooth: hci3: command 0x1001 tx timeout [ 668.058226] Bluetooth: hci3: sending frame failed (-49) [ 668.132634] Bluetooth: hci1: command 0x1009 tx timeout 14:40:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5416, &(0x7f00000001c0)=0x1000000000033) [ 670.017004] Bluetooth: hci2: Frame reassembly failed (-84) [ 670.132622] Bluetooth: hci3: command 0x1009 tx timeout 14:40:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541d, &(0x7f00000001c0)=0x1000000000033) 14:40:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0605345, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 670.654060] Bluetooth: hci0: Frame reassembly failed (-84) 14:40:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5418, &(0x7f00000001c0)) [ 671.299004] Bluetooth: hci4: Frame reassembly failed (-84) 14:40:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5332, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 672.052495] Bluetooth: hci2: command 0x1003 tx timeout [ 672.058219] Bluetooth: hci2: sending frame failed (-49) 14:40:26 executing program 0 (fault-call:2 fault-nth:31): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:40:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5334, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 672.561994] FAULT_INJECTION: forcing a failure. [ 672.561994] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 672.575994] CPU: 0 PID: 11165 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 672.583852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.594469] Call Trace: [ 672.597195] dump_stack+0x172/0x1f0 [ 672.600843] should_fail.cold+0xa/0x1b [ 672.604751] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 672.610676] ? mark_held_locks+0x100/0x100 [ 672.615275] __alloc_pages_nodemask+0x1ee/0x760 [ 672.620416] ? irq_work_claim+0x98/0xc0 [ 672.624532] ? __alloc_pages_slowpath+0x2870/0x2870 [ 672.629728] cache_grow_begin+0x9c/0x8b0 [ 672.633935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 672.639586] ? check_preemption_disabled+0x48/0x290 [ 672.644625] kmem_cache_alloc_trace+0x685/0x760 [ 672.649422] ? kasan_check_write+0x14/0x20 [ 672.653798] kobject_uevent_env+0x387/0x101d [ 672.658265] kobject_uevent+0x20/0x26 [ 672.662181] device_add+0xb3a/0x1760 [ 672.665915] ? get_device_parent.isra.0+0x570/0x570 [ 672.671304] ? start_creating+0x163/0x1e0 [ 672.675467] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 672.681185] hci_register_dev+0x304/0x880 [ 672.685838] hci_uart_tty_ioctl+0x761/0xaf0 [ 672.691447] tty_ioctl+0x8b5/0x1510 [ 672.695184] ? hci_uart_init_work+0x140/0x140 [ 672.699939] ? tty_vhangup+0x30/0x30 [ 672.703933] ? rcu_read_unlock_special+0x679/0xea0 [ 672.709044] ? __fget+0x340/0x540 [ 672.712759] ? ___might_sleep+0x163/0x280 [ 672.716985] ? __might_sleep+0x95/0x190 [ 672.720984] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 672.726328] ? tty_vhangup+0x30/0x30 [ 672.730282] do_vfs_ioctl+0xd5f/0x1380 [ 672.734218] ? selinux_file_ioctl+0x46f/0x5e0 [ 672.738913] ? selinux_file_ioctl+0x125/0x5e0 [ 672.743605] ? ioctl_preallocate+0x210/0x210 [ 672.749145] ? selinux_file_mprotect+0x620/0x620 [ 672.755990] ? iterate_fd+0x360/0x360 [ 672.761018] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 672.767094] ? fput+0x128/0x1a0 [ 672.771233] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.776807] ? security_file_ioctl+0x8d/0xc0 [ 672.782870] ksys_ioctl+0xab/0xd0 [ 672.786618] __x64_sys_ioctl+0x73/0xb0 [ 672.790527] do_syscall_64+0xfd/0x620 [ 672.794365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 672.801993] RIP: 0033:0x459519 [ 672.807517] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 672.826904] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 672.835364] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 672.843743] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 672.851220] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 672.858708] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 672.866090] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 672.874063] Bluetooth: hci0: command 0x1003 tx timeout [ 672.881358] Bluetooth: hci0: sending frame failed (-49) [ 672.888670] Bluetooth: hci1: Frame reassembly failed (-84) 14:40:27 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5335, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 673.332727] Bluetooth: hci4: command 0x1003 tx timeout [ 673.338489] Bluetooth: hci4: sending frame failed (-49) [ 674.132456] Bluetooth: hci2: command 0x1001 tx timeout [ 674.138028] Bluetooth: hci2: sending frame failed (-49) 14:40:28 executing program 5 (fault-call:2 fault-nth:33): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:40:28 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5336, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 674.486909] FAULT_INJECTION: forcing a failure. [ 674.486909] name failslab, interval 1, probability 0, space 0, times 0 [ 674.499046] CPU: 0 PID: 11179 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 674.506099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 674.515793] Call Trace: [ 674.518404] dump_stack+0x172/0x1f0 [ 674.522048] should_fail.cold+0xa/0x1b [ 674.526056] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 674.531613] ? lock_downgrade+0x810/0x810 [ 674.535789] ? ___might_sleep+0x163/0x280 [ 674.540088] __should_failslab+0x121/0x190 [ 674.544449] should_failslab+0x9/0x14 [ 674.548262] kmem_cache_alloc_node_trace+0x274/0x720 [ 674.553500] ? __alloc_skb+0xd5/0x5f0 [ 674.557327] __kmalloc_node_track_caller+0x3d/0x80 [ 674.562380] __kmalloc_reserve.isra.0+0x40/0xf0 [ 674.570069] __alloc_skb+0x10b/0x5f0 [ 674.585621] ? skb_scrub_packet+0x490/0x490 [ 674.589972] ? kasan_check_read+0x11/0x20 [ 674.594127] alloc_uevent_skb+0x83/0x1e2 [ 674.598317] kobject_uevent_env+0xaa3/0x101d [ 674.602862] kobject_uevent+0x20/0x26 [ 674.606862] device_add+0xb3a/0x1760 [ 674.610709] ? get_device_parent.isra.0+0x570/0x570 [ 674.615736] ? start_creating+0x163/0x1e0 [ 674.620029] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 674.625585] hci_register_dev+0x304/0x880 [ 674.629766] hci_uart_tty_ioctl+0x761/0xaf0 [ 674.634183] tty_ioctl+0x8b5/0x1510 [ 674.637832] ? hci_uart_init_work+0x140/0x140 [ 674.642343] ? tty_vhangup+0x30/0x30 [ 674.646078] ? mark_held_locks+0x100/0x100 [ 674.650339] ? proc_cwd_link+0x1d0/0x1d0 [ 674.654612] ? __fget+0x340/0x540 [ 674.658079] ? ___might_sleep+0x163/0x280 [ 674.662337] ? __might_sleep+0x95/0x190 [ 674.666327] ? tty_vhangup+0x30/0x30 [ 674.670055] do_vfs_ioctl+0xd5f/0x1380 [ 674.674181] ? selinux_file_ioctl+0x46f/0x5e0 [ 674.678794] ? selinux_file_ioctl+0x125/0x5e0 [ 674.683442] ? ioctl_preallocate+0x210/0x210 [ 674.687859] ? selinux_file_mprotect+0x620/0x620 [ 674.692738] ? iterate_fd+0x360/0x360 [ 674.696610] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 674.702167] ? fput+0x128/0x1a0 [ 674.705565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.711216] ? security_file_ioctl+0x8d/0xc0 [ 674.715686] ksys_ioctl+0xab/0xd0 [ 674.719224] __x64_sys_ioctl+0x73/0xb0 [ 674.723137] do_syscall_64+0xfd/0x620 [ 674.726956] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 674.732265] RIP: 0033:0x459519 [ 674.735458] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 674.754459] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 674.762424] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 674.769813] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 674.777168] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 674.784448] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 674.792109] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 674.932612] Bluetooth: hci1: command 0x1003 tx timeout [ 674.938277] Bluetooth: hci0: command 0x1001 tx timeout [ 674.938416] Bluetooth: hci1: sending frame failed (-49) [ 674.944024] Bluetooth: hci0: sending frame failed (-49) 14:40:29 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0a85320, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 675.412927] Bluetooth: hci4: command 0x1001 tx timeout [ 675.418437] Bluetooth: hci4: sending frame failed (-49) 14:40:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0a85322, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 676.222479] Bluetooth: hci2: command 0x1009 tx timeout [ 676.852500] Bluetooth: hci3: command 0x1003 tx timeout [ 676.857973] Bluetooth: hci3: sending frame failed (-49) [ 677.012695] Bluetooth: hci0: command 0x1009 tx timeout [ 677.022538] Bluetooth: hci1: command 0x1001 tx timeout [ 677.027940] Bluetooth: hci1: sending frame failed (-49) [ 677.492488] Bluetooth: hci4: command 0x1009 tx timeout [ 678.932561] Bluetooth: hci3: command 0x1001 tx timeout [ 678.938306] Bluetooth: hci3: sending frame failed (-49) [ 679.092538] Bluetooth: hci1: command 0x1009 tx timeout 14:40:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5418, &(0x7f00000001c0)=0x1000000000033) [ 680.250336] Bluetooth: hci2: Frame reassembly failed (-84) [ 680.260555] Bluetooth: hci2: Frame reassembly failed (-84) 14:40:34 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541f, &(0x7f00000001c0)=0x1000000000033) 14:40:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0a85352, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 681.012494] Bluetooth: hci3: command 0x1009 tx timeout 14:40:35 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541b, &(0x7f00000001c0)) 14:40:35 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0bc5310, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 682.292494] Bluetooth: hci2: command 0x1003 tx timeout [ 682.298233] Bluetooth: hci2: sending frame failed (-49) [ 682.932517] Bluetooth: hci0: command 0x1003 tx timeout [ 682.937987] Bluetooth: hci0: sending frame failed (-49) 14:40:37 executing program 0 (fault-call:2 fault-nth:32): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:40:37 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc0bc5351, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 683.458637] FAULT_INJECTION: forcing a failure. [ 683.458637] name failslab, interval 1, probability 0, space 0, times 0 [ 683.470671] CPU: 0 PID: 11222 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 683.478357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 683.489181] Call Trace: [ 683.491833] dump_stack+0x172/0x1f0 [ 683.495761] should_fail.cold+0xa/0x1b [ 683.499806] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 683.505995] ? lock_downgrade+0x810/0x810 [ 683.510685] ? ___might_sleep+0x163/0x280 [ 683.514855] __should_failslab+0x121/0x190 [ 683.519191] should_failslab+0x9/0x14 [ 683.522996] kmem_cache_alloc+0x2ae/0x700 [ 683.527444] ? refcount_add_not_zero_checked+0x240/0x240 [ 683.532896] ? lock_downgrade+0x810/0x810 [ 683.537381] skb_clone+0x156/0x3e0 [ 683.541151] netlink_broadcast_filtered+0x86e/0xb20 [ 683.546219] netlink_broadcast+0x3a/0x50 [ 683.550409] kobject_uevent_env+0xad4/0x101d [ 683.555271] kobject_uevent+0x20/0x26 [ 683.559075] device_add+0xb3a/0x1760 [ 683.562935] ? get_device_parent.isra.0+0x570/0x570 [ 683.568008] ? start_creating+0x163/0x1e0 [ 683.572182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 683.577790] hci_register_dev+0x304/0x880 [ 683.581983] hci_uart_tty_ioctl+0x761/0xaf0 [ 683.586315] tty_ioctl+0x8b5/0x1510 [ 683.590061] ? hci_uart_init_work+0x140/0x140 [ 683.594565] ? tty_vhangup+0x30/0x30 [ 683.598292] ? mark_held_locks+0x100/0x100 [ 683.602560] ? proc_cwd_link+0x1d0/0x1d0 [ 683.606824] ? __fget+0x340/0x540 [ 683.610332] ? ___might_sleep+0x163/0x280 [ 683.614747] ? __might_sleep+0x95/0x190 [ 683.618787] ? tty_vhangup+0x30/0x30 [ 683.622539] do_vfs_ioctl+0xd5f/0x1380 [ 683.626439] ? selinux_file_ioctl+0x46f/0x5e0 [ 683.630944] ? selinux_file_ioctl+0x125/0x5e0 [ 683.637198] ? ioctl_preallocate+0x210/0x210 [ 683.641943] ? selinux_file_mprotect+0x620/0x620 [ 683.646708] ? iterate_fd+0x360/0x360 [ 683.650599] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 683.656324] ? fput+0x128/0x1a0 [ 683.659609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 683.665420] ? security_file_ioctl+0x8d/0xc0 [ 683.669847] ksys_ioctl+0xab/0xd0 [ 683.673409] __x64_sys_ioctl+0x73/0xb0 [ 683.677349] do_syscall_64+0xfd/0x620 [ 683.681211] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.686400] RIP: 0033:0x459519 [ 683.689587] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 683.708816] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 683.716525] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 683.723803] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 683.731067] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 683.738330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 683.745590] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 683.753784] Bluetooth: hci4: command 0x1003 tx timeout [ 683.759150] Bluetooth: hci4: sending frame failed (-49) [ 683.766056] Bluetooth: hci1: Frame reassembly failed (-84) 14:40:38 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 684.372550] Bluetooth: hci2: command 0x1001 tx timeout [ 684.377997] Bluetooth: hci2: sending frame failed (-49) [ 685.012477] Bluetooth: hci0: command 0x1001 tx timeout [ 685.018027] Bluetooth: hci0: sending frame failed (-49) 14:40:39 executing program 5 (fault-call:2 fault-nth:34): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:40:39 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 685.383041] FAULT_INJECTION: forcing a failure. [ 685.383041] name failslab, interval 1, probability 0, space 0, times 0 [ 685.395149] CPU: 1 PID: 11234 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 685.402208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.411597] Call Trace: [ 685.414230] dump_stack+0x172/0x1f0 [ 685.417900] should_fail.cold+0xa/0x1b [ 685.421821] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 685.426958] ? lock_downgrade+0x810/0x810 [ 685.431148] ? ___might_sleep+0x163/0x280 [ 685.435338] __should_failslab+0x121/0x190 [ 685.439611] should_failslab+0x9/0x14 [ 685.443455] kmem_cache_alloc_node_trace+0x274/0x720 [ 685.449216] ? refcount_dec_and_test_checked+0x1b/0x20 [ 685.454537] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 685.460117] ? kobject_put+0x84/0xe0 [ 685.463874] __kmalloc_node_track_caller+0x3d/0x80 [ 685.468885] devm_kmalloc+0x92/0x1a0 [ 685.472678] hci_leds_init+0x32/0x1c0 [ 685.476534] hci_register_dev+0x328/0x880 [ 685.480904] hci_uart_tty_ioctl+0x761/0xaf0 [ 685.485283] tty_ioctl+0x8b5/0x1510 [ 685.488965] ? hci_uart_init_work+0x140/0x140 [ 685.493510] ? tty_vhangup+0x30/0x30 [ 685.497264] ? mark_held_locks+0x100/0x100 [ 685.501544] ? proc_cwd_link+0x1d0/0x1d0 [ 685.505661] ? __fget+0x340/0x540 [ 685.509160] ? ___might_sleep+0x163/0x280 [ 685.513353] ? __might_sleep+0x95/0x190 [ 685.517364] ? tty_vhangup+0x30/0x30 [ 685.521123] do_vfs_ioctl+0xd5f/0x1380 [ 685.525052] ? selinux_file_ioctl+0x46f/0x5e0 [ 685.529585] ? selinux_file_ioctl+0x125/0x5e0 [ 685.534126] ? ioctl_preallocate+0x210/0x210 [ 685.538577] ? selinux_file_mprotect+0x620/0x620 [ 685.543381] ? iterate_fd+0x360/0x360 [ 685.547230] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 685.552812] ? fput+0x128/0x1a0 [ 685.556150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.561730] ? security_file_ioctl+0x8d/0xc0 [ 685.566183] ksys_ioctl+0xab/0xd0 [ 685.569688] __x64_sys_ioctl+0x73/0xb0 [ 685.573618] do_syscall_64+0xfd/0x620 [ 685.577465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.582688] RIP: 0033:0x459519 [ 685.585910] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 685.604857] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 685.612622] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 685.620272] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 685.627660] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 685.634977] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 685.642276] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 685.663755] Bluetooth: hci3: Frame reassembly failed (-84) [ 685.822657] Bluetooth: hci1: command 0x1003 tx timeout [ 685.828070] Bluetooth: hci1: sending frame failed (-49) [ 685.833857] Bluetooth: hci4: command 0x1001 tx timeout [ 685.839235] Bluetooth: hci4: sending frame failed (-49) 14:40:40 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 686.452463] Bluetooth: hci2: command 0x1009 tx timeout 14:40:41 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 687.092482] Bluetooth: hci0: command 0x1009 tx timeout [ 687.732511] Bluetooth: hci3: command 0x1003 tx timeout [ 687.738121] Bluetooth: hci3: sending frame failed (-49) [ 687.903967] Bluetooth: hci4: command 0x1009 tx timeout [ 687.910381] Bluetooth: hci1: command 0x1001 tx timeout [ 687.921539] Bluetooth: hci1: sending frame failed (-49) [ 689.812613] Bluetooth: hci3: command 0x1001 tx timeout [ 689.818107] Bluetooth: hci3: sending frame failed (-49) [ 689.972853] Bluetooth: hci1: command 0x1009 tx timeout 14:40:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541b, &(0x7f00000001c0)=0x1000000000033) [ 690.494979] Bluetooth: hci2: Frame reassembly failed (-84) 14:40:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5421, &(0x7f00000001c0)=0x1000000000033) 14:40:45 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 691.147314] Bluetooth: hci0: sending frame failed (-49) 14:40:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541d, &(0x7f00000001c0)) [ 691.811311] Bluetooth: hci4: Frame reassembly failed (-84) [ 691.892480] Bluetooth: hci3: command 0x1009 tx timeout 14:40:46 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 692.532552] Bluetooth: hci2: command 0x1003 tx timeout [ 692.538260] Bluetooth: hci2: sending frame failed (-49) [ 693.172542] Bluetooth: hci0: command 0x1003 tx timeout [ 693.178239] Bluetooth: hci0: sending frame failed (-49) [ 693.812539] Bluetooth: hci4: command 0x1003 tx timeout [ 693.818137] Bluetooth: hci4: sending frame failed (-49) 14:40:48 executing program 0 (fault-call:2 fault-nth:33): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:40:48 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 694.355374] FAULT_INJECTION: forcing a failure. [ 694.355374] name failslab, interval 1, probability 0, space 0, times 0 [ 694.366915] CPU: 1 PID: 11277 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 694.374068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 694.383446] Call Trace: [ 694.386074] dump_stack+0x172/0x1f0 [ 694.389747] should_fail.cold+0xa/0x1b [ 694.393668] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 694.398812] ? lock_downgrade+0x810/0x810 [ 694.402992] ? ___might_sleep+0x163/0x280 [ 694.407177] __should_failslab+0x121/0x190 [ 694.411438] should_failslab+0x9/0x14 [ 694.415268] kmem_cache_alloc_node+0x26c/0x710 [ 694.419875] ? find_held_lock+0x35/0x130 [ 694.423970] __alloc_skb+0xd5/0x5f0 [ 694.427621] ? skb_scrub_packet+0x490/0x490 [ 694.431976] ? kasan_check_read+0x11/0x20 [ 694.436186] alloc_uevent_skb+0x83/0x1e2 [ 694.440274] kobject_uevent_env+0xaa3/0x101d [ 694.444722] kobject_uevent+0x20/0x26 [ 694.448546] device_add+0xb3a/0x1760 [ 694.452292] ? get_device_parent.isra.0+0x570/0x570 [ 694.457324] ? start_creating+0x163/0x1e0 [ 694.461500] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 694.467070] hci_register_dev+0x304/0x880 [ 694.471248] hci_uart_tty_ioctl+0x761/0xaf0 [ 694.475604] tty_ioctl+0x8b5/0x1510 [ 694.479254] ? hci_uart_init_work+0x140/0x140 [ 694.483764] ? tty_vhangup+0x30/0x30 [ 694.487515] ? rcu_read_unlock_special+0x679/0xea0 [ 694.492477] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 694.497283] ? __fget+0x340/0x540 [ 694.500761] ? ___might_sleep+0x163/0x280 [ 694.504936] ? __might_sleep+0x95/0x190 [ 694.508941] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 694.514069] ? tty_vhangup+0x30/0x30 [ 694.517810] do_vfs_ioctl+0xd5f/0x1380 [ 694.521724] ? selinux_file_ioctl+0x46f/0x5e0 [ 694.526247] ? selinux_file_ioctl+0x125/0x5e0 [ 694.530767] ? ioctl_preallocate+0x210/0x210 [ 694.535209] ? selinux_file_mprotect+0x620/0x620 [ 694.540003] ? iterate_fd+0x360/0x360 [ 694.544175] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 694.549745] ? fput+0x128/0x1a0 [ 694.553064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.560306] ? security_file_ioctl+0x8d/0xc0 [ 694.564740] ksys_ioctl+0xab/0xd0 [ 694.571714] __x64_sys_ioctl+0x73/0xb0 [ 694.578775] do_syscall_64+0xfd/0x620 [ 694.582610] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.587818] RIP: 0033:0x459519 [ 694.591027] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 694.609958] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 694.617701] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 694.624996] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 694.632293] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 694.639583] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 694.646871] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 694.662680] Bluetooth: hci2: command 0x1001 tx timeout [ 694.668320] Bluetooth: hci2: sending frame failed (-49) [ 694.680937] Bluetooth: hci1: Frame reassembly failed (-84) 14:40:49 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 695.252632] Bluetooth: hci0: command 0x1001 tx timeout [ 695.263751] Bluetooth: hci0: sending frame failed (-49) [ 695.892458] Bluetooth: hci4: command 0x1001 tx timeout [ 695.898067] Bluetooth: hci4: sending frame failed (-49) 14:40:50 executing program 5 (fault-call:2 fault-nth:35): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:40:50 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 696.269589] FAULT_INJECTION: forcing a failure. [ 696.269589] name failslab, interval 1, probability 0, space 0, times 0 [ 696.282486] CPU: 1 PID: 11294 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 696.289540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.298926] Call Trace: [ 696.301554] dump_stack+0x172/0x1f0 [ 696.305218] should_fail.cold+0xa/0x1b [ 696.309140] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 696.314275] ? lock_downgrade+0x810/0x810 [ 696.318462] ? ___might_sleep+0x163/0x280 [ 696.322654] __should_failslab+0x121/0x190 [ 696.326932] should_failslab+0x9/0x14 [ 696.330782] kmem_cache_alloc_node_trace+0x274/0x720 [ 696.335916] ? vsnprintf+0x32a/0x19a0 [ 696.339763] __kmalloc_node_track_caller+0x3d/0x80 [ 696.344723] devm_kmalloc+0x92/0x1a0 [ 696.348472] devm_kvasprintf+0xcd/0x140 [ 696.352465] ? devm_kmemdup+0x60/0x60 [ 696.356286] ? devres_add+0x40/0x50 [ 696.359944] ? mark_held_locks+0xb1/0x100 [ 696.364120] devm_kasprintf+0xbb/0xf0 [ 696.367946] ? devm_kvasprintf+0x140/0x140 [ 696.372202] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 696.377338] ? devres_add+0x40/0x50 [ 696.380995] hci_leds_init+0xb3/0x1c0 [ 696.384821] hci_register_dev+0x328/0x880 [ 696.388995] hci_uart_tty_ioctl+0x761/0xaf0 [ 696.393334] tty_ioctl+0x8b5/0x1510 [ 696.396979] ? hci_uart_init_work+0x140/0x140 [ 696.401506] ? tty_vhangup+0x30/0x30 [ 696.405243] ? mark_held_locks+0x100/0x100 [ 696.409508] ? proc_cwd_link+0x1d0/0x1d0 [ 696.413606] ? __fget+0x340/0x540 [ 696.417082] ? ___might_sleep+0x163/0x280 [ 696.421253] ? __might_sleep+0x95/0x190 [ 696.425255] ? tty_vhangup+0x30/0x30 [ 696.428998] do_vfs_ioctl+0xd5f/0x1380 [ 696.432903] ? selinux_file_ioctl+0x46f/0x5e0 [ 696.437433] ? selinux_file_ioctl+0x125/0x5e0 [ 696.441963] ? ioctl_preallocate+0x210/0x210 [ 696.446391] ? selinux_file_mprotect+0x620/0x620 [ 696.451206] ? iterate_fd+0x360/0x360 [ 696.455064] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 696.460638] ? fput+0x128/0x1a0 [ 696.463960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.469516] ? security_file_ioctl+0x8d/0xc0 [ 696.473950] ksys_ioctl+0xab/0xd0 [ 696.477429] __x64_sys_ioctl+0x73/0xb0 [ 696.481343] do_syscall_64+0xfd/0x620 [ 696.485167] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.490371] RIP: 0033:0x459519 [ 696.493577] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 696.512588] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 696.520420] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 696.527843] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 696.535148] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 696.542445] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 696.549741] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 696.561606] Bluetooth: hci3: Frame reassembly failed (-84) [ 696.692467] Bluetooth: hci1: command 0x1003 tx timeout [ 696.697883] Bluetooth: hci1: sending frame failed (-49) [ 696.703754] Bluetooth: hci2: command 0x1009 tx timeout 14:40:51 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 697.332557] Bluetooth: hci0: command 0x1009 tx timeout [ 697.972501] Bluetooth: hci4: command 0x1009 tx timeout 14:40:52 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 698.612465] Bluetooth: hci3: command 0x1003 tx timeout [ 698.617885] Bluetooth: hci3: sending frame failed (-49) [ 698.772563] Bluetooth: hci1: command 0x1001 tx timeout [ 698.778201] Bluetooth: hci1: sending frame failed (-49) 14:40:54 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541d, &(0x7f00000001c0)=0x1000000000033) [ 700.692712] Bluetooth: hci3: command 0x1001 tx timeout [ 700.698175] Bluetooth: hci3: sending frame failed (-49) [ 700.758260] Bluetooth: hci2: Frame reassembly failed (-84) [ 700.852475] Bluetooth: hci1: command 0x1009 tx timeout 14:40:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x1000000000033) 14:40:55 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 701.399957] Bluetooth: hci0: Frame reassembly failed (-84) 14:40:56 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541f, &(0x7f00000001c0)) 14:40:56 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 702.772476] Bluetooth: hci2: command 0x1003 tx timeout [ 702.772615] Bluetooth: hci3: command 0x1009 tx timeout [ 702.777890] Bluetooth: hci2: sending frame failed (-49) [ 703.412601] Bluetooth: hci0: command 0x1003 tx timeout [ 703.418017] Bluetooth: hci0: sending frame failed (-49) [ 704.052529] Bluetooth: hci4: command 0x1003 tx timeout [ 704.058121] Bluetooth: hci4: sending frame failed (-49) [ 704.852551] Bluetooth: hci2: command 0x1001 tx timeout [ 704.858008] Bluetooth: hci2: sending frame failed (-49) 14:40:59 executing program 0 (fault-call:2 fault-nth:34): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:40:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 705.233268] FAULT_INJECTION: forcing a failure. [ 705.233268] name failslab, interval 1, probability 0, space 0, times 0 [ 705.252046] CPU: 0 PID: 11335 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 705.259098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.268469] Call Trace: [ 705.271090] dump_stack+0x172/0x1f0 [ 705.274752] should_fail.cold+0xa/0x1b [ 705.278667] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 705.283797] ? lock_downgrade+0x810/0x810 [ 705.287966] ? ___might_sleep+0x163/0x280 [ 705.292136] __should_failslab+0x121/0x190 [ 705.296391] should_failslab+0x9/0x14 [ 705.300210] kmem_cache_alloc+0x2ae/0x700 [ 705.304378] ? refcount_add_not_zero_checked+0x240/0x240 [ 705.309842] ? lock_downgrade+0x810/0x810 [ 705.314020] skb_clone+0x156/0x3e0 [ 705.317581] netlink_broadcast_filtered+0x86e/0xb20 [ 705.322630] netlink_broadcast+0x3a/0x50 [ 705.326717] kobject_uevent_env+0xad4/0x101d [ 705.331164] kobject_uevent+0x20/0x26 [ 705.334993] device_add+0xb3a/0x1760 [ 705.338730] ? get_device_parent.isra.0+0x570/0x570 [ 705.343764] ? start_creating+0x163/0x1e0 [ 705.347931] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 705.353502] hci_register_dev+0x304/0x880 [ 705.357675] hci_uart_tty_ioctl+0x761/0xaf0 [ 705.362019] tty_ioctl+0x8b5/0x1510 [ 705.365665] ? hci_uart_init_work+0x140/0x140 [ 705.370175] ? tty_vhangup+0x30/0x30 [ 705.373915] ? mark_held_locks+0x100/0x100 [ 705.378169] ? proc_cwd_link+0x1d0/0x1d0 [ 705.382258] ? __fget+0x340/0x540 [ 705.385730] ? ___might_sleep+0x163/0x280 [ 705.389901] ? __might_sleep+0x95/0x190 [ 705.393894] ? tty_vhangup+0x30/0x30 [ 705.397643] do_vfs_ioctl+0xd5f/0x1380 [ 705.401547] ? selinux_file_ioctl+0x46f/0x5e0 [ 705.406166] ? selinux_file_ioctl+0x125/0x5e0 [ 705.410709] ? ioctl_preallocate+0x210/0x210 [ 705.415139] ? selinux_file_mprotect+0x620/0x620 [ 705.419922] ? iterate_fd+0x360/0x360 [ 705.423766] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 705.429332] ? fput+0x128/0x1a0 [ 705.432645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.438208] ? security_file_ioctl+0x8d/0xc0 [ 705.442641] ksys_ioctl+0xab/0xd0 [ 705.446300] __x64_sys_ioctl+0x73/0xb0 [ 705.450209] do_syscall_64+0xfd/0x620 [ 705.454041] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.459246] RIP: 0033:0x459519 [ 705.462464] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 705.481389] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 705.489219] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 705.496509] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 705.503803] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 705.511113] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 705.518410] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 705.527942] Bluetooth: hci0: command 0x1001 tx timeout [ 705.535017] Bluetooth: hci0: sending frame failed (-49) [ 705.542231] Bluetooth: hci1: Frame reassembly failed (-84) 14:41:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 706.132721] Bluetooth: hci4: command 0x1001 tx timeout [ 706.138146] Bluetooth: hci4: sending frame failed (-49) [ 706.942559] Bluetooth: hci2: command 0x1009 tx timeout 14:41:01 executing program 5 (fault-call:2 fault-nth:36): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:41:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 707.168097] FAULT_INJECTION: forcing a failure. [ 707.168097] name failslab, interval 1, probability 0, space 0, times 0 [ 707.183646] CPU: 0 PID: 11351 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 707.190733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.200115] Call Trace: [ 707.202741] dump_stack+0x172/0x1f0 [ 707.206395] should_fail.cold+0xa/0x1b [ 707.210317] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 707.215469] ? lock_downgrade+0x810/0x810 [ 707.219722] ? ___might_sleep+0x163/0x280 [ 707.223902] __should_failslab+0x121/0x190 [ 707.228172] should_failslab+0x9/0x14 [ 707.231995] kmem_cache_alloc_node_trace+0x274/0x720 [ 707.237120] ? vsnprintf+0x32a/0x19a0 [ 707.240950] __kmalloc_node_track_caller+0x3d/0x80 [ 707.245907] devm_kmalloc+0x92/0x1a0 [ 707.249640] devm_kvasprintf+0xcd/0x140 [ 707.253637] ? devm_kmemdup+0x60/0x60 [ 707.257457] ? devres_add+0x40/0x50 [ 707.261110] ? mark_held_locks+0xb1/0x100 [ 707.265284] devm_kasprintf+0xbb/0xf0 [ 707.269105] ? devm_kvasprintf+0x140/0x140 [ 707.273366] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 707.278492] ? devres_add+0x40/0x50 [ 707.282153] hci_leds_init+0xb3/0x1c0 [ 707.285981] hci_register_dev+0x328/0x880 [ 707.290257] hci_uart_tty_ioctl+0x761/0xaf0 [ 707.294634] tty_ioctl+0x8b5/0x1510 [ 707.298284] ? hci_uart_init_work+0x140/0x140 [ 707.302806] ? tty_vhangup+0x30/0x30 [ 707.306548] ? mark_held_locks+0x100/0x100 [ 707.310804] ? proc_cwd_link+0x1d0/0x1d0 [ 707.314990] ? __fget+0x340/0x540 [ 707.318466] ? ___might_sleep+0x163/0x280 [ 707.322636] ? __might_sleep+0x95/0x190 [ 707.326627] ? tty_vhangup+0x30/0x30 [ 707.330364] do_vfs_ioctl+0xd5f/0x1380 [ 707.334274] ? selinux_file_ioctl+0x46f/0x5e0 [ 707.338782] ? selinux_file_ioctl+0x125/0x5e0 [ 707.343308] ? ioctl_preallocate+0x210/0x210 [ 707.347733] ? selinux_file_mprotect+0x620/0x620 [ 707.352613] ? iterate_fd+0x360/0x360 [ 707.356434] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 707.361988] ? fput+0x128/0x1a0 [ 707.365292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.370842] ? security_file_ioctl+0x8d/0xc0 [ 707.375267] ksys_ioctl+0xab/0xd0 [ 707.378729] __x64_sys_ioctl+0x73/0xb0 [ 707.382632] do_syscall_64+0xfd/0x620 [ 707.386452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.391650] RIP: 0033:0x459519 [ 707.394864] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 707.413794] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 707.421514] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 707.429491] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 707.436777] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 707.444323] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 707.451624] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 707.468766] Bluetooth: hci3: Frame reassembly failed (-84) [ 707.479300] Bluetooth: hci3: Frame reassembly failed (-84) [ 707.582601] Bluetooth: hci1: command 0x1003 tx timeout [ 707.588202] Bluetooth: hci1: sending frame failed (-49) [ 707.593704] Bluetooth: hci0: command 0x1009 tx timeout 14:41:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 708.212455] Bluetooth: hci4: command 0x1009 tx timeout 14:41:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 709.492470] Bluetooth: hci3: command 0x1003 tx timeout [ 709.497920] Bluetooth: hci3: sending frame failed (-49) [ 709.652610] Bluetooth: hci1: command 0x1001 tx timeout [ 709.658061] Bluetooth: hci1: sending frame failed (-49) 14:41:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x541f, &(0x7f00000001c0)=0x1000000000033) [ 710.982159] Bluetooth: hci2: Frame reassembly failed (-84) 14:41:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5424, &(0x7f00000001c0)=0x1000000000033) 14:41:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 711.572636] Bluetooth: hci3: command 0x1001 tx timeout [ 711.584634] Bluetooth: hci3: sending frame failed (-49) [ 711.635896] Bluetooth: hci0: Frame reassembly failed (-84) [ 711.732514] Bluetooth: hci1: command 0x1009 tx timeout 14:41:06 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5421, &(0x7f00000001c0)) [ 712.255077] Bluetooth: hci4: Frame reassembly failed (-84) 14:41:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 713.012484] Bluetooth: hci2: command 0x1003 tx timeout [ 713.017981] Bluetooth: hci2: sending frame failed (-49) [ 713.652455] Bluetooth: hci0: command 0x1003 tx timeout [ 713.657897] Bluetooth: hci0: sending frame failed (-49) [ 713.663869] Bluetooth: hci3: command 0x1009 tx timeout [ 714.292463] Bluetooth: hci4: command 0x1003 tx timeout [ 714.297877] Bluetooth: hci4: sending frame failed (-49) [ 715.092564] Bluetooth: hci2: command 0x1001 tx timeout [ 715.098148] Bluetooth: hci2: sending frame failed (-49) [ 715.732607] Bluetooth: hci0: command 0x1001 tx timeout [ 715.738075] Bluetooth: hci0: sending frame failed (-49) 14:41:10 executing program 0 (fault-call:2 fault-nth:35): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:41:10 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0xe}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 716.107396] FAULT_INJECTION: forcing a failure. [ 716.107396] name failslab, interval 1, probability 0, space 0, times 0 [ 716.126610] CPU: 1 PID: 11394 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 716.133691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.143073] Call Trace: [ 716.145713] dump_stack+0x172/0x1f0 [ 716.149380] should_fail.cold+0xa/0x1b [ 716.153307] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 716.158443] ? lock_downgrade+0x810/0x810 [ 716.162646] ? ___might_sleep+0x163/0x280 [ 716.166839] __should_failslab+0x121/0x190 [ 716.171116] should_failslab+0x9/0x14 [ 716.174957] kmem_cache_alloc_node_trace+0x274/0x720 [ 716.180120] ? vsnprintf+0x32a/0x19a0 [ 716.184757] __kmalloc_node_track_caller+0x3d/0x80 [ 716.189732] devm_kmalloc+0x92/0x1a0 [ 716.193485] devm_kvasprintf+0xcd/0x140 [ 716.197490] ? devm_kmemdup+0x60/0x60 [ 716.201310] ? devres_add+0x40/0x50 [ 716.204975] ? mark_held_locks+0xb1/0x100 [ 716.209332] devm_kasprintf+0xbb/0xf0 [ 716.213159] ? devm_kvasprintf+0x140/0x140 [ 716.217542] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 716.223024] ? devres_add+0x40/0x50 [ 716.226738] hci_leds_init+0xb3/0x1c0 [ 716.230566] hci_register_dev+0x328/0x880 [ 716.234838] hci_uart_tty_ioctl+0x761/0xaf0 [ 716.239196] tty_ioctl+0x8b5/0x1510 [ 716.242850] ? hci_uart_init_work+0x140/0x140 [ 716.247390] ? tty_vhangup+0x30/0x30 [ 716.251134] ? mark_held_locks+0x100/0x100 [ 716.255421] ? proc_cwd_link+0x1d0/0x1d0 [ 716.259520] ? __fget+0x340/0x540 [ 716.263003] ? ___might_sleep+0x163/0x280 [ 716.267180] ? __might_sleep+0x95/0x190 [ 716.271385] ? tty_vhangup+0x30/0x30 [ 716.275128] do_vfs_ioctl+0xd5f/0x1380 [ 716.279035] ? selinux_file_ioctl+0x46f/0x5e0 [ 716.283557] ? selinux_file_ioctl+0x125/0x5e0 [ 716.288084] ? ioctl_preallocate+0x210/0x210 [ 716.292539] ? selinux_file_mprotect+0x620/0x620 [ 716.297330] ? iterate_fd+0x360/0x360 [ 716.301164] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 716.307079] ? fput+0x128/0x1a0 [ 716.310392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 716.315962] ? security_file_ioctl+0x8d/0xc0 [ 716.320403] ksys_ioctl+0xab/0xd0 [ 716.323882] __x64_sys_ioctl+0x73/0xb0 [ 716.327802] do_syscall_64+0xfd/0x620 [ 716.331716] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.336962] RIP: 0033:0x459519 [ 716.340169] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 716.359197] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 716.366952] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 716.374249] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 716.381548] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 716.388995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 716.397621] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 716.412546] Bluetooth: hci4: command 0x1001 tx timeout [ 716.418493] Bluetooth: hci4: sending frame failed (-49) [ 716.450092] Bluetooth: hci1: Frame reassembly failed (-84) [ 716.457960] Bluetooth: hci1: Frame reassembly failed (-84) 14:41:11 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x3e}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 717.172450] Bluetooth: hci2: command 0x1009 tx timeout [ 717.812479] Bluetooth: hci0: command 0x1009 tx timeout 14:41:12 executing program 5 (fault-call:2 fault-nth:37): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:41:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0xe00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 718.041797] FAULT_INJECTION: forcing a failure. [ 718.041797] name failslab, interval 1, probability 0, space 0, times 0 [ 718.053915] CPU: 1 PID: 11410 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 718.061231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 718.070606] Call Trace: [ 718.073243] dump_stack+0x172/0x1f0 [ 718.076897] should_fail.cold+0xa/0x1b [ 718.080817] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 718.085950] ? lock_downgrade+0x810/0x810 [ 718.090119] ? ___might_sleep+0x163/0x280 [ 718.094293] __should_failslab+0x121/0x190 [ 718.098548] should_failslab+0x9/0x14 [ 718.102372] kmem_cache_alloc_node_trace+0x274/0x720 [ 718.107506] __kmalloc_node_track_caller+0x3d/0x80 [ 718.112471] ? led_trigger_unregister+0x2f0/0x2f0 [ 718.117338] __devres_alloc_node+0x69/0x160 [ 718.121703] devm_led_trigger_register+0x36/0xd0 [ 718.126496] hci_leds_init+0xee/0x1c0 [ 718.130335] hci_register_dev+0x328/0x880 [ 718.134521] hci_uart_tty_ioctl+0x761/0xaf0 [ 718.138869] tty_ioctl+0x8b5/0x1510 [ 718.142520] ? hci_uart_init_work+0x140/0x140 [ 718.147042] ? tty_vhangup+0x30/0x30 [ 718.150783] ? mark_held_locks+0x100/0x100 [ 718.155037] ? proc_cwd_link+0x1d0/0x1d0 [ 718.159125] ? __fget+0x340/0x540 [ 718.162609] ? ___might_sleep+0x163/0x280 [ 718.166782] ? __might_sleep+0x95/0x190 [ 718.170778] ? tty_vhangup+0x30/0x30 [ 718.174515] do_vfs_ioctl+0xd5f/0x1380 [ 718.178427] ? selinux_file_ioctl+0x46f/0x5e0 [ 718.182961] ? selinux_file_ioctl+0x125/0x5e0 [ 718.187488] ? ioctl_preallocate+0x210/0x210 [ 718.191917] ? selinux_file_mprotect+0x620/0x620 [ 718.196717] ? iterate_fd+0x360/0x360 [ 718.200556] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 718.206133] ? fput+0x128/0x1a0 [ 718.209449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 718.215025] ? security_file_ioctl+0x8d/0xc0 [ 718.219624] ksys_ioctl+0xab/0xd0 [ 718.223100] __x64_sys_ioctl+0x73/0xb0 [ 718.227051] do_syscall_64+0xfd/0x620 [ 718.230878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 718.236091] RIP: 0033:0x459519 [ 718.239302] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 718.258228] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 718.265967] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 718.273255] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 718.280549] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 718.287834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 718.295114] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 718.307474] Bluetooth: hci3: Frame reassembly failed (-84) [ 718.452488] Bluetooth: hci1: command 0x1003 tx timeout [ 718.458176] Bluetooth: hci1: sending frame failed (-49) [ 718.464427] Bluetooth: hci4: command 0x1009 tx timeout 14:41:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x3e00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:41:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x3f00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 720.372455] Bluetooth: hci3: command 0x1003 tx timeout [ 720.378072] Bluetooth: hci3: sending frame failed (-49) [ 720.542560] Bluetooth: hci1: command 0x1001 tx timeout [ 720.548237] Bluetooth: hci1: sending frame failed (-49) 14:41:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5421, &(0x7f00000001c0)=0x1000000000033) [ 721.218583] Bluetooth: hci2: Frame reassembly failed (-84) 14:41:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5425, &(0x7f00000001c0)=0x1000000000033) 14:41:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x4000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 721.878551] Bluetooth: hci0: Frame reassembly failed (-84) [ 722.452643] Bluetooth: hci3: command 0x1001 tx timeout [ 722.460062] Bluetooth: hci3: sending frame failed (-49) 14:41:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)) [ 722.591281] Bluetooth: hci4: Frame reassembly failed (-84) [ 722.612515] Bluetooth: hci1: command 0x1009 tx timeout 14:41:16 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x1000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 723.252870] Bluetooth: hci2: command 0x1003 tx timeout [ 723.258907] Bluetooth: hci2: sending frame failed (-49) [ 723.892548] Bluetooth: hci0: command 0x1003 tx timeout [ 723.898394] Bluetooth: hci0: sending frame failed (-49) [ 724.532564] Bluetooth: hci3: command 0x1009 tx timeout [ 724.612440] Bluetooth: hci4: command 0x1003 tx timeout [ 724.618452] Bluetooth: hci4: sending frame failed (-49) [ 725.332837] Bluetooth: hci2: command 0x1001 tx timeout [ 725.341320] Bluetooth: hci2: sending frame failed (-49) [ 725.412479] Bluetooth: hci5: command 0x1003 tx timeout [ 725.418025] Bluetooth: hci5: sending frame failed (-49) [ 725.972657] Bluetooth: hci0: command 0x1001 tx timeout [ 725.978412] Bluetooth: hci0: sending frame failed (-49) [ 726.692535] Bluetooth: hci4: command 0x1001 tx timeout [ 726.698235] Bluetooth: hci4: sending frame failed (-49) 14:41:21 executing program 0 (fault-call:2 fault-nth:36): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:41:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0xe000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 726.987906] FAULT_INJECTION: forcing a failure. [ 726.987906] name failslab, interval 1, probability 0, space 0, times 0 [ 727.007986] CPU: 0 PID: 11454 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 727.015405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 727.025302] Call Trace: [ 727.028155] dump_stack+0x172/0x1f0 [ 727.031922] should_fail.cold+0xa/0x1b [ 727.035855] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 727.041345] ? lock_downgrade+0x810/0x810 [ 727.045560] ? ___might_sleep+0x163/0x280 [ 727.049844] __should_failslab+0x121/0x190 [ 727.054205] should_failslab+0x9/0x14 [ 727.058043] kmem_cache_alloc_node_trace+0x274/0x720 [ 727.063737] __kmalloc_node_track_caller+0x3d/0x80 [ 727.069524] ? led_trigger_unregister+0x2f0/0x2f0 [ 727.074665] __devres_alloc_node+0x69/0x160 [ 727.079038] devm_led_trigger_register+0x36/0xd0 [ 727.084225] hci_leds_init+0xee/0x1c0 [ 727.088344] hci_register_dev+0x328/0x880 [ 727.092997] hci_uart_tty_ioctl+0x761/0xaf0 [ 727.097554] tty_ioctl+0x8b5/0x1510 [ 727.101504] ? hci_uart_init_work+0x140/0x140 [ 727.106385] ? tty_vhangup+0x30/0x30 [ 727.110472] ? mark_held_locks+0x100/0x100 [ 727.114755] ? proc_cwd_link+0x1d0/0x1d0 [ 727.119065] ? __fget+0x340/0x540 [ 727.122830] ? ___might_sleep+0x163/0x280 [ 727.127440] ? __might_sleep+0x95/0x190 [ 727.131471] ? tty_vhangup+0x30/0x30 [ 727.135423] do_vfs_ioctl+0xd5f/0x1380 [ 727.139540] ? selinux_file_ioctl+0x46f/0x5e0 [ 727.144421] ? selinux_file_ioctl+0x125/0x5e0 [ 727.149120] ? ioctl_preallocate+0x210/0x210 [ 727.153652] ? selinux_file_mprotect+0x620/0x620 [ 727.158750] ? iterate_fd+0x360/0x360 [ 727.162752] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 727.168446] ? fput+0x128/0x1a0 [ 727.171801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 727.177526] ? security_file_ioctl+0x8d/0xc0 [ 727.181989] ksys_ioctl+0xab/0xd0 [ 727.185720] __x64_sys_ioctl+0x73/0xb0 [ 727.189682] do_syscall_64+0xfd/0x620 [ 727.193702] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 727.198943] RIP: 0033:0x459519 [ 727.202359] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 727.222282] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 727.230943] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 727.239714] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 727.247988] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 727.258256] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 727.267556] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 727.290312] Bluetooth: hci1: Frame reassembly failed (-84) [ 727.412773] Bluetooth: hci2: command 0x1009 tx timeout [ 727.492526] Bluetooth: hci5: command 0x1001 tx timeout [ 727.498184] Bluetooth: hci5: sending frame failed (-49) 14:41:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x3e000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 728.052493] Bluetooth: hci0: command 0x1009 tx timeout [ 728.772574] Bluetooth: hci4: command 0x1009 tx timeout 14:41:22 executing program 5 (fault-call:2 fault-nth:38): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:41:22 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x3f000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 728.899568] FAULT_INJECTION: forcing a failure. [ 728.899568] name failslab, interval 1, probability 0, space 0, times 0 [ 728.912304] CPU: 1 PID: 11469 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 728.919678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 728.929157] Call Trace: [ 728.931806] dump_stack+0x172/0x1f0 [ 728.935492] should_fail.cold+0xa/0x1b [ 728.939526] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 728.944670] ? lock_downgrade+0x810/0x810 [ 728.949171] ? ___might_sleep+0x163/0x280 [ 728.953510] __should_failslab+0x121/0x190 [ 728.957884] should_failslab+0x9/0x14 [ 728.961971] kmem_cache_alloc_node_trace+0x274/0x720 [ 728.967400] __kmalloc_node_track_caller+0x3d/0x80 [ 728.972556] ? led_trigger_unregister+0x2f0/0x2f0 [ 728.978211] __devres_alloc_node+0x69/0x160 [ 728.984535] devm_led_trigger_register+0x36/0xd0 [ 728.994094] hci_leds_init+0xee/0x1c0 [ 729.003463] hci_register_dev+0x328/0x880 [ 729.011747] hci_uart_tty_ioctl+0x761/0xaf0 [ 729.018860] tty_ioctl+0x8b5/0x1510 [ 729.030260] ? hci_uart_init_work+0x140/0x140 [ 729.039692] ? tty_vhangup+0x30/0x30 [ 729.045296] ? mark_held_locks+0x100/0x100 [ 729.053381] ? proc_cwd_link+0x1d0/0x1d0 [ 729.061055] ? __fget+0x340/0x540 [ 729.066571] ? ___might_sleep+0x163/0x280 [ 729.073077] ? __might_sleep+0x95/0x190 [ 729.079746] ? tty_vhangup+0x30/0x30 [ 729.084110] do_vfs_ioctl+0xd5f/0x1380 [ 729.088182] ? selinux_file_ioctl+0x46f/0x5e0 [ 729.093139] ? selinux_file_ioctl+0x125/0x5e0 [ 729.097913] ? ioctl_preallocate+0x210/0x210 [ 729.102559] ? selinux_file_mprotect+0x620/0x620 [ 729.107406] ? iterate_fd+0x360/0x360 [ 729.111261] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 729.117766] ? fput+0x128/0x1a0 [ 729.121710] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.127615] ? security_file_ioctl+0x8d/0xc0 [ 729.132089] ksys_ioctl+0xab/0xd0 [ 729.135643] __x64_sys_ioctl+0x73/0xb0 [ 729.139663] do_syscall_64+0xfd/0x620 [ 729.143821] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 729.149129] RIP: 0033:0x459519 [ 729.152443] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 729.171796] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 729.179965] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 729.187372] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 729.195365] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 729.202865] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 729.210835] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 729.225680] Bluetooth: hci3: Frame reassembly failed (-84) [ 729.332561] Bluetooth: hci1: command 0x1003 tx timeout [ 729.338276] Bluetooth: hci1: sending frame failed (-49) [ 729.572512] Bluetooth: hci5: command 0x1009 tx timeout 14:41:23 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x40000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:41:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0xfdfdffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 731.252489] Bluetooth: hci3: command 0x1003 tx timeout [ 731.257925] Bluetooth: hci3: sending frame failed (-49) [ 731.412537] Bluetooth: hci1: command 0x1001 tx timeout [ 731.418118] Bluetooth: hci1: sending frame failed (-49) 14:41:25 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x1000000000033) [ 731.528090] Bluetooth: hci2: Frame reassembly failed (-84) [ 731.536735] Bluetooth: hci2: Frame reassembly failed (-84) 14:41:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5427, &(0x7f00000001c0)=0x1000000000033) 14:41:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0xfffffdfd}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 733.332508] Bluetooth: hci3: command 0x1001 tx timeout [ 733.338069] Bluetooth: hci3: sending frame failed (-49) [ 733.492483] Bluetooth: hci1: command 0x1009 tx timeout [ 733.572485] Bluetooth: hci2: command 0x1003 tx timeout [ 733.577931] Bluetooth: hci2: sending frame failed (-49) 14:41:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5424, &(0x7f00000001c0)) 14:41:28 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x100000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 734.054161] Bluetooth: hci4: Frame reassembly failed (-84) [ 734.060363] Bluetooth: hci4: Frame reassembly failed (-84) [ 734.132479] Bluetooth: hci0: command 0x1003 tx timeout [ 734.138066] Bluetooth: hci0: sending frame failed (-49) [ 735.412531] Bluetooth: hci3: command 0x1009 tx timeout [ 735.652492] Bluetooth: hci2: command 0x1001 tx timeout [ 735.658016] Bluetooth: hci2: sending frame failed (-49) [ 736.132546] Bluetooth: hci4: command 0x1003 tx timeout [ 736.138093] Bluetooth: hci4: sending frame failed (-49) [ 736.212466] Bluetooth: hci0: command 0x1001 tx timeout [ 736.217990] Bluetooth: hci0: sending frame failed (-49) [ 737.732524] Bluetooth: hci2: command 0x1009 tx timeout 14:41:31 executing program 0 (fault-call:2 fault-nth:37): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:41:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0xe00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 737.888691] FAULT_INJECTION: forcing a failure. [ 737.888691] name failslab, interval 1, probability 0, space 0, times 0 [ 737.903068] CPU: 0 PID: 11504 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 737.910121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 737.919498] Call Trace: [ 737.922130] dump_stack+0x172/0x1f0 [ 737.925804] should_fail.cold+0xa/0x1b [ 737.929720] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 737.934858] ? lock_downgrade+0x810/0x810 [ 737.939028] ? ___might_sleep+0x163/0x280 [ 737.943206] __should_failslab+0x121/0x190 [ 737.947461] should_failslab+0x9/0x14 [ 737.951290] kmem_cache_alloc_node_trace+0x274/0x720 [ 737.956424] __kmalloc_node_track_caller+0x3d/0x80 [ 737.961470] ? led_trigger_unregister+0x2f0/0x2f0 [ 737.966336] __devres_alloc_node+0x69/0x160 [ 737.970677] devm_led_trigger_register+0x36/0xd0 [ 737.975459] hci_leds_init+0xee/0x1c0 [ 737.979291] hci_register_dev+0x328/0x880 [ 737.983474] hci_uart_tty_ioctl+0x761/0xaf0 [ 737.987818] tty_ioctl+0x8b5/0x1510 [ 737.991470] ? hci_uart_init_work+0x140/0x140 [ 737.995990] ? tty_vhangup+0x30/0x30 [ 737.999729] ? mark_held_locks+0x100/0x100 [ 738.003982] ? proc_cwd_link+0x1d0/0x1d0 [ 738.008077] ? __fget+0x340/0x540 [ 738.011545] ? ___might_sleep+0x163/0x280 [ 738.015712] ? __might_sleep+0x95/0x190 [ 738.019703] ? tty_vhangup+0x30/0x30 [ 738.023445] do_vfs_ioctl+0xd5f/0x1380 [ 738.027351] ? selinux_file_ioctl+0x46f/0x5e0 [ 738.031863] ? selinux_file_ioctl+0x125/0x5e0 [ 738.036375] ? ioctl_preallocate+0x210/0x210 [ 738.040834] ? selinux_file_mprotect+0x620/0x620 [ 738.045615] ? iterate_fd+0x360/0x360 [ 738.049447] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 738.055001] ? fput+0x128/0x1a0 [ 738.058313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 738.063867] ? security_file_ioctl+0x8d/0xc0 [ 738.068293] ksys_ioctl+0xab/0xd0 [ 738.071766] __x64_sys_ioctl+0x73/0xb0 [ 738.075674] do_syscall_64+0xfd/0x620 [ 738.079500] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 738.084699] RIP: 0033:0x459519 [ 738.087904] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 738.106912] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 738.114734] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 738.122016] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 738.129296] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 738.136576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 738.143858] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 738.164813] Bluetooth: hci1: Frame reassembly failed (-84) [ 738.212506] Bluetooth: hci4: command 0x1001 tx timeout [ 738.217922] Bluetooth: hci4: sending frame failed (-49) [ 738.292598] Bluetooth: hci0: command 0x1009 tx timeout 14:41:32 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x3e00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:41:33 executing program 5 (fault-call:2 fault-nth:39): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:41:33 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x3f00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 739.786727] FAULT_INJECTION: forcing a failure. [ 739.786727] name failslab, interval 1, probability 0, space 0, times 0 [ 739.798639] CPU: 1 PID: 11521 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 739.805687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.815148] Call Trace: [ 739.817774] dump_stack+0x172/0x1f0 [ 739.821456] should_fail.cold+0xa/0x1b [ 739.825379] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 739.830518] ? lock_downgrade+0x810/0x810 [ 739.834700] ? ___might_sleep+0x163/0x280 [ 739.838879] __should_failslab+0x121/0x190 [ 739.843145] should_failslab+0x9/0x14 [ 739.846999] __kmalloc+0x2e2/0x750 [ 739.850581] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 739.855741] ? devres_add+0x40/0x50 [ 739.859416] ? rfkill_alloc+0xaa/0x2b0 [ 739.863330] rfkill_alloc+0xaa/0x2b0 [ 739.867074] ? hci_leds_init+0x104/0x1c0 [ 739.871161] hci_register_dev+0x342/0x880 [ 739.875336] hci_uart_tty_ioctl+0x761/0xaf0 [ 739.879701] tty_ioctl+0x8b5/0x1510 [ 739.883348] ? hci_uart_init_work+0x140/0x140 [ 739.887866] ? tty_vhangup+0x30/0x30 [ 739.891689] ? mark_held_locks+0x100/0x100 [ 739.895952] ? proc_cwd_link+0x1d0/0x1d0 [ 739.900047] ? __fget+0x340/0x540 [ 739.904591] ? ___might_sleep+0x163/0x280 [ 739.908770] ? __might_sleep+0x95/0x190 [ 739.912766] ? tty_vhangup+0x30/0x30 [ 739.916508] do_vfs_ioctl+0xd5f/0x1380 [ 739.920948] ? selinux_file_ioctl+0x46f/0x5e0 [ 739.925560] ? selinux_file_ioctl+0x125/0x5e0 [ 739.930088] ? ioctl_preallocate+0x210/0x210 [ 739.934532] ? selinux_file_mprotect+0x620/0x620 [ 739.939325] ? iterate_fd+0x360/0x360 [ 739.943205] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 739.948765] ? fput+0x128/0x1a0 [ 739.952097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 739.957680] ? security_file_ioctl+0x8d/0xc0 [ 739.962111] ksys_ioctl+0xab/0xd0 [ 739.965593] __x64_sys_ioctl+0x73/0xb0 [ 739.969510] do_syscall_64+0xfd/0x620 [ 739.973337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 739.978548] RIP: 0033:0x459519 [ 739.981763] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 740.000955] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 740.009158] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 740.016553] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 740.024303] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 740.031601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 740.039958] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 740.051851] Bluetooth: hci3: Frame reassembly failed (-84) [ 740.212470] Bluetooth: hci1: command 0x1003 tx timeout [ 740.217891] Bluetooth: hci1: sending frame failed (-49) [ 740.292466] Bluetooth: hci4: command 0x1009 tx timeout 14:41:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x4000000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:41:35 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0xfdfdffff00000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:41:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5424, &(0x7f00000001c0)=0x1000000000033) [ 741.705158] Bluetooth: hci2: Frame reassembly failed (-84) [ 742.052462] Bluetooth: hci3: command 0x1003 tx timeout [ 742.058185] Bluetooth: hci3: sending frame failed (-49) 14:41:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5428, &(0x7f00000001c0)=0x1000000000033) [ 742.292504] Bluetooth: hci1: command 0x1001 tx timeout [ 742.298171] Bluetooth: hci1: sending frame failed (-49) 14:41:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0xffffffff00000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 742.364156] Bluetooth: hci0: sending frame failed (-49) [ 743.742617] Bluetooth: hci2: command 0x1003 tx timeout [ 743.748642] Bluetooth: hci2: sending frame failed (-49) [ 744.132527] Bluetooth: hci3: command 0x1001 tx timeout [ 744.138111] Bluetooth: hci3: sending frame failed (-49) 14:41:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5425, &(0x7f00000001c0)) 14:41:38 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0xe}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 744.278377] Bluetooth: hci4: Frame reassembly failed (-84) [ 744.372491] Bluetooth: hci1: command 0x1009 tx timeout [ 744.382784] Bluetooth: hci0: command 0x1003 tx timeout [ 744.390537] Bluetooth: hci0: sending frame failed (-49) [ 745.812546] Bluetooth: hci2: command 0x1001 tx timeout [ 745.818082] Bluetooth: hci2: sending frame failed (-49) [ 746.212545] Bluetooth: hci3: command 0x1009 tx timeout [ 746.292790] Bluetooth: hci4: command 0x1003 tx timeout [ 746.298406] Bluetooth: hci4: sending frame failed (-49) [ 746.452495] Bluetooth: hci0: command 0x1001 tx timeout [ 746.457926] Bluetooth: hci0: sending frame failed (-49) [ 747.892463] Bluetooth: hci2: command 0x1009 tx timeout [ 748.372786] Bluetooth: hci4: command 0x1001 tx timeout [ 748.379848] Bluetooth: hci4: sending frame failed (-49) [ 748.532607] Bluetooth: hci0: command 0x1009 tx timeout 14:41:42 executing program 0 (fault-call:2 fault-nth:38): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:41:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x3e}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 748.741237] FAULT_INJECTION: forcing a failure. [ 748.741237] name failslab, interval 1, probability 0, space 0, times 0 [ 748.760140] CPU: 0 PID: 11558 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 748.767203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 748.776577] Call Trace: [ 748.779202] dump_stack+0x172/0x1f0 [ 748.782860] should_fail.cold+0xa/0x1b [ 748.786773] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 748.791899] ? lock_downgrade+0x810/0x810 [ 748.796939] ? ___might_sleep+0x163/0x280 [ 748.801114] __should_failslab+0x121/0x190 [ 748.805382] should_failslab+0x9/0x14 [ 748.809200] kmem_cache_alloc_trace+0x2cc/0x760 [ 748.813901] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 748.819554] ? refcount_inc_checked+0x2b/0x70 [ 748.824083] device_add+0xe5e/0x1760 [ 748.827813] ? device_initialize+0x440/0x440 [ 748.832255] ? get_device_parent.isra.0+0x570/0x570 [ 748.837312] rfkill_register+0x1bf/0xb50 [ 748.841404] hci_register_dev+0x385/0x880 [ 748.845591] hci_uart_tty_ioctl+0x761/0xaf0 [ 748.849946] tty_ioctl+0x8b5/0x1510 [ 748.853604] ? hci_uart_init_work+0x140/0x140 [ 748.858655] ? tty_vhangup+0x30/0x30 [ 748.862395] ? mark_held_locks+0x100/0x100 [ 748.866663] ? proc_cwd_link+0x1d0/0x1d0 [ 748.870753] ? __fget+0x340/0x540 [ 748.874230] ? ___might_sleep+0x163/0x280 [ 748.878426] ? __might_sleep+0x95/0x190 [ 748.882427] ? tty_vhangup+0x30/0x30 [ 748.886182] do_vfs_ioctl+0xd5f/0x1380 [ 748.890086] ? selinux_file_ioctl+0x46f/0x5e0 [ 748.894604] ? selinux_file_ioctl+0x125/0x5e0 [ 748.899132] ? ioctl_preallocate+0x210/0x210 [ 748.903565] ? selinux_file_mprotect+0x620/0x620 [ 748.908358] ? iterate_fd+0x360/0x360 [ 748.912199] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 748.917796] ? fput+0x128/0x1a0 [ 748.921113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 748.926689] ? security_file_ioctl+0x8d/0xc0 [ 748.931137] ksys_ioctl+0xab/0xd0 [ 748.934623] __x64_sys_ioctl+0x73/0xb0 [ 748.938540] do_syscall_64+0xfd/0x620 [ 748.942368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 748.947582] RIP: 0033:0x459519 [ 748.950789] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 748.969738] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 748.977502] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 748.985759] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 748.993062] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 749.000360] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 749.007650] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 749.025502] Bluetooth: hci1: Frame reassembly failed (-84) 14:41:43 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0xe00}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 750.452871] Bluetooth: hci4: command 0x1009 tx timeout 14:41:44 executing program 5 (fault-call:2 fault-nth:40): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:41:44 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x3e00}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 750.681444] FAULT_INJECTION: forcing a failure. [ 750.681444] name failslab, interval 1, probability 0, space 0, times 0 [ 750.700143] CPU: 1 PID: 11574 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 750.707203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.716584] Call Trace: [ 750.719220] dump_stack+0x172/0x1f0 [ 750.722890] should_fail.cold+0xa/0x1b [ 750.726821] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 750.731962] ? lock_downgrade+0x810/0x810 [ 750.736142] ? ___might_sleep+0x163/0x280 [ 750.740317] __should_failslab+0x121/0x190 [ 750.744585] should_failslab+0x9/0x14 [ 750.748408] kmem_cache_alloc+0x2ae/0x700 [ 750.752578] ? memcpy+0x46/0x50 [ 750.755908] ? kstrdup+0x5a/0x70 [ 750.759321] __kernfs_new_node+0xef/0x680 [ 750.763503] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 750.768294] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 750.773867] ? irq_work_claim+0x98/0xc0 [ 750.777871] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 750.783428] ? irq_work_queue+0x30/0x90 [ 750.787423] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 750.792982] ? wake_up_klogd+0x99/0xd0 [ 750.796905] kernfs_new_node+0x99/0x130 [ 750.800916] kernfs_create_dir_ns+0x52/0x160 [ 750.805362] sysfs_create_dir_ns+0x131/0x290 [ 750.809799] ? sysfs_create_mount_point+0xa0/0xa0 [ 750.814680] kobject_add_internal.cold+0xe5/0x5d1 [ 750.819553] kobject_add+0x150/0x1c0 [ 750.823378] ? kset_create_and_add+0x1a0/0x1a0 [ 750.827989] ? __lockdep_init_map+0x10c/0x5b0 [ 750.832596] ? rcu_read_lock_sched_held+0x110/0x130 [ 750.837652] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 750.843228] device_add+0x3cc/0x1760 [ 750.846990] ? get_device_parent.isra.0+0x570/0x570 [ 750.852043] rfkill_register+0x1bf/0xb50 [ 750.856144] hci_register_dev+0x385/0x880 [ 750.860333] hci_uart_tty_ioctl+0x761/0xaf0 [ 750.864693] tty_ioctl+0x8b5/0x1510 [ 750.868353] ? hci_uart_init_work+0x140/0x140 [ 750.872874] ? tty_vhangup+0x30/0x30 [ 750.876616] ? mark_held_locks+0x100/0x100 [ 750.880877] ? proc_cwd_link+0x1d0/0x1d0 [ 750.884985] ? __fget+0x340/0x540 [ 750.888471] ? ___might_sleep+0x163/0x280 [ 750.892644] ? __might_sleep+0x95/0x190 [ 750.896640] ? tty_vhangup+0x30/0x30 [ 750.900382] do_vfs_ioctl+0xd5f/0x1380 [ 750.904292] ? selinux_file_ioctl+0x46f/0x5e0 [ 750.908810] ? selinux_file_ioctl+0x125/0x5e0 [ 750.913334] ? ioctl_preallocate+0x210/0x210 [ 750.917767] ? selinux_file_mprotect+0x620/0x620 [ 750.922557] ? iterate_fd+0x360/0x360 [ 750.926417] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 750.931983] ? fput+0x128/0x1a0 [ 750.935304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 750.940879] ? security_file_ioctl+0x8d/0xc0 [ 750.945325] ksys_ioctl+0xab/0xd0 [ 750.948806] __x64_sys_ioctl+0x73/0xb0 [ 750.952734] do_syscall_64+0xfd/0x620 [ 750.956562] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 750.961771] RIP: 0033:0x459519 [ 750.964985] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 750.983910] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 750.991662] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 750.998958] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 751.006250] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 751.013538] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 751.020826] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 751.042698] kobject_add_internal failed for rfkill169 (error: -12 parent: hci3) [ 751.050850] Bluetooth: hci3: Frame reassembly failed (-84) [ 751.092494] Bluetooth: hci1: command 0x1003 tx timeout [ 751.098240] Bluetooth: hci1: sending frame failed (-49) 14:41:45 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x3f00}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:41:46 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5425, &(0x7f00000001c0)=0x1000000000033) [ 751.958361] Bluetooth: hci2: Frame reassembly failed (-84) 14:41:46 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x4000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:41:46 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5437, &(0x7f00000001c0)=0x1000000000033) [ 752.583671] Bluetooth: hci0: Frame reassembly failed (-84) [ 753.092464] Bluetooth: hci3: command 0x1003 tx timeout [ 753.097892] Bluetooth: hci3: sending frame failed (-49) [ 753.172597] Bluetooth: hci1: command 0x1001 tx timeout [ 753.178021] Bluetooth: hci1: sending frame failed (-49) 14:41:47 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x1000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 753.972528] Bluetooth: hci2: command 0x1003 tx timeout [ 753.977971] Bluetooth: hci2: sending frame failed (-49) 14:41:48 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5427, &(0x7f00000001c0)) 14:41:48 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0xe000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 754.539326] Bluetooth: hci4: Frame reassembly failed (-84) [ 754.548483] Bluetooth: hci4: Frame reassembly failed (-84) [ 754.612470] Bluetooth: hci0: command 0x1003 tx timeout [ 754.617863] Bluetooth: hci0: sending frame failed (-49) [ 755.172482] Bluetooth: hci3: command 0x1001 tx timeout [ 755.177920] Bluetooth: hci3: sending frame failed (-49) [ 755.252600] Bluetooth: hci1: command 0x1009 tx timeout [ 756.052470] Bluetooth: hci2: command 0x1001 tx timeout [ 756.058064] Bluetooth: hci2: sending frame failed (-49) [ 756.612707] Bluetooth: hci4: command 0x1003 tx timeout [ 756.618145] Bluetooth: hci4: sending frame failed (-49) [ 756.692469] Bluetooth: hci0: command 0x1001 tx timeout [ 756.697876] Bluetooth: hci0: sending frame failed (-49) [ 757.252446] Bluetooth: hci3: command 0x1009 tx timeout [ 758.132524] Bluetooth: hci2: command 0x1009 tx timeout [ 758.692534] Bluetooth: hci4: command 0x1001 tx timeout [ 758.697964] Bluetooth: hci4: sending frame failed (-49) [ 758.772862] Bluetooth: hci0: command 0x1009 tx timeout 14:41:53 executing program 0 (fault-call:2 fault-nth:39): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:41:53 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x3e000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 759.655675] FAULT_INJECTION: forcing a failure. [ 759.655675] name failslab, interval 1, probability 0, space 0, times 0 [ 759.672536] CPU: 1 PID: 11617 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 759.679639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 759.689131] Call Trace: [ 759.691762] dump_stack+0x172/0x1f0 [ 759.695449] should_fail.cold+0xa/0x1b [ 759.699381] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 759.704560] ? lock_downgrade+0x810/0x810 [ 759.708748] ? ___might_sleep+0x163/0x280 [ 759.712928] __should_failslab+0x121/0x190 [ 759.717198] should_failslab+0x9/0x14 [ 759.721034] kmem_cache_alloc_trace+0x2cc/0x760 [ 759.725747] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 759.731422] ? refcount_inc_checked+0x2b/0x70 [ 759.735984] device_add+0xe5e/0x1760 [ 759.739718] ? device_initialize+0x440/0x440 [ 759.744158] ? get_device_parent.isra.0+0x570/0x570 [ 759.749235] rfkill_register+0x1bf/0xb50 [ 759.753331] hci_register_dev+0x385/0x880 [ 759.757516] hci_uart_tty_ioctl+0x761/0xaf0 [ 759.761900] tty_ioctl+0x8b5/0x1510 [ 759.765560] ? hci_uart_init_work+0x140/0x140 [ 759.770080] ? tty_vhangup+0x30/0x30 [ 759.773828] ? mark_held_locks+0x100/0x100 [ 759.778097] ? proc_cwd_link+0x1d0/0x1d0 [ 759.782190] ? __fget+0x340/0x540 [ 759.785679] ? ___might_sleep+0x163/0x280 [ 759.789954] ? __might_sleep+0x95/0x190 [ 759.793967] ? tty_vhangup+0x30/0x30 [ 759.797709] do_vfs_ioctl+0xd5f/0x1380 [ 759.801620] ? selinux_file_ioctl+0x46f/0x5e0 [ 759.806145] ? selinux_file_ioctl+0x125/0x5e0 [ 759.810682] ? ioctl_preallocate+0x210/0x210 [ 759.815134] ? selinux_file_mprotect+0x620/0x620 [ 759.819929] ? iterate_fd+0x360/0x360 [ 759.823772] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 759.829331] ? fput+0x128/0x1a0 [ 759.832649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 759.838208] ? security_file_ioctl+0x8d/0xc0 [ 759.842643] ksys_ioctl+0xab/0xd0 [ 759.846120] __x64_sys_ioctl+0x73/0xb0 [ 759.850052] do_syscall_64+0xfd/0x620 [ 759.853898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 759.859119] RIP: 0033:0x459519 [ 759.862332] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 759.881259] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 759.889094] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 759.896390] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 759.903680] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 759.911011] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 759.918309] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 759.930253] Bluetooth: hci1: Frame reassembly failed (-84) 14:41:54 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x3f000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 760.772472] Bluetooth: hci4: command 0x1009 tx timeout 14:41:55 executing program 5 (fault-call:2 fault-nth:41): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:41:55 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x40000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 761.561896] FAULT_INJECTION: forcing a failure. [ 761.561896] name failslab, interval 1, probability 0, space 0, times 0 [ 761.580657] CPU: 1 PID: 11632 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 761.587723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.597285] Call Trace: [ 761.599912] dump_stack+0x172/0x1f0 [ 761.603588] should_fail.cold+0xa/0x1b [ 761.607512] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 761.612653] ? lock_downgrade+0x810/0x810 [ 761.616938] ? ___might_sleep+0x163/0x280 [ 761.621118] __should_failslab+0x121/0x190 [ 761.625414] should_failslab+0x9/0x14 [ 761.629362] __kmalloc_track_caller+0x2de/0x750 [ 761.634064] ? console_unlock+0x6ed/0x10b0 [ 761.638332] ? find_held_lock+0x35/0x130 [ 761.642422] ? kstrdup_const+0x66/0x80 [ 761.646343] kstrdup+0x3a/0x70 [ 761.649566] kstrdup_const+0x66/0x80 [ 761.653318] __kernfs_new_node+0xb0/0x680 [ 761.657534] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 761.662799] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 761.668362] ? irq_work_claim+0x98/0xc0 [ 761.672387] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 761.677952] ? irq_work_queue+0x30/0x90 [ 761.681956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 761.687515] ? wake_up_klogd+0x99/0xd0 [ 761.691431] kernfs_new_node+0x99/0x130 [ 761.695439] kernfs_create_dir_ns+0x52/0x160 [ 761.699872] sysfs_create_dir_ns+0x131/0x290 [ 761.704307] ? sysfs_create_mount_point+0xa0/0xa0 [ 761.709222] kobject_add_internal.cold+0xe5/0x5d1 [ 761.714096] kobject_add+0x150/0x1c0 [ 761.717830] ? kset_create_and_add+0x1a0/0x1a0 [ 761.722468] ? __lockdep_init_map+0x10c/0x5b0 [ 761.727017] ? rcu_read_lock_sched_held+0x110/0x130 [ 761.732073] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 761.737656] device_add+0x3cc/0x1760 [ 761.741408] ? get_device_parent.isra.0+0x570/0x570 [ 761.746463] rfkill_register+0x1bf/0xb50 [ 761.750557] hci_register_dev+0x385/0x880 [ 761.754738] hci_uart_tty_ioctl+0x761/0xaf0 [ 761.759093] tty_ioctl+0x8b5/0x1510 [ 761.762753] ? hci_uart_init_work+0x140/0x140 [ 761.767286] ? tty_vhangup+0x30/0x30 [ 761.771028] ? mark_held_locks+0x100/0x100 [ 761.775379] ? proc_cwd_link+0x1d0/0x1d0 [ 761.779659] ? __fget+0x340/0x540 [ 761.783146] ? ___might_sleep+0x163/0x280 [ 761.787335] ? __might_sleep+0x95/0x190 [ 761.791344] ? tty_vhangup+0x30/0x30 [ 761.795096] do_vfs_ioctl+0xd5f/0x1380 [ 761.799010] ? selinux_file_ioctl+0x46f/0x5e0 [ 761.803532] ? selinux_file_ioctl+0x125/0x5e0 [ 761.808052] ? ioctl_preallocate+0x210/0x210 [ 761.812483] ? selinux_file_mprotect+0x620/0x620 [ 761.817274] ? iterate_fd+0x360/0x360 [ 761.821096] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 761.826662] ? fput+0x128/0x1a0 [ 761.829975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 761.835560] ? security_file_ioctl+0x8d/0xc0 [ 761.839990] ksys_ioctl+0xab/0xd0 [ 761.843476] __x64_sys_ioctl+0x73/0xb0 [ 761.847388] do_syscall_64+0xfd/0x620 [ 761.851243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 761.856451] RIP: 0033:0x459519 [ 761.859663] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 761.878590] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 761.886342] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 761.893775] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 761.901177] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 761.908469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 761.915847] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 761.934887] kobject_add_internal failed for rfkill174 (error: -12 parent: hci3) [ 761.949935] Bluetooth: hci3: Frame reassembly failed (-84) [ 761.982589] Bluetooth: hci1: command 0x1003 tx timeout [ 761.988823] Bluetooth: hci1: sending frame failed (-49) 14:41:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5427, &(0x7f00000001c0)=0x1000000000033) [ 762.198122] Bluetooth: hci2: Frame reassembly failed (-84) 14:41:56 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0xfdfdffff}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:41:56 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5441, &(0x7f00000001c0)=0x1000000000033) [ 762.844643] Bluetooth: hci0: Frame reassembly failed (-84) [ 762.850733] Bluetooth: hci0: Frame reassembly failed (-84) 14:41:57 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0xfffffdfd}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 763.972550] Bluetooth: hci3: command 0x1003 tx timeout [ 763.977993] Bluetooth: hci3: sending frame failed (-49) [ 764.052455] Bluetooth: hci1: command 0x1001 tx timeout [ 764.057931] Bluetooth: hci1: sending frame failed (-49) 14:41:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x100000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 764.212515] Bluetooth: hci2: command 0x1003 tx timeout [ 764.218171] Bluetooth: hci2: sending frame failed (-49) 14:41:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5428, &(0x7f00000001c0)) [ 764.852538] Bluetooth: hci0: command 0x1003 tx timeout [ 764.858391] Bluetooth: hci0: sending frame failed (-49) 14:41:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0xe00000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 766.052485] Bluetooth: hci3: command 0x1001 tx timeout [ 766.057910] Bluetooth: hci3: sending frame failed (-49) [ 766.132502] Bluetooth: hci1: command 0x1009 tx timeout [ 766.292544] Bluetooth: hci2: command 0x1001 tx timeout [ 766.298078] Bluetooth: hci2: sending frame failed (-49) [ 766.772547] Bluetooth: hci4: command 0x1003 tx timeout [ 766.780679] Bluetooth: hci4: sending frame failed (-49) [ 766.932471] Bluetooth: hci0: command 0x1001 tx timeout [ 766.937981] Bluetooth: hci0: sending frame failed (-49) [ 768.132520] Bluetooth: hci3: command 0x1009 tx timeout [ 768.372518] Bluetooth: hci2: command 0x1009 tx timeout [ 768.852487] Bluetooth: hci4: command 0x1001 tx timeout [ 768.858027] Bluetooth: hci4: sending frame failed (-49) [ 769.012504] Bluetooth: hci0: command 0x1009 tx timeout 14:42:04 executing program 0 (fault-call:2 fault-nth:40): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:42:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x3e00000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 770.495909] FAULT_INJECTION: forcing a failure. [ 770.495909] name failslab, interval 1, probability 0, space 0, times 0 [ 770.508056] CPU: 0 PID: 11669 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 770.515105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.524658] Call Trace: [ 770.527314] dump_stack+0x172/0x1f0 [ 770.531003] should_fail.cold+0xa/0x1b [ 770.535097] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 770.540233] ? lock_downgrade+0x810/0x810 [ 770.544428] ? ___might_sleep+0x163/0x280 [ 770.548617] __should_failslab+0x121/0x190 [ 770.552876] should_failslab+0x9/0x14 [ 770.558158] __kmalloc_track_caller+0x2de/0x750 [ 770.562851] ? console_unlock+0x6ed/0x10b0 [ 770.567122] ? find_held_lock+0x35/0x130 [ 770.571676] ? kstrdup_const+0x66/0x80 [ 770.575592] kstrdup+0x3a/0x70 [ 770.578804] kstrdup_const+0x66/0x80 [ 770.582538] __kernfs_new_node+0xb0/0x680 [ 770.586712] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 770.591500] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 770.597155] ? irq_work_claim+0x98/0xc0 [ 770.601160] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 770.606715] ? irq_work_queue+0x30/0x90 [ 770.611001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 770.616564] ? wake_up_klogd+0x99/0xd0 [ 770.620488] kernfs_new_node+0x99/0x130 [ 770.624507] kernfs_create_dir_ns+0x52/0x160 [ 770.628952] sysfs_create_dir_ns+0x131/0x290 [ 770.633396] ? sysfs_create_mount_point+0xa0/0xa0 [ 770.638317] kobject_add_internal.cold+0xe5/0x5d1 [ 770.643219] kobject_add+0x150/0x1c0 [ 770.646953] ? kset_create_and_add+0x1a0/0x1a0 [ 770.651570] ? __lockdep_init_map+0x10c/0x5b0 [ 770.656093] ? rcu_read_lock_sched_held+0x110/0x130 [ 770.661161] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 770.667800] device_add+0x3cc/0x1760 [ 770.671555] ? get_device_parent.isra.0+0x570/0x570 [ 770.676608] rfkill_register+0x1bf/0xb50 [ 770.680693] hci_register_dev+0x385/0x880 [ 770.684871] hci_uart_tty_ioctl+0x761/0xaf0 [ 770.689251] tty_ioctl+0x8b5/0x1510 [ 770.692895] ? hci_uart_init_work+0x140/0x140 [ 770.697410] ? tty_vhangup+0x30/0x30 [ 770.701152] ? mark_held_locks+0x100/0x100 [ 770.705421] ? proc_cwd_link+0x1d0/0x1d0 [ 770.709521] ? __fget+0x340/0x540 [ 770.712994] ? ___might_sleep+0x163/0x280 [ 770.717166] ? __might_sleep+0x95/0x190 [ 770.721163] ? tty_vhangup+0x30/0x30 [ 770.724901] do_vfs_ioctl+0xd5f/0x1380 [ 770.728811] ? selinux_file_ioctl+0x46f/0x5e0 [ 770.733325] ? selinux_file_ioctl+0x125/0x5e0 [ 770.737852] ? ioctl_preallocate+0x210/0x210 [ 770.742279] ? selinux_file_mprotect+0x620/0x620 [ 770.747069] ? iterate_fd+0x360/0x360 [ 770.750908] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 770.756500] ? fput+0x128/0x1a0 [ 770.759816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 770.765414] ? security_file_ioctl+0x8d/0xc0 [ 770.769850] ksys_ioctl+0xab/0xd0 [ 770.773327] __x64_sys_ioctl+0x73/0xb0 [ 770.777234] do_syscall_64+0xfd/0x620 [ 770.781063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 770.786297] RIP: 0033:0x459519 [ 770.789509] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 770.808536] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 770.816312] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 770.823605] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 770.830895] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 770.838176] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 770.845489] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 770.854599] kobject_add_internal failed for rfkill178 (error: -12 parent: hci1) [ 770.863308] Bluetooth: hci1: Frame reassembly failed (-84) [ 770.932491] Bluetooth: hci4: command 0x1009 tx timeout 14:42:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x3f00000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:06 executing program 5 (fault-call:2 fault-nth:42): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:42:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x4000000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5428, &(0x7f00000001c0)=0x1000000000033) [ 772.462183] FAULT_INJECTION: forcing a failure. [ 772.462183] name failslab, interval 1, probability 0, space 0, times 0 [ 772.485744] CPU: 1 PID: 11686 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 772.492861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.502248] Call Trace: [ 772.504871] dump_stack+0x172/0x1f0 [ 772.508547] should_fail.cold+0xa/0x1b [ 772.512567] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 772.517705] ? lock_downgrade+0x810/0x810 [ 772.521882] ? ___might_sleep+0x163/0x280 [ 772.526070] __should_failslab+0x121/0x190 [ 772.530364] should_failslab+0x9/0x14 [ 772.534195] kmem_cache_alloc+0x2ae/0x700 [ 772.538370] ? memcpy+0x46/0x50 [ 772.541761] ? kstrdup+0x5a/0x70 [ 772.545179] __kernfs_new_node+0xef/0x680 [ 772.549356] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 772.555507] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 772.561098] ? irq_work_claim+0x98/0xc0 [ 772.565115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 772.570686] ? irq_work_queue+0x30/0x90 [ 772.574726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 772.580301] ? wake_up_klogd+0x99/0xd0 [ 772.584228] kernfs_new_node+0x99/0x130 [ 772.588239] kernfs_create_dir_ns+0x52/0x160 [ 772.592681] sysfs_create_dir_ns+0x131/0x290 [ 772.597121] ? sysfs_create_mount_point+0xa0/0xa0 [ 772.602021] kobject_add_internal.cold+0xe5/0x5d1 [ 772.606918] kobject_add+0x150/0x1c0 [ 772.610674] ? kset_create_and_add+0x1a0/0x1a0 [ 772.615377] ? __lockdep_init_map+0x10c/0x5b0 [ 772.619918] ? rcu_read_lock_sched_held+0x110/0x130 [ 772.624994] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 772.630621] device_add+0x3cc/0x1760 [ 772.634382] ? get_device_parent.isra.0+0x570/0x570 [ 772.639446] rfkill_register+0x1bf/0xb50 [ 772.643549] hci_register_dev+0x385/0x880 [ 772.647825] hci_uart_tty_ioctl+0x761/0xaf0 [ 772.652177] tty_ioctl+0x8b5/0x1510 [ 772.655831] ? hci_uart_init_work+0x140/0x140 [ 772.666110] ? tty_vhangup+0x30/0x30 [ 772.672116] ? mark_held_locks+0x100/0x100 [ 772.676376] ? proc_cwd_link+0x1d0/0x1d0 [ 772.680547] ? __fget+0x340/0x540 [ 772.684038] ? ___might_sleep+0x163/0x280 [ 772.688221] ? __might_sleep+0x95/0x190 [ 772.692223] ? tty_vhangup+0x30/0x30 [ 772.695984] do_vfs_ioctl+0xd5f/0x1380 [ 772.699942] ? selinux_file_ioctl+0x46f/0x5e0 [ 772.704459] ? selinux_file_ioctl+0x125/0x5e0 [ 772.708985] ? ioctl_preallocate+0x210/0x210 [ 772.713534] ? selinux_file_mprotect+0x620/0x620 [ 772.718325] ? iterate_fd+0x360/0x360 [ 772.722243] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 772.728592] ? fput+0x128/0x1a0 [ 772.731916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 772.737485] ? security_file_ioctl+0x8d/0xc0 [ 772.741921] ksys_ioctl+0xab/0xd0 [ 772.745411] __x64_sys_ioctl+0x73/0xb0 [ 772.749497] do_syscall_64+0xfd/0x620 [ 772.753326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 772.758561] RIP: 0033:0x459519 [ 772.762006] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 772.782765] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 772.790510] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 772.797807] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 772.805265] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 772.820550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 772.827851] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 772.842493] kobject_add_internal failed for rfkill179 (error: -12 parent: hci2) [ 772.851498] Bluetooth: hci3: Frame reassembly failed (-84) [ 772.860573] Bluetooth: hci2: Frame reassembly failed (-84) [ 772.932477] Bluetooth: hci1: command 0x1003 tx timeout [ 772.937979] Bluetooth: hci1: sending frame failed (-49) 14:42:07 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5450, &(0x7f00000001c0)=0x1000000000033) [ 773.089205] Bluetooth: hci0: Frame reassembly failed (-84) [ 773.099401] Bluetooth: hci0: Frame reassembly failed (-84) 14:42:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0xfdfdffff00000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0xffffffff00000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 774.852465] Bluetooth: hci3: command 0x1003 tx timeout [ 774.858154] Bluetooth: hci3: sending frame failed (-49) 14:42:09 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5437, &(0x7f00000001c0)) [ 774.933031] Bluetooth: hci2: command 0x1003 tx timeout [ 774.938485] Bluetooth: hci2: sending frame failed (-49) [ 775.012642] Bluetooth: hci1: command 0x1001 tx timeout [ 775.020044] Bluetooth: hci1: sending frame failed (-49) [ 775.031919] Bluetooth: hci4: Frame reassembly failed (-84) [ 775.040249] Bluetooth: hci4: Frame reassembly failed (-84) 14:42:09 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0xe}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 775.092539] Bluetooth: hci0: command 0x1003 tx timeout [ 775.098689] Bluetooth: hci0: sending frame failed (-49) 14:42:10 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x3e}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 776.932581] Bluetooth: hci3: command 0x1001 tx timeout [ 776.940607] Bluetooth: hci3: sending frame failed (-49) [ 777.022537] Bluetooth: hci2: command 0x1001 tx timeout [ 777.028145] Bluetooth: hci2: sending frame failed (-49) [ 777.092652] Bluetooth: hci4: command 0x1003 tx timeout [ 777.098216] Bluetooth: hci4: sending frame failed (-49) [ 777.102472] Bluetooth: hci1: command 0x1009 tx timeout [ 777.172479] Bluetooth: hci0: command 0x1001 tx timeout [ 777.178045] Bluetooth: hci0: sending frame failed (-49) [ 779.012506] Bluetooth: hci3: command 0x1009 tx timeout [ 779.092501] Bluetooth: hci2: command 0x1009 tx timeout [ 779.172638] Bluetooth: hci4: command 0x1001 tx timeout [ 779.178076] Bluetooth: hci4: sending frame failed (-49) [ 779.252526] Bluetooth: hci0: command 0x1009 tx timeout [ 781.252671] Bluetooth: hci4: command 0x1009 tx timeout 14:42:15 executing program 0 (fault-call:2 fault-nth:41): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:42:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0xe00}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 781.388496] FAULT_INJECTION: forcing a failure. [ 781.388496] name failslab, interval 1, probability 0, space 0, times 0 [ 781.400543] CPU: 0 PID: 11733 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 781.407588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.416980] Call Trace: [ 781.419600] dump_stack+0x172/0x1f0 [ 781.423265] should_fail.cold+0xa/0x1b [ 781.427182] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 781.432309] ? lock_downgrade+0x810/0x810 [ 781.436480] ? ___might_sleep+0x163/0x280 [ 781.440674] __should_failslab+0x121/0x190 [ 781.444930] should_failslab+0x9/0x14 [ 781.448749] __kmalloc_track_caller+0x2de/0x750 [ 781.453431] ? console_unlock+0x6ed/0x10b0 [ 781.457779] ? find_held_lock+0x35/0x130 [ 781.461869] ? kstrdup_const+0x66/0x80 [ 781.465778] kstrdup+0x3a/0x70 [ 781.468988] kstrdup_const+0x66/0x80 [ 781.472730] __kernfs_new_node+0xb0/0x680 [ 781.476992] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 781.481786] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 781.487352] ? irq_work_claim+0x98/0xc0 [ 781.491385] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 781.496978] ? irq_work_queue+0x30/0x90 [ 781.500985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.506545] ? wake_up_klogd+0x99/0xd0 [ 781.510467] kernfs_new_node+0x99/0x130 [ 781.514476] kernfs_create_dir_ns+0x52/0x160 [ 781.518907] sysfs_create_dir_ns+0x131/0x290 [ 781.523338] ? sysfs_create_mount_point+0xa0/0xa0 [ 781.528225] kobject_add_internal.cold+0xe5/0x5d1 [ 781.533109] kobject_add+0x150/0x1c0 [ 781.536854] ? kset_create_and_add+0x1a0/0x1a0 [ 781.541473] ? __lockdep_init_map+0x10c/0x5b0 [ 781.545998] ? rcu_read_lock_sched_held+0x110/0x130 [ 781.551048] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 781.557134] device_add+0x3cc/0x1760 [ 781.560913] ? get_device_parent.isra.0+0x570/0x570 [ 781.566054] rfkill_register+0x1bf/0xb50 [ 781.570150] hci_register_dev+0x385/0x880 [ 781.574350] hci_uart_tty_ioctl+0x761/0xaf0 [ 781.578690] tty_ioctl+0x8b5/0x1510 [ 781.582356] ? hci_uart_init_work+0x140/0x140 [ 781.586875] ? tty_vhangup+0x30/0x30 [ 781.590605] ? mark_held_locks+0x100/0x100 [ 781.594865] ? proc_cwd_link+0x1d0/0x1d0 [ 781.598957] ? mlx4_ib_modify_qp+0x1490/0x1670 [ 781.603570] ? __fget+0x340/0x540 [ 781.607043] ? ___might_sleep+0x163/0x280 [ 781.611232] ? __might_sleep+0x95/0x190 [ 781.615222] ? tty_vhangup+0x30/0x30 [ 781.618993] do_vfs_ioctl+0xd5f/0x1380 [ 781.622901] ? selinux_file_ioctl+0x46f/0x5e0 [ 781.627423] ? selinux_file_ioctl+0x125/0x5e0 [ 781.632079] ? ioctl_preallocate+0x210/0x210 [ 781.636512] ? selinux_file_mprotect+0x620/0x620 [ 781.641304] ? iterate_fd+0x360/0x360 [ 781.645142] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 781.650712] ? fput+0x128/0x1a0 [ 781.654025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.659581] ? security_file_ioctl+0x8d/0xc0 [ 781.664013] ksys_ioctl+0xab/0xd0 [ 781.667489] __x64_sys_ioctl+0x73/0xb0 [ 781.671400] do_syscall_64+0xfd/0x620 [ 781.675243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 781.680459] RIP: 0033:0x459519 [ 781.683698] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 781.702625] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 781.710455] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 781.717849] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 781.725220] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 781.732508] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 781.739798] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 781.750607] kobject_add_internal failed for rfkill183 (error: -12 parent: hci1) [ 781.759613] Bluetooth: hci1: Frame reassembly failed (-84) 14:42:16 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x3e00}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:17 executing program 5 (fault-call:2 fault-nth:43): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:42:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x3f00}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5437, &(0x7f00000001c0)=0x1000000000033) 14:42:17 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5451, &(0x7f00000001c0)=0x1000000000033) [ 783.326030] Bluetooth: hci0: Frame reassembly failed (-84) [ 783.356275] FAULT_INJECTION: forcing a failure. [ 783.356275] name failslab, interval 1, probability 0, space 0, times 0 [ 783.376145] Bluetooth: hci2: Frame reassembly failed (-84) [ 783.376425] CPU: 0 PID: 11751 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 783.388964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.398423] Call Trace: [ 783.401089] dump_stack+0x172/0x1f0 [ 783.404745] should_fail.cold+0xa/0x1b [ 783.408661] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 783.413792] ? lock_downgrade+0x810/0x810 [ 783.417958] ? ___might_sleep+0x163/0x280 [ 783.422133] __should_failslab+0x121/0x190 [ 783.426386] should_failslab+0x9/0x14 [ 783.430206] kmem_cache_alloc+0x2ae/0x700 [ 783.434373] ? memcpy+0x46/0x50 [ 783.437670] ? kstrdup+0x5a/0x70 [ 783.441064] __kernfs_new_node+0xef/0x680 [ 783.445239] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 783.450029] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 783.455589] ? irq_work_claim+0x98/0xc0 [ 783.459593] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 783.465148] ? irq_work_queue+0x30/0x90 [ 783.469146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.474703] ? wake_up_klogd+0x99/0xd0 [ 783.478631] kernfs_new_node+0x99/0x130 [ 783.482642] kernfs_create_dir_ns+0x52/0x160 [ 783.487606] sysfs_create_dir_ns+0x131/0x290 [ 783.492049] ? sysfs_create_mount_point+0xa0/0xa0 [ 783.496943] kobject_add_internal.cold+0xe5/0x5d1 [ 783.501836] kobject_add+0x150/0x1c0 [ 783.505572] ? kset_create_and_add+0x1a0/0x1a0 [ 783.510181] ? __lockdep_init_map+0x10c/0x5b0 [ 783.514782] ? rcu_read_lock_sched_held+0x110/0x130 [ 783.519832] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 783.525405] device_add+0x3cc/0x1760 [ 783.529169] ? get_device_parent.isra.0+0x570/0x570 [ 783.534218] rfkill_register+0x1bf/0xb50 [ 783.538299] hci_register_dev+0x385/0x880 [ 783.542485] hci_uart_tty_ioctl+0x761/0xaf0 [ 783.546834] tty_ioctl+0x8b5/0x1510 [ 783.550477] ? hci_uart_init_work+0x140/0x140 [ 783.554988] ? tty_vhangup+0x30/0x30 [ 783.558720] ? mark_held_locks+0x100/0x100 [ 783.562976] ? proc_cwd_link+0x1d0/0x1d0 [ 783.567064] ? __fget+0x340/0x540 [ 783.570533] ? ___might_sleep+0x163/0x280 [ 783.574702] ? __might_sleep+0x95/0x190 [ 783.578697] ? tty_vhangup+0x30/0x30 [ 783.582474] do_vfs_ioctl+0xd5f/0x1380 [ 783.586385] ? selinux_file_ioctl+0x46f/0x5e0 [ 783.590905] ? selinux_file_ioctl+0x125/0x5e0 [ 783.595423] ? ioctl_preallocate+0x210/0x210 [ 783.599856] ? selinux_file_mprotect+0x620/0x620 [ 783.604656] ? iterate_fd+0x360/0x360 [ 783.608481] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 783.614036] ? fput+0x128/0x1a0 [ 783.617346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.622907] ? security_file_ioctl+0x8d/0xc0 [ 783.627346] ksys_ioctl+0xab/0xd0 [ 783.630820] __x64_sys_ioctl+0x73/0xb0 [ 783.634735] do_syscall_64+0xfd/0x620 [ 783.638571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 783.643863] RIP: 0033:0x459519 [ 783.647083] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 783.666180] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 783.674108] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 783.681599] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 783.688964] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 783.696341] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 783.703625] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 783.712239] kobject_add_internal failed for rfkill186 (error: -12 parent: hci3) [ 783.720587] Bluetooth: hci3: Frame reassembly failed (-84) [ 783.812877] Bluetooth: hci1: command 0x1003 tx timeout [ 783.818643] Bluetooth: hci1: sending frame failed (-49) 14:42:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x4000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x1000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x543e, &(0x7f00000001c0)) [ 785.259393] Bluetooth: hci4: Frame reassembly failed (-84) [ 785.332506] Bluetooth: hci0: command 0x1003 tx timeout [ 785.338059] Bluetooth: hci0: sending frame failed (-49) [ 785.412485] Bluetooth: hci2: command 0x1003 tx timeout [ 785.417906] Bluetooth: hci2: sending frame failed (-49) [ 785.732563] Bluetooth: hci3: command 0x1003 tx timeout [ 785.738284] Bluetooth: hci3: sending frame failed (-49) [ 785.892889] Bluetooth: hci1: command 0x1001 tx timeout [ 785.898567] Bluetooth: hci1: sending frame failed (-49) 14:42:20 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0xe000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x3e000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 787.332488] Bluetooth: hci4: command 0x1003 tx timeout [ 787.338160] Bluetooth: hci4: sending frame failed (-49) [ 787.412509] Bluetooth: hci0: command 0x1001 tx timeout [ 787.418175] Bluetooth: hci0: sending frame failed (-49) [ 787.492651] Bluetooth: hci2: command 0x1001 tx timeout [ 787.498328] Bluetooth: hci2: sending frame failed (-49) [ 787.812496] Bluetooth: hci3: command 0x1001 tx timeout [ 787.818100] Bluetooth: hci3: sending frame failed (-49) [ 787.972874] Bluetooth: hci1: command 0x1009 tx timeout [ 789.412512] Bluetooth: hci4: command 0x1001 tx timeout [ 789.417953] Bluetooth: hci4: sending frame failed (-49) [ 789.492485] Bluetooth: hci0: command 0x1009 tx timeout [ 789.572648] Bluetooth: hci2: command 0x1009 tx timeout [ 789.892474] Bluetooth: hci3: command 0x1009 tx timeout [ 791.492473] Bluetooth: hci4: command 0x1009 tx timeout 14:42:26 executing program 0 (fault-call:2 fault-nth:42): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:42:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x3f000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 792.291191] FAULT_INJECTION: forcing a failure. [ 792.291191] name failslab, interval 1, probability 0, space 0, times 0 [ 792.309270] CPU: 1 PID: 11793 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 792.316368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.325790] Call Trace: [ 792.328438] dump_stack+0x172/0x1f0 [ 792.332136] should_fail.cold+0xa/0x1b [ 792.336083] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 792.341240] ? lock_downgrade+0x810/0x810 [ 792.345439] ? ___might_sleep+0x163/0x280 [ 792.349641] __should_failslab+0x121/0x190 [ 792.353924] should_failslab+0x9/0x14 [ 792.357774] kmem_cache_alloc+0x2ae/0x700 [ 792.361971] ? kasan_check_write+0x14/0x20 [ 792.366248] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 792.371168] __kernfs_new_node+0xef/0x680 [ 792.375370] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 792.380170] ? mutex_unlock+0xd/0x10 [ 792.383924] ? kernfs_activate+0x192/0x1f0 [ 792.388208] ? kernfs_add_one+0x131/0x4d0 [ 792.392400] kernfs_new_node+0x99/0x130 [ 792.396431] __kernfs_create_file+0x51/0x340 [ 792.400888] sysfs_add_file_mode_ns+0x222/0x560 [ 792.405615] sysfs_create_file_ns+0x13a/0x1c0 [ 792.410148] ? sysfs_add_file_mode_ns+0x560/0x560 [ 792.415038] ? up_read+0x1a/0x110 [ 792.418540] device_create_file+0xfa/0x1e0 [ 792.422818] ? acpi_bind_one+0x830/0x830 [ 792.426924] device_add+0x411/0x1760 [ 792.430703] ? get_device_parent.isra.0+0x570/0x570 [ 792.435781] rfkill_register+0x1bf/0xb50 [ 792.439887] hci_register_dev+0x385/0x880 [ 792.444086] hci_uart_tty_ioctl+0x761/0xaf0 [ 792.448539] tty_ioctl+0x8b5/0x1510 [ 792.452205] ? hci_uart_init_work+0x140/0x140 [ 792.456735] ? tty_vhangup+0x30/0x30 [ 792.460501] ? mark_held_locks+0x100/0x100 [ 792.464767] ? proc_cwd_link+0x1d0/0x1d0 [ 792.468869] ? __fget+0x340/0x540 [ 792.472349] ? ___might_sleep+0x163/0x280 [ 792.476625] ? __might_sleep+0x95/0x190 [ 792.480623] ? tty_vhangup+0x30/0x30 [ 792.484455] do_vfs_ioctl+0xd5f/0x1380 [ 792.488371] ? selinux_file_ioctl+0x46f/0x5e0 [ 792.492889] ? selinux_file_ioctl+0x125/0x5e0 [ 792.497411] ? ioctl_preallocate+0x210/0x210 [ 792.501844] ? selinux_file_mprotect+0x620/0x620 [ 792.506639] ? iterate_fd+0x360/0x360 [ 792.510477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 792.516049] ? fput+0x128/0x1a0 [ 792.519366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.524954] ? security_file_ioctl+0x8d/0xc0 [ 792.529394] ksys_ioctl+0xab/0xd0 [ 792.532875] __x64_sys_ioctl+0x73/0xb0 [ 792.536795] do_syscall_64+0xfd/0x620 [ 792.540625] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 792.545836] RIP: 0033:0x459519 [ 792.549050] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 792.569856] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 792.577602] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 792.585079] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 792.592551] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 792.599942] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 792.607254] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 792.625593] Bluetooth: hci1: Frame reassembly failed (-84) 14:42:27 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x40000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:28 executing program 5 (fault-call:2 fault-nth:44): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:42:28 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0xfdfdffff}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5441, &(0x7f00000001c0)=0x1000000000033) 14:42:28 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5452, &(0x7f00000001c0)=0x1000000000033) [ 794.196348] Bluetooth: hci0: Frame reassembly failed (-84) [ 794.218149] Bluetooth: hci2: Frame reassembly failed (-84) [ 794.231151] FAULT_INJECTION: forcing a failure. [ 794.231151] name failslab, interval 1, probability 0, space 0, times 0 [ 794.243213] CPU: 1 PID: 11814 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 794.250275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.259654] Call Trace: [ 794.262282] dump_stack+0x172/0x1f0 [ 794.265950] should_fail.cold+0xa/0x1b [ 794.269964] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 794.275280] ? lock_downgrade+0x810/0x810 [ 794.279449] ? ___might_sleep+0x163/0x280 [ 794.283648] __should_failslab+0x121/0x190 [ 794.287925] should_failslab+0x9/0x14 [ 794.291765] kmem_cache_alloc+0x2ae/0x700 [ 794.295950] ? kasan_check_write+0x14/0x20 [ 794.300208] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 794.305091] __kernfs_new_node+0xef/0x680 [ 794.309281] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 794.314082] ? mutex_unlock+0xd/0x10 [ 794.317829] ? kernfs_activate+0x192/0x1f0 [ 794.322092] ? kernfs_add_one+0x131/0x4d0 [ 794.326271] kernfs_new_node+0x99/0x130 [ 794.330283] __kernfs_create_file+0x51/0x340 [ 794.334730] sysfs_add_file_mode_ns+0x222/0x560 [ 794.339429] sysfs_create_file_ns+0x13a/0x1c0 [ 794.343954] ? sysfs_add_file_mode_ns+0x560/0x560 [ 794.348824] ? up_read+0x1a/0x110 [ 794.352303] device_create_file+0xfa/0x1e0 [ 794.356563] ? acpi_bind_one+0x830/0x830 [ 794.360650] device_add+0x411/0x1760 [ 794.364392] ? get_device_parent.isra.0+0x570/0x570 [ 794.369444] rfkill_register+0x1bf/0xb50 [ 794.373538] hci_register_dev+0x385/0x880 [ 794.377715] hci_uart_tty_ioctl+0x761/0xaf0 [ 794.382065] tty_ioctl+0x8b5/0x1510 [ 794.385738] ? hci_uart_init_work+0x140/0x140 [ 794.390254] ? tty_vhangup+0x30/0x30 [ 794.393995] ? mark_held_locks+0x100/0x100 [ 794.398259] ? proc_cwd_link+0x1d0/0x1d0 [ 794.402445] ? __fget+0x340/0x540 [ 794.405943] ? ___might_sleep+0x163/0x280 [ 794.410123] ? __might_sleep+0x95/0x190 [ 794.414130] ? tty_vhangup+0x30/0x30 [ 794.417872] do_vfs_ioctl+0xd5f/0x1380 [ 794.421782] ? selinux_file_ioctl+0x46f/0x5e0 [ 794.426341] ? selinux_file_ioctl+0x125/0x5e0 [ 794.430863] ? ioctl_preallocate+0x210/0x210 [ 794.435291] ? selinux_file_mprotect+0x620/0x620 [ 794.440088] ? iterate_fd+0x360/0x360 [ 794.443914] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 794.449477] ? fput+0x128/0x1a0 [ 794.452794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.458356] ? security_file_ioctl+0x8d/0xc0 [ 794.462831] ksys_ioctl+0xab/0xd0 [ 794.466302] __x64_sys_ioctl+0x73/0xb0 [ 794.470215] do_syscall_64+0xfd/0x620 [ 794.474048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.479256] RIP: 0033:0x459519 [ 794.482470] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 794.501488] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 794.509243] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 794.516544] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 794.523923] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 794.531218] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 794.538508] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 794.549414] Bluetooth: hci3: Frame reassembly failed (-84) [ 794.702527] Bluetooth: hci1: command 0x1003 tx timeout [ 794.707953] Bluetooth: hci1: sending frame failed (-49) 14:42:29 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0xfffffdfd}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5441, &(0x7f00000001c0)) [ 795.452319] Bluetooth: hci4: Frame reassembly failed (-84) [ 795.458547] Bluetooth: hci4: Frame reassembly failed (-84) 14:42:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x100000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 796.222559] Bluetooth: hci0: command 0x1003 tx timeout [ 796.228278] Bluetooth: hci0: sending frame failed (-49) [ 796.292725] Bluetooth: hci2: command 0x1003 tx timeout [ 796.298517] Bluetooth: hci2: sending frame failed (-49) [ 796.612493] Bluetooth: hci3: command 0x1003 tx timeout [ 796.617941] Bluetooth: hci3: sending frame failed (-49) [ 796.772549] Bluetooth: hci1: command 0x1001 tx timeout [ 796.778237] Bluetooth: hci1: sending frame failed (-49) 14:42:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0xe00000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 797.492531] Bluetooth: hci4: command 0x1003 tx timeout [ 797.498137] Bluetooth: hci4: sending frame failed (-49) 14:42:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x3e00000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 798.292515] Bluetooth: hci0: command 0x1001 tx timeout [ 798.298135] Bluetooth: hci0: sending frame failed (-49) [ 798.372670] Bluetooth: hci2: command 0x1001 tx timeout [ 798.378329] Bluetooth: hci2: sending frame failed (-49) [ 798.692636] Bluetooth: hci3: command 0x1001 tx timeout [ 798.698069] Bluetooth: hci3: sending frame failed (-49) [ 798.852544] Bluetooth: hci1: command 0x1009 tx timeout [ 799.572525] Bluetooth: hci4: command 0x1001 tx timeout [ 799.579476] Bluetooth: hci4: sending frame failed (-49) [ 800.372505] Bluetooth: hci0: command 0x1009 tx timeout [ 800.452717] Bluetooth: hci2: command 0x1009 tx timeout [ 800.772574] Bluetooth: hci3: command 0x1009 tx timeout [ 801.652491] Bluetooth: hci4: command 0x1009 tx timeout 14:42:37 executing program 0 (fault-call:2 fault-nth:43): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:42:37 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x3f00000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 803.141052] FAULT_INJECTION: forcing a failure. [ 803.141052] name failslab, interval 1, probability 0, space 0, times 0 [ 803.153102] CPU: 1 PID: 11852 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 803.160151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.169542] Call Trace: [ 803.172172] dump_stack+0x172/0x1f0 [ 803.175878] should_fail.cold+0xa/0x1b [ 803.179796] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 803.184943] ? lock_downgrade+0x810/0x810 [ 803.189122] ? ___might_sleep+0x163/0x280 [ 803.193304] __should_failslab+0x121/0x190 [ 803.197571] should_failslab+0x9/0x14 [ 803.201433] kmem_cache_alloc+0x2ae/0x700 [ 803.205610] ? kasan_check_write+0x14/0x20 [ 803.209883] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 803.214774] __kernfs_new_node+0xef/0x680 [ 803.218961] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 803.223748] ? mutex_unlock+0xd/0x10 [ 803.227484] ? kernfs_activate+0x192/0x1f0 [ 803.231758] ? kernfs_add_one+0x131/0x4d0 [ 803.235952] kernfs_new_node+0x99/0x130 [ 803.239965] __kernfs_create_file+0x51/0x340 [ 803.244400] sysfs_add_file_mode_ns+0x222/0x560 [ 803.249116] sysfs_create_file_ns+0x13a/0x1c0 [ 803.253638] ? sysfs_add_file_mode_ns+0x560/0x560 [ 803.258515] ? up_read+0x1a/0x110 [ 803.262008] device_create_file+0xfa/0x1e0 [ 803.266265] ? acpi_bind_one+0x830/0x830 [ 803.270349] device_add+0x411/0x1760 [ 803.274093] ? get_device_parent.isra.0+0x570/0x570 [ 803.279257] rfkill_register+0x1bf/0xb50 [ 803.283347] hci_register_dev+0x385/0x880 [ 803.287530] hci_uart_tty_ioctl+0x761/0xaf0 [ 803.291884] tty_ioctl+0x8b5/0x1510 [ 803.295532] ? hci_uart_init_work+0x140/0x140 [ 803.300046] ? tty_vhangup+0x30/0x30 [ 803.303802] ? mark_held_locks+0x100/0x100 [ 803.308056] ? proc_cwd_link+0x1d0/0x1d0 [ 803.312152] ? __fget+0x340/0x540 [ 803.315629] ? ___might_sleep+0x163/0x280 [ 803.319802] ? __might_sleep+0x95/0x190 [ 803.323798] ? tty_vhangup+0x30/0x30 [ 803.327561] do_vfs_ioctl+0xd5f/0x1380 [ 803.331480] ? selinux_file_ioctl+0x46f/0x5e0 [ 803.336012] ? selinux_file_ioctl+0x125/0x5e0 [ 803.340562] ? ioctl_preallocate+0x210/0x210 [ 803.345022] ? selinux_file_mprotect+0x620/0x620 [ 803.349809] ? iterate_fd+0x360/0x360 [ 803.353642] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 803.359198] ? fput+0x128/0x1a0 [ 803.362595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.368158] ? security_file_ioctl+0x8d/0xc0 [ 803.372590] ksys_ioctl+0xab/0xd0 [ 803.376064] __x64_sys_ioctl+0x73/0xb0 [ 803.380070] do_syscall_64+0xfd/0x620 [ 803.383897] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.389108] RIP: 0033:0x459519 [ 803.392323] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 803.411256] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 803.419006] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 803.426305] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 803.433600] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 803.440898] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 803.449277] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 803.465680] Bluetooth: hci1: Frame reassembly failed (-84) 14:42:38 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0x4000000000000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:39 executing program 5 (fault-call:2 fault-nth:45): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:42:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x545d, &(0x7f00000001c0)=0x1000000000033) 14:42:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5450, &(0x7f00000001c0)=0x1000000000033) 14:42:39 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0xfdfdffff00000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 805.064864] Bluetooth: hci0: Frame reassembly failed (-84) [ 805.084680] Bluetooth: hci2: Frame reassembly failed (-84) [ 805.105524] FAULT_INJECTION: forcing a failure. [ 805.105524] name failslab, interval 1, probability 0, space 0, times 0 [ 805.117412] CPU: 0 PID: 11872 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 805.124467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.133834] Call Trace: [ 805.136477] dump_stack+0x172/0x1f0 [ 805.140155] should_fail.cold+0xa/0x1b [ 805.144064] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 805.149188] ? lock_downgrade+0x810/0x810 [ 805.153359] ? ___might_sleep+0x163/0x280 [ 805.158402] __should_failslab+0x121/0x190 [ 805.162660] should_failslab+0x9/0x14 [ 805.166476] kmem_cache_alloc+0x2ae/0x700 [ 805.170642] ? memcpy+0x46/0x50 [ 805.173938] ? kstrdup+0x5a/0x70 [ 805.177331] __kernfs_new_node+0xef/0x680 [ 805.181584] ? mark_held_locks+0x100/0x100 [ 805.185846] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 805.190631] ? wait_for_completion+0x440/0x440 [ 805.195251] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 805.200715] ? find_held_lock+0x35/0x130 [ 805.204796] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 805.210281] ? kernfs_activate+0x192/0x1f0 [ 805.214539] kernfs_new_node+0x99/0x130 [ 805.218535] kernfs_create_link+0xdd/0x250 [ 805.222797] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 805.228095] sysfs_create_link+0x65/0xc0 [ 805.232180] device_add+0x7ce/0x1760 [ 805.235921] ? get_device_parent.isra.0+0x570/0x570 [ 805.240999] rfkill_register+0x1bf/0xb50 [ 805.245090] hci_register_dev+0x385/0x880 [ 805.249267] hci_uart_tty_ioctl+0x761/0xaf0 [ 805.253615] tty_ioctl+0x8b5/0x1510 [ 805.257256] ? hci_uart_init_work+0x140/0x140 [ 805.261765] ? tty_vhangup+0x30/0x30 [ 805.265525] ? mark_held_locks+0x100/0x100 [ 805.269784] ? proc_cwd_link+0x1d0/0x1d0 [ 805.273875] ? __fget+0x340/0x540 [ 805.277340] ? ___might_sleep+0x163/0x280 [ 805.281510] ? __might_sleep+0x95/0x190 [ 805.285529] ? tty_vhangup+0x30/0x30 [ 805.289268] do_vfs_ioctl+0xd5f/0x1380 [ 805.293172] ? selinux_file_ioctl+0x46f/0x5e0 [ 805.297748] ? selinux_file_ioctl+0x125/0x5e0 [ 805.302294] ? ioctl_preallocate+0x210/0x210 [ 805.306725] ? selinux_file_mprotect+0x620/0x620 [ 805.311510] ? iterate_fd+0x360/0x360 [ 805.315334] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 805.320883] ? fput+0x128/0x1a0 [ 805.324190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.329741] ? security_file_ioctl+0x8d/0xc0 [ 805.334169] ksys_ioctl+0xab/0xd0 [ 805.337649] __x64_sys_ioctl+0x73/0xb0 [ 805.341564] do_syscall_64+0xfd/0x620 [ 805.345388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.350588] RIP: 0033:0x459519 [ 805.353796] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 805.372714] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 805.380459] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 805.389150] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 805.396624] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 805.403919] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 805.411212] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 805.421154] Bluetooth: hci3: Frame reassembly failed (-84) [ 805.427737] Bluetooth: hci3: Frame reassembly failed (-84) [ 805.492538] Bluetooth: hci1: command 0x1003 tx timeout [ 805.498325] Bluetooth: hci1: sending frame failed (-49) 14:42:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5450, &(0x7f00000001c0)) [ 805.707274] Bluetooth: hci4: Frame reassembly failed (-84) 14:42:40 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {0x0, 0xffffffff00000000}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:41 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0xe}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 807.092459] Bluetooth: hci2: command 0x1003 tx timeout [ 807.097826] Bluetooth: hci0: command 0x1003 tx timeout [ 807.097868] Bluetooth: hci2: sending frame failed (-49) [ 807.112616] Bluetooth: hci0: sending frame failed (-49) [ 807.492643] Bluetooth: hci3: command 0x1003 tx timeout [ 807.498352] Bluetooth: hci3: sending frame failed (-49) [ 807.572517] Bluetooth: hci1: command 0x1001 tx timeout [ 807.578244] Bluetooth: hci1: sending frame failed (-49) [ 807.732468] Bluetooth: hci4: command 0x1003 tx timeout [ 807.738223] Bluetooth: hci4: sending frame failed (-49) 14:42:41 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x3e}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0xe00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 809.172503] Bluetooth: hci0: command 0x1001 tx timeout [ 809.178109] Bluetooth: hci0: sending frame failed (-49) [ 809.184135] Bluetooth: hci2: command 0x1001 tx timeout [ 809.195253] Bluetooth: hci2: sending frame failed (-49) [ 809.572529] Bluetooth: hci3: command 0x1001 tx timeout [ 809.602816] Bluetooth: hci3: sending frame failed (-49) [ 809.652586] Bluetooth: hci1: command 0x1009 tx timeout [ 809.812499] Bluetooth: hci4: command 0x1001 tx timeout [ 809.818042] Bluetooth: hci4: sending frame failed (-49) [ 811.252475] Bluetooth: hci2: command 0x1009 tx timeout [ 811.258157] Bluetooth: hci0: command 0x1009 tx timeout [ 811.652503] Bluetooth: hci3: command 0x1009 tx timeout [ 811.892481] Bluetooth: hci4: command 0x1009 tx timeout 14:42:48 executing program 0 (fault-call:2 fault-nth:44): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:42:48 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x3e00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 814.027213] FAULT_INJECTION: forcing a failure. [ 814.027213] name failslab, interval 1, probability 0, space 0, times 0 [ 814.039127] CPU: 1 PID: 11911 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 814.046189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.055573] Call Trace: [ 814.058201] dump_stack+0x172/0x1f0 [ 814.061866] should_fail.cold+0xa/0x1b [ 814.065791] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 814.071019] ? lock_downgrade+0x810/0x810 [ 814.075213] ? ___might_sleep+0x163/0x280 [ 814.079389] __should_failslab+0x121/0x190 [ 814.083646] should_failslab+0x9/0x14 [ 814.087461] kmem_cache_alloc+0x2ae/0x700 [ 814.091628] ? lock_downgrade+0x810/0x810 [ 814.095798] ? kasan_check_read+0x11/0x20 [ 814.099981] __kernfs_new_node+0xef/0x680 [ 814.104161] ? mark_held_locks+0x100/0x100 [ 814.108419] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 814.113196] ? wait_for_completion+0x440/0x440 [ 814.117883] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 814.123443] ? find_held_lock+0x35/0x130 [ 814.127526] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 814.133004] ? kernfs_activate+0x192/0x1f0 [ 814.137266] kernfs_new_node+0x99/0x130 [ 814.141265] kernfs_create_link+0xdd/0x250 [ 814.145522] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 814.150819] sysfs_create_link+0x65/0xc0 [ 814.154905] device_add+0x536/0x1760 [ 814.158649] ? get_device_parent.isra.0+0x570/0x570 [ 814.163705] rfkill_register+0x1bf/0xb50 [ 814.167795] hci_register_dev+0x385/0x880 [ 814.171992] hci_uart_tty_ioctl+0x761/0xaf0 [ 814.176337] tty_ioctl+0x8b5/0x1510 [ 814.180071] ? hci_uart_init_work+0x140/0x140 [ 814.184590] ? tty_vhangup+0x30/0x30 [ 814.188321] ? mark_held_locks+0x100/0x100 [ 814.192568] ? proc_cwd_link+0x1d0/0x1d0 [ 814.196665] ? __fget+0x340/0x540 [ 814.200150] ? ___might_sleep+0x163/0x280 [ 814.204316] ? __might_sleep+0x95/0x190 [ 814.208306] ? tty_vhangup+0x30/0x30 [ 814.212074] do_vfs_ioctl+0xd5f/0x1380 [ 814.215989] ? selinux_file_ioctl+0x46f/0x5e0 [ 814.220546] ? selinux_file_ioctl+0x125/0x5e0 [ 814.225073] ? ioctl_preallocate+0x210/0x210 [ 814.229496] ? selinux_file_mprotect+0x620/0x620 [ 814.234288] ? iterate_fd+0x360/0x360 [ 814.238109] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 814.243661] ? fput+0x128/0x1a0 [ 814.246976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.252530] ? security_file_ioctl+0x8d/0xc0 [ 814.256966] ksys_ioctl+0xab/0xd0 [ 814.260452] __x64_sys_ioctl+0x73/0xb0 [ 814.264365] do_syscall_64+0xfd/0x620 [ 814.268188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.273476] RIP: 0033:0x459519 [ 814.276689] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 814.295610] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 814.303432] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 814.310715] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 814.318007] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 814.325302] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 814.332588] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 814.342301] Bluetooth: hci1: Frame reassembly failed (-84) 14:42:49 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x3f00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:50 executing program 5 (fault-call:2 fault-nth:46): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:42:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5460, &(0x7f00000001c0)=0x1000000000033) 14:42:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5451, &(0x7f00000001c0)=0x1000000000033) 14:42:50 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x4000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5451, &(0x7f00000001c0)) [ 815.974290] Bluetooth: hci0: Frame reassembly failed (-84) [ 815.991035] Bluetooth: hci3: Frame reassembly failed (-84) [ 815.999432] FAULT_INJECTION: forcing a failure. [ 815.999432] name failslab, interval 1, probability 0, space 0, times 0 [ 816.011042] CPU: 1 PID: 11932 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 816.018079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.027442] Call Trace: [ 816.030062] dump_stack+0x172/0x1f0 [ 816.033890] should_fail.cold+0xa/0x1b [ 816.037803] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 816.042927] ? lock_downgrade+0x810/0x810 [ 816.047100] ? ___might_sleep+0x163/0x280 [ 816.051277] __should_failslab+0x121/0x190 [ 816.055538] should_failslab+0x9/0x14 [ 816.059354] kmem_cache_alloc+0x2ae/0x700 [ 816.063522] ? kasan_check_write+0x14/0x20 [ 816.067793] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 816.072664] __kernfs_new_node+0xef/0x680 [ 816.076842] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 816.081621] ? mutex_unlock+0xd/0x10 [ 816.085354] ? kernfs_activate+0x192/0x1f0 [ 816.089608] ? kernfs_add_one+0x131/0x4d0 [ 816.093829] kernfs_new_node+0x99/0x130 [ 816.097832] __kernfs_create_file+0x51/0x340 [ 816.102347] sysfs_add_file_mode_ns+0x222/0x560 [ 816.107216] sysfs_create_file_ns+0x13a/0x1c0 [ 816.111733] ? sysfs_add_file_mode_ns+0x560/0x560 [ 816.116602] ? up_read+0x1a/0x110 [ 816.120081] device_create_file+0xfa/0x1e0 [ 816.124335] ? acpi_bind_one+0x830/0x830 [ 816.128419] device_add+0x411/0x1760 [ 816.132177] ? get_device_parent.isra.0+0x570/0x570 [ 816.137228] rfkill_register+0x1bf/0xb50 [ 816.141316] hci_register_dev+0x385/0x880 [ 816.145500] hci_uart_tty_ioctl+0x761/0xaf0 [ 816.149847] tty_ioctl+0x8b5/0x1510 [ 816.153495] ? hci_uart_init_work+0x140/0x140 [ 816.158011] ? tty_vhangup+0x30/0x30 [ 816.162008] ? mark_held_locks+0x100/0x100 [ 816.166272] ? proc_cwd_link+0x1d0/0x1d0 [ 816.170450] ? __fget+0x340/0x540 [ 816.173929] ? ___might_sleep+0x163/0x280 [ 816.178109] ? __might_sleep+0x95/0x190 [ 816.182108] ? tty_vhangup+0x30/0x30 [ 816.185852] do_vfs_ioctl+0xd5f/0x1380 [ 816.189786] ? selinux_file_ioctl+0x46f/0x5e0 [ 816.194317] ? selinux_file_ioctl+0x125/0x5e0 [ 816.198846] ? ioctl_preallocate+0x210/0x210 [ 816.203280] ? selinux_file_mprotect+0x620/0x620 [ 816.209643] ? iterate_fd+0x360/0x360 [ 816.213474] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 816.219054] ? fput+0x128/0x1a0 [ 816.222362] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.227919] ? security_file_ioctl+0x8d/0xc0 [ 816.232362] ksys_ioctl+0xab/0xd0 [ 816.235842] __x64_sys_ioctl+0x73/0xb0 [ 816.239762] do_syscall_64+0xfd/0x620 [ 816.243772] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.248982] RIP: 0033:0x459519 [ 816.252192] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 816.272097] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 816.280014] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 816.287393] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 816.294691] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 816.301981] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 816.309273] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 816.320562] Bluetooth: hci4: Frame reassembly failed (-84) [ 816.372706] Bluetooth: hci1: command 0x1003 tx timeout [ 816.378427] Bluetooth: hci1: sending frame failed (-49) 14:42:50 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x1000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:51 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0xe000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 818.052478] Bluetooth: hci3: command 0x1003 tx timeout [ 818.057835] Bluetooth: hci2: command 0x1003 tx timeout [ 818.057896] Bluetooth: hci3: sending frame failed (-49) [ 818.072480] Bluetooth: hci0: command 0x1003 tx timeout [ 818.072532] Bluetooth: hci2: sending frame failed (-49) [ 818.077876] Bluetooth: hci0: sending frame failed (-49) [ 818.372513] Bluetooth: hci4: command 0x1003 tx timeout [ 818.378252] Bluetooth: hci4: sending frame failed (-49) [ 818.452565] Bluetooth: hci1: command 0x1001 tx timeout [ 818.458352] Bluetooth: hci1: sending frame failed (-49) 14:42:52 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x3e000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:42:53 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x3f000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 820.132463] Bluetooth: hci0: command 0x1001 tx timeout [ 820.132506] Bluetooth: hci2: command 0x1001 tx timeout [ 820.137870] Bluetooth: hci0: sending frame failed (-49) [ 820.148925] Bluetooth: hci3: command 0x1001 tx timeout [ 820.148953] Bluetooth: hci2: sending frame failed (-49) [ 820.155831] Bluetooth: hci3: sending frame failed (-49) [ 820.462467] Bluetooth: hci4: command 0x1001 tx timeout [ 820.467883] Bluetooth: hci4: sending frame failed (-49) [ 820.542477] Bluetooth: hci1: command 0x1009 tx timeout [ 822.212513] Bluetooth: hci3: command 0x1009 tx timeout [ 822.212520] Bluetooth: hci2: command 0x1009 tx timeout [ 822.212566] Bluetooth: hci0: command 0x1009 tx timeout [ 822.532484] Bluetooth: hci4: command 0x1009 tx timeout 14:42:58 executing program 0 (fault-call:2 fault-nth:45): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:42:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x40000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 824.898320] FAULT_INJECTION: forcing a failure. [ 824.898320] name failslab, interval 1, probability 0, space 0, times 0 [ 824.909910] CPU: 0 PID: 11967 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 824.916966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.926354] Call Trace: [ 824.928979] dump_stack+0x172/0x1f0 [ 824.932646] should_fail.cold+0xa/0x1b [ 824.936565] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 824.941696] ? lock_downgrade+0x810/0x810 [ 824.945868] ? ___might_sleep+0x163/0x280 [ 824.950039] __should_failslab+0x121/0x190 [ 824.954301] should_failslab+0x9/0x14 [ 824.958122] kmem_cache_alloc+0x2ae/0x700 [ 824.962293] __kernfs_new_node+0xef/0x680 [ 824.966465] ? mark_held_locks+0x100/0x100 [ 824.970751] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 824.975533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 824.981098] ? __kernfs_create_file+0x2a3/0x340 [ 824.985799] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 824.991274] ? find_held_lock+0x35/0x130 [ 824.995369] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 825.000858] kernfs_new_node+0x99/0x130 [ 825.004863] kernfs_create_link+0xdd/0x250 [ 825.009122] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 825.014422] sysfs_create_link+0x65/0xc0 [ 825.018555] device_add+0x4a7/0x1760 [ 825.022292] ? get_device_parent.isra.0+0x570/0x570 [ 825.027349] rfkill_register+0x1bf/0xb50 [ 825.031431] hci_register_dev+0x385/0x880 [ 825.035610] hci_uart_tty_ioctl+0x761/0xaf0 [ 825.039954] tty_ioctl+0x8b5/0x1510 [ 825.043595] ? hci_uart_init_work+0x140/0x140 [ 825.048107] ? tty_vhangup+0x30/0x30 [ 825.051838] ? mark_held_locks+0x100/0x100 [ 825.056087] ? proc_cwd_link+0x1d0/0x1d0 [ 825.060176] ? __fget+0x340/0x540 [ 825.063646] ? ___might_sleep+0x163/0x280 [ 825.067813] ? __might_sleep+0x95/0x190 [ 825.071802] ? tty_vhangup+0x30/0x30 [ 825.075996] do_vfs_ioctl+0xd5f/0x1380 [ 825.079900] ? selinux_file_ioctl+0x46f/0x5e0 [ 825.084414] ? selinux_file_ioctl+0x125/0x5e0 [ 825.088935] ? ioctl_preallocate+0x210/0x210 [ 825.093359] ? selinux_file_mprotect+0x620/0x620 [ 825.098138] ? iterate_fd+0x360/0x360 [ 825.101957] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 825.107518] ? fput+0x128/0x1a0 [ 825.110829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 825.116437] ? security_file_ioctl+0x8d/0xc0 [ 825.120872] ksys_ioctl+0xab/0xd0 [ 825.124345] __x64_sys_ioctl+0x73/0xb0 [ 825.128259] do_syscall_64+0xfd/0x620 [ 825.132078] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 825.137300] RIP: 0033:0x459519 [ 825.140504] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 825.159424] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 825.167158] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 825.174446] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 825.181730] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 825.189013] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 825.196290] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 825.205070] Bluetooth: hci1: Frame reassembly failed (-84) 14:42:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0xfdfdffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:00 executing program 5 (fault-call:2 fault-nth:47): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:43:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5452, &(0x7f00000001c0)=0x1000000000033) 14:43:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5452, &(0x7f00000001c0)) 14:43:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40049409, &(0x7f00000001c0)=0x1000000000033) 14:43:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0xfffffdfd}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 826.835571] Bluetooth: hci0: Frame reassembly failed (-84) [ 826.851717] Bluetooth: hci2: Frame reassembly failed (-84) [ 826.864513] Bluetooth: hci3: Frame reassembly failed (-84) [ 826.900490] FAULT_INJECTION: forcing a failure. [ 826.900490] name failslab, interval 1, probability 0, space 0, times 0 [ 826.914865] CPU: 1 PID: 11991 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 826.922128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 826.931497] Call Trace: [ 826.934123] dump_stack+0x172/0x1f0 [ 826.937784] should_fail.cold+0xa/0x1b [ 826.941704] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 826.946920] ? lock_downgrade+0x810/0x810 [ 826.951100] ? ___might_sleep+0x163/0x280 [ 826.955278] __should_failslab+0x121/0x190 [ 826.959532] should_failslab+0x9/0x14 [ 826.963359] kmem_cache_alloc+0x2ae/0x700 [ 826.967532] ? lock_downgrade+0x810/0x810 [ 826.971698] ? kasan_check_read+0x11/0x20 [ 826.975879] __kernfs_new_node+0xef/0x680 [ 826.980045] ? mark_held_locks+0x100/0x100 [ 826.984301] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 826.989095] ? wait_for_completion+0x440/0x440 [ 826.993719] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 826.999190] ? find_held_lock+0x35/0x130 [ 827.003272] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 827.008749] ? kernfs_activate+0x192/0x1f0 [ 827.013017] kernfs_new_node+0x99/0x130 [ 827.017018] kernfs_create_link+0xdd/0x250 [ 827.021278] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 827.026578] sysfs_create_link+0x65/0xc0 [ 827.030661] device_add+0x536/0x1760 [ 827.034408] ? get_device_parent.isra.0+0x570/0x570 [ 827.039458] rfkill_register+0x1bf/0xb50 [ 827.043556] hci_register_dev+0x385/0x880 [ 827.047742] hci_uart_tty_ioctl+0x761/0xaf0 [ 827.052101] tty_ioctl+0x8b5/0x1510 [ 827.055841] ? hci_uart_init_work+0x140/0x140 [ 827.060357] ? tty_vhangup+0x30/0x30 [ 827.064266] ? mark_held_locks+0x100/0x100 [ 827.068521] ? proc_cwd_link+0x1d0/0x1d0 [ 827.072634] ? i915_handle_error+0xd0/0xbd0 [ 827.077071] ? __fget+0x340/0x540 [ 827.080547] ? ___might_sleep+0x163/0x280 [ 827.084743] ? __might_sleep+0x95/0x190 [ 827.088742] ? tty_vhangup+0x30/0x30 [ 827.092482] do_vfs_ioctl+0xd5f/0x1380 [ 827.096391] ? selinux_file_ioctl+0x46f/0x5e0 [ 827.100906] ? selinux_file_ioctl+0x125/0x5e0 [ 827.105437] ? ioctl_preallocate+0x210/0x210 [ 827.109862] ? selinux_file_mprotect+0x620/0x620 [ 827.114648] ? iterate_fd+0x360/0x360 [ 827.118475] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 827.124030] ? fput+0x128/0x1a0 [ 827.127336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.133074] ? security_file_ioctl+0x8d/0xc0 [ 827.137593] ksys_ioctl+0xab/0xd0 [ 827.141066] __x64_sys_ioctl+0x73/0xb0 [ 827.144978] do_syscall_64+0xfd/0x620 [ 827.148803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.154438] RIP: 0033:0x459519 [ 827.157645] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 827.176591] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 827.184325] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 827.191606] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 827.198883] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 827.206168] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 827.213542] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 827.230178] Bluetooth: hci4: Frame reassembly failed (-84) [ 827.252541] Bluetooth: hci1: command 0x1003 tx timeout [ 827.258423] Bluetooth: hci1: sending frame failed (-49) 14:43:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x100000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0xe00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 828.852501] Bluetooth: hci2: command 0x1003 tx timeout [ 828.858357] Bluetooth: hci2: sending frame failed (-49) [ 828.865096] Bluetooth: hci0: command 0x1003 tx timeout [ 828.877437] Bluetooth: hci0: sending frame failed (-49) [ 828.932473] Bluetooth: hci3: command 0x1003 tx timeout [ 828.938602] Bluetooth: hci3: sending frame failed (-49) [ 829.252466] Bluetooth: hci4: command 0x1003 tx timeout [ 829.258248] Bluetooth: hci4: sending frame failed (-49) [ 829.332701] Bluetooth: hci1: command 0x1001 tx timeout [ 829.338150] Bluetooth: hci1: sending frame failed (-49) 14:43:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x3e00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x3f00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 830.932669] Bluetooth: hci0: command 0x1001 tx timeout [ 830.938109] Bluetooth: hci0: sending frame failed (-49) [ 830.944102] Bluetooth: hci2: command 0x1001 tx timeout [ 830.955340] Bluetooth: hci2: sending frame failed (-49) [ 831.012551] Bluetooth: hci3: command 0x1001 tx timeout [ 831.018126] Bluetooth: hci3: sending frame failed (-49) [ 831.332696] Bluetooth: hci4: command 0x1001 tx timeout [ 831.338138] Bluetooth: hci4: sending frame failed (-49) [ 831.412495] Bluetooth: hci1: command 0x1009 tx timeout [ 833.012497] Bluetooth: hci2: command 0x1009 tx timeout [ 833.017904] Bluetooth: hci0: command 0x1009 tx timeout [ 833.092576] Bluetooth: hci3: command 0x1009 tx timeout [ 833.412501] Bluetooth: hci4: command 0x1009 tx timeout 14:43:09 executing program 0 (fault-call:2 fault-nth:46): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:43:09 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x4000000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 835.792292] FAULT_INJECTION: forcing a failure. [ 835.792292] name failslab, interval 1, probability 0, space 0, times 0 [ 835.811916] CPU: 1 PID: 12025 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 835.818988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 835.828360] Call Trace: [ 835.830998] dump_stack+0x172/0x1f0 [ 835.834662] should_fail.cold+0xa/0x1b [ 835.838576] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 835.843718] ? lock_downgrade+0x810/0x810 [ 835.847894] ? ___might_sleep+0x163/0x280 [ 835.852069] __should_failslab+0x121/0x190 [ 835.856334] should_failslab+0x9/0x14 [ 835.860150] kmem_cache_alloc+0x2ae/0x700 [ 835.864318] ? memcpy+0x46/0x50 [ 835.867631] ? kstrdup+0x5a/0x70 [ 835.871030] __kernfs_new_node+0xef/0x680 [ 835.875216] ? mark_held_locks+0x100/0x100 [ 835.879474] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 835.884263] ? wait_for_completion+0x440/0x440 [ 835.888870] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 835.894359] ? find_held_lock+0x35/0x130 [ 835.898463] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 835.903951] ? kernfs_activate+0x192/0x1f0 [ 835.908215] kernfs_new_node+0x99/0x130 [ 835.912218] kernfs_create_link+0xdd/0x250 [ 835.916476] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 835.921800] sysfs_create_link+0x65/0xc0 [ 835.925896] device_add+0x7ce/0x1760 [ 835.929643] ? get_device_parent.isra.0+0x570/0x570 [ 835.934873] rfkill_register+0x1bf/0xb50 [ 835.938992] hci_register_dev+0x385/0x880 [ 835.943262] hci_uart_tty_ioctl+0x761/0xaf0 [ 835.947787] tty_ioctl+0x8b5/0x1510 [ 835.951444] ? hci_uart_init_work+0x140/0x140 [ 835.956078] ? tty_vhangup+0x30/0x30 [ 835.959812] ? mark_held_locks+0x100/0x100 [ 835.964077] ? proc_cwd_link+0x1d0/0x1d0 [ 835.968169] ? __fget+0x340/0x540 [ 835.971644] ? ___might_sleep+0x163/0x280 [ 835.975827] ? __might_sleep+0x95/0x190 [ 835.979825] ? tty_vhangup+0x30/0x30 [ 835.983566] do_vfs_ioctl+0xd5f/0x1380 [ 835.987564] ? selinux_file_ioctl+0x46f/0x5e0 [ 835.992082] ? selinux_file_ioctl+0x125/0x5e0 [ 835.996607] ? ioctl_preallocate+0x210/0x210 [ 836.001033] ? selinux_file_mprotect+0x620/0x620 [ 836.005828] ? iterate_fd+0x360/0x360 [ 836.009654] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 836.015321] ? fput+0x128/0x1a0 [ 836.018654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 836.024228] ? security_file_ioctl+0x8d/0xc0 [ 836.028672] ksys_ioctl+0xab/0xd0 [ 836.032235] __x64_sys_ioctl+0x73/0xb0 [ 836.036153] do_syscall_64+0xfd/0x620 [ 836.039996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 836.045297] RIP: 0033:0x459519 [ 836.048505] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 836.067703] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 836.075437] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 836.082811] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 836.090092] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 836.097374] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 836.104664] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 836.130565] Bluetooth: hci1: Frame reassembly failed (-84) 14:43:10 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0xfdfdffff00000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:11 executing program 5 (fault-call:2 fault-nth:48): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:43:11 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40086602, &(0x7f00000001c0)=0x1000000000033) 14:43:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x545d, &(0x7f00000001c0)=0x1000000000033) 14:43:11 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x545d, &(0x7f00000001c0)) 14:43:11 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0xffffffff00000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 837.710647] Bluetooth: hci0: Frame reassembly failed (-84) [ 837.731855] Bluetooth: hci2: Frame reassembly failed (-84) [ 837.744761] Bluetooth: hci3: Frame reassembly failed (-84) [ 837.773087] FAULT_INJECTION: forcing a failure. [ 837.773087] name failslab, interval 1, probability 0, space 0, times 0 [ 837.785183] CPU: 0 PID: 12048 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 837.792235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.801605] Call Trace: [ 837.804228] dump_stack+0x172/0x1f0 [ 837.807886] should_fail.cold+0xa/0x1b [ 837.811806] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 837.816934] ? lock_downgrade+0x810/0x810 [ 837.821101] ? ___might_sleep+0x163/0x280 [ 837.825276] __should_failslab+0x121/0x190 [ 837.829539] should_failslab+0x9/0x14 [ 837.833358] kmem_cache_alloc+0x2ae/0x700 [ 837.837526] ? kasan_check_write+0x14/0x20 [ 837.841784] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 837.846651] __kernfs_new_node+0xef/0x680 [ 837.850828] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 837.855699] ? mutex_unlock+0xd/0x10 [ 837.859431] ? kernfs_activate+0x192/0x1f0 [ 837.863695] ? kernfs_add_one+0x131/0x4d0 [ 837.867881] kernfs_new_node+0x99/0x130 [ 837.871972] __kernfs_create_file+0x51/0x340 [ 837.876406] sysfs_add_file_mode_ns+0x222/0x560 [ 837.881107] sysfs_create_file_ns+0x13a/0x1c0 [ 837.885626] ? sysfs_add_file_mode_ns+0x560/0x560 [ 837.890494] ? up_read+0x1a/0x110 [ 837.893974] device_create_file+0xfa/0x1e0 [ 837.898226] ? acpi_bind_one+0x830/0x830 [ 837.902307] device_add+0x411/0x1760 [ 837.906044] ? get_device_parent.isra.0+0x570/0x570 [ 837.911091] rfkill_register+0x1bf/0xb50 [ 837.915179] hci_register_dev+0x385/0x880 [ 837.919353] hci_uart_tty_ioctl+0x761/0xaf0 [ 837.923716] tty_ioctl+0x8b5/0x1510 [ 837.927361] ? hci_uart_init_work+0x140/0x140 [ 837.931880] ? tty_vhangup+0x30/0x30 [ 837.935612] ? mark_held_locks+0x100/0x100 [ 837.940039] ? proc_cwd_link+0x1d0/0x1d0 [ 837.944130] ? __fget+0x340/0x540 [ 837.947604] ? ___might_sleep+0x163/0x280 [ 837.952475] ? __might_sleep+0x95/0x190 [ 837.956474] ? tty_vhangup+0x30/0x30 [ 837.960219] do_vfs_ioctl+0xd5f/0x1380 [ 837.964128] ? selinux_file_ioctl+0x46f/0x5e0 [ 837.968641] ? selinux_file_ioctl+0x125/0x5e0 [ 837.973162] ? ioctl_preallocate+0x210/0x210 [ 837.977590] ? selinux_file_mprotect+0x620/0x620 [ 837.982378] ? iterate_fd+0x360/0x360 [ 837.986201] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 837.991758] ? fput+0x128/0x1a0 [ 837.995061] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.000634] ? security_file_ioctl+0x8d/0xc0 [ 838.005064] ksys_ioctl+0xab/0xd0 [ 838.008539] __x64_sys_ioctl+0x73/0xb0 [ 838.012463] do_syscall_64+0xfd/0x620 [ 838.016299] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.021532] RIP: 0033:0x459519 [ 838.024745] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.043755] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 838.051500] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 838.058793] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 838.066081] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 838.073365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 838.080650] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 838.142921] Bluetooth: hci1: command 0x1003 tx timeout [ 838.148828] Bluetooth: hci1: sending frame failed (-49) 14:43:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0xe}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x3e}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 839.742576] Bluetooth: hci2: command 0x1003 tx timeout [ 839.748325] Bluetooth: hci2: sending frame failed (-49) [ 839.754142] Bluetooth: hci0: command 0x1003 tx timeout [ 839.766609] Bluetooth: hci0: sending frame failed (-49) [ 839.822678] Bluetooth: hci3: command 0x1003 tx timeout [ 839.828583] Bluetooth: hci3: sending frame failed (-49) [ 840.132464] Bluetooth: hci4: command 0x1003 tx timeout [ 840.138278] Bluetooth: hci4: sending frame failed (-49) [ 840.222901] Bluetooth: hci1: command 0x1001 tx timeout [ 840.228758] Bluetooth: hci1: sending frame failed (-49) 14:43:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0xe00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x3e00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 841.812492] Bluetooth: hci0: command 0x1001 tx timeout [ 841.817912] Bluetooth: hci0: sending frame failed (-49) [ 841.823940] Bluetooth: hci2: command 0x1001 tx timeout [ 841.835063] Bluetooth: hci2: sending frame failed (-49) [ 841.892651] Bluetooth: hci3: command 0x1001 tx timeout [ 841.898203] Bluetooth: hci3: sending frame failed (-49) [ 842.212468] Bluetooth: hci4: command 0x1001 tx timeout [ 842.217879] Bluetooth: hci4: sending frame failed (-49) [ 842.292827] Bluetooth: hci1: command 0x1009 tx timeout [ 843.892542] Bluetooth: hci2: command 0x1009 tx timeout [ 843.897977] Bluetooth: hci0: command 0x1009 tx timeout [ 843.972671] Bluetooth: hci3: command 0x1009 tx timeout [ 844.292509] Bluetooth: hci4: command 0x1009 tx timeout 14:43:20 executing program 0 (fault-call:2 fault-nth:47): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:43:20 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x3f00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 846.687151] FAULT_INJECTION: forcing a failure. [ 846.687151] name failslab, interval 1, probability 0, space 0, times 0 [ 846.698684] CPU: 0 PID: 12080 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 846.705735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 846.715893] Call Trace: [ 846.718519] dump_stack+0x172/0x1f0 [ 846.722183] should_fail.cold+0xa/0x1b [ 846.726105] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 846.731248] ? lock_downgrade+0x810/0x810 [ 846.735455] ? ___might_sleep+0x163/0x280 [ 846.739898] __should_failslab+0x121/0x190 [ 846.744161] should_failslab+0x9/0x14 [ 846.747983] kmem_cache_alloc+0x2ae/0x700 [ 846.752157] ? lock_downgrade+0x810/0x810 [ 846.756337] __kernfs_new_node+0xef/0x680 [ 846.760558] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 846.765341] ? wait_for_completion+0x440/0x440 [ 846.769952] ? mutex_unlock+0xd/0x10 [ 846.773689] ? kernfs_activate+0x192/0x1f0 [ 846.777989] kernfs_new_node+0x99/0x130 [ 846.781999] __kernfs_create_file+0x51/0x340 [ 846.786436] sysfs_add_file_mode_ns+0x222/0x560 [ 846.791148] internal_create_group+0x383/0xc30 [ 846.795770] ? remove_files.isra.0+0x190/0x190 [ 846.800375] ? kernfs_put+0x3c2/0x5d0 [ 846.804205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 846.809770] ? kernfs_create_link+0x1d2/0x250 [ 846.814303] sysfs_create_groups+0x9b/0x141 [ 846.818655] device_add+0x87e/0x1760 [ 846.822392] ? get_device_parent.isra.0+0x570/0x570 [ 846.827455] rfkill_register+0x1bf/0xb50 [ 846.831573] hci_register_dev+0x385/0x880 [ 846.835751] hci_uart_tty_ioctl+0x761/0xaf0 [ 846.840099] tty_ioctl+0x8b5/0x1510 [ 846.843748] ? hci_uart_init_work+0x140/0x140 [ 846.848270] ? tty_vhangup+0x30/0x30 [ 846.852013] ? mark_held_locks+0x100/0x100 [ 846.856266] ? proc_cwd_link+0x1d0/0x1d0 [ 846.860355] ? __fget+0x340/0x540 [ 846.863831] ? ___might_sleep+0x163/0x280 [ 846.868007] ? __might_sleep+0x95/0x190 [ 846.872001] ? tty_vhangup+0x30/0x30 [ 846.875769] do_vfs_ioctl+0xd5f/0x1380 [ 846.879684] ? selinux_file_ioctl+0x46f/0x5e0 [ 846.884202] ? selinux_file_ioctl+0x125/0x5e0 [ 846.888722] ? ioctl_preallocate+0x210/0x210 [ 846.893325] ? selinux_file_mprotect+0x620/0x620 [ 846.898203] ? iterate_fd+0x360/0x360 [ 846.902034] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 846.907598] ? fput+0x128/0x1a0 [ 846.910915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 846.916480] ? security_file_ioctl+0x8d/0xc0 [ 846.920918] ksys_ioctl+0xab/0xd0 [ 846.924399] __x64_sys_ioctl+0x73/0xb0 [ 846.928313] do_syscall_64+0xfd/0x620 [ 846.932146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 846.937353] RIP: 0033:0x459519 [ 846.940569] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 846.959496] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 846.967238] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 846.974533] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 846.981824] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 846.989110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 846.996403] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 14:43:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x4000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:22 executing program 5 (fault-call:2 fault-nth:49): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:43:22 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5460, &(0x7f00000001c0)) 14:43:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40087602, &(0x7f00000001c0)=0x1000000000033) 14:43:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5460, &(0x7f00000001c0)=0x1000000000033) 14:43:22 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x1000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 848.594511] Bluetooth: hci0: Frame reassembly failed (-84) [ 848.613721] Bluetooth: hci2: Frame reassembly failed (-84) [ 848.619994] Bluetooth: hci3: Frame reassembly failed (-84) [ 848.620426] Bluetooth: hci2: Frame reassembly failed (-84) [ 848.652031] FAULT_INJECTION: forcing a failure. [ 848.652031] name failslab, interval 1, probability 0, space 0, times 0 [ 848.674132] CPU: 1 PID: 12101 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 848.681217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.690606] Call Trace: [ 848.693234] dump_stack+0x172/0x1f0 [ 848.696889] should_fail.cold+0xa/0x1b [ 848.700801] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 848.705935] ? lock_downgrade+0x810/0x810 [ 848.710127] ? ___might_sleep+0x163/0x280 [ 848.714342] __should_failslab+0x121/0x190 [ 848.718628] should_failslab+0x9/0x14 [ 848.722446] kmem_cache_alloc+0x2ae/0x700 [ 848.726615] ? memcpy+0x46/0x50 [ 848.729917] ? kstrdup+0x5a/0x70 [ 848.733317] __kernfs_new_node+0xef/0x680 [ 848.737604] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 848.742391] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 848.747966] ? irq_work_claim+0x98/0xc0 [ 848.751994] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 848.757746] ? irq_work_queue+0x30/0x90 [ 848.761785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.767436] ? wake_up_klogd+0x99/0xd0 [ 848.771388] kernfs_new_node+0x99/0x130 [ 848.775401] kernfs_create_dir_ns+0x52/0x160 [ 848.779842] sysfs_create_dir_ns+0x131/0x290 [ 848.784286] ? sysfs_create_mount_point+0xa0/0xa0 [ 848.789172] kobject_add_internal.cold+0xe5/0x5d1 [ 848.794061] kobject_add+0x150/0x1c0 [ 848.797795] ? kset_create_and_add+0x1a0/0x1a0 [ 848.802401] ? __lockdep_init_map+0x10c/0x5b0 [ 848.806920] ? rcu_read_lock_sched_held+0x110/0x130 [ 848.811985] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 848.817560] device_add+0x3cc/0x1760 [ 848.821301] ? get_device_parent.isra.0+0x570/0x570 [ 848.826359] rfkill_register+0x1bf/0xb50 [ 848.830444] hci_register_dev+0x385/0x880 [ 848.834621] hci_uart_tty_ioctl+0x761/0xaf0 [ 848.839020] tty_ioctl+0x8b5/0x1510 [ 848.842761] ? hci_uart_init_work+0x140/0x140 [ 848.847278] ? tty_vhangup+0x30/0x30 [ 848.851009] ? mark_held_locks+0x100/0x100 [ 848.855263] ? proc_cwd_link+0x1d0/0x1d0 [ 848.859357] ? __fget+0x340/0x540 [ 848.862831] ? ___might_sleep+0x163/0x280 [ 848.866999] ? __might_sleep+0x95/0x190 [ 848.870990] ? tty_vhangup+0x30/0x30 [ 848.874731] do_vfs_ioctl+0xd5f/0x1380 [ 848.878637] ? selinux_file_ioctl+0x46f/0x5e0 [ 848.883152] ? selinux_file_ioctl+0x125/0x5e0 [ 848.887682] ? ioctl_preallocate+0x210/0x210 [ 848.892115] ? selinux_file_mprotect+0x620/0x620 [ 848.896924] ? iterate_fd+0x360/0x360 [ 848.900760] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 848.906323] ? fput+0x128/0x1a0 [ 848.909636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.915227] ? security_file_ioctl+0x8d/0xc0 [ 848.919664] ksys_ioctl+0xab/0xd0 [ 848.923148] __x64_sys_ioctl+0x73/0xb0 [ 848.927100] do_syscall_64+0xfd/0x620 [ 848.930938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 848.936156] RIP: 0033:0x459519 [ 848.939375] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 848.958312] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 848.966062] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 848.973470] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 848.980773] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 848.988449] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 848.995754] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 849.007202] kobject_add_internal failed for rfkill217 (error: -12 parent: hci4) [ 849.015578] Bluetooth: hci4: Frame reassembly failed (-84) [ 849.102577] Bluetooth: hci1: command 0x1003 tx timeout [ 849.108538] Bluetooth: hci1: sending frame failed (-49) 14:43:23 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0xe000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x3e000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 850.612911] Bluetooth: hci0: command 0x1003 tx timeout [ 850.618370] Bluetooth: hci0: sending frame failed (-49) [ 850.692592] Bluetooth: hci3: command 0x1003 tx timeout [ 850.698253] Bluetooth: hci2: command 0x1003 tx timeout [ 850.698304] Bluetooth: hci3: sending frame failed (-49) [ 850.710527] Bluetooth: hci2: sending frame failed (-49) [ 851.092523] Bluetooth: hci4: command 0x1003 tx timeout [ 851.098224] Bluetooth: hci4: sending frame failed (-49) [ 851.172553] Bluetooth: hci1: command 0x1001 tx timeout [ 851.178081] Bluetooth: hci1: sending frame failed (-49) 14:43:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x3f000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x40000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 852.702547] Bluetooth: hci0: command 0x1001 tx timeout [ 852.708022] Bluetooth: hci0: sending frame failed (-49) [ 852.772552] Bluetooth: hci2: command 0x1001 tx timeout [ 852.778020] Bluetooth: hci2: sending frame failed (-49) [ 852.783959] Bluetooth: hci3: command 0x1001 tx timeout [ 852.795076] Bluetooth: hci3: sending frame failed (-49) [ 853.172454] Bluetooth: hci4: command 0x1001 tx timeout [ 853.177911] Bluetooth: hci4: sending frame failed (-49) [ 853.252621] Bluetooth: hci1: command 0x1009 tx timeout [ 854.772496] Bluetooth: hci0: command 0x1009 tx timeout [ 854.852521] Bluetooth: hci3: command 0x1009 tx timeout [ 854.857927] Bluetooth: hci2: command 0x1009 tx timeout [ 855.252445] Bluetooth: hci4: command 0x1009 tx timeout 14:43:31 executing program 0 (fault-call:2 fault-nth:48): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:43:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0xfdfdffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 857.541970] FAULT_INJECTION: forcing a failure. [ 857.541970] name failslab, interval 1, probability 0, space 0, times 0 [ 857.560781] CPU: 1 PID: 12132 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 857.567833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 857.577199] Call Trace: [ 857.579815] dump_stack+0x172/0x1f0 [ 857.583476] should_fail.cold+0xa/0x1b [ 857.587393] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 857.592518] ? lock_downgrade+0x810/0x810 [ 857.596772] ? ___might_sleep+0x163/0x280 [ 857.600941] __should_failslab+0x121/0x190 [ 857.605212] should_failslab+0x9/0x14 [ 857.609111] kmem_cache_alloc+0x2ae/0x700 [ 857.613286] ? lock_downgrade+0x810/0x810 [ 857.617479] __kernfs_new_node+0xef/0x680 [ 857.621660] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 857.626627] ? wait_for_completion+0x440/0x440 [ 857.631424] ? mutex_unlock+0xd/0x10 [ 857.635173] ? kernfs_activate+0x192/0x1f0 [ 857.639445] kernfs_new_node+0x99/0x130 [ 857.643452] __kernfs_create_file+0x51/0x340 [ 857.648018] sysfs_add_file_mode_ns+0x222/0x560 [ 857.652753] internal_create_group+0x383/0xc30 [ 857.657374] ? remove_files.isra.0+0x190/0x190 [ 857.662470] ? kernfs_put+0x3c2/0x5d0 [ 857.666318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 857.671873] ? kernfs_create_link+0x1d2/0x250 [ 857.676395] sysfs_create_groups+0x9b/0x141 [ 857.680741] device_add+0x87e/0x1760 [ 857.684481] ? get_device_parent.isra.0+0x570/0x570 [ 857.689545] rfkill_register+0x1bf/0xb50 [ 857.693625] hci_register_dev+0x385/0x880 [ 857.697802] hci_uart_tty_ioctl+0x761/0xaf0 [ 857.702142] tty_ioctl+0x8b5/0x1510 [ 857.705808] ? hci_uart_init_work+0x140/0x140 [ 857.710329] ? tty_vhangup+0x30/0x30 [ 857.714063] ? mark_held_locks+0x100/0x100 [ 857.718325] ? proc_cwd_link+0x1d0/0x1d0 [ 857.722501] ? __fget+0x340/0x540 [ 857.725975] ? ___might_sleep+0x163/0x280 [ 857.730146] ? __might_sleep+0x95/0x190 [ 857.734148] ? tty_vhangup+0x30/0x30 [ 857.737901] do_vfs_ioctl+0xd5f/0x1380 [ 857.741804] ? selinux_file_ioctl+0x46f/0x5e0 [ 857.746311] ? selinux_file_ioctl+0x125/0x5e0 [ 857.750836] ? ioctl_preallocate+0x210/0x210 [ 857.755260] ? selinux_file_mprotect+0x620/0x620 [ 857.760044] ? iterate_fd+0x360/0x360 [ 857.763872] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 857.769420] ? fput+0x128/0x1a0 [ 857.772724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 857.778279] ? security_file_ioctl+0x8d/0xc0 [ 857.782705] ksys_ioctl+0xab/0xd0 [ 857.786180] __x64_sys_ioctl+0x73/0xb0 [ 857.790087] do_syscall_64+0xfd/0x620 [ 857.793910] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 857.799122] RIP: 0033:0x459519 [ 857.802334] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 857.821260] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 857.829007] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 857.836302] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 857.843584] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 857.850871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 857.858158] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 857.873276] Bluetooth: hci1: Frame reassembly failed (-84) 14:43:32 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0xfffffdfd}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:33 executing program 5 (fault-call:2 fault-nth:50): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:43:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40049409, &(0x7f00000001c0)) 14:43:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40049409, &(0x7f00000001c0)=0x1000000000033) 14:43:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4020940d, &(0x7f00000001c0)=0x1000000000033) 14:43:33 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x100000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 859.473250] Bluetooth: hci0: Frame reassembly failed (-84) [ 859.493563] Bluetooth: hci2: Frame reassembly failed (-84) [ 859.516216] Bluetooth: hci3: Frame reassembly failed (-84) [ 859.525437] FAULT_INJECTION: forcing a failure. [ 859.525437] name failslab, interval 1, probability 0, space 0, times 0 [ 859.537235] CPU: 1 PID: 12156 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 859.544279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 859.553644] Call Trace: [ 859.556264] dump_stack+0x172/0x1f0 [ 859.559939] should_fail.cold+0xa/0x1b [ 859.563857] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 859.568990] ? lock_downgrade+0x810/0x810 [ 859.573152] ? ___might_sleep+0x163/0x280 [ 859.577413] __should_failslab+0x121/0x190 [ 859.581665] should_failslab+0x9/0x14 [ 859.585478] kmem_cache_alloc+0x2ae/0x700 [ 859.589644] ? memcpy+0x46/0x50 [ 859.592938] ? kstrdup+0x5a/0x70 [ 859.596332] __kernfs_new_node+0xef/0x680 [ 859.600493] ? mark_held_locks+0x100/0x100 [ 859.604756] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 859.609543] ? wait_for_completion+0x440/0x440 [ 859.614150] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 859.619626] ? find_held_lock+0x35/0x130 [ 859.623718] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 859.629195] ? kernfs_activate+0x192/0x1f0 [ 859.633456] kernfs_new_node+0x99/0x130 [ 859.637461] kernfs_create_link+0xdd/0x250 [ 859.641736] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 859.647040] sysfs_create_link+0x65/0xc0 [ 859.651133] device_add+0x7ce/0x1760 [ 859.654875] ? get_device_parent.isra.0+0x570/0x570 [ 859.659921] rfkill_register+0x1bf/0xb50 [ 859.664037] hci_register_dev+0x385/0x880 [ 859.668216] hci_uart_tty_ioctl+0x761/0xaf0 [ 859.672555] tty_ioctl+0x8b5/0x1510 [ 859.676198] ? hci_uart_init_work+0x140/0x140 [ 859.680717] ? tty_vhangup+0x30/0x30 [ 859.684453] ? mark_held_locks+0x100/0x100 [ 859.688712] ? proc_cwd_link+0x1d0/0x1d0 [ 859.692810] ? __fget+0x340/0x540 [ 859.696280] ? ___might_sleep+0x163/0x280 [ 859.700451] ? __might_sleep+0x95/0x190 [ 859.704449] ? tty_vhangup+0x30/0x30 [ 859.708182] do_vfs_ioctl+0xd5f/0x1380 [ 859.712219] ? selinux_file_ioctl+0x46f/0x5e0 [ 859.716910] ? selinux_file_ioctl+0x125/0x5e0 [ 859.721442] ? ioctl_preallocate+0x210/0x210 [ 859.725875] ? selinux_file_mprotect+0x620/0x620 [ 859.730673] ? iterate_fd+0x360/0x360 [ 859.734502] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 859.740147] ? fput+0x128/0x1a0 [ 859.743453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 859.749014] ? security_file_ioctl+0x8d/0xc0 [ 859.753444] ksys_ioctl+0xab/0xd0 [ 859.756921] __x64_sys_ioctl+0x73/0xb0 [ 859.760833] do_syscall_64+0xfd/0x620 [ 859.764663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 859.769867] RIP: 0033:0x459519 [ 859.773076] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 859.792034] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 859.799773] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 859.807060] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 859.814344] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 859.821628] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 859.828915] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 859.838852] Bluetooth: hci4: Frame reassembly failed (-84) [ 859.892488] Bluetooth: hci1: command 0x1003 tx timeout [ 859.899780] Bluetooth: hci1: sending frame failed (-49) 14:43:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0xe00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:35 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x3e00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 861.492438] Bluetooth: hci0: command 0x1003 tx timeout [ 861.497962] Bluetooth: hci0: sending frame failed (-49) [ 861.572540] Bluetooth: hci3: command 0x1003 tx timeout [ 861.578281] Bluetooth: hci3: sending frame failed (-49) [ 861.584323] Bluetooth: hci2: command 0x1003 tx timeout [ 861.596578] Bluetooth: hci2: sending frame failed (-49) [ 861.892468] Bluetooth: hci4: command 0x1003 tx timeout [ 861.897891] Bluetooth: hci4: sending frame failed (-49) [ 861.982718] Bluetooth: hci1: command 0x1001 tx timeout [ 861.988430] Bluetooth: hci1: sending frame failed (-49) 14:43:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x3f00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:37 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x4000000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 863.572614] Bluetooth: hci0: command 0x1001 tx timeout [ 863.578083] Bluetooth: hci0: sending frame failed (-49) [ 863.652481] Bluetooth: hci2: command 0x1001 tx timeout [ 863.657902] Bluetooth: hci2: sending frame failed (-49) [ 863.663792] Bluetooth: hci3: command 0x1001 tx timeout [ 863.669198] Bluetooth: hci3: sending frame failed (-49) [ 863.972685] Bluetooth: hci4: command 0x1001 tx timeout [ 863.978108] Bluetooth: hci4: sending frame failed (-49) [ 864.052601] Bluetooth: hci1: command 0x1009 tx timeout [ 865.652545] Bluetooth: hci0: command 0x1009 tx timeout [ 865.732543] Bluetooth: hci3: command 0x1009 tx timeout [ 865.738011] Bluetooth: hci2: command 0x1009 tx timeout [ 866.052519] Bluetooth: hci4: command 0x1009 tx timeout 14:43:42 executing program 0 (fault-call:2 fault-nth:49): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:43:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0xfdfdffff00000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 868.445518] FAULT_INJECTION: forcing a failure. [ 868.445518] name failslab, interval 1, probability 0, space 0, times 0 [ 868.464257] CPU: 1 PID: 12190 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 868.471308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 868.480683] Call Trace: [ 868.483305] dump_stack+0x172/0x1f0 [ 868.486980] should_fail.cold+0xa/0x1b [ 868.490898] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 868.496125] ? lock_downgrade+0x810/0x810 [ 868.500296] ? ___might_sleep+0x163/0x280 [ 868.504490] __should_failslab+0x121/0x190 [ 868.508836] should_failslab+0x9/0x14 [ 868.512659] kmem_cache_alloc+0x2ae/0x700 [ 868.516832] ? lock_downgrade+0x810/0x810 [ 868.521008] __kernfs_new_node+0xef/0x680 [ 868.525181] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 868.529972] ? wait_for_completion+0x440/0x440 [ 868.534592] ? mutex_unlock+0xd/0x10 [ 868.538363] ? kernfs_activate+0x192/0x1f0 [ 868.542629] kernfs_new_node+0x99/0x130 [ 868.546630] __kernfs_create_file+0x51/0x340 [ 868.551066] sysfs_add_file_mode_ns+0x222/0x560 [ 868.557443] internal_create_group+0x383/0xc30 [ 868.562058] ? remove_files.isra.0+0x190/0x190 [ 868.566665] ? kernfs_put+0x3c2/0x5d0 [ 868.570492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 868.576054] ? kernfs_create_link+0x1d2/0x250 [ 868.580715] sysfs_create_groups+0x9b/0x141 [ 868.585073] device_add+0x87e/0x1760 [ 868.588814] ? get_device_parent.isra.0+0x570/0x570 [ 868.593876] rfkill_register+0x1bf/0xb50 [ 868.597973] hci_register_dev+0x385/0x880 [ 868.602233] hci_uart_tty_ioctl+0x761/0xaf0 [ 868.606672] tty_ioctl+0x8b5/0x1510 [ 868.610342] ? hci_uart_init_work+0x140/0x140 [ 868.614866] ? tty_vhangup+0x30/0x30 [ 868.618606] ? mark_held_locks+0x100/0x100 [ 868.622875] ? proc_cwd_link+0x1d0/0x1d0 [ 868.627047] ? mlx4_FREE_RES_wrapper+0x2b70/0x2ea0 [ 868.632114] ? __fget+0x340/0x540 [ 868.635603] ? ___might_sleep+0x163/0x280 [ 868.639789] ? __might_sleep+0x95/0x190 [ 868.643796] ? tty_vhangup+0x30/0x30 [ 868.647539] do_vfs_ioctl+0xd5f/0x1380 [ 868.651449] ? selinux_file_ioctl+0x46f/0x5e0 [ 868.656030] ? selinux_file_ioctl+0x125/0x5e0 [ 868.660711] ? ioctl_preallocate+0x210/0x210 [ 868.666705] ? selinux_file_mprotect+0x620/0x620 [ 868.671501] ? iterate_fd+0x360/0x360 [ 868.675335] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 868.680889] ? fput+0x128/0x1a0 [ 868.684193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 868.689754] ? security_file_ioctl+0x8d/0xc0 [ 868.694272] ksys_ioctl+0xab/0xd0 [ 868.697750] __x64_sys_ioctl+0x73/0xb0 [ 868.701658] do_syscall_64+0xfd/0x620 [ 868.705488] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 868.711471] RIP: 0033:0x459519 [ 868.714703] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 868.734167] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 868.741915] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 868.749215] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 868.756507] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 868.763795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 868.771165] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 868.798039] Bluetooth: hci1: Frame reassembly failed (-84) 14:43:43 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0xffffffff00000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:44 executing program 5 (fault-call:2 fault-nth:51): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:43:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045432, &(0x7f00000001c0)=0x1000000000033) 14:43:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40086602, &(0x7f00000001c0)) 14:43:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40086602, &(0x7f00000001c0)=0x1000000000033) 14:43:44 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0xe}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 870.360266] Bluetooth: hci0: Frame reassembly failed (-84) [ 870.372248] Bluetooth: hci2: Frame reassembly failed (-84) [ 870.393406] FAULT_INJECTION: forcing a failure. [ 870.393406] name failslab, interval 1, probability 0, space 0, times 0 [ 870.405396] CPU: 0 PID: 12214 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 870.412573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 870.422144] Call Trace: [ 870.424772] dump_stack+0x172/0x1f0 [ 870.428437] should_fail.cold+0xa/0x1b [ 870.432359] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 870.437540] ? lock_downgrade+0x810/0x810 [ 870.441711] ? ___might_sleep+0x163/0x280 [ 870.445890] __should_failslab+0x121/0x190 [ 870.450170] should_failslab+0x9/0x14 [ 870.453988] kmem_cache_alloc+0x2ae/0x700 [ 870.458157] ? memcpy+0x46/0x50 [ 870.461461] ? kstrdup+0x5a/0x70 [ 870.464855] __kernfs_new_node+0xef/0x680 [ 870.469021] ? mark_held_locks+0x100/0x100 [ 870.473281] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 870.478072] ? wait_for_completion+0x440/0x440 [ 870.482692] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 870.488174] ? find_held_lock+0x35/0x130 [ 870.492260] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 870.497736] ? kernfs_activate+0x192/0x1f0 [ 870.501996] kernfs_new_node+0x99/0x130 [ 870.506007] kernfs_create_link+0xdd/0x250 [ 870.510274] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 870.515576] sysfs_create_link+0x65/0xc0 [ 870.519668] device_add+0x7ce/0x1760 [ 870.523410] ? get_device_parent.isra.0+0x570/0x570 [ 870.528483] rfkill_register+0x1bf/0xb50 [ 870.532573] hci_register_dev+0x385/0x880 [ 870.536747] hci_uart_tty_ioctl+0x761/0xaf0 [ 870.541089] tty_ioctl+0x8b5/0x1510 [ 870.544733] ? hci_uart_init_work+0x140/0x140 [ 870.549275] ? tty_vhangup+0x30/0x30 [ 870.553009] ? mark_held_locks+0x100/0x100 [ 870.558758] ? proc_cwd_link+0x1d0/0x1d0 [ 870.562853] ? __fget+0x340/0x540 [ 870.566331] ? ___might_sleep+0x163/0x280 [ 870.570500] ? __might_sleep+0x95/0x190 [ 870.574501] ? tty_vhangup+0x30/0x30 [ 870.578242] do_vfs_ioctl+0xd5f/0x1380 [ 870.582149] ? selinux_file_ioctl+0x46f/0x5e0 [ 870.586660] ? selinux_file_ioctl+0x125/0x5e0 [ 870.591177] ? ioctl_preallocate+0x210/0x210 [ 870.595609] ? selinux_file_mprotect+0x620/0x620 [ 870.600404] ? iterate_fd+0x360/0x360 [ 870.604243] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 870.609810] ? fput+0x128/0x1a0 [ 870.613116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 870.618668] ? security_file_ioctl+0x8d/0xc0 [ 870.623104] ksys_ioctl+0xab/0xd0 [ 870.626580] __x64_sys_ioctl+0x73/0xb0 [ 870.630496] do_syscall_64+0xfd/0x620 [ 870.634323] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 870.639532] RIP: 0033:0x459519 [ 870.642742] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 870.662851] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 870.670580] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 870.677885] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 870.685278] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 870.692654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 870.699939] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 870.711110] Bluetooth: hci4: Frame reassembly failed (-84) [ 870.862628] Bluetooth: hci1: command 0x1003 tx timeout [ 870.868385] Bluetooth: hci1: sending frame failed (-49) 14:43:45 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x3e}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:46 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0xe00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 872.372500] Bluetooth: hci2: command 0x1003 tx timeout [ 872.377872] Bluetooth: hci0: command 0x1003 tx timeout [ 872.377920] Bluetooth: hci2: sending frame failed (-49) [ 872.388859] Bluetooth: hci0: sending frame failed (-49) [ 872.394557] Bluetooth: hci3: command 0x1003 tx timeout [ 872.399926] Bluetooth: hci3: sending frame failed (-49) [ 872.772463] Bluetooth: hci4: command 0x1003 tx timeout [ 872.777888] Bluetooth: hci4: sending frame failed (-49) [ 872.932534] Bluetooth: hci1: command 0x1001 tx timeout [ 872.938057] Bluetooth: hci1: sending frame failed (-49) 14:43:47 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x3e00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:48 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x3f00}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 874.462476] Bluetooth: hci0: command 0x1001 tx timeout [ 874.467914] Bluetooth: hci0: sending frame failed (-49) [ 874.473382] Bluetooth: hci3: command 0x1001 tx timeout [ 874.478755] Bluetooth: hci3: sending frame failed (-49) [ 874.484229] Bluetooth: hci2: command 0x1001 tx timeout [ 874.489594] Bluetooth: hci2: sending frame failed (-49) [ 874.852515] Bluetooth: hci4: command 0x1001 tx timeout [ 874.857978] Bluetooth: hci4: sending frame failed (-49) [ 875.012535] Bluetooth: hci1: command 0x1009 tx timeout [ 876.532502] Bluetooth: hci2: command 0x1009 tx timeout [ 876.537846] Bluetooth: hci3: command 0x1009 tx timeout [ 876.543678] Bluetooth: hci0: command 0x1009 tx timeout [ 876.932592] Bluetooth: hci4: command 0x1009 tx timeout 14:43:53 executing program 0 (fault-call:2 fault-nth:50): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:43:53 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x4000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 879.473736] FAULT_INJECTION: forcing a failure. [ 879.473736] name failslab, interval 1, probability 0, space 0, times 0 [ 879.486546] CPU: 1 PID: 12249 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 879.493620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 879.502999] Call Trace: [ 879.505626] dump_stack+0x172/0x1f0 [ 879.509291] should_fail.cold+0xa/0x1b [ 879.513217] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 879.518448] ? lock_downgrade+0x810/0x810 [ 879.522896] ? ___might_sleep+0x163/0x280 [ 879.527082] __should_failslab+0x121/0x190 [ 879.531452] should_failslab+0x9/0x14 [ 879.535283] kmem_cache_alloc+0x2ae/0x700 [ 879.539459] ? lock_downgrade+0x810/0x810 [ 879.543681] __kernfs_new_node+0xef/0x680 [ 879.547866] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 879.552661] ? wait_for_completion+0x440/0x440 [ 879.557283] ? mutex_unlock+0xd/0x10 [ 879.561029] ? kernfs_activate+0x192/0x1f0 [ 879.565291] kernfs_new_node+0x99/0x130 [ 879.569399] __kernfs_create_file+0x51/0x340 [ 879.574650] sysfs_add_file_mode_ns+0x222/0x560 [ 879.579625] internal_create_group+0x383/0xc30 [ 879.584236] ? remove_files.isra.0+0x190/0x190 [ 879.588838] ? kernfs_put+0x3c2/0x5d0 [ 879.592662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 879.598220] ? kernfs_create_link+0x1d2/0x250 [ 879.602746] sysfs_create_groups+0x9b/0x141 [ 879.607097] device_add+0x87e/0x1760 [ 879.610840] ? get_device_parent.isra.0+0x570/0x570 [ 879.615888] rfkill_register+0x1bf/0xb50 [ 879.619987] hci_register_dev+0x385/0x880 [ 879.624173] hci_uart_tty_ioctl+0x761/0xaf0 [ 879.628555] tty_ioctl+0x8b5/0x1510 [ 879.632209] ? hci_uart_init_work+0x140/0x140 [ 879.636723] ? tty_vhangup+0x30/0x30 [ 879.640456] ? mark_held_locks+0x100/0x100 [ 879.644715] ? proc_cwd_link+0x1d0/0x1d0 [ 879.648814] ? __fget+0x340/0x540 [ 879.652289] ? ___might_sleep+0x163/0x280 [ 879.656459] ? __might_sleep+0x95/0x190 [ 879.660464] ? tty_vhangup+0x30/0x30 [ 879.664220] do_vfs_ioctl+0xd5f/0x1380 [ 879.668243] ? selinux_file_ioctl+0x46f/0x5e0 [ 879.672759] ? selinux_file_ioctl+0x125/0x5e0 [ 879.677283] ? ioctl_preallocate+0x210/0x210 [ 879.681854] ? selinux_file_mprotect+0x620/0x620 [ 879.686642] ? iterate_fd+0x360/0x360 [ 879.690467] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 879.696029] ? fput+0x128/0x1a0 [ 879.699341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 879.704900] ? security_file_ioctl+0x8d/0xc0 [ 879.709331] ksys_ioctl+0xab/0xd0 [ 879.712805] __x64_sys_ioctl+0x73/0xb0 [ 879.716723] do_syscall_64+0xfd/0x620 [ 879.720548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 879.725837] RIP: 0033:0x459519 [ 879.729047] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 879.747977] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 879.755713] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 879.762998] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 879.770281] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 879.777568] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 879.784853] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 879.798551] Bluetooth: hci1: Frame reassembly failed (-84) 14:43:54 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x1000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:55 executing program 5 (fault-call:2 fault-nth:52): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:43:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045440, &(0x7f00000001c0)=0x1000000000033) 14:43:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40087602, &(0x7f00000001c0)) 14:43:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x40087602, &(0x7f00000001c0)=0x1000000000033) 14:43:55 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0xe000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 881.219153] Bluetooth: hci2: Frame reassembly failed (-84) [ 881.235666] Bluetooth: hci3: Frame reassembly failed (-84) [ 881.246138] FAULT_INJECTION: forcing a failure. [ 881.246138] name failslab, interval 1, probability 0, space 0, times 0 [ 881.258085] CPU: 1 PID: 12268 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 881.265212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 881.274589] Call Trace: [ 881.277225] dump_stack+0x172/0x1f0 [ 881.280888] should_fail.cold+0xa/0x1b [ 881.284806] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 881.289935] ? lock_downgrade+0x810/0x810 [ 881.294108] ? ___might_sleep+0x163/0x280 [ 881.298288] __should_failslab+0x121/0x190 [ 881.302547] should_failslab+0x9/0x14 [ 881.306372] kmem_cache_alloc+0x2ae/0x700 [ 881.310541] ? lock_downgrade+0x810/0x810 [ 881.314718] __kernfs_new_node+0xef/0x680 [ 881.318897] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 881.323702] ? wait_for_completion+0x440/0x440 [ 881.328330] ? mutex_unlock+0xd/0x10 [ 881.332071] ? kernfs_activate+0x192/0x1f0 [ 881.336425] kernfs_new_node+0x99/0x130 [ 881.340435] __kernfs_create_file+0x51/0x340 [ 881.344896] sysfs_add_file_mode_ns+0x222/0x560 [ 881.349595] internal_create_group+0x383/0xc30 [ 881.354213] ? remove_files.isra.0+0x190/0x190 [ 881.358908] ? kernfs_put+0x3c2/0x5d0 [ 881.362738] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 881.368300] ? kernfs_create_link+0x1d2/0x250 [ 881.372832] sysfs_create_groups+0x9b/0x141 [ 881.377181] device_add+0x87e/0x1760 [ 881.380929] ? get_device_parent.isra.0+0x570/0x570 [ 881.385997] rfkill_register+0x1bf/0xb50 [ 881.390087] hci_register_dev+0x385/0x880 [ 881.394263] hci_uart_tty_ioctl+0x761/0xaf0 [ 881.398605] tty_ioctl+0x8b5/0x1510 [ 881.402255] ? hci_uart_init_work+0x140/0x140 [ 881.406816] ? tty_vhangup+0x30/0x30 [ 881.410546] ? mark_held_locks+0x100/0x100 [ 881.414810] ? proc_cwd_link+0x1d0/0x1d0 [ 881.418901] ? __fget+0x340/0x540 [ 881.422374] ? ___might_sleep+0x163/0x280 [ 881.426547] ? __might_sleep+0x95/0x190 [ 881.430551] ? tty_vhangup+0x30/0x30 [ 881.434294] do_vfs_ioctl+0xd5f/0x1380 [ 881.438206] ? selinux_file_ioctl+0x46f/0x5e0 [ 881.442725] ? selinux_file_ioctl+0x125/0x5e0 [ 881.447240] ? ioctl_preallocate+0x210/0x210 [ 881.451670] ? selinux_file_mprotect+0x620/0x620 [ 881.456455] ? iterate_fd+0x360/0x360 [ 881.460277] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 881.465832] ? fput+0x128/0x1a0 [ 881.469139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 881.474696] ? security_file_ioctl+0x8d/0xc0 [ 881.479128] ksys_ioctl+0xab/0xd0 [ 881.482606] __x64_sys_ioctl+0x73/0xb0 [ 881.486521] do_syscall_64+0xfd/0x620 [ 881.490351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 881.495557] RIP: 0033:0x459519 [ 881.498770] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 881.517693] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 881.525428] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 881.532727] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 881.540190] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 881.547498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 881.554991] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 881.566436] Bluetooth: hci4: Frame reassembly failed (-84) [ 881.812762] Bluetooth: hci1: command 0x1003 tx timeout [ 881.818566] Bluetooth: hci1: sending frame failed (-49) 14:43:56 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x3e000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:43:57 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x3f000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 883.262545] Bluetooth: hci3: command 0x1003 tx timeout [ 883.268290] Bluetooth: hci3: sending frame failed (-49) [ 883.274442] Bluetooth: hci2: command 0x1003 tx timeout [ 883.286914] Bluetooth: hci2: sending frame failed (-49) [ 883.293090] Bluetooth: hci0: command 0x1003 tx timeout [ 883.301956] Bluetooth: hci0: sending frame failed (-49) [ 883.572508] Bluetooth: hci4: command 0x1003 tx timeout [ 883.578232] Bluetooth: hci4: sending frame failed (-49) 14:43:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x40000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 883.892748] Bluetooth: hci1: command 0x1001 tx timeout [ 883.898528] Bluetooth: hci1: sending frame failed (-49) 14:43:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0xfdfdffff}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 885.332468] Bluetooth: hci0: command 0x1001 tx timeout [ 885.337996] Bluetooth: hci0: sending frame failed (-49) [ 885.343957] Bluetooth: hci2: command 0x1001 tx timeout [ 885.349399] Bluetooth: hci2: sending frame failed (-49) [ 885.355351] Bluetooth: hci3: command 0x1001 tx timeout [ 885.360735] Bluetooth: hci3: sending frame failed (-49) [ 885.652673] Bluetooth: hci4: command 0x1001 tx timeout [ 885.658101] Bluetooth: hci4: sending frame failed (-49) [ 885.972765] Bluetooth: hci1: command 0x1009 tx timeout [ 887.412519] Bluetooth: hci3: command 0x1009 tx timeout [ 887.417943] Bluetooth: hci2: command 0x1009 tx timeout [ 887.430284] Bluetooth: hci0: command 0x1009 tx timeout [ 887.732538] Bluetooth: hci4: command 0x1009 tx timeout 14:44:04 executing program 0 (fault-call:2 fault-nth:51): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:44:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0xfffffdfd}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 890.205544] FAULT_INJECTION: forcing a failure. [ 890.205544] name failslab, interval 1, probability 0, space 0, times 0 [ 890.223482] CPU: 0 PID: 12301 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 890.230563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 890.239935] Call Trace: [ 890.242557] dump_stack+0x172/0x1f0 [ 890.246231] should_fail.cold+0xa/0x1b [ 890.250149] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 890.255722] ? lock_downgrade+0x810/0x810 [ 890.259896] ? ___might_sleep+0x163/0x280 [ 890.264260] __should_failslab+0x121/0x190 [ 890.268789] should_failslab+0x9/0x14 [ 890.272609] kmem_cache_alloc+0x2ae/0x700 [ 890.276776] ? lock_downgrade+0x810/0x810 [ 890.280949] __kernfs_new_node+0xef/0x680 [ 890.285198] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 890.289983] ? wait_for_completion+0x440/0x440 [ 890.294682] ? mutex_unlock+0xd/0x10 [ 890.298439] ? kernfs_activate+0x192/0x1f0 [ 890.302708] kernfs_new_node+0x99/0x130 [ 890.306895] __kernfs_create_file+0x51/0x340 [ 890.311332] sysfs_add_file_mode_ns+0x222/0x560 [ 890.316034] internal_create_group+0x383/0xc30 [ 890.320651] ? remove_files.isra.0+0x190/0x190 [ 890.325264] ? kernfs_put+0x3c2/0x5d0 [ 890.329085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 890.334748] ? kernfs_create_link+0x1d2/0x250 [ 890.339276] sysfs_create_groups+0x9b/0x141 [ 890.343623] device_add+0x87e/0x1760 [ 890.347361] ? get_device_parent.isra.0+0x570/0x570 [ 890.352396] rfkill_register+0x1bf/0xb50 [ 890.356514] hci_register_dev+0x385/0x880 [ 890.360692] hci_uart_tty_ioctl+0x761/0xaf0 [ 890.365034] tty_ioctl+0x8b5/0x1510 [ 890.368675] ? hci_uart_init_work+0x140/0x140 [ 890.373186] ? tty_vhangup+0x30/0x30 [ 890.376913] ? mark_held_locks+0x100/0x100 [ 890.381164] ? proc_cwd_link+0x1d0/0x1d0 [ 890.385258] ? __fget+0x340/0x540 [ 890.388727] ? ___might_sleep+0x163/0x280 [ 890.392985] ? __might_sleep+0x95/0x190 [ 890.396980] ? tty_vhangup+0x30/0x30 [ 890.400721] do_vfs_ioctl+0xd5f/0x1380 [ 890.404629] ? selinux_file_ioctl+0x46f/0x5e0 [ 890.409142] ? selinux_file_ioctl+0x125/0x5e0 [ 890.413665] ? ioctl_preallocate+0x210/0x210 [ 890.418091] ? selinux_file_mprotect+0x620/0x620 [ 890.422870] ? iterate_fd+0x360/0x360 [ 890.426716] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 890.432268] ? fput+0x128/0x1a0 [ 890.435576] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 890.441129] ? security_file_ioctl+0x8d/0xc0 [ 890.445562] ksys_ioctl+0xab/0xd0 [ 890.449036] __x64_sys_ioctl+0x73/0xb0 [ 890.452944] do_syscall_64+0xfd/0x620 [ 890.456773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 890.461973] RIP: 0033:0x459519 [ 890.465361] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 890.484317] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 890.492581] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 890.500474] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 890.507771] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 890.515148] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 890.522529] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 890.533230] Bluetooth: hci1: Frame reassembly failed (-84) 14:44:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x100000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:06 executing program 5 (fault-call:2 fault-nth:53): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:44:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80086601, &(0x7f00000001c0)=0x1000000000033) 14:44:06 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4020940d, &(0x7f00000001c0)) 14:44:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x4020940d, &(0x7f00000001c0)=0x1000000000033) 14:44:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0xe00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 892.114141] Bluetooth: hci0: Frame reassembly failed (-84) [ 892.133962] Bluetooth: hci2: Frame reassembly failed (-84) [ 892.144417] Bluetooth: hci3: Frame reassembly failed (-84) [ 892.164961] FAULT_INJECTION: forcing a failure. [ 892.164961] name failslab, interval 1, probability 0, space 0, times 0 [ 892.176489] CPU: 1 PID: 12324 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 892.183538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 892.192910] Call Trace: [ 892.195541] dump_stack+0x172/0x1f0 [ 892.199202] should_fail.cold+0xa/0x1b [ 892.203130] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 892.208267] ? lock_downgrade+0x810/0x810 [ 892.212447] ? ___might_sleep+0x163/0x280 [ 892.216628] __should_failslab+0x121/0x190 [ 892.220883] should_failslab+0x9/0x14 [ 892.224706] kmem_cache_alloc+0x2ae/0x700 [ 892.228872] ? lock_downgrade+0x810/0x810 [ 892.233044] __kernfs_new_node+0xef/0x680 [ 892.237213] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 892.242002] ? wait_for_completion+0x440/0x440 [ 892.246620] ? mutex_unlock+0xd/0x10 [ 892.250350] ? kernfs_activate+0x192/0x1f0 [ 892.254611] kernfs_new_node+0x99/0x130 [ 892.258607] __kernfs_create_file+0x51/0x340 [ 892.263038] sysfs_add_file_mode_ns+0x222/0x560 [ 892.267739] internal_create_group+0x383/0xc30 [ 892.272346] ? remove_files.isra.0+0x190/0x190 [ 892.276944] ? kernfs_put+0x3c2/0x5d0 [ 892.280770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 892.286346] ? kernfs_create_link+0x1d2/0x250 [ 892.290864] sysfs_create_groups+0x9b/0x141 [ 892.295220] device_add+0x87e/0x1760 [ 892.298964] ? get_device_parent.isra.0+0x570/0x570 [ 892.304014] rfkill_register+0x1bf/0xb50 [ 892.308100] hci_register_dev+0x385/0x880 [ 892.312271] hci_uart_tty_ioctl+0x761/0xaf0 [ 892.316614] tty_ioctl+0x8b5/0x1510 [ 892.320266] ? hci_uart_init_work+0x140/0x140 [ 892.324794] ? tty_vhangup+0x30/0x30 [ 892.328534] ? mark_held_locks+0x100/0x100 [ 892.332791] ? proc_cwd_link+0x1d0/0x1d0 [ 892.336883] ? __fget+0x340/0x540 [ 892.340364] ? ___might_sleep+0x163/0x280 [ 892.344532] ? __might_sleep+0x95/0x190 [ 892.348529] ? tty_vhangup+0x30/0x30 [ 892.352271] do_vfs_ioctl+0xd5f/0x1380 [ 892.356177] ? selinux_file_ioctl+0x46f/0x5e0 [ 892.360704] ? selinux_file_ioctl+0x125/0x5e0 [ 892.365221] ? ioctl_preallocate+0x210/0x210 [ 892.369651] ? selinux_file_mprotect+0x620/0x620 [ 892.374441] ? iterate_fd+0x360/0x360 [ 892.378272] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 892.383829] ? fput+0x128/0x1a0 [ 892.387140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 892.392735] ? security_file_ioctl+0x8d/0xc0 [ 892.397165] ksys_ioctl+0xab/0xd0 [ 892.400644] __x64_sys_ioctl+0x73/0xb0 [ 892.404551] do_syscall_64+0xfd/0x620 [ 892.408381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 892.413583] RIP: 0033:0x459519 [ 892.416793] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 892.435718] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 892.443445] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 892.450728] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 892.458015] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 892.465301] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 892.472591] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 892.493301] Bluetooth: hci4: Frame reassembly failed (-84) [ 892.612551] Bluetooth: hci1: command 0x1003 tx timeout [ 892.618303] Bluetooth: hci1: sending frame failed (-49) 14:44:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x3e00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x3f00000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 894.132485] Bluetooth: hci0: command 0x1003 tx timeout [ 894.138228] Bluetooth: hci0: sending frame failed (-49) [ 894.212477] Bluetooth: hci2: command 0x1003 tx timeout [ 894.212522] Bluetooth: hci3: command 0x1003 tx timeout [ 894.223345] Bluetooth: hci2: sending frame failed (-49) [ 894.235714] Bluetooth: hci3: sending frame failed (-49) [ 894.532772] Bluetooth: hci4: command 0x1003 tx timeout [ 894.538585] Bluetooth: hci4: sending frame failed (-49) [ 894.692513] Bluetooth: hci1: command 0x1001 tx timeout [ 894.698216] Bluetooth: hci1: sending frame failed (-49) 14:44:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x4000000000000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:09 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0xfdfdffff00000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 896.212477] Bluetooth: hci0: command 0x1001 tx timeout [ 896.218030] Bluetooth: hci0: sending frame failed (-49) [ 896.292480] Bluetooth: hci3: command 0x1001 tx timeout [ 896.298023] Bluetooth: hci3: sending frame failed (-49) [ 896.304074] Bluetooth: hci2: command 0x1001 tx timeout [ 896.315182] Bluetooth: hci2: sending frame failed (-49) [ 896.612761] Bluetooth: hci4: command 0x1001 tx timeout [ 896.618180] Bluetooth: hci4: sending frame failed (-49) [ 896.772497] Bluetooth: hci1: command 0x1009 tx timeout [ 898.292461] Bluetooth: hci0: command 0x1009 tx timeout [ 898.372476] Bluetooth: hci2: command 0x1009 tx timeout [ 898.377901] Bluetooth: hci3: command 0x1009 tx timeout [ 898.692802] Bluetooth: hci4: command 0x1009 tx timeout 14:44:15 executing program 0 (fault-call:2 fault-nth:52): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:44:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0xffffffff00000000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 901.094397] FAULT_INJECTION: forcing a failure. [ 901.094397] name failslab, interval 1, probability 0, space 0, times 0 [ 901.112792] CPU: 0 PID: 12356 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 901.119861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 901.129517] Call Trace: [ 901.132157] dump_stack+0x172/0x1f0 [ 901.136261] should_fail.cold+0xa/0x1b [ 901.140447] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 901.145863] ? lock_downgrade+0x810/0x810 [ 901.150654] ? ___might_sleep+0x163/0x280 [ 901.154845] __should_failslab+0x121/0x190 [ 901.159513] should_failslab+0x9/0x14 [ 901.163570] kmem_cache_alloc+0x2ae/0x700 [ 901.167757] ? lock_downgrade+0x810/0x810 [ 901.171944] __kernfs_new_node+0xef/0x680 [ 901.176161] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 901.181519] ? wait_for_completion+0x440/0x440 [ 901.186144] ? mutex_unlock+0xd/0x10 [ 901.190036] ? kernfs_activate+0x192/0x1f0 [ 901.194314] kernfs_new_node+0x99/0x130 [ 901.198333] __kernfs_create_file+0x51/0x340 [ 901.203121] sysfs_add_file_mode_ns+0x222/0x560 [ 901.207833] internal_create_group+0x383/0xc30 [ 901.212553] ? remove_files.isra.0+0x190/0x190 [ 901.217167] ? kernfs_put+0x3c2/0x5d0 [ 901.221002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 901.226741] ? kernfs_create_link+0x1d2/0x250 [ 901.231292] sysfs_create_groups+0x9b/0x141 [ 901.235658] device_add+0x87e/0x1760 [ 901.239415] ? get_device_parent.isra.0+0x570/0x570 [ 901.244578] rfkill_register+0x1bf/0xb50 [ 901.248686] hci_register_dev+0x385/0x880 [ 901.253043] hci_uart_tty_ioctl+0x761/0xaf0 [ 901.257504] tty_ioctl+0x8b5/0x1510 [ 901.261346] ? hci_uart_init_work+0x140/0x140 [ 901.265962] ? tty_vhangup+0x30/0x30 [ 901.269717] ? mark_held_locks+0x100/0x100 [ 901.274119] ? proc_cwd_link+0x1d0/0x1d0 [ 901.278991] ? __fget+0x340/0x540 [ 901.282605] ? ___might_sleep+0x163/0x280 [ 901.287006] ? __might_sleep+0x95/0x190 [ 901.291166] ? tty_vhangup+0x30/0x30 [ 901.295438] do_vfs_ioctl+0xd5f/0x1380 [ 901.299370] ? selinux_file_ioctl+0x46f/0x5e0 [ 901.303901] ? selinux_file_ioctl+0x125/0x5e0 [ 901.308698] ? ioctl_preallocate+0x210/0x210 [ 901.313144] ? selinux_file_mprotect+0x620/0x620 [ 901.318431] ? iterate_fd+0x360/0x360 [ 901.322624] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 901.328372] ? fput+0x128/0x1a0 [ 901.331705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 901.337370] ? security_file_ioctl+0x8d/0xc0 [ 901.341905] ksys_ioctl+0xab/0xd0 [ 901.345683] __x64_sys_ioctl+0x73/0xb0 [ 901.349702] do_syscall_64+0xfd/0x620 [ 901.353554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 901.358774] RIP: 0033:0x459519 [ 901.362028] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 901.381722] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 901.389492] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 901.397041] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 901.404431] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 901.411826] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 901.419317] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 901.435522] Bluetooth: hci1: Frame reassembly failed (-84) 14:44:16 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:17 executing program 5 (fault-call:2 fault-nth:54): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:44:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045432, &(0x7f00000001c0)=0x1000000000033) 14:44:17 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045432, &(0x7f00000001c0)) 14:44:17 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80087601, &(0x7f00000001c0)=0x1000000000033) 14:44:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 902.986156] Bluetooth: hci0: Frame reassembly failed (-84) [ 903.009392] Bluetooth: hci2: Frame reassembly failed (-84) [ 903.036708] FAULT_INJECTION: forcing a failure. [ 903.036708] name failslab, interval 1, probability 0, space 0, times 0 [ 903.056765] CPU: 0 PID: 12381 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 903.064380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 903.073854] Call Trace: [ 903.076578] dump_stack+0x172/0x1f0 [ 903.080318] should_fail.cold+0xa/0x1b [ 903.084265] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 903.089542] ? lock_downgrade+0x810/0x810 [ 903.093773] ? ___might_sleep+0x163/0x280 [ 903.097961] __should_failslab+0x121/0x190 [ 903.102254] should_failslab+0x9/0x14 [ 903.106092] kmem_cache_alloc+0x2ae/0x700 [ 903.110370] ? memcpy+0x46/0x50 [ 903.113716] ? kstrdup+0x5a/0x70 [ 903.117293] __kernfs_new_node+0xef/0x680 [ 903.121717] ? mark_held_locks+0x100/0x100 [ 903.126137] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 903.131003] ? wait_for_completion+0x440/0x440 [ 903.135716] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 903.141379] ? find_held_lock+0x35/0x130 [ 903.145577] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 903.151071] ? kernfs_activate+0x192/0x1f0 [ 903.155475] kernfs_new_node+0x99/0x130 [ 903.159812] kernfs_create_link+0xdd/0x250 [ 903.164094] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 903.169535] sysfs_create_link+0x65/0xc0 [ 903.174387] device_add+0x7ce/0x1760 [ 903.178670] ? get_device_parent.isra.0+0x570/0x570 [ 903.184177] rfkill_register+0x1bf/0xb50 [ 903.188532] hci_register_dev+0x385/0x880 [ 903.193076] hci_uart_tty_ioctl+0x761/0xaf0 [ 903.197527] tty_ioctl+0x8b5/0x1510 [ 903.201192] ? hci_uart_init_work+0x140/0x140 [ 903.206245] ? tty_vhangup+0x30/0x30 [ 903.210391] ? mark_held_locks+0x100/0x100 [ 903.214936] ? proc_cwd_link+0x1d0/0x1d0 [ 903.219131] ? __fget+0x340/0x540 [ 903.222710] ? ___might_sleep+0x163/0x280 [ 903.227074] ? __might_sleep+0x95/0x190 [ 903.235722] ? tty_vhangup+0x30/0x30 [ 903.240679] do_vfs_ioctl+0xd5f/0x1380 [ 903.245177] ? selinux_file_ioctl+0x46f/0x5e0 [ 903.250430] ? selinux_file_ioctl+0x125/0x5e0 [ 903.255283] ? ioctl_preallocate+0x210/0x210 [ 903.259815] ? selinux_file_mprotect+0x620/0x620 [ 903.264625] ? iterate_fd+0x360/0x360 [ 903.268903] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 903.274911] ? fput+0x128/0x1a0 [ 903.278784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.284442] ? security_file_ioctl+0x8d/0xc0 [ 903.289069] ksys_ioctl+0xab/0xd0 [ 903.292826] __x64_sys_ioctl+0x73/0xb0 [ 903.297165] do_syscall_64+0xfd/0x620 [ 903.301153] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 903.306643] RIP: 0033:0x459519 [ 903.309873] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 903.329784] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 903.338093] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 903.345409] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 903.353088] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 903.360745] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 903.368162] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 903.399407] Bluetooth: hci4: Frame reassembly failed (-84) [ 903.492482] Bluetooth: hci1: command 0x1003 tx timeout [ 903.499144] Bluetooth: hci1: sending frame failed (-49) 14:44:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 905.012618] Bluetooth: hci2: command 0x1003 tx timeout [ 905.018294] Bluetooth: hci3: command 0x1003 tx timeout [ 905.018340] Bluetooth: hci2: sending frame failed (-49) [ 905.030559] Bluetooth: hci0: command 0x1003 tx timeout [ 905.030586] Bluetooth: hci3: sending frame failed (-49) [ 905.040396] Bluetooth: hci0: sending frame failed (-49) [ 905.412470] Bluetooth: hci4: command 0x1003 tx timeout [ 905.417920] Bluetooth: hci4: sending frame failed (-49) [ 905.572449] Bluetooth: hci1: command 0x1001 tx timeout [ 905.577926] Bluetooth: hci1: sending frame failed (-49) 14:44:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:20 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 907.092472] Bluetooth: hci3: command 0x1001 tx timeout [ 907.092479] Bluetooth: hci0: command 0x1001 tx timeout [ 907.092573] Bluetooth: hci0: sending frame failed (-49) [ 907.097985] Bluetooth: hci3: sending frame failed (-49) [ 907.114042] Bluetooth: hci2: command 0x1001 tx timeout [ 907.119439] Bluetooth: hci2: sending frame failed (-49) [ 907.492685] Bluetooth: hci4: command 0x1001 tx timeout [ 907.498290] Bluetooth: hci4: sending frame failed (-49) [ 907.652502] Bluetooth: hci1: command 0x1009 tx timeout [ 909.172578] Bluetooth: hci2: command 0x1009 tx timeout [ 909.178017] Bluetooth: hci3: command 0x1009 tx timeout [ 909.182463] Bluetooth: hci0: command 0x1009 tx timeout [ 909.572458] Bluetooth: hci4: command 0x1009 tx timeout 14:44:26 executing program 0 (fault-call:2 fault-nth:53): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:44:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 911.953451] FAULT_INJECTION: forcing a failure. [ 911.953451] name failslab, interval 1, probability 0, space 0, times 0 [ 911.972110] CPU: 0 PID: 12417 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 911.979165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 911.988714] Call Trace: [ 911.991339] dump_stack+0x172/0x1f0 [ 911.995030] should_fail.cold+0xa/0x1b [ 911.998939] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 912.004066] ? lock_downgrade+0x810/0x810 [ 912.008236] ? ___might_sleep+0x163/0x280 [ 912.012405] __should_failslab+0x121/0x190 [ 912.016659] should_failslab+0x9/0x14 [ 912.020479] kmem_cache_alloc+0x2ae/0x700 [ 912.024658] ? lock_downgrade+0x810/0x810 [ 912.028832] __kernfs_new_node+0xef/0x680 [ 912.033009] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 912.037787] ? wait_for_completion+0x440/0x440 [ 912.042395] ? mutex_unlock+0xd/0x10 [ 912.046127] ? kernfs_activate+0x192/0x1f0 [ 912.050387] kernfs_new_node+0x99/0x130 [ 912.054394] __kernfs_create_file+0x51/0x340 [ 912.058823] sysfs_add_file_mode_ns+0x222/0x560 [ 912.063515] internal_create_group+0x383/0xc30 [ 912.068125] ? remove_files.isra.0+0x190/0x190 [ 912.072723] ? kernfs_put+0x3c2/0x5d0 [ 912.076545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 912.082107] ? kernfs_create_link+0x1d2/0x250 [ 912.086629] sysfs_create_groups+0x9b/0x141 [ 912.090971] device_add+0x87e/0x1760 [ 912.094732] ? get_device_parent.isra.0+0x570/0x570 [ 912.099778] rfkill_register+0x1bf/0xb50 [ 912.103862] hci_register_dev+0x385/0x880 [ 912.108039] hci_uart_tty_ioctl+0x761/0xaf0 [ 912.112374] tty_ioctl+0x8b5/0x1510 [ 912.116023] ? hci_uart_init_work+0x140/0x140 [ 912.120537] ? tty_vhangup+0x30/0x30 [ 912.124269] ? mark_held_locks+0x100/0x100 [ 912.128521] ? proc_cwd_link+0x1d0/0x1d0 [ 912.132630] ? __fget+0x340/0x540 [ 912.136103] ? ___might_sleep+0x163/0x280 [ 912.140464] ? __might_sleep+0x95/0x190 [ 912.146296] ? tty_vhangup+0x30/0x30 [ 912.150339] do_vfs_ioctl+0xd5f/0x1380 [ 912.154254] ? selinux_file_ioctl+0x46f/0x5e0 [ 912.158777] ? selinux_file_ioctl+0x125/0x5e0 [ 912.163299] ? ioctl_preallocate+0x210/0x210 [ 912.167740] ? selinux_file_mprotect+0x620/0x620 [ 912.172611] ? iterate_fd+0x360/0x360 [ 912.176433] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 912.182020] ? fput+0x128/0x1a0 [ 912.185325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 912.190883] ? security_file_ioctl+0x8d/0xc0 [ 912.195311] ksys_ioctl+0xab/0xd0 [ 912.198785] __x64_sys_ioctl+0x73/0xb0 [ 912.202696] do_syscall_64+0xfd/0x620 [ 912.206521] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 912.211721] RIP: 0033:0x459519 [ 912.214931] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 912.233858] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 912.241593] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 912.248879] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 912.256161] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 912.263442] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 912.270729] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 912.293275] Bluetooth: hci1: Frame reassembly failed (-84) 14:44:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:27 executing program 5 (fault-call:2 fault-nth:55): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:44:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045440, &(0x7f00000001c0)=0x1000000000033) 14:44:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80045440, &(0x7f00000001c0)) 14:44:27 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f00000001c0)=0x1000000000033) 14:44:27 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 913.870902] Bluetooth: hci0: Frame reassembly failed (-84) [ 913.890226] Bluetooth: hci2: Frame reassembly failed (-84) [ 913.915156] Bluetooth: hci3: Frame reassembly failed (-84) [ 913.937728] FAULT_INJECTION: forcing a failure. [ 913.937728] name failslab, interval 1, probability 0, space 0, times 0 [ 913.956898] CPU: 0 PID: 12440 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 913.963968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 913.973433] Call Trace: [ 913.976063] dump_stack+0x172/0x1f0 [ 913.979722] should_fail.cold+0xa/0x1b [ 913.983728] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 913.988861] ? lock_downgrade+0x810/0x810 [ 913.993038] ? ___might_sleep+0x163/0x280 [ 913.997214] __should_failslab+0x121/0x190 [ 914.001515] should_failslab+0x9/0x14 [ 914.005343] kmem_cache_alloc+0x2ae/0x700 [ 914.009705] ? lock_downgrade+0x810/0x810 [ 914.013885] __kernfs_new_node+0xef/0x680 [ 914.018072] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 914.022866] ? wait_for_completion+0x440/0x440 [ 914.027491] ? mutex_unlock+0xd/0x10 [ 914.031238] ? kernfs_activate+0x192/0x1f0 [ 914.035519] kernfs_new_node+0x99/0x130 [ 914.039533] __kernfs_create_file+0x51/0x340 [ 914.043997] sysfs_add_file_mode_ns+0x222/0x560 [ 914.048700] internal_create_group+0x383/0xc30 [ 914.053314] ? remove_files.isra.0+0x190/0x190 [ 914.057916] ? kernfs_put+0x3c2/0x5d0 [ 914.061743] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 914.067306] ? kernfs_create_link+0x1d2/0x250 [ 914.071846] sysfs_create_groups+0x9b/0x141 [ 914.076205] device_add+0x87e/0x1760 [ 914.080046] ? get_device_parent.isra.0+0x570/0x570 [ 914.085105] rfkill_register+0x1bf/0xb50 [ 914.089209] hci_register_dev+0x385/0x880 [ 914.093392] hci_uart_tty_ioctl+0x761/0xaf0 [ 914.097740] tty_ioctl+0x8b5/0x1510 [ 914.101387] ? hci_uart_init_work+0x140/0x140 [ 914.105902] ? tty_vhangup+0x30/0x30 [ 914.109636] ? mark_held_locks+0x100/0x100 [ 914.113908] ? __fget+0x340/0x540 [ 914.117384] ? ___might_sleep+0x163/0x280 [ 914.121558] ? __might_sleep+0x95/0x190 [ 914.125554] ? tty_vhangup+0x30/0x30 [ 914.129297] do_vfs_ioctl+0xd5f/0x1380 [ 914.133209] ? selinux_file_ioctl+0x46f/0x5e0 [ 914.137728] ? selinux_file_ioctl+0x125/0x5e0 [ 914.142339] ? ioctl_preallocate+0x210/0x210 [ 914.146773] ? selinux_file_mprotect+0x620/0x620 [ 914.151569] ? iterate_fd+0x360/0x360 [ 914.155412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 914.160970] ? security_file_ioctl+0x8d/0xc0 [ 914.165405] ksys_ioctl+0xab/0xd0 [ 914.168882] __x64_sys_ioctl+0x73/0xb0 [ 914.172793] do_syscall_64+0xfd/0x620 [ 914.176622] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 914.181830] RIP: 0033:0x459519 [ 914.185044] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 914.204513] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 914.212342] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 914.219633] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 914.226923] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 914.234216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 914.241526] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 914.263681] Bluetooth: hci4: Frame reassembly failed (-84) [ 914.372460] Bluetooth: hci1: command 0x1003 tx timeout [ 914.377884] Bluetooth: hci1: sending frame failed (-49) 14:44:28 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:29 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 915.892551] Bluetooth: hci2: command 0x1003 tx timeout [ 915.898267] Bluetooth: hci2: sending frame failed (-49) [ 915.904482] Bluetooth: hci0: command 0x1003 tx timeout [ 915.916909] Bluetooth: hci0: sending frame failed (-49) [ 915.982559] Bluetooth: hci3: command 0x1003 tx timeout [ 915.988273] Bluetooth: hci3: sending frame failed (-49) [ 916.292588] Bluetooth: hci4: command 0x1003 tx timeout [ 916.298255] Bluetooth: hci4: sending frame failed (-49) [ 916.452616] Bluetooth: hci1: command 0x1001 tx timeout [ 916.458428] Bluetooth: hci1: sending frame failed (-49) 14:44:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 917.972569] Bluetooth: hci0: command 0x1001 tx timeout [ 917.978217] Bluetooth: hci0: sending frame failed (-49) [ 917.984437] Bluetooth: hci2: command 0x1001 tx timeout [ 917.995655] Bluetooth: hci2: sending frame failed (-49) [ 918.052491] Bluetooth: hci3: command 0x1001 tx timeout [ 918.058214] Bluetooth: hci3: sending frame failed (-49) [ 918.372614] Bluetooth: hci4: command 0x1001 tx timeout [ 918.378077] Bluetooth: hci4: sending frame failed (-49) [ 918.532489] Bluetooth: hci1: command 0x1009 tx timeout [ 920.052602] Bluetooth: hci2: command 0x1009 tx timeout [ 920.058010] Bluetooth: hci0: command 0x1009 tx timeout [ 920.142526] Bluetooth: hci3: command 0x1009 tx timeout [ 920.452565] Bluetooth: hci4: command 0x1009 tx timeout 14:44:36 executing program 0 (fault-call:2 fault-nth:54): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:44:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 922.847594] FAULT_INJECTION: forcing a failure. [ 922.847594] name failslab, interval 1, probability 0, space 0, times 0 [ 922.861069] CPU: 0 PID: 12472 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 922.868125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 922.877589] Call Trace: [ 922.880235] dump_stack+0x172/0x1f0 [ 922.883897] should_fail.cold+0xa/0x1b [ 922.887816] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 922.892954] ? lock_downgrade+0x810/0x810 [ 922.897123] ? ___might_sleep+0x163/0x280 [ 922.901305] __should_failslab+0x121/0x190 [ 922.905568] should_failslab+0x9/0x14 [ 922.909393] kmem_cache_alloc+0x2ae/0x700 [ 922.913567] ? lock_downgrade+0x810/0x810 [ 922.917744] __kernfs_new_node+0xef/0x680 [ 922.921919] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 922.926787] ? wait_for_completion+0x440/0x440 [ 922.931494] ? mutex_unlock+0xd/0x10 [ 922.935231] ? kernfs_activate+0x192/0x1f0 [ 922.939499] kernfs_new_node+0x99/0x130 [ 922.943516] __kernfs_create_file+0x51/0x340 [ 922.947953] sysfs_add_file_mode_ns+0x222/0x560 [ 922.952656] internal_create_group+0x383/0xc30 [ 922.957268] ? remove_files.isra.0+0x190/0x190 [ 922.961875] ? kernfs_put+0x3c2/0x5d0 [ 922.965713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 922.971276] ? kernfs_create_link+0x1d2/0x250 [ 922.975799] sysfs_create_groups+0x9b/0x141 [ 922.980152] device_add+0x87e/0x1760 [ 922.983924] ? get_device_parent.isra.0+0x570/0x570 [ 922.988984] rfkill_register+0x1bf/0xb50 [ 922.993085] hci_register_dev+0x385/0x880 [ 922.997265] hci_uart_tty_ioctl+0x761/0xaf0 [ 923.001627] tty_ioctl+0x8b5/0x1510 [ 923.005273] ? hci_uart_init_work+0x140/0x140 [ 923.009796] ? tty_vhangup+0x30/0x30 [ 923.013539] ? mark_held_locks+0x100/0x100 [ 923.017885] ? proc_cwd_link+0x1d0/0x1d0 [ 923.021986] ? __fget+0x340/0x540 [ 923.025504] ? ___might_sleep+0x163/0x280 [ 923.029677] ? __might_sleep+0x95/0x190 [ 923.033708] ? tty_vhangup+0x30/0x30 [ 923.037465] do_vfs_ioctl+0xd5f/0x1380 [ 923.041380] ? selinux_file_ioctl+0x46f/0x5e0 [ 923.045897] ? selinux_file_ioctl+0x125/0x5e0 [ 923.050509] ? ioctl_preallocate+0x210/0x210 [ 923.054945] ? selinux_file_mprotect+0x620/0x620 [ 923.059747] ? iterate_fd+0x360/0x360 [ 923.063586] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 923.069410] ? fput+0x128/0x1a0 [ 923.072737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 923.078296] ? security_file_ioctl+0x8d/0xc0 [ 923.082727] ksys_ioctl+0xab/0xd0 [ 923.086212] __x64_sys_ioctl+0x73/0xb0 [ 923.090121] do_syscall_64+0xfd/0x620 [ 923.093947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 923.099150] RIP: 0033:0x459519 [ 923.102388] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 923.121309] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 923.129049] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 923.136364] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 923.143660] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 923.150952] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 923.158257] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 923.188289] Bluetooth: hci1: Frame reassembly failed (-84) 14:44:37 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:38 executing program 5 (fault-call:2 fault-nth:56): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:44:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80086601, &(0x7f00000001c0)) 14:44:38 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f00000001c0)=0x1000000000033) 14:44:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80086601, &(0x7f00000001c0)=0x1000000000033) 14:44:38 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 924.734231] Bluetooth: hci0: Frame reassembly failed (-84) [ 924.765487] Bluetooth: hci3: Frame reassembly failed (-84) [ 924.783211] FAULT_INJECTION: forcing a failure. [ 924.783211] name failslab, interval 1, probability 0, space 0, times 0 [ 924.794867] CPU: 1 PID: 12497 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 924.801926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 924.811601] Call Trace: [ 924.814247] dump_stack+0x172/0x1f0 [ 924.817915] should_fail.cold+0xa/0x1b [ 924.821846] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 924.826995] ? lock_downgrade+0x810/0x810 [ 924.831168] ? ___might_sleep+0x163/0x280 [ 924.835518] __should_failslab+0x121/0x190 [ 924.839802] should_failslab+0x9/0x14 [ 924.843716] kmem_cache_alloc+0x2ae/0x700 [ 924.847981] ? lock_downgrade+0x810/0x810 [ 924.852606] __kernfs_new_node+0xef/0x680 [ 924.856878] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 924.861776] ? wait_for_completion+0x440/0x440 [ 924.866430] ? mutex_unlock+0xd/0x10 [ 924.870196] ? kernfs_activate+0x192/0x1f0 [ 924.874459] kernfs_new_node+0x99/0x130 [ 924.878460] __kernfs_create_file+0x51/0x340 [ 924.882897] sysfs_add_file_mode_ns+0x222/0x560 [ 924.887601] internal_create_group+0x383/0xc30 [ 924.892212] ? remove_files.isra.0+0x190/0x190 [ 924.896814] ? kernfs_put+0x3c2/0x5d0 [ 924.900653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 924.906215] ? kernfs_create_link+0x1d2/0x250 [ 924.910741] sysfs_create_groups+0x9b/0x141 [ 924.915174] device_add+0x87e/0x1760 [ 924.918919] ? get_device_parent.isra.0+0x570/0x570 [ 924.923977] rfkill_register+0x1bf/0xb50 [ 924.928068] hci_register_dev+0x385/0x880 [ 924.932249] hci_uart_tty_ioctl+0x761/0xaf0 [ 924.936596] tty_ioctl+0x8b5/0x1510 [ 924.940246] ? hci_uart_init_work+0x140/0x140 [ 924.944765] ? tty_vhangup+0x30/0x30 [ 924.948496] ? mark_held_locks+0x100/0x100 [ 924.952757] ? proc_cwd_link+0x1d0/0x1d0 [ 924.956848] ? __fget+0x340/0x540 [ 924.960321] ? ___might_sleep+0x163/0x280 [ 924.964489] ? __might_sleep+0x95/0x190 [ 924.968482] ? tty_vhangup+0x30/0x30 [ 924.972217] do_vfs_ioctl+0xd5f/0x1380 [ 924.976120] ? selinux_file_ioctl+0x46f/0x5e0 [ 924.980633] ? selinux_file_ioctl+0x125/0x5e0 [ 924.985149] ? ioctl_preallocate+0x210/0x210 [ 924.989659] ? selinux_file_mprotect+0x620/0x620 [ 924.994455] ? iterate_fd+0x360/0x360 [ 924.998279] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 925.003832] ? fput+0x128/0x1a0 [ 925.007149] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 925.012707] ? security_file_ioctl+0x8d/0xc0 [ 925.017141] ksys_ioctl+0xab/0xd0 [ 925.020889] __x64_sys_ioctl+0x73/0xb0 [ 925.024798] do_syscall_64+0xfd/0x620 [ 925.028711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 925.033918] RIP: 0033:0x459519 [ 925.037132] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 925.056752] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 925.064486] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 925.071775] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 925.079067] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 925.086349] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 925.093636] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 925.252543] Bluetooth: hci1: command 0x1003 tx timeout [ 925.258050] Bluetooth: hci1: sending frame failed (-49) 14:44:39 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:40 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 926.772559] Bluetooth: hci3: command 0x1003 tx timeout [ 926.778090] Bluetooth: hci3: sending frame failed (-49) [ 926.783877] Bluetooth: hci2: command 0x1003 tx timeout [ 926.789243] Bluetooth: hci2: sending frame failed (-49) [ 926.794839] Bluetooth: hci0: command 0x1003 tx timeout [ 926.800208] Bluetooth: hci0: sending frame failed (-49) [ 927.172467] Bluetooth: hci4: command 0x1003 tx timeout [ 927.177977] Bluetooth: hci4: sending frame failed (-49) [ 927.332468] Bluetooth: hci1: command 0x1001 tx timeout [ 927.338104] Bluetooth: hci1: sending frame failed (-49) 14:44:41 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 928.852548] Bluetooth: hci0: command 0x1001 tx timeout [ 928.858392] Bluetooth: hci0: sending frame failed (-49) [ 928.864444] Bluetooth: hci2: command 0x1001 tx timeout [ 928.875695] Bluetooth: hci2: sending frame failed (-49) [ 928.881369] Bluetooth: hci3: command 0x1001 tx timeout [ 928.892306] Bluetooth: hci3: sending frame failed (-49) [ 929.252486] Bluetooth: hci4: command 0x1001 tx timeout [ 929.257916] Bluetooth: hci4: sending frame failed (-49) [ 929.412556] Bluetooth: hci1: command 0x1009 tx timeout [ 930.932495] Bluetooth: hci3: command 0x1009 tx timeout [ 930.937899] Bluetooth: hci2: command 0x1009 tx timeout [ 930.950336] Bluetooth: hci0: command 0x1009 tx timeout [ 931.332492] Bluetooth: hci4: command 0x1009 tx timeout 14:44:47 executing program 0 (fault-call:2 fault-nth:55): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:44:47 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0xe]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 933.718978] FAULT_INJECTION: forcing a failure. [ 933.718978] name failslab, interval 1, probability 0, space 0, times 0 [ 933.730798] CPU: 0 PID: 12532 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 933.737839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 933.747211] Call Trace: [ 933.749837] dump_stack+0x172/0x1f0 [ 933.753511] should_fail.cold+0xa/0x1b [ 933.757437] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 933.762576] ? lock_downgrade+0x810/0x810 [ 933.766744] ? ___might_sleep+0x163/0x280 [ 933.770917] __should_failslab+0x121/0x190 [ 933.775179] should_failslab+0x9/0x14 [ 933.779009] kmem_cache_alloc+0x2ae/0x700 [ 933.783182] ? lock_downgrade+0x810/0x810 [ 933.787360] __kernfs_new_node+0xef/0x680 [ 933.791544] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 933.796332] ? wait_for_completion+0x440/0x440 [ 933.800978] ? mutex_unlock+0xd/0x10 [ 933.804717] ? kernfs_activate+0x192/0x1f0 [ 933.808973] kernfs_new_node+0x99/0x130 [ 933.812972] __kernfs_create_file+0x51/0x340 [ 933.817404] sysfs_add_file_mode_ns+0x222/0x560 [ 933.822391] internal_create_group+0x383/0xc30 [ 933.827005] ? remove_files.isra.0+0x190/0x190 [ 933.831694] ? kernfs_put+0x3c2/0x5d0 [ 933.835516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 933.841065] ? kernfs_create_link+0x1d2/0x250 [ 933.845598] sysfs_create_groups+0x9b/0x141 [ 933.849970] device_add+0x87e/0x1760 [ 933.853717] ? get_device_parent.isra.0+0x570/0x570 [ 933.858797] rfkill_register+0x1bf/0xb50 [ 933.862910] hci_register_dev+0x385/0x880 [ 933.867086] hci_uart_tty_ioctl+0x761/0xaf0 [ 933.871435] tty_ioctl+0x8b5/0x1510 [ 933.875093] ? hci_uart_init_work+0x140/0x140 [ 933.879786] ? tty_vhangup+0x30/0x30 [ 933.883553] ? mark_held_locks+0x100/0x100 [ 933.887808] ? proc_cwd_link+0x1d0/0x1d0 [ 933.891904] ? __fget+0x340/0x540 [ 933.895374] ? ___might_sleep+0x163/0x280 [ 933.899539] ? __might_sleep+0x95/0x190 [ 933.903529] ? tty_vhangup+0x30/0x30 [ 933.907270] do_vfs_ioctl+0xd5f/0x1380 [ 933.911178] ? selinux_file_ioctl+0x46f/0x5e0 [ 933.915686] ? selinux_file_ioctl+0x125/0x5e0 [ 933.920230] ? ioctl_preallocate+0x210/0x210 [ 933.924660] ? selinux_file_mprotect+0x620/0x620 [ 933.929446] ? iterate_fd+0x360/0x360 [ 933.933279] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 933.939183] ? fput+0x128/0x1a0 [ 933.942511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 933.948094] ? security_file_ioctl+0x8d/0xc0 [ 933.952529] ksys_ioctl+0xab/0xd0 [ 933.956002] __x64_sys_ioctl+0x73/0xb0 [ 933.959920] do_syscall_64+0xfd/0x620 [ 933.963746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 933.968949] RIP: 0033:0x459519 [ 933.972158] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 933.991794] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 933.999534] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 934.006838] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 934.014189] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 934.021663] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 934.029400] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 934.043979] Bluetooth: hci1: Frame reassembly failed (-84) 14:44:48 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x3e]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:49 executing program 5 (fault-call:2 fault-nth:57): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:44:49 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0189436, &(0x7f00000001c0)=0x1000000000033) 14:44:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80087601, &(0x7f00000001c0)) 14:44:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x80087601, &(0x7f00000001c0)=0x1000000000033) 14:44:49 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0xe00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 935.637222] Bluetooth: hci0: Frame reassembly failed (-84) [ 935.652123] Bluetooth: hci3: sending frame failed (-49) [ 935.659909] Bluetooth: hci2: Frame reassembly failed (-84) [ 935.666058] Bluetooth: hci2: Frame reassembly failed (-84) [ 935.697809] FAULT_INJECTION: forcing a failure. [ 935.697809] name failslab, interval 1, probability 0, space 0, times 0 [ 935.709579] CPU: 0 PID: 12556 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 935.716617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 935.726102] Call Trace: [ 935.728722] dump_stack+0x172/0x1f0 [ 935.732382] should_fail.cold+0xa/0x1b [ 935.736902] ? is_bpf_text_address+0xd3/0x170 [ 935.741438] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 935.746574] ? __kernel_text_address+0xd/0x40 [ 935.751176] ? unwind_get_return_address+0x61/0xa0 [ 935.756135] __should_failslab+0x121/0x190 [ 935.760394] should_failslab+0x9/0x14 [ 935.764212] kmem_cache_alloc+0x47/0x700 [ 935.768294] ? save_stack+0xa9/0xd0 [ 935.771946] radix_tree_node_alloc.constprop.0+0x1eb/0x340 [ 935.777595] idr_get_free+0x50f/0xa20 [ 935.781432] idr_alloc_u32+0x1d6/0x390 [ 935.785351] ? __fprop_inc_percpu_max+0x230/0x230 [ 935.790213] ? __lock_is_held+0xb6/0x140 [ 935.794296] ? should_fail+0x14d/0x85c [ 935.798221] ? __lock_is_held+0xb6/0x140 [ 935.802307] idr_alloc_cyclic+0x132/0x270 [ 935.806496] ? idr_alloc+0x150/0x150 [ 935.810229] ? kasan_check_write+0x14/0x20 [ 935.814493] ? do_raw_spin_lock+0xc8/0x240 [ 935.818756] __kernfs_new_node+0x171/0x680 [ 935.823016] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 935.827792] ? wait_for_completion+0x440/0x440 [ 935.832407] ? mutex_unlock+0xd/0x10 [ 935.836146] ? kernfs_activate+0x192/0x1f0 [ 935.840407] kernfs_new_node+0x99/0x130 [ 935.844409] __kernfs_create_file+0x51/0x340 [ 935.848831] sysfs_add_file_mode_ns+0x222/0x560 [ 935.853531] internal_create_group+0x383/0xc30 [ 935.858144] ? remove_files.isra.0+0x190/0x190 [ 935.862746] ? kernfs_put+0x3c2/0x5d0 [ 935.866565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.872127] ? kernfs_create_link+0x1d2/0x250 [ 935.876658] sysfs_create_groups+0x9b/0x141 [ 935.881004] device_add+0x87e/0x1760 [ 935.884748] ? get_device_parent.isra.0+0x570/0x570 [ 935.889800] rfkill_register+0x1bf/0xb50 [ 935.893931] hci_register_dev+0x385/0x880 [ 935.898116] hci_uart_tty_ioctl+0x761/0xaf0 [ 935.902552] tty_ioctl+0x8b5/0x1510 [ 935.906206] ? hci_uart_init_work+0x140/0x140 [ 935.910815] ? tty_vhangup+0x30/0x30 [ 935.914550] ? mark_held_locks+0x100/0x100 [ 935.918809] ? proc_cwd_link+0x1d0/0x1d0 [ 935.922898] ? __fget+0x340/0x540 [ 935.926367] ? ___might_sleep+0x163/0x280 [ 935.930530] ? __might_sleep+0x95/0x190 [ 935.934528] ? tty_vhangup+0x30/0x30 [ 935.938270] do_vfs_ioctl+0xd5f/0x1380 [ 935.942187] ? selinux_file_ioctl+0x46f/0x5e0 [ 935.946700] ? selinux_file_ioctl+0x125/0x5e0 [ 935.951227] ? ioctl_preallocate+0x210/0x210 [ 935.955661] ? selinux_file_mprotect+0x620/0x620 [ 935.960453] ? iterate_fd+0x360/0x360 [ 935.964296] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 935.969851] ? fput+0x128/0x1a0 [ 935.973272] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.978828] ? security_file_ioctl+0x8d/0xc0 [ 935.983348] ksys_ioctl+0xab/0xd0 [ 935.986819] __x64_sys_ioctl+0x73/0xb0 [ 935.990815] do_syscall_64+0xfd/0x620 [ 935.994649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 935.999853] RIP: 0033:0x459519 [ 936.003063] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 936.022070] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 936.029835] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 936.037118] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 936.044405] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 936.051683] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 936.058996] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 936.066952] Bluetooth: hci1: command 0x1003 tx timeout [ 936.072359] Bluetooth: hci1: sending frame failed (-49) [ 936.082040] Bluetooth: hci4: Frame reassembly failed (-84) 14:44:50 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x3e00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:51 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x3f00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 937.652536] Bluetooth: hci0: command 0x1003 tx timeout [ 937.658931] Bluetooth: hci0: sending frame failed (-49) [ 937.732472] Bluetooth: hci2: command 0x1003 tx timeout [ 937.737891] Bluetooth: hci2: sending frame failed (-49) [ 937.743406] Bluetooth: hci3: command 0x1003 tx timeout [ 937.748788] Bluetooth: hci3: sending frame failed (-49) [ 938.132509] Bluetooth: hci4: command 0x1003 tx timeout [ 938.137937] Bluetooth: hci4: sending frame failed (-49) [ 938.143432] Bluetooth: hci1: command 0x1001 tx timeout [ 938.149076] Bluetooth: hci1: sending frame failed (-49) 14:44:52 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x4000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:44:53 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x1000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 939.732494] Bluetooth: hci0: command 0x1001 tx timeout [ 939.737914] Bluetooth: hci0: sending frame failed (-49) [ 939.812502] Bluetooth: hci3: command 0x1001 tx timeout [ 939.817870] Bluetooth: hci2: command 0x1001 tx timeout [ 939.817916] Bluetooth: hci3: sending frame failed (-49) [ 939.832538] Bluetooth: hci2: sending frame failed (-49) [ 940.212478] Bluetooth: hci4: command 0x1001 tx timeout [ 940.212570] Bluetooth: hci1: command 0x1009 tx timeout [ 940.223312] Bluetooth: hci4: sending frame failed (-49) [ 941.812621] Bluetooth: hci0: command 0x1009 tx timeout [ 941.892618] Bluetooth: hci2: command 0x1009 tx timeout [ 941.898059] Bluetooth: hci3: command 0x1009 tx timeout [ 942.292549] Bluetooth: hci4: command 0x1009 tx timeout 14:44:58 executing program 0 (fault-call:2 fault-nth:56): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:44:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0xe000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 944.588160] FAULT_INJECTION: forcing a failure. [ 944.588160] name failslab, interval 1, probability 0, space 0, times 0 [ 944.600272] CPU: 0 PID: 12586 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 944.607406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 944.616779] Call Trace: [ 944.619399] dump_stack+0x172/0x1f0 [ 944.623061] should_fail.cold+0xa/0x1b [ 944.627156] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 944.632317] ? lock_downgrade+0x810/0x810 [ 944.636492] ? ___might_sleep+0x163/0x280 [ 944.640788] __should_failslab+0x121/0x190 [ 944.645131] should_failslab+0x9/0x14 [ 944.648964] kmem_cache_alloc+0x2ae/0x700 [ 944.653152] ? kernfs_find_and_get_ns+0x26/0x70 [ 944.657853] __kernfs_new_node+0xef/0x680 [ 944.663351] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 944.668147] ? lock_downgrade+0x810/0x810 [ 944.672318] ? mutex_trylock+0x1e0/0x1e0 [ 944.676442] kernfs_new_node+0x99/0x130 [ 944.680457] __kernfs_create_file+0x51/0x340 [ 944.684895] sysfs_add_file_mode_ns+0x222/0x560 [ 944.690106] sysfs_merge_group+0x1a0/0x340 [ 944.694370] ? sysfs_mount+0x1e0/0x1e0 [ 944.698280] ? kernfs_put+0x3c2/0x5d0 [ 944.702120] dpm_sysfs_add+0x164/0x210 [ 944.706116] device_add+0xa47/0x1760 [ 944.709855] ? get_device_parent.isra.0+0x570/0x570 [ 944.714904] rfkill_register+0x1bf/0xb50 [ 944.718996] hci_register_dev+0x385/0x880 [ 944.723173] hci_uart_tty_ioctl+0x761/0xaf0 [ 944.727519] tty_ioctl+0x8b5/0x1510 [ 944.731174] ? hci_uart_init_work+0x140/0x140 [ 944.735686] ? tty_vhangup+0x30/0x30 [ 944.739508] ? mark_held_locks+0x100/0x100 [ 944.743761] ? proc_cwd_link+0x1d0/0x1d0 [ 944.747849] ? __fget+0x340/0x540 [ 944.751359] ? ___might_sleep+0x163/0x280 [ 944.755543] ? __might_sleep+0x95/0x190 [ 944.759539] ? tty_vhangup+0x30/0x30 [ 944.763283] do_vfs_ioctl+0xd5f/0x1380 [ 944.767285] ? selinux_file_ioctl+0x46f/0x5e0 [ 944.771797] ? selinux_file_ioctl+0x125/0x5e0 [ 944.776323] ? ioctl_preallocate+0x210/0x210 [ 944.780758] ? selinux_file_mprotect+0x620/0x620 [ 944.785543] ? iterate_fd+0x360/0x360 [ 944.789373] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 944.794937] ? fput+0x128/0x1a0 [ 944.798248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 944.804245] ? security_file_ioctl+0x8d/0xc0 [ 944.808689] ksys_ioctl+0xab/0xd0 [ 944.812165] __x64_sys_ioctl+0x73/0xb0 [ 944.816075] do_syscall_64+0xfd/0x620 [ 944.819996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 944.826191] RIP: 0033:0x459519 [ 944.830098] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 944.849112] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 944.856853] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 944.864157] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 944.871453] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 944.878843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 944.886243] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 944.896989] Bluetooth: hci1: Frame reassembly failed (-84) 14:44:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x3e000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:00 executing program 5 (fault-call:2 fault-nth:58): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:45:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f00000001c0)) 14:45:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f00000001c0)=0x1000000000033) 14:45:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x3f000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc020660b, &(0x7f00000001c0)=0x1000000000033) [ 946.503296] Bluetooth: hci0: Frame reassembly failed (-84) [ 946.545408] Bluetooth: hci3: Frame reassembly failed (-84) [ 946.551682] Bluetooth: hci3: Frame reassembly failed (-84) [ 946.581013] FAULT_INJECTION: forcing a failure. [ 946.581013] name failslab, interval 1, probability 0, space 0, times 0 [ 946.592639] CPU: 0 PID: 12609 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 946.599686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 946.609058] Call Trace: [ 946.611688] dump_stack+0x172/0x1f0 [ 946.615353] should_fail.cold+0xa/0x1b [ 946.619276] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 946.624414] ? lock_downgrade+0x810/0x810 [ 946.628607] ? ___might_sleep+0x163/0x280 [ 946.632797] __should_failslab+0x121/0x190 [ 946.637064] should_failslab+0x9/0x14 [ 946.641153] kmem_cache_alloc+0x2ae/0x700 [ 946.645333] ? lock_downgrade+0x810/0x810 [ 946.649529] __kernfs_new_node+0xef/0x680 [ 946.653721] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 946.658519] ? wait_for_completion+0x440/0x440 [ 946.663896] ? mutex_unlock+0xd/0x10 [ 946.667628] ? kernfs_activate+0x192/0x1f0 [ 946.671892] kernfs_new_node+0x99/0x130 [ 946.675894] __kernfs_create_file+0x51/0x340 [ 946.680339] sysfs_add_file_mode_ns+0x222/0x560 [ 946.685066] internal_create_group+0x383/0xc30 [ 946.689683] ? remove_files.isra.0+0x190/0x190 [ 946.694284] ? kernfs_put+0x3c2/0x5d0 [ 946.698107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 946.703667] ? kernfs_create_link+0x1d2/0x250 [ 946.708194] sysfs_create_groups+0x9b/0x141 [ 946.712546] device_add+0x87e/0x1760 [ 946.716290] ? get_device_parent.isra.0+0x570/0x570 [ 946.721342] rfkill_register+0x1bf/0xb50 [ 946.725443] hci_register_dev+0x385/0x880 [ 946.729630] hci_uart_tty_ioctl+0x761/0xaf0 [ 946.733973] tty_ioctl+0x8b5/0x1510 [ 946.737623] ? hci_uart_init_work+0x140/0x140 [ 946.742140] ? tty_vhangup+0x30/0x30 [ 946.745875] ? mark_held_locks+0x100/0x100 [ 946.750125] ? proc_cwd_link+0x1d0/0x1d0 [ 946.754220] ? __fget+0x340/0x540 [ 946.757691] ? ___might_sleep+0x163/0x280 [ 946.761862] ? __might_sleep+0x95/0x190 [ 946.765860] ? tty_vhangup+0x30/0x30 [ 946.769598] do_vfs_ioctl+0xd5f/0x1380 [ 946.773508] ? selinux_file_ioctl+0x46f/0x5e0 [ 946.778020] ? selinux_file_ioctl+0x125/0x5e0 [ 946.782567] ? ioctl_preallocate+0x210/0x210 [ 946.786995] ? selinux_file_mprotect+0x620/0x620 [ 946.791787] ? iterate_fd+0x360/0x360 [ 946.795613] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 946.801255] ? fput+0x128/0x1a0 [ 946.804565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 946.810121] ? security_file_ioctl+0x8d/0xc0 [ 946.814555] ksys_ioctl+0xab/0xd0 [ 946.818066] __x64_sys_ioctl+0x73/0xb0 [ 946.821990] do_syscall_64+0xfd/0x620 [ 946.825835] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 946.831039] RIP: 0033:0x459519 [ 946.834253] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 946.853186] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 946.860923] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 946.868325] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 946.875895] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 946.883185] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 946.890481] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 946.900551] Bluetooth: hci4: Frame reassembly failed (-84) [ 946.932531] Bluetooth: hci1: command 0x1003 tx timeout [ 946.938199] Bluetooth: hci1: sending frame failed (-49) 14:45:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x40000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0xfdfdffff]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 948.532474] Bluetooth: hci0: command 0x1003 tx timeout [ 948.538440] Bluetooth: hci0: sending frame failed (-49) [ 948.612710] Bluetooth: hci2: command 0x1003 tx timeout [ 948.612988] Bluetooth: hci3: command 0x1003 tx timeout [ 948.626537] Bluetooth: hci2: sending frame failed (-49) [ 948.641752] Bluetooth: hci3: sending frame failed (-49) [ 948.932480] Bluetooth: hci4: command 0x1003 tx timeout [ 948.937977] Bluetooth: hci4: sending frame failed (-49) [ 949.022718] Bluetooth: hci1: command 0x1001 tx timeout [ 949.028450] Bluetooth: hci1: sending frame failed (-49) 14:45:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0xfffffdfd]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x100000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 950.612547] Bluetooth: hci0: command 0x1001 tx timeout [ 950.617994] Bluetooth: hci0: sending frame failed (-49) [ 950.692939] Bluetooth: hci3: command 0x1001 tx timeout [ 950.698373] Bluetooth: hci3: sending frame failed (-49) [ 950.704490] Bluetooth: hci2: command 0x1001 tx timeout [ 950.715637] Bluetooth: hci2: sending frame failed (-49) [ 951.012628] Bluetooth: hci4: command 0x1001 tx timeout [ 951.018067] Bluetooth: hci4: sending frame failed (-49) [ 951.092497] Bluetooth: hci1: command 0x1009 tx timeout [ 952.692507] Bluetooth: hci0: command 0x1009 tx timeout [ 952.772910] Bluetooth: hci2: command 0x1009 tx timeout [ 952.778463] Bluetooth: hci3: command 0x1009 tx timeout [ 953.092495] Bluetooth: hci4: command 0x1009 tx timeout 14:45:09 executing program 0 (fault-call:2 fault-nth:57): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:45:09 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0xe00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 955.480941] FAULT_INJECTION: forcing a failure. [ 955.480941] name failslab, interval 1, probability 0, space 0, times 0 [ 955.499228] CPU: 1 PID: 12644 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 955.506379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 955.515756] Call Trace: [ 955.518407] dump_stack+0x172/0x1f0 [ 955.522079] should_fail.cold+0xa/0x1b [ 955.526011] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 955.531168] ? lock_downgrade+0x810/0x810 [ 955.535350] ? ___might_sleep+0x163/0x280 [ 955.539537] __should_failslab+0x121/0x190 [ 955.543803] should_failslab+0x9/0x14 [ 955.547631] kmem_cache_alloc+0x2ae/0x700 [ 955.551807] ? lock_downgrade+0x810/0x810 [ 955.555995] ? kasan_check_write+0x14/0x20 [ 955.560281] __kernfs_new_node+0xef/0x680 [ 955.564464] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 955.569267] ? mutex_unlock+0xd/0x10 [ 955.573007] ? kernfs_activate+0x192/0x1f0 [ 955.577803] ? kernfs_add_one+0x131/0x4d0 [ 955.581985] kernfs_new_node+0x99/0x130 [ 955.585994] kernfs_create_dir_ns+0x52/0x160 [ 955.590454] internal_create_group+0x1cb/0xc30 [ 955.595256] ? internal_create_group+0x79a/0xc30 [ 955.600076] ? remove_files.isra.0+0x190/0x190 [ 955.604681] ? remove_files.isra.0+0x190/0x190 [ 955.609742] ? kernfs_put+0x3c2/0x5d0 [ 955.613567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 955.619127] ? kernfs_create_link+0x1d2/0x250 [ 955.623655] sysfs_create_group+0x20/0x30 [ 955.627843] dpm_sysfs_add+0x26/0x210 [ 955.631794] device_add+0xa47/0x1760 [ 955.635635] ? get_device_parent.isra.0+0x570/0x570 [ 955.640701] rfkill_register+0x1bf/0xb50 [ 955.644804] hci_register_dev+0x385/0x880 [ 955.649000] hci_uart_tty_ioctl+0x761/0xaf0 [ 955.653543] tty_ioctl+0x8b5/0x1510 [ 955.657208] ? hci_uart_init_work+0x140/0x140 [ 955.661824] ? tty_vhangup+0x30/0x30 [ 955.665570] ? mark_held_locks+0x100/0x100 [ 955.669858] ? proc_cwd_link+0x1d0/0x1d0 [ 955.673960] ? __fget+0x340/0x540 [ 955.677455] ? ___might_sleep+0x163/0x280 [ 955.681633] ? __might_sleep+0x95/0x190 [ 955.685644] ? tty_vhangup+0x30/0x30 [ 955.689661] do_vfs_ioctl+0xd5f/0x1380 [ 955.693573] ? selinux_file_ioctl+0x46f/0x5e0 [ 955.698101] ? selinux_file_ioctl+0x125/0x5e0 [ 955.702621] ? ioctl_preallocate+0x210/0x210 [ 955.707052] ? selinux_file_mprotect+0x620/0x620 [ 955.711846] ? iterate_fd+0x360/0x360 [ 955.715676] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 955.721237] ? fput+0x128/0x1a0 [ 955.724549] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 955.730106] ? security_file_ioctl+0x8d/0xc0 [ 955.734545] ksys_ioctl+0xab/0xd0 [ 955.738029] __x64_sys_ioctl+0x73/0xb0 [ 955.741943] do_syscall_64+0xfd/0x620 [ 955.745781] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 955.750993] RIP: 0033:0x459519 [ 955.754205] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 955.773218] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 955.780993] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 955.788309] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 955.795598] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 955.802891] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 955.810356] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 955.831199] Bluetooth: hci1: Frame reassembly failed (-84) 14:45:10 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x3e00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:11 executing program 5 (fault-call:2 fault-nth:59): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:45:11 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f00000001c0)) 14:45:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f00000001c0)=0x1000000000033) 14:45:11 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000002) 14:45:11 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x3f00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 957.390014] Bluetooth: hci0: Frame reassembly failed (-84) [ 957.403474] Bluetooth: hci2: Frame reassembly failed (-84) [ 957.417151] Bluetooth: hci3: Frame reassembly failed (-84) [ 957.431655] FAULT_INJECTION: forcing a failure. [ 957.431655] name failslab, interval 1, probability 0, space 0, times 0 [ 957.454241] CPU: 1 PID: 12664 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 957.461321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 957.470716] Call Trace: [ 957.473353] dump_stack+0x172/0x1f0 [ 957.477057] should_fail.cold+0xa/0x1b [ 957.481011] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 957.486145] ? lock_downgrade+0x810/0x810 [ 957.490403] ? ___might_sleep+0x163/0x280 [ 957.494576] __should_failslab+0x121/0x190 [ 957.498834] should_failslab+0x9/0x14 [ 957.502718] kmem_cache_alloc+0x2ae/0x700 [ 957.506899] ? lock_downgrade+0x810/0x810 [ 957.511072] __kernfs_new_node+0xef/0x680 [ 957.515248] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 957.520026] ? wait_for_completion+0x440/0x440 [ 957.524655] ? mutex_unlock+0xd/0x10 [ 957.528395] ? kernfs_activate+0x192/0x1f0 [ 957.532656] kernfs_new_node+0x99/0x130 [ 957.536675] __kernfs_create_file+0x51/0x340 [ 957.541124] sysfs_add_file_mode_ns+0x222/0x560 [ 957.545872] internal_create_group+0x383/0xc30 [ 957.550525] ? remove_files.isra.0+0x190/0x190 [ 957.556018] ? kernfs_put+0x3c2/0x5d0 [ 957.559854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 957.565430] ? kernfs_create_link+0x1d2/0x250 [ 957.569958] sysfs_create_groups+0x9b/0x141 [ 957.574319] device_add+0x87e/0x1760 [ 957.578060] ? get_device_parent.isra.0+0x570/0x570 [ 957.583116] rfkill_register+0x1bf/0xb50 [ 957.587203] hci_register_dev+0x385/0x880 [ 957.591381] hci_uart_tty_ioctl+0x761/0xaf0 [ 957.595733] tty_ioctl+0x8b5/0x1510 [ 957.599388] ? hci_uart_init_work+0x140/0x140 [ 957.603911] ? tty_vhangup+0x30/0x30 [ 957.607647] ? mark_held_locks+0x100/0x100 [ 957.611906] ? proc_cwd_link+0x1d0/0x1d0 [ 957.616092] ? __fget+0x340/0x540 [ 957.619572] ? ___might_sleep+0x163/0x280 [ 957.623763] ? __might_sleep+0x95/0x190 [ 957.627764] ? tty_vhangup+0x30/0x30 [ 957.631513] do_vfs_ioctl+0xd5f/0x1380 [ 957.635470] ? selinux_file_ioctl+0x46f/0x5e0 [ 957.640022] ? selinux_file_ioctl+0x125/0x5e0 [ 957.644557] ? ioctl_preallocate+0x210/0x210 [ 957.649003] ? selinux_file_mprotect+0x620/0x620 [ 957.653800] ? iterate_fd+0x360/0x360 [ 957.657663] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 957.663253] ? fput+0x128/0x1a0 [ 957.666569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 957.672128] ? security_file_ioctl+0x8d/0xc0 [ 957.676560] ksys_ioctl+0xab/0xd0 [ 957.680041] __x64_sys_ioctl+0x73/0xb0 [ 957.683967] do_syscall_64+0xfd/0x620 [ 957.687844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 957.693049] RIP: 0033:0x459519 [ 957.696280] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 957.715207] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 957.722955] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 957.730262] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 957.737676] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 957.745082] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 957.752473] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 957.784499] Bluetooth: hci4: Frame reassembly failed (-84) [ 957.892593] Bluetooth: hci1: command 0x1003 tx timeout [ 957.898393] Bluetooth: hci1: sending frame failed (-49) 14:45:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x4000000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0xfdfdffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 959.412488] Bluetooth: hci2: command 0x1003 tx timeout [ 959.417862] Bluetooth: hci0: command 0x1003 tx timeout [ 959.417907] Bluetooth: hci2: sending frame failed (-49) [ 959.432623] Bluetooth: hci0: sending frame failed (-49) [ 959.492569] Bluetooth: hci3: command 0x1003 tx timeout [ 959.498321] Bluetooth: hci3: sending frame failed (-49) [ 959.822577] Bluetooth: hci4: command 0x1003 tx timeout [ 959.828308] Bluetooth: hci4: sending frame failed (-49) [ 959.982692] Bluetooth: hci1: command 0x1001 tx timeout [ 959.988139] Bluetooth: hci1: sending frame failed (-49) 14:45:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0xffffffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0xe]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 961.492548] Bluetooth: hci0: command 0x1001 tx timeout [ 961.498125] Bluetooth: hci0: sending frame failed (-49) [ 961.504198] Bluetooth: hci2: command 0x1001 tx timeout [ 961.515322] Bluetooth: hci2: sending frame failed (-49) [ 961.572566] Bluetooth: hci3: command 0x1001 tx timeout [ 961.577990] Bluetooth: hci3: sending frame failed (-49) [ 961.892559] Bluetooth: hci4: command 0x1001 tx timeout [ 961.897993] Bluetooth: hci4: sending frame failed (-49) [ 962.052562] Bluetooth: hci1: command 0x1009 tx timeout [ 963.572525] Bluetooth: hci2: command 0x1009 tx timeout [ 963.577938] Bluetooth: hci0: command 0x1009 tx timeout [ 963.652502] Bluetooth: hci3: command 0x1009 tx timeout [ 963.972556] Bluetooth: hci4: command 0x1009 tx timeout 14:45:20 executing program 0 (fault-call:2 fault-nth:58): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:45:20 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x3e]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 966.368796] FAULT_INJECTION: forcing a failure. [ 966.368796] name failslab, interval 1, probability 0, space 0, times 0 [ 966.387465] CPU: 1 PID: 12697 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 966.394531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 966.403912] Call Trace: [ 966.406538] dump_stack+0x172/0x1f0 [ 966.410202] should_fail.cold+0xa/0x1b [ 966.414118] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 966.419241] ? lock_downgrade+0x810/0x810 [ 966.423409] ? ___might_sleep+0x163/0x280 [ 966.427579] __should_failslab+0x121/0x190 [ 966.431834] should_failslab+0x9/0x14 [ 966.435654] kmem_cache_alloc+0x2ae/0x700 [ 966.439825] ? lock_downgrade+0x810/0x810 [ 966.443993] ? kasan_check_read+0x11/0x20 [ 966.448169] __kernfs_new_node+0xef/0x680 [ 966.452350] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 966.457130] ? wait_for_completion+0x440/0x440 [ 966.461757] ? mutex_unlock+0xd/0x10 [ 966.465488] ? kernfs_activate+0x192/0x1f0 [ 966.469749] kernfs_new_node+0x99/0x130 [ 966.473750] __kernfs_create_file+0x51/0x340 [ 966.478178] sysfs_add_file_mode_ns+0x222/0x560 [ 966.482870] sysfs_merge_group+0x1a0/0x340 [ 966.487131] ? sysfs_mount+0x1e0/0x1e0 [ 966.491035] ? kernfs_put+0x3c2/0x5d0 [ 966.494867] dpm_sysfs_add+0x164/0x210 [ 966.498774] device_add+0xa47/0x1760 [ 966.502572] ? get_device_parent.isra.0+0x570/0x570 [ 966.507622] rfkill_register+0x1bf/0xb50 [ 966.511708] hci_register_dev+0x385/0x880 [ 966.515889] hci_uart_tty_ioctl+0x761/0xaf0 [ 966.520238] tty_ioctl+0x8b5/0x1510 [ 966.523885] ? hci_uart_init_work+0x140/0x140 [ 966.528397] ? tty_vhangup+0x30/0x30 [ 966.532133] ? mark_held_locks+0x100/0x100 [ 966.536409] ? proc_cwd_link+0x1d0/0x1d0 [ 966.540523] ? __fget+0x340/0x540 [ 966.544001] ? ___might_sleep+0x163/0x280 [ 966.548169] ? __might_sleep+0x95/0x190 [ 966.552163] ? tty_vhangup+0x30/0x30 [ 966.556949] do_vfs_ioctl+0xd5f/0x1380 [ 966.560865] ? selinux_file_ioctl+0x46f/0x5e0 [ 966.565379] ? selinux_file_ioctl+0x125/0x5e0 [ 966.569898] ? ioctl_preallocate+0x210/0x210 [ 966.574326] ? selinux_file_mprotect+0x620/0x620 [ 966.579119] ? iterate_fd+0x360/0x360 [ 966.582941] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 966.588683] ? fput+0x128/0x1a0 [ 966.592003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 966.608875] ? security_file_ioctl+0x8d/0xc0 [ 966.613409] ksys_ioctl+0xab/0xd0 [ 966.616900] __x64_sys_ioctl+0x73/0xb0 [ 966.620815] do_syscall_64+0xfd/0x620 [ 966.624647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 966.629858] RIP: 0033:0x459519 [ 966.633076] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 966.652093] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 966.659842] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 966.668615] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 966.675914] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 966.683201] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 966.690490] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 966.700108] Bluetooth: hci1: Frame reassembly failed (-84) 14:45:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0xe00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:22 executing program 5 (fault-call:2 fault-nth:60): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:45:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000003) 14:45:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0189436, &(0x7f00000001c0)=0x1000000000033) 14:45:22 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc0189436, &(0x7f00000001c0)) 14:45:22 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x3e00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 968.279535] Bluetooth: hci2: Frame reassembly failed (-84) [ 968.286875] Bluetooth: hci0: Frame reassembly failed (-84) [ 968.303805] FAULT_INJECTION: forcing a failure. [ 968.303805] name failslab, interval 1, probability 0, space 0, times 0 [ 968.315461] CPU: 1 PID: 12718 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 968.322508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 968.331879] Call Trace: [ 968.334589] dump_stack+0x172/0x1f0 [ 968.338249] should_fail.cold+0xa/0x1b [ 968.342167] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 968.347300] ? lock_downgrade+0x810/0x810 [ 968.351470] ? ___might_sleep+0x163/0x280 [ 968.355648] __should_failslab+0x121/0x190 [ 968.359909] should_failslab+0x9/0x14 [ 968.363732] kmem_cache_alloc+0x2ae/0x700 [ 968.367905] ? lock_downgrade+0x810/0x810 [ 968.372083] __kernfs_new_node+0xef/0x680 [ 968.376257] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 968.381040] ? wait_for_completion+0x440/0x440 [ 968.385659] ? mutex_unlock+0xd/0x10 [ 968.389486] ? kernfs_activate+0x192/0x1f0 [ 968.393758] kernfs_new_node+0x99/0x130 [ 968.397766] __kernfs_create_file+0x51/0x340 [ 968.402200] sysfs_add_file_mode_ns+0x222/0x560 [ 968.406908] internal_create_group+0x383/0xc30 [ 968.411524] ? remove_files.isra.0+0x190/0x190 [ 968.416130] ? kernfs_put+0x3c2/0x5d0 [ 968.419972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 968.425534] ? kernfs_create_link+0x1d2/0x250 [ 968.430061] sysfs_create_groups+0x9b/0x141 [ 968.434408] device_add+0x87e/0x1760 [ 968.438243] ? get_device_parent.isra.0+0x570/0x570 [ 968.443300] rfkill_register+0x1bf/0xb50 [ 968.447390] hci_register_dev+0x385/0x880 [ 968.451566] hci_uart_tty_ioctl+0x761/0xaf0 [ 968.455946] tty_ioctl+0x8b5/0x1510 [ 968.459601] ? hci_uart_init_work+0x140/0x140 [ 968.464219] ? tty_vhangup+0x30/0x30 [ 968.467982] ? mark_held_locks+0x100/0x100 [ 968.472242] ? proc_cwd_link+0x1d0/0x1d0 [ 968.476359] ? keyspan_set_termios+0x280/0x2f0 [ 968.480978] ? __fget+0x340/0x540 [ 968.484457] ? ___might_sleep+0x163/0x280 [ 968.488628] ? __might_sleep+0x95/0x190 [ 968.492662] ? tty_vhangup+0x30/0x30 [ 968.496491] do_vfs_ioctl+0xd5f/0x1380 [ 968.500430] ? selinux_file_ioctl+0x46f/0x5e0 [ 968.504943] ? selinux_file_ioctl+0x125/0x5e0 [ 968.509473] ? ioctl_preallocate+0x210/0x210 [ 968.513909] ? selinux_file_mprotect+0x620/0x620 [ 968.518699] ? iterate_fd+0x360/0x360 [ 968.522557] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 968.528117] ? fput+0x128/0x1a0 [ 968.531428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 968.537016] ? security_file_ioctl+0x8d/0xc0 [ 968.541448] ksys_ioctl+0xab/0xd0 [ 968.544922] __x64_sys_ioctl+0x73/0xb0 [ 968.548853] do_syscall_64+0xfd/0x620 [ 968.552687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 968.559447] RIP: 0033:0x459519 [ 968.562655] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 968.581577] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 968.589581] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 968.602920] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 968.615009] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 968.622309] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 968.629670] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 968.639891] Bluetooth: hci4: Frame reassembly failed (-84) [ 968.772503] Bluetooth: hci1: command 0x1003 tx timeout [ 968.778204] Bluetooth: hci1: sending frame failed (-49) 14:45:23 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x3f00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x4000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 970.292568] Bluetooth: hci3: command 0x1003 tx timeout [ 970.298384] Bluetooth: hci3: sending frame failed (-49) [ 970.304605] Bluetooth: hci0: command 0x1003 tx timeout [ 970.317207] Bluetooth: hci0: sending frame failed (-49) [ 970.324839] Bluetooth: hci2: command 0x1003 tx timeout [ 970.337237] Bluetooth: hci2: sending frame failed (-49) [ 970.692591] Bluetooth: hci4: command 0x1003 tx timeout [ 970.698135] Bluetooth: hci4: sending frame failed (-49) [ 970.852460] Bluetooth: hci1: command 0x1001 tx timeout [ 970.858199] Bluetooth: hci1: sending frame failed (-49) 14:45:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x1000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0xe000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 972.372595] Bluetooth: hci2: command 0x1001 tx timeout [ 972.378248] Bluetooth: hci2: sending frame failed (-49) [ 972.384260] Bluetooth: hci0: command 0x1001 tx timeout [ 972.395412] Bluetooth: hci0: sending frame failed (-49) [ 972.401034] Bluetooth: hci3: command 0x1001 tx timeout [ 972.413384] Bluetooth: hci3: sending frame failed (-49) [ 972.772516] Bluetooth: hci4: command 0x1001 tx timeout [ 972.778072] Bluetooth: hci4: sending frame failed (-49) [ 972.932514] Bluetooth: hci1: command 0x1009 tx timeout [ 974.452648] Bluetooth: hci3: command 0x1009 tx timeout [ 974.458053] Bluetooth: hci0: command 0x1009 tx timeout [ 974.463871] Bluetooth: hci2: command 0x1009 tx timeout [ 974.852578] Bluetooth: hci4: command 0x1009 tx timeout 14:45:31 executing program 0 (fault-call:2 fault-nth:59): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:45:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x3e000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 977.249776] FAULT_INJECTION: forcing a failure. [ 977.249776] name failslab, interval 1, probability 0, space 0, times 0 [ 977.269048] CPU: 0 PID: 12750 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 977.276107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 977.285732] Call Trace: [ 977.288356] dump_stack+0x172/0x1f0 [ 977.292021] should_fail.cold+0xa/0x1b [ 977.295938] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 977.301060] ? lock_downgrade+0x810/0x810 [ 977.305254] ? ___might_sleep+0x163/0x280 [ 977.309436] __should_failslab+0x121/0x190 [ 977.313710] should_failslab+0x9/0x14 [ 977.317530] kmem_cache_alloc+0x2ae/0x700 [ 977.321697] ? lock_downgrade+0x810/0x810 [ 977.325861] ? kasan_check_read+0x11/0x20 [ 977.330304] __kernfs_new_node+0xef/0x680 [ 977.334486] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 977.339271] ? wait_for_completion+0x440/0x440 [ 977.343893] ? mutex_unlock+0xd/0x10 [ 977.347624] ? kernfs_activate+0x192/0x1f0 [ 977.351883] kernfs_new_node+0x99/0x130 [ 977.355895] __kernfs_create_file+0x51/0x340 [ 977.360329] sysfs_add_file_mode_ns+0x222/0x560 [ 977.365032] sysfs_merge_group+0x1a0/0x340 [ 977.369286] ? sysfs_mount+0x1e0/0x1e0 [ 977.373196] ? kernfs_put+0x3c2/0x5d0 [ 977.377038] dpm_sysfs_add+0x164/0x210 [ 977.380955] device_add+0xa47/0x1760 [ 977.384697] ? get_device_parent.isra.0+0x570/0x570 [ 977.389751] rfkill_register+0x1bf/0xb50 [ 977.393842] hci_register_dev+0x385/0x880 [ 977.398027] hci_uart_tty_ioctl+0x761/0xaf0 [ 977.402372] tty_ioctl+0x8b5/0x1510 [ 977.406025] ? hci_uart_init_work+0x140/0x140 [ 977.410546] ? tty_vhangup+0x30/0x30 [ 977.414283] ? mark_held_locks+0x100/0x100 [ 977.418548] ? proc_cwd_link+0x1d0/0x1d0 [ 977.422644] ? __fget+0x340/0x540 [ 977.426122] ? ___might_sleep+0x163/0x280 [ 977.430297] ? __might_sleep+0x95/0x190 [ 977.434311] ? tty_vhangup+0x30/0x30 [ 977.438054] do_vfs_ioctl+0xd5f/0x1380 [ 977.441964] ? selinux_file_ioctl+0x46f/0x5e0 [ 977.446510] ? selinux_file_ioctl+0x125/0x5e0 [ 977.451032] ? ioctl_preallocate+0x210/0x210 [ 977.455463] ? selinux_file_mprotect+0x620/0x620 [ 977.460262] ? iterate_fd+0x360/0x360 [ 977.464091] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 977.469658] ? fput+0x128/0x1a0 [ 977.472974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 977.478620] ? security_file_ioctl+0x8d/0xc0 [ 977.483058] ksys_ioctl+0xab/0xd0 [ 977.486537] __x64_sys_ioctl+0x73/0xb0 [ 977.490449] do_syscall_64+0xfd/0x620 [ 977.494291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 977.499504] RIP: 0033:0x459519 [ 977.502719] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 977.521828] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 977.529571] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 977.536863] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 977.544158] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 977.551450] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 977.559234] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 977.588990] Bluetooth: hci1: Frame reassembly failed (-84) 14:45:32 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x3f000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:33 executing program 5 (fault-call:2 fault-nth:61): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:45:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc020660b, &(0x7f00000001c0)=0x1000000000033) 14:45:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0xc020660b, &(0x7f00000001c0)) 14:45:33 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x40000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000004) [ 979.168096] Bluetooth: hci2: Frame reassembly failed (-84) [ 979.179575] Bluetooth: hci0: Frame reassembly failed (-84) [ 979.186603] Bluetooth: hci0: Frame reassembly failed (-84) [ 979.196308] FAULT_INJECTION: forcing a failure. [ 979.196308] name failslab, interval 1, probability 0, space 0, times 0 [ 979.215736] CPU: 1 PID: 12774 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 979.222813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 979.232197] Call Trace: [ 979.234824] dump_stack+0x172/0x1f0 [ 979.238488] should_fail.cold+0xa/0x1b [ 979.242419] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 979.247556] ? lock_downgrade+0x810/0x810 [ 979.251730] ? ___might_sleep+0x163/0x280 [ 979.255945] __should_failslab+0x121/0x190 [ 979.260207] should_failslab+0x9/0x14 [ 979.264034] kmem_cache_alloc_trace+0x2cc/0x760 [ 979.268751] ? kasan_check_write+0x14/0x20 [ 979.273019] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 979.277892] kobject_uevent_env+0x387/0x101d [ 979.282368] kobject_uevent+0x20/0x26 [ 979.286195] device_add+0xb3a/0x1760 [ 979.289937] ? get_device_parent.isra.0+0x570/0x570 [ 979.295036] rfkill_register+0x1bf/0xb50 [ 979.299123] hci_register_dev+0x385/0x880 [ 979.303303] hci_uart_tty_ioctl+0x761/0xaf0 [ 979.307653] tty_ioctl+0x8b5/0x1510 [ 979.311321] ? hci_uart_init_work+0x140/0x140 [ 979.315846] ? tty_vhangup+0x30/0x30 [ 979.319583] ? mark_held_locks+0x100/0x100 [ 979.323850] ? proc_cwd_link+0x1d0/0x1d0 [ 979.327942] ? __fget+0x340/0x540 [ 979.331436] ? ___might_sleep+0x163/0x280 [ 979.335618] ? __might_sleep+0x95/0x190 [ 979.339617] ? tty_vhangup+0x30/0x30 [ 979.343354] do_vfs_ioctl+0xd5f/0x1380 [ 979.347296] ? selinux_file_ioctl+0x46f/0x5e0 [ 979.351846] ? selinux_file_ioctl+0x125/0x5e0 [ 979.356474] ? ioctl_preallocate+0x210/0x210 [ 979.360925] ? selinux_file_mprotect+0x620/0x620 [ 979.365726] ? iterate_fd+0x360/0x360 [ 979.369573] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 979.375148] ? fput+0x128/0x1a0 [ 979.378559] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 979.384124] ? security_file_ioctl+0x8d/0xc0 [ 979.388563] ksys_ioctl+0xab/0xd0 [ 979.392080] __x64_sys_ioctl+0x73/0xb0 [ 979.396005] do_syscall_64+0xfd/0x620 [ 979.399841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 979.405053] RIP: 0033:0x459519 [ 979.408333] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 979.427542] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 979.435285] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 979.442583] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 979.449994] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 979.457283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 979.464571] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 979.485198] Bluetooth: hci4: sending frame failed (-49) [ 979.491274] Bluetooth: hci3: Frame reassembly failed (-84) [ 979.501202] Bluetooth: hci3: Frame reassembly failed (-84) [ 979.652453] Bluetooth: hci1: command 0x1003 tx timeout [ 979.657893] Bluetooth: hci1: sending frame failed (-49) 14:45:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0xfdfdffff]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:35 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0xfffffdfd]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 981.182594] Bluetooth: hci2: command 0x1003 tx timeout [ 981.188324] Bluetooth: hci2: sending frame failed (-49) [ 981.252602] Bluetooth: hci0: command 0x1003 tx timeout [ 981.258299] Bluetooth: hci0: sending frame failed (-49) [ 981.492455] Bluetooth: hci3: command 0x1003 tx timeout [ 981.492532] Bluetooth: hci4: command 0x1003 tx timeout [ 981.497879] Bluetooth: hci3: sending frame failed (-49) [ 981.510596] Bluetooth: hci4: sending frame failed (-49) [ 981.732489] Bluetooth: hci1: command 0x1001 tx timeout [ 981.737919] Bluetooth: hci1: sending frame failed (-49) 14:45:35 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x100000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0xe00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 983.252473] Bluetooth: hci2: command 0x1001 tx timeout [ 983.257895] Bluetooth: hci2: sending frame failed (-49) [ 983.332534] Bluetooth: hci0: command 0x1001 tx timeout [ 983.338090] Bluetooth: hci0: sending frame failed (-49) [ 983.572638] Bluetooth: hci4: command 0x1001 tx timeout [ 983.590605] Bluetooth: hci4: sending frame failed (-49) [ 983.596301] Bluetooth: hci3: command 0x1001 tx timeout [ 983.601680] Bluetooth: hci3: sending frame failed (-49) [ 983.812500] Bluetooth: hci1: command 0x1009 tx timeout [ 985.332475] Bluetooth: hci2: command 0x1009 tx timeout [ 985.412597] Bluetooth: hci0: command 0x1009 tx timeout [ 985.652557] Bluetooth: hci3: command 0x1009 tx timeout [ 985.658059] Bluetooth: hci4: command 0x1009 tx timeout 14:45:42 executing program 0 (fault-call:2 fault-nth:60): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:45:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x3e00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 988.100743] FAULT_INJECTION: forcing a failure. [ 988.100743] name failslab, interval 1, probability 0, space 0, times 0 [ 988.113282] CPU: 1 PID: 12806 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 988.120508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 988.129882] Call Trace: [ 988.132515] dump_stack+0x172/0x1f0 [ 988.136176] should_fail.cold+0xa/0x1b [ 988.140096] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 988.145226] ? lock_downgrade+0x810/0x810 [ 988.149390] ? ___might_sleep+0x163/0x280 [ 988.153566] __should_failslab+0x121/0x190 [ 988.157823] should_failslab+0x9/0x14 [ 988.161634] __kmalloc+0x2e2/0x750 [ 988.165203] ? rcu_read_lock_sched_held+0x110/0x130 [ 988.170235] ? kobject_get_path+0xc4/0x1b0 [ 988.174665] kobject_get_path+0xc4/0x1b0 [ 988.178745] kobject_uevent_env+0x3ab/0x101d [ 988.183188] kobject_uevent+0x20/0x26 [ 988.187016] device_add+0xb3a/0x1760 [ 988.190748] ? get_device_parent.isra.0+0x570/0x570 [ 988.195797] rfkill_register+0x1bf/0xb50 [ 988.199880] hci_register_dev+0x385/0x880 [ 988.204069] hci_uart_tty_ioctl+0x761/0xaf0 [ 988.208419] tty_ioctl+0x8b5/0x1510 [ 988.212065] ? hci_uart_init_work+0x140/0x140 [ 988.216580] ? tty_vhangup+0x30/0x30 [ 988.220321] ? mark_held_locks+0x100/0x100 [ 988.224573] ? proc_cwd_link+0x1d0/0x1d0 [ 988.228671] ? __fget+0x340/0x540 [ 988.232175] ? ___might_sleep+0x163/0x280 [ 988.236346] ? __might_sleep+0x95/0x190 [ 988.240343] ? tty_vhangup+0x30/0x30 [ 988.244086] do_vfs_ioctl+0xd5f/0x1380 [ 988.247999] ? selinux_file_ioctl+0x46f/0x5e0 [ 988.252514] ? selinux_file_ioctl+0x125/0x5e0 [ 988.257041] ? ioctl_preallocate+0x210/0x210 [ 988.261464] ? selinux_file_mprotect+0x620/0x620 [ 988.266250] ? iterate_fd+0x360/0x360 [ 988.270070] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 988.275714] ? fput+0x128/0x1a0 [ 988.279022] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 988.284574] ? security_file_ioctl+0x8d/0xc0 [ 988.289002] ksys_ioctl+0xab/0xd0 [ 988.292475] __x64_sys_ioctl+0x73/0xb0 [ 988.296386] do_syscall_64+0xfd/0x620 [ 988.300214] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 988.305417] RIP: 0033:0x459519 [ 988.308626] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 988.327549] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 988.335284] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 988.342564] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 988.349843] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 988.357122] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 988.364407] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 988.376457] Bluetooth: hci1: Frame reassembly failed (-84) 14:45:43 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x3f00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:44 executing program 5 (fault-call:2 fault-nth:62): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:45:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x2) 14:45:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000025) 14:45:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000002) 14:45:44 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x4000000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 990.040609] Bluetooth: hci0: Frame reassembly failed (-90) [ 990.065920] Bluetooth: hci2: Frame reassembly failed (-84) [ 990.085166] FAULT_INJECTION: forcing a failure. [ 990.085166] name failslab, interval 1, probability 0, space 0, times 0 [ 990.105217] CPU: 1 PID: 12826 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 990.112292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 990.121751] Call Trace: [ 990.124379] dump_stack+0x172/0x1f0 [ 990.128038] should_fail.cold+0xa/0x1b [ 990.131955] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 990.137088] ? lock_downgrade+0x810/0x810 [ 990.141256] ? ___might_sleep+0x163/0x280 [ 990.145435] __should_failslab+0x121/0x190 [ 990.149696] should_failslab+0x9/0x14 [ 990.153526] kmem_cache_alloc_node_trace+0x274/0x720 [ 990.158654] ? __alloc_skb+0xd5/0x5f0 [ 990.162482] ? ___preempt_schedule_notrace+0x16/0x2f [ 990.167616] __kmalloc_node_track_caller+0x3d/0x80 [ 990.172605] __kmalloc_reserve.isra.0+0x40/0xf0 [ 990.177328] __alloc_skb+0x10b/0x5f0 [ 990.181156] ? skb_scrub_packet+0x490/0x490 [ 990.185507] ? kasan_check_read+0x11/0x20 [ 990.189712] alloc_uevent_skb+0x83/0x1e2 [ 990.193895] kobject_uevent_env+0xaa3/0x101d [ 990.198403] kobject_uevent+0x20/0x26 [ 990.202241] device_add+0xb3a/0x1760 [ 990.206076] ? get_device_parent.isra.0+0x570/0x570 [ 990.211929] rfkill_register+0x1bf/0xb50 [ 990.216059] hci_register_dev+0x385/0x880 [ 990.220248] hci_uart_tty_ioctl+0x761/0xaf0 [ 990.224601] tty_ioctl+0x8b5/0x1510 [ 990.228255] ? hci_uart_init_work+0x140/0x140 [ 990.232769] ? tty_vhangup+0x30/0x30 [ 990.236506] ? mark_held_locks+0x100/0x100 [ 990.240767] ? proc_cwd_link+0x1d0/0x1d0 [ 990.244859] ? __fget+0x340/0x540 [ 990.248335] ? ___might_sleep+0x163/0x280 [ 990.252508] ? __might_sleep+0x95/0x190 [ 990.256612] ? tty_vhangup+0x30/0x30 [ 990.260407] do_vfs_ioctl+0xd5f/0x1380 [ 990.264316] ? selinux_file_ioctl+0x46f/0x5e0 [ 990.269013] ? selinux_file_ioctl+0x125/0x5e0 [ 990.273534] ? ioctl_preallocate+0x210/0x210 [ 990.277960] ? selinux_file_mprotect+0x620/0x620 [ 990.282767] ? iterate_fd+0x360/0x360 [ 990.286589] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 990.292655] ? fput+0x128/0x1a0 [ 990.295985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 990.301547] ? security_file_ioctl+0x8d/0xc0 [ 990.306075] ksys_ioctl+0xab/0xd0 [ 990.309552] __x64_sys_ioctl+0x73/0xb0 [ 990.313466] do_syscall_64+0xfd/0x620 [ 990.317298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 990.322861] RIP: 0033:0x459519 [ 990.326071] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 990.345432] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 990.353186] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 990.360476] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 990.367767] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 990.375048] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 990.382333] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 990.407222] Bluetooth: hci4: Frame reassembly failed (-84) [ 990.452694] Bluetooth: hci1: command 0x1003 tx timeout [ 990.458567] Bluetooth: hci1: sending frame failed (-49) 14:45:44 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0xfdfdffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:45 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0xffffffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 992.052452] Bluetooth: hci0: command 0x1003 tx timeout [ 992.057940] Bluetooth: hci0: sending frame failed (-49) [ 992.132462] Bluetooth: hci2: command 0x1003 tx timeout [ 992.137920] Bluetooth: hci2: sending frame failed (-49) [ 992.452521] Bluetooth: hci3: command 0x1003 tx timeout [ 992.458218] Bluetooth: hci3: sending frame failed (-49) [ 992.464479] Bluetooth: hci4: command 0x1003 tx timeout [ 992.476926] Bluetooth: hci4: sending frame failed (-49) [ 992.532823] Bluetooth: hci1: command 0x1001 tx timeout [ 992.538608] Bluetooth: hci1: sending frame failed (-49) 14:45:46 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0xe]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:47 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3e]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 994.132525] Bluetooth: hci0: command 0x1001 tx timeout [ 994.138084] Bluetooth: hci0: sending frame failed (-49) [ 994.212553] Bluetooth: hci2: command 0x1001 tx timeout [ 994.218139] Bluetooth: hci2: sending frame failed (-49) [ 994.532530] Bluetooth: hci4: command 0x1001 tx timeout [ 994.537944] Bluetooth: hci4: sending frame failed (-49) [ 994.544019] Bluetooth: hci3: command 0x1001 tx timeout [ 994.549405] Bluetooth: hci3: sending frame failed (-49) [ 994.612783] Bluetooth: hci1: command 0x1009 tx timeout [ 996.212485] Bluetooth: hci0: command 0x1009 tx timeout [ 996.292541] Bluetooth: hci2: command 0x1009 tx timeout [ 996.612492] Bluetooth: hci3: command 0x1009 tx timeout [ 996.617891] Bluetooth: hci4: command 0x1009 tx timeout 14:45:53 executing program 0 (fault-call:2 fault-nth:61): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:45:53 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0xe00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 999.006947] FAULT_INJECTION: forcing a failure. [ 999.006947] name failslab, interval 1, probability 0, space 0, times 0 [ 999.026183] CPU: 1 PID: 12866 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 999.033244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 999.042616] Call Trace: [ 999.045248] dump_stack+0x172/0x1f0 [ 999.048942] should_fail.cold+0xa/0x1b [ 999.052864] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 999.057995] ? lock_downgrade+0x810/0x810 [ 999.062170] ? ___might_sleep+0x163/0x280 [ 999.066351] __should_failslab+0x121/0x190 [ 999.070612] should_failslab+0x9/0x14 [ 999.074436] __kmalloc+0x2e2/0x750 [ 999.078014] ? rcu_read_lock_sched_held+0x110/0x130 [ 999.083056] ? kobject_get_path+0xc4/0x1b0 [ 999.087318] kobject_get_path+0xc4/0x1b0 [ 999.091405] kobject_uevent_env+0x3ab/0x101d [ 999.095854] kobject_uevent+0x20/0x26 [ 999.099671] device_add+0xb3a/0x1760 [ 999.103411] ? get_device_parent.isra.0+0x570/0x570 [ 999.108454] rfkill_register+0x1bf/0xb50 [ 999.112627] hci_register_dev+0x385/0x880 [ 999.116807] hci_uart_tty_ioctl+0x761/0xaf0 [ 999.121152] tty_ioctl+0x8b5/0x1510 [ 999.124795] ? hci_uart_init_work+0x140/0x140 [ 999.129312] ? tty_vhangup+0x30/0x30 [ 999.133042] ? mark_held_locks+0x100/0x100 [ 999.137295] ? proc_cwd_link+0x1d0/0x1d0 [ 999.141382] ? __fget+0x340/0x540 [ 999.144852] ? ___might_sleep+0x163/0x280 [ 999.149015] ? __might_sleep+0x95/0x190 [ 999.153010] ? tty_vhangup+0x30/0x30 [ 999.156746] do_vfs_ioctl+0xd5f/0x1380 [ 999.160657] ? selinux_file_ioctl+0x46f/0x5e0 [ 999.165164] ? selinux_file_ioctl+0x125/0x5e0 [ 999.169682] ? ioctl_preallocate+0x210/0x210 [ 999.174109] ? selinux_file_mprotect+0x620/0x620 [ 999.178889] ? iterate_fd+0x360/0x360 [ 999.182719] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 999.188267] ? fput+0x128/0x1a0 [ 999.191569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 999.197121] ? security_file_ioctl+0x8d/0xc0 [ 999.201547] ksys_ioctl+0xab/0xd0 [ 999.205022] __x64_sys_ioctl+0x73/0xb0 [ 999.208935] do_syscall_64+0xfd/0x620 [ 999.212766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 999.217964] RIP: 0033:0x459519 [ 999.221185] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 999.240191] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 999.247924] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 999.255227] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 999.262567] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 999.270213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 999.277495] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 999.296321] Bluetooth: hci1: Frame reassembly failed (-84) [ 999.310093] Bluetooth: hci1: Frame reassembly failed (-84) 14:45:53 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3e00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:54 executing program 5 (fault-call:2 fault-nth:63): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:45:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x3) 14:45:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000030) 14:45:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000003) 14:45:55 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3f00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1000.943206] Bluetooth: hci0: Frame reassembly failed (-84) [ 1000.980413] FAULT_INJECTION: forcing a failure. [ 1000.980413] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.002020] CPU: 1 PID: 12887 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 1001.009090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1001.018466] Call Trace: [ 1001.021105] dump_stack+0x172/0x1f0 [ 1001.024774] should_fail.cold+0xa/0x1b [ 1001.028699] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1001.033858] ? lock_downgrade+0x810/0x810 [ 1001.038044] ? ___might_sleep+0x163/0x280 [ 1001.042234] __should_failslab+0x121/0x190 [ 1001.046601] should_failslab+0x9/0x14 [ 1001.050425] kmem_cache_alloc_node_trace+0x274/0x720 [ 1001.055556] ? __alloc_skb+0xd5/0x5f0 [ 1001.059401] __kmalloc_node_track_caller+0x3d/0x80 [ 1001.064358] __kmalloc_reserve.isra.0+0x40/0xf0 [ 1001.069064] __alloc_skb+0x10b/0x5f0 [ 1001.072812] ? skb_scrub_packet+0x490/0x490 [ 1001.077162] ? kasan_check_read+0x11/0x20 [ 1001.081349] alloc_uevent_skb+0x83/0x1e2 [ 1001.085527] kobject_uevent_env+0xaa3/0x101d [ 1001.089987] kobject_uevent+0x20/0x26 [ 1001.093828] device_add+0xb3a/0x1760 [ 1001.097572] ? get_device_parent.isra.0+0x570/0x570 [ 1001.102629] rfkill_register+0x1bf/0xb50 [ 1001.106805] hci_register_dev+0x385/0x880 [ 1001.111119] hci_uart_tty_ioctl+0x761/0xaf0 [ 1001.115494] tty_ioctl+0x8b5/0x1510 [ 1001.119145] ? hci_uart_init_work+0x140/0x140 [ 1001.123681] ? tty_vhangup+0x30/0x30 [ 1001.127419] ? mark_held_locks+0x100/0x100 [ 1001.131681] ? proc_cwd_link+0x1d0/0x1d0 [ 1001.135774] ? __fget+0x340/0x540 [ 1001.139256] ? ___might_sleep+0x163/0x280 [ 1001.143428] ? __might_sleep+0x95/0x190 [ 1001.147430] ? tty_vhangup+0x30/0x30 [ 1001.151296] do_vfs_ioctl+0xd5f/0x1380 [ 1001.155215] ? selinux_file_ioctl+0x46f/0x5e0 [ 1001.159734] ? selinux_file_ioctl+0x125/0x5e0 [ 1001.164260] ? ioctl_preallocate+0x210/0x210 [ 1001.168689] ? selinux_file_mprotect+0x620/0x620 [ 1001.173480] ? iterate_fd+0x360/0x360 [ 1001.177310] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1001.182870] ? fput+0x128/0x1a0 [ 1001.186199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1001.191758] ? security_file_ioctl+0x8d/0xc0 [ 1001.196189] ksys_ioctl+0xab/0xd0 [ 1001.199668] __x64_sys_ioctl+0x73/0xb0 [ 1001.203582] do_syscall_64+0xfd/0x620 [ 1001.207413] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1001.212618] RIP: 0033:0x459519 [ 1001.215841] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1001.234778] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1001.242624] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 1001.249927] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1001.257244] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1001.264545] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 1001.271923] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1001.291711] Bluetooth: hci4: Frame reassembly failed (-84) [ 1001.298791] Bluetooth: hci3: Frame reassembly failed (-84) [ 1001.332609] Bluetooth: hci1: command 0x1003 tx timeout [ 1001.338391] Bluetooth: hci1: sending frame failed (-49) 14:45:55 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x4000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:56 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x1000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1003.012480] Bluetooth: hci2: command 0x1003 tx timeout [ 1003.018077] Bluetooth: hci0: command 0x1003 tx timeout [ 1003.018115] Bluetooth: hci2: sending frame failed (-49) [ 1003.032599] Bluetooth: hci0: sending frame failed (-49) [ 1003.332494] Bluetooth: hci3: command 0x1003 tx timeout [ 1003.337867] Bluetooth: hci4: command 0x1003 tx timeout [ 1003.337914] Bluetooth: hci3: sending frame failed (-49) [ 1003.352639] Bluetooth: hci4: sending frame failed (-49) [ 1003.412468] Bluetooth: hci1: command 0x1001 tx timeout [ 1003.417947] Bluetooth: hci1: sending frame failed (-49) 14:45:57 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0xe000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:45:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3e000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1005.092533] Bluetooth: hci0: command 0x1001 tx timeout [ 1005.098070] Bluetooth: hci0: sending frame failed (-49) [ 1005.104048] Bluetooth: hci2: command 0x1001 tx timeout [ 1005.115144] Bluetooth: hci2: sending frame failed (-49) [ 1005.412765] Bluetooth: hci4: command 0x1001 tx timeout [ 1005.418192] Bluetooth: hci4: sending frame failed (-49) [ 1005.424293] Bluetooth: hci3: command 0x1001 tx timeout [ 1005.429706] Bluetooth: hci3: sending frame failed (-49) [ 1005.492567] Bluetooth: hci1: command 0x1009 tx timeout [ 1007.172497] Bluetooth: hci2: command 0x1009 tx timeout [ 1007.177976] Bluetooth: hci0: command 0x1009 tx timeout [ 1007.492789] Bluetooth: hci3: command 0x1009 tx timeout [ 1007.498272] Bluetooth: hci4: command 0x1009 tx timeout 14:46:03 executing program 0 (fault-call:2 fault-nth:62): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:46:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3f000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1009.864400] FAULT_INJECTION: forcing a failure. [ 1009.864400] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.883225] CPU: 0 PID: 12919 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 1009.890274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.899648] Call Trace: [ 1009.902270] dump_stack+0x172/0x1f0 [ 1009.905929] should_fail.cold+0xa/0x1b [ 1009.909843] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1009.914980] ? lock_downgrade+0x810/0x810 [ 1009.919239] ? ___might_sleep+0x163/0x280 [ 1009.923411] __should_failslab+0x121/0x190 [ 1009.927673] should_failslab+0x9/0x14 [ 1009.931496] __kmalloc+0x2e2/0x750 [ 1009.935065] ? rcu_read_lock_sched_held+0x110/0x130 [ 1009.940101] ? kobject_get_path+0xc4/0x1b0 [ 1009.944367] kobject_get_path+0xc4/0x1b0 [ 1009.948450] kobject_uevent_env+0x3ab/0x101d [ 1009.952891] kobject_uevent+0x20/0x26 [ 1009.956718] device_add+0xb3a/0x1760 [ 1009.960455] ? get_device_parent.isra.0+0x570/0x570 [ 1009.965519] rfkill_register+0x1bf/0xb50 [ 1009.969602] hci_register_dev+0x385/0x880 [ 1009.973784] hci_uart_tty_ioctl+0x761/0xaf0 [ 1009.978126] tty_ioctl+0x8b5/0x1510 [ 1009.981775] ? hci_uart_init_work+0x140/0x140 [ 1009.986290] ? tty_vhangup+0x30/0x30 [ 1009.990023] ? mark_held_locks+0x100/0x100 [ 1009.994277] ? proc_cwd_link+0x1d0/0x1d0 [ 1009.998365] ? __fget+0x340/0x540 [ 1010.001841] ? ___might_sleep+0x163/0x280 [ 1010.006017] ? __might_sleep+0x95/0x190 [ 1010.010007] ? tty_vhangup+0x30/0x30 [ 1010.013743] do_vfs_ioctl+0xd5f/0x1380 [ 1010.017653] ? selinux_file_ioctl+0x46f/0x5e0 [ 1010.022174] ? selinux_file_ioctl+0x125/0x5e0 [ 1010.026691] ? ioctl_preallocate+0x210/0x210 [ 1010.031120] ? selinux_file_mprotect+0x620/0x620 [ 1010.035916] ? iterate_fd+0x360/0x360 [ 1010.039754] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1010.045316] ? fput+0x128/0x1a0 [ 1010.048699] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1010.054257] ? security_file_ioctl+0x8d/0xc0 [ 1010.058692] ksys_ioctl+0xab/0xd0 [ 1010.062164] __x64_sys_ioctl+0x73/0xb0 [ 1010.066079] do_syscall_64+0xfd/0x620 [ 1010.069903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1010.075195] RIP: 0033:0x459519 [ 1010.078400] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1010.097326] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1010.105164] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 1010.112456] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1010.119751] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1010.127041] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 1010.134322] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1010.153904] Bluetooth: hci1: Frame reassembly failed (-84) 14:46:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x40000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:05 executing program 5 (fault-call:2 fault-nth:64): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:46:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000004) 14:46:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000031) 14:46:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x4) 14:46:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0xfdfdffff]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1011.804657] Bluetooth: hci0: Frame reassembly failed (-84) [ 1011.817879] Bluetooth: hci2: Frame reassembly failed (-84) [ 1011.823877] Bluetooth: hci2: Frame reassembly failed (-84) [ 1011.857312] FAULT_INJECTION: forcing a failure. [ 1011.857312] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.869945] Bluetooth: hci3: Frame reassembly failed (-84) [ 1011.870147] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 1011.883555] CPU: 1 PID: 12940 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 1011.890605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1011.899990] Call Trace: [ 1011.902618] dump_stack+0x172/0x1f0 [ 1011.906329] should_fail.cold+0xa/0x1b [ 1011.910291] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1011.915436] ? lock_downgrade+0x810/0x810 [ 1011.919609] ? ___might_sleep+0x163/0x280 [ 1011.923786] __should_failslab+0x121/0x190 [ 1011.928049] should_failslab+0x9/0x14 [ 1011.931881] kmem_cache_alloc_trace+0x2cc/0x760 [ 1011.936573] ? kasan_check_write+0x14/0x20 [ 1011.940839] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1011.945712] kobject_uevent_env+0x387/0x101d [ 1011.950165] kobject_uevent+0x20/0x26 [ 1011.954002] device_add+0xb3a/0x1760 [ 1011.957752] ? get_device_parent.isra.0+0x570/0x570 [ 1011.962813] rfkill_register+0x1bf/0xb50 [ 1011.966902] hci_register_dev+0x385/0x880 [ 1011.971086] hci_uart_tty_ioctl+0x761/0xaf0 [ 1011.975435] tty_ioctl+0x8b5/0x1510 [ 1011.979085] ? hci_uart_init_work+0x140/0x140 [ 1011.983602] ? tty_vhangup+0x30/0x30 [ 1011.987335] ? mark_held_locks+0x100/0x100 [ 1011.991596] ? proc_cwd_link+0x1d0/0x1d0 [ 1011.995773] ? __fget+0x340/0x540 [ 1011.999245] ? ___might_sleep+0x163/0x280 [ 1012.003421] ? __might_sleep+0x95/0x190 [ 1012.007424] ? tty_vhangup+0x30/0x30 [ 1012.011163] do_vfs_ioctl+0xd5f/0x1380 [ 1012.015069] ? selinux_file_ioctl+0x46f/0x5e0 [ 1012.019580] ? selinux_file_ioctl+0x125/0x5e0 [ 1012.024097] ? ioctl_preallocate+0x210/0x210 [ 1012.028524] ? selinux_file_mprotect+0x620/0x620 [ 1012.033316] ? iterate_fd+0x360/0x360 [ 1012.037229] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1012.042788] ? fput+0x128/0x1a0 [ 1012.046099] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1012.051655] ? security_file_ioctl+0x8d/0xc0 [ 1012.056117] ksys_ioctl+0xab/0xd0 [ 1012.059598] __x64_sys_ioctl+0x73/0xb0 [ 1012.063507] do_syscall_64+0xfd/0x620 [ 1012.067334] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1012.072540] RIP: 0033:0x459519 [ 1012.075747] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1012.094770] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1012.102506] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 1012.109798] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1012.117094] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1012.124386] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 1012.131679] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1012.145965] Bluetooth: hci4: Frame reassembly failed (-84) [ 1012.212474] Bluetooth: hci1: command 0x1003 tx timeout [ 1012.217912] Bluetooth: hci1: sending frame failed (-49) 14:46:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0xfffffdfd]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x100000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1013.812460] Bluetooth: hci0: command 0x1003 tx timeout [ 1013.818100] Bluetooth: hci0: sending frame failed (-49) [ 1013.892482] Bluetooth: hci3: command 0x1003 tx timeout [ 1013.892501] Bluetooth: hci2: command 0x1003 tx timeout [ 1013.904604] Bluetooth: hci3: sending frame failed (-49) [ 1013.920421] Bluetooth: hci2: sending frame failed (-49) [ 1014.212581] Bluetooth: hci4: command 0x1003 tx timeout [ 1014.218298] Bluetooth: hci4: sending frame failed (-49) [ 1014.292535] Bluetooth: hci1: command 0x1001 tx timeout [ 1014.298338] Bluetooth: hci1: sending frame failed (-49) 14:46:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0xe00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:09 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3e00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1015.892501] Bluetooth: hci0: command 0x1001 tx timeout [ 1015.897921] Bluetooth: hci0: sending frame failed (-49) [ 1015.972576] Bluetooth: hci2: command 0x1001 tx timeout [ 1015.978144] Bluetooth: hci2: sending frame failed (-49) [ 1015.983763] Bluetooth: hci3: command 0x1001 tx timeout [ 1015.994891] Bluetooth: hci3: sending frame failed (-49) [ 1016.292510] Bluetooth: hci4: command 0x1001 tx timeout [ 1016.297952] Bluetooth: hci4: sending frame failed (-49) [ 1016.372522] Bluetooth: hci1: command 0x1009 tx timeout [ 1017.972542] Bluetooth: hci0: command 0x1009 tx timeout [ 1018.052507] Bluetooth: hci3: command 0x1009 tx timeout [ 1018.057930] Bluetooth: hci2: command 0x1009 tx timeout [ 1018.372530] Bluetooth: hci4: command 0x1009 tx timeout 14:46:14 executing program 0 (fault-call:2 fault-nth:63): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:46:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3f00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1020.751302] FAULT_INJECTION: forcing a failure. [ 1020.751302] name failslab, interval 1, probability 0, space 0, times 0 [ 1020.770231] CPU: 1 PID: 12973 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 1020.777286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1020.786659] Call Trace: [ 1020.789288] dump_stack+0x172/0x1f0 [ 1020.792949] should_fail.cold+0xa/0x1b [ 1020.796863] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1020.801992] ? lock_downgrade+0x810/0x810 [ 1020.806159] ? ___might_sleep+0x163/0x280 [ 1020.810339] __should_failslab+0x121/0x190 [ 1020.814592] should_failslab+0x9/0x14 [ 1020.818409] kmem_cache_alloc_node+0x26c/0x710 [ 1020.823016] ? find_held_lock+0x35/0x130 [ 1020.827103] __alloc_skb+0xd5/0x5f0 [ 1020.830748] ? skb_scrub_packet+0x490/0x490 [ 1020.835100] ? kasan_check_read+0x11/0x20 [ 1020.839283] alloc_uevent_skb+0x83/0x1e2 [ 1020.843364] kobject_uevent_env+0xaa3/0x101d [ 1020.847801] kobject_uevent+0x20/0x26 [ 1020.851691] device_add+0xb3a/0x1760 [ 1020.855441] ? get_device_parent.isra.0+0x570/0x570 [ 1020.860495] rfkill_register+0x1bf/0xb50 [ 1020.864592] hci_register_dev+0x385/0x880 [ 1020.868773] hci_uart_tty_ioctl+0x761/0xaf0 [ 1020.873180] tty_ioctl+0x8b5/0x1510 [ 1020.876837] ? hci_uart_init_work+0x140/0x140 [ 1020.881393] ? tty_vhangup+0x30/0x30 [ 1020.885126] ? mark_held_locks+0x100/0x100 [ 1020.889385] ? proc_cwd_link+0x1d0/0x1d0 [ 1020.893476] ? __fget+0x340/0x540 [ 1020.896955] ? ___might_sleep+0x163/0x280 [ 1020.901134] ? __might_sleep+0x95/0x190 [ 1020.905130] ? tty_vhangup+0x30/0x30 [ 1020.908866] do_vfs_ioctl+0xd5f/0x1380 [ 1020.912773] ? selinux_file_ioctl+0x46f/0x5e0 [ 1020.917291] ? selinux_file_ioctl+0x125/0x5e0 [ 1020.921805] ? ioctl_preallocate+0x210/0x210 [ 1020.926235] ? selinux_file_mprotect+0x620/0x620 [ 1020.931027] ? iterate_fd+0x360/0x360 [ 1020.934850] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1020.940579] ? fput+0x128/0x1a0 [ 1020.944003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1020.949558] ? security_file_ioctl+0x8d/0xc0 [ 1020.954193] ksys_ioctl+0xab/0xd0 [ 1020.957668] __x64_sys_ioctl+0x73/0xb0 [ 1020.961584] do_syscall_64+0xfd/0x620 [ 1020.965408] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1020.970963] RIP: 0033:0x459519 [ 1020.974183] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1020.993110] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1021.000848] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 1021.008232] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1021.015790] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1021.023287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 1021.030581] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1021.050944] Bluetooth: hci1: Frame reassembly failed (-84) 14:46:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x4000000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:16 executing program 5 (fault-call:2 fault-nth:65): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:46:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x5) 14:46:16 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000032) 14:46:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000025) 14:46:16 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0xfdfdffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1022.670827] Bluetooth: hci0: Frame reassembly failed (-84) [ 1022.671047] Bluetooth: hci0: Frame reassembly failed (-84) [ 1022.683919] Bluetooth: hci3: Frame reassembly failed (-84) [ 1022.683945] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1022.689881] Bluetooth: hci3: Frame reassembly failed (-84) [ 1022.702997] Bluetooth: hci2: Frame reassembly failed (-84) [ 1022.709694] Bluetooth: hci2: Frame reassembly failed (-84) [ 1022.726887] FAULT_INJECTION: forcing a failure. [ 1022.726887] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.746759] CPU: 1 PID: 12996 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 1022.753837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1022.763228] Call Trace: [ 1022.765850] dump_stack+0x172/0x1f0 [ 1022.769517] should_fail.cold+0xa/0x1b [ 1022.773441] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1022.778611] ? lock_downgrade+0x810/0x810 [ 1022.782805] ? ___might_sleep+0x163/0x280 [ 1022.786988] __should_failslab+0x121/0x190 [ 1022.791251] should_failslab+0x9/0x14 [ 1022.795080] kmem_cache_alloc_trace+0x2cc/0x760 [ 1022.799774] ? kasan_check_write+0x14/0x20 [ 1022.804037] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1022.808915] kobject_uevent_env+0x387/0x101d [ 1022.813366] kobject_uevent+0x20/0x26 [ 1022.817195] device_add+0xb3a/0x1760 [ 1022.820945] ? get_device_parent.isra.0+0x570/0x570 [ 1022.826019] rfkill_register+0x1bf/0xb50 [ 1022.830115] hci_register_dev+0x385/0x880 [ 1022.834296] hci_uart_tty_ioctl+0x761/0xaf0 [ 1022.838640] tty_ioctl+0x8b5/0x1510 [ 1022.842294] ? hci_uart_init_work+0x140/0x140 [ 1022.846815] ? tty_vhangup+0x30/0x30 [ 1022.850549] ? mark_held_locks+0x100/0x100 [ 1022.854809] ? proc_cwd_link+0x1d0/0x1d0 [ 1022.858948] ? __fget+0x340/0x540 [ 1022.862432] ? ___might_sleep+0x163/0x280 [ 1022.866604] ? __might_sleep+0x95/0x190 [ 1022.870603] ? tty_vhangup+0x30/0x30 [ 1022.874344] do_vfs_ioctl+0xd5f/0x1380 [ 1022.878253] ? selinux_file_ioctl+0x46f/0x5e0 [ 1022.882773] ? selinux_file_ioctl+0x125/0x5e0 [ 1022.887294] ? ioctl_preallocate+0x210/0x210 [ 1022.891724] ? selinux_file_mprotect+0x620/0x620 [ 1022.896511] ? iterate_fd+0x360/0x360 [ 1022.900368] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1022.905949] ? fput+0x128/0x1a0 [ 1022.909263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1022.914820] ? security_file_ioctl+0x8d/0xc0 [ 1022.919363] ksys_ioctl+0xab/0xd0 [ 1022.922837] __x64_sys_ioctl+0x73/0xb0 [ 1022.926749] do_syscall_64+0xfd/0x620 [ 1022.930571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1022.935776] RIP: 0033:0x459519 [ 1022.938996] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1022.957928] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1022.965673] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 1022.972988] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1022.980301] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1022.987603] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 1022.994896] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1023.013550] Bluetooth: hci4: Frame reassembly failed (-84) [ 1023.092461] Bluetooth: hci1: command 0x1003 tx timeout [ 1023.098225] Bluetooth: hci1: sending frame failed (-49) 14:46:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0xffffffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xe]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1024.692477] Bluetooth: hci3: command 0x1003 tx timeout [ 1024.692551] Bluetooth: hci0: command 0x1003 tx timeout [ 1024.703312] Bluetooth: hci3: sending frame failed (-49) [ 1024.715579] Bluetooth: hci0: sending frame failed (-49) [ 1024.782591] Bluetooth: hci2: command 0x1003 tx timeout [ 1024.788367] Bluetooth: hci2: sending frame failed (-49) [ 1025.092520] Bluetooth: hci4: command 0x1003 tx timeout [ 1025.098241] Bluetooth: hci4: sending frame failed (-49) [ 1025.172525] Bluetooth: hci1: command 0x1001 tx timeout [ 1025.178232] Bluetooth: hci1: sending frame failed (-49) 14:46:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3e]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:20 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xe00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1026.772503] Bluetooth: hci0: command 0x1001 tx timeout [ 1026.777959] Bluetooth: hci0: sending frame failed (-49) [ 1026.783876] Bluetooth: hci3: command 0x1001 tx timeout [ 1026.789263] Bluetooth: hci3: sending frame failed (-49) [ 1026.852463] Bluetooth: hci2: command 0x1001 tx timeout [ 1026.858040] Bluetooth: hci2: sending frame failed (-49) [ 1027.172670] Bluetooth: hci4: command 0x1001 tx timeout [ 1027.178101] Bluetooth: hci4: sending frame failed (-49) [ 1027.252458] Bluetooth: hci1: command 0x1009 tx timeout [ 1028.862497] Bluetooth: hci3: command 0x1009 tx timeout [ 1028.867923] Bluetooth: hci0: command 0x1009 tx timeout [ 1028.932487] Bluetooth: hci2: command 0x1009 tx timeout [ 1029.252533] Bluetooth: hci4: command 0x1009 tx timeout 14:46:25 executing program 0 (fault-call:2 fault-nth:64): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:46:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3e00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1031.648059] FAULT_INJECTION: forcing a failure. [ 1031.648059] name failslab, interval 1, probability 0, space 0, times 0 [ 1031.663659] CPU: 0 PID: 13033 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 1031.670939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.682464] Call Trace: [ 1031.685130] dump_stack+0x172/0x1f0 [ 1031.689739] should_fail.cold+0xa/0x1b [ 1031.693661] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1031.698799] ? lock_downgrade+0x810/0x810 [ 1031.702970] ? ___might_sleep+0x163/0x280 [ 1031.707322] __should_failslab+0x121/0x190 [ 1031.711576] should_failslab+0x9/0x14 [ 1031.715396] kmem_cache_alloc_node+0x26c/0x710 [ 1031.720006] ? find_held_lock+0x35/0x130 [ 1031.724096] __alloc_skb+0xd5/0x5f0 [ 1031.727736] ? skb_scrub_packet+0x490/0x490 [ 1031.732087] ? kasan_check_read+0x11/0x20 [ 1031.736258] alloc_uevent_skb+0x83/0x1e2 [ 1031.740385] kobject_uevent_env+0xaa3/0x101d [ 1031.744834] kobject_uevent+0x20/0x26 [ 1031.748664] device_add+0xb3a/0x1760 [ 1031.752481] ? get_device_parent.isra.0+0x570/0x570 [ 1031.757531] rfkill_register+0x1bf/0xb50 [ 1031.761621] hci_register_dev+0x385/0x880 [ 1031.765806] hci_uart_tty_ioctl+0x761/0xaf0 [ 1031.770156] tty_ioctl+0x8b5/0x1510 [ 1031.773979] ? hci_uart_init_work+0x140/0x140 [ 1031.778500] ? tty_vhangup+0x30/0x30 [ 1031.782231] ? mark_held_locks+0x100/0x100 [ 1031.786501] ? proc_cwd_link+0x1d0/0x1d0 [ 1031.790608] ? __fget+0x340/0x540 [ 1031.794078] ? ___might_sleep+0x163/0x280 [ 1031.798270] ? __might_sleep+0x95/0x190 [ 1031.802274] ? tty_vhangup+0x30/0x30 [ 1031.806543] do_vfs_ioctl+0xd5f/0x1380 [ 1031.811169] ? selinux_file_ioctl+0x46f/0x5e0 [ 1031.816334] ? selinux_file_ioctl+0x125/0x5e0 [ 1031.821030] ? ioctl_preallocate+0x210/0x210 [ 1031.825986] ? selinux_file_mprotect+0x620/0x620 [ 1031.831675] ? iterate_fd+0x360/0x360 [ 1031.835774] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1031.841340] ? fput+0x128/0x1a0 [ 1031.844665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1031.850230] ? security_file_ioctl+0x8d/0xc0 [ 1031.854670] ksys_ioctl+0xab/0xd0 [ 1031.858151] __x64_sys_ioctl+0x73/0xb0 [ 1031.862063] do_syscall_64+0xfd/0x620 [ 1031.865900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1031.871282] RIP: 0033:0x459519 [ 1031.874843] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1031.893770] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1031.901513] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 1031.908816] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1031.916121] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1031.923694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 1031.930987] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1031.958301] Bluetooth: hci1: Frame reassembly failed (-84) 14:46:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:27 executing program 5 (fault-call:2 fault-nth:66): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:46:27 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000037) 14:46:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x6) 14:46:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000030) 14:46:27 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1033.564124] Bluetooth: hci2: Frame reassembly failed (-84) [ 1033.570505] Bluetooth: hci2: Frame reassembly failed (-84) [ 1033.578104] Bluetooth: hci3: Frame reassembly failed (-84) [ 1033.590240] Bluetooth: hci3: Frame reassembly failed (-84) [ 1033.598803] FAULT_INJECTION: forcing a failure. [ 1033.598803] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1033.611752] CPU: 0 PID: 13055 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 1033.619206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.628871] Call Trace: [ 1033.632205] dump_stack+0x172/0x1f0 [ 1033.636055] should_fail.cold+0xa/0x1b [ 1033.640130] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1033.645572] ? mark_held_locks+0x100/0x100 [ 1033.650030] __alloc_pages_nodemask+0x1ee/0x760 [ 1033.655069] ? irq_work_claim+0x98/0xc0 [ 1033.659370] ? __alloc_pages_slowpath+0x2870/0x2870 [ 1033.665042] cache_grow_begin+0x9c/0x8b0 [ 1033.669284] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1033.675110] ? check_preemption_disabled+0x48/0x290 [ 1033.680323] kmem_cache_alloc_trace+0x685/0x760 [ 1033.686549] ? kasan_check_write+0x14/0x20 [ 1033.691873] kobject_uevent_env+0x387/0x101d [ 1033.696772] kobject_uevent+0x20/0x26 [ 1033.701523] device_add+0xb3a/0x1760 [ 1033.706280] ? get_device_parent.isra.0+0x570/0x570 [ 1033.712182] rfkill_register+0x1bf/0xb50 [ 1033.716290] hci_register_dev+0x385/0x880 [ 1033.720674] hci_uart_tty_ioctl+0x761/0xaf0 [ 1033.725211] tty_ioctl+0x8b5/0x1510 [ 1033.728881] ? hci_uart_init_work+0x140/0x140 [ 1033.733603] ? tty_vhangup+0x30/0x30 [ 1033.737739] ? mark_held_locks+0x100/0x100 [ 1033.743053] ? proc_cwd_link+0x1d0/0x1d0 [ 1033.748041] ? __fget+0x340/0x540 [ 1033.751628] ? ___might_sleep+0x163/0x280 [ 1033.756241] ? __might_sleep+0x95/0x190 [ 1033.760284] ? tty_vhangup+0x30/0x30 [ 1033.764218] do_vfs_ioctl+0xd5f/0x1380 [ 1033.768146] ? selinux_file_ioctl+0x46f/0x5e0 [ 1033.772702] ? selinux_file_ioctl+0x125/0x5e0 [ 1033.777330] ? ioctl_preallocate+0x210/0x210 [ 1033.782203] ? selinux_file_mprotect+0x620/0x620 [ 1033.787259] ? iterate_fd+0x360/0x360 [ 1033.791249] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1033.796994] ? fput+0x128/0x1a0 [ 1033.800333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.806178] ? security_file_ioctl+0x8d/0xc0 [ 1033.810675] ksys_ioctl+0xab/0xd0 [ 1033.814256] __x64_sys_ioctl+0x73/0xb0 [ 1033.818296] do_syscall_64+0xfd/0x620 [ 1033.822146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1033.827382] RIP: 0033:0x459519 [ 1033.830864] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1033.850773] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1033.859228] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 1033.866717] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1033.874554] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1033.882376] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 1033.890445] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1033.913148] Bluetooth: hci4: Frame reassembly failed (-84) [ 1033.972525] Bluetooth: hci1: command 0x1003 tx timeout [ 1033.979226] Bluetooth: hci1: sending frame failed (-49) 14:46:28 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x1000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:29 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xe000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1035.572554] Bluetooth: hci2: command 0x1003 tx timeout [ 1035.580174] Bluetooth: hci2: sending frame failed (-49) [ 1035.652496] Bluetooth: hci0: command 0x1003 tx timeout [ 1035.660081] Bluetooth: hci0: sending frame failed (-49) [ 1035.666938] Bluetooth: hci3: command 0x1003 tx timeout [ 1035.674593] Bluetooth: hci3: sending frame failed (-49) [ 1035.972515] Bluetooth: hci4: command 0x1003 tx timeout [ 1035.978439] Bluetooth: hci4: sending frame failed (-49) [ 1036.052534] Bluetooth: hci1: command 0x1001 tx timeout [ 1036.058193] Bluetooth: hci1: sending frame failed (-49) 14:46:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3e000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1037.652599] Bluetooth: hci2: command 0x1001 tx timeout [ 1037.660907] Bluetooth: hci2: sending frame failed (-49) [ 1037.732531] Bluetooth: hci3: command 0x1001 tx timeout [ 1037.740399] Bluetooth: hci3: sending frame failed (-49) [ 1037.748717] Bluetooth: hci0: command 0x1001 tx timeout [ 1037.762818] Bluetooth: hci0: sending frame failed (-49) [ 1038.052575] Bluetooth: hci4: command 0x1001 tx timeout [ 1038.058492] Bluetooth: hci4: sending frame failed (-49) [ 1038.132527] Bluetooth: hci1: command 0x1009 tx timeout [ 1039.732470] Bluetooth: hci2: command 0x1009 tx timeout [ 1039.812450] Bluetooth: hci0: command 0x1009 tx timeout [ 1039.818622] Bluetooth: hci3: command 0x1009 tx timeout [ 1040.132624] Bluetooth: hci4: command 0x1009 tx timeout 14:46:36 executing program 0 (fault-call:2 fault-nth:65): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:46:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1042.546270] FAULT_INJECTION: forcing a failure. [ 1042.546270] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.566289] CPU: 1 PID: 13088 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 1042.573350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1042.582718] Call Trace: [ 1042.585344] dump_stack+0x172/0x1f0 [ 1042.589009] should_fail.cold+0xa/0x1b [ 1042.592939] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1042.598070] ? finish_task_switch+0x1f0/0x780 [ 1042.602597] __should_failslab+0x121/0x190 [ 1042.606853] should_failslab+0x9/0x14 [ 1042.610755] kmem_cache_alloc_node+0x56/0x710 [ 1042.615269] ? hci_register_dev+0x50a/0x880 [ 1042.619615] __alloc_skb+0xd5/0x5f0 [ 1042.623262] ? skb_scrub_packet+0x490/0x490 [ 1042.627607] ? lock_downgrade+0x810/0x810 [ 1042.631784] hci_sock_dev_event+0xf3/0x580 [ 1042.636044] hci_register_dev+0x568/0x880 [ 1042.640322] hci_uart_tty_ioctl+0x761/0xaf0 [ 1042.644668] tty_ioctl+0x8b5/0x1510 [ 1042.648409] ? hci_uart_init_work+0x140/0x140 [ 1042.652924] ? tty_vhangup+0x30/0x30 [ 1042.656651] ? mark_held_locks+0x100/0x100 [ 1042.660902] ? proc_cwd_link+0x1d0/0x1d0 [ 1042.666559] ? __fget+0x340/0x540 [ 1042.670031] ? ___might_sleep+0x163/0x280 [ 1042.674201] ? __might_sleep+0x95/0x190 [ 1042.678189] ? tty_vhangup+0x30/0x30 [ 1042.681927] do_vfs_ioctl+0xd5f/0x1380 [ 1042.685838] ? selinux_file_ioctl+0x46f/0x5e0 [ 1042.690362] ? selinux_file_ioctl+0x125/0x5e0 [ 1042.694878] ? ioctl_preallocate+0x210/0x210 [ 1042.699320] ? selinux_file_mprotect+0x620/0x620 [ 1042.704311] ? iterate_fd+0x360/0x360 [ 1042.708132] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1042.713701] ? fput+0x128/0x1a0 [ 1042.717010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1042.722563] ? security_file_ioctl+0x8d/0xc0 [ 1042.727022] ksys_ioctl+0xab/0xd0 [ 1042.730508] __x64_sys_ioctl+0x73/0xb0 [ 1042.734452] do_syscall_64+0xfd/0x620 [ 1042.738478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1042.743687] RIP: 0033:0x459519 [ 1042.746900] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1042.765823] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1042.773560] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 1042.780841] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1042.788123] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1042.795576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 1042.802859] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1042.819547] Bluetooth: hci1: Frame reassembly failed (-84) 14:46:37 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:38 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000031) 14:46:38 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfffffdfd]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:38 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000063) 14:46:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x7) 14:46:38 executing program 5 (fault-call:2 fault-nth:67): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1044.442133] Bluetooth: hci0: Frame reassembly failed (-84) [ 1044.450938] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 1044.451454] Bluetooth: hci2: Frame reassembly failed (-84) [ 1044.458793] Bluetooth: hci2: Frame reassembly failed (-84) [ 1044.475800] Bluetooth: hci3: Frame reassembly failed (-84) [ 1044.486909] Bluetooth: hci3: Frame reassembly failed (-84) [ 1044.499132] FAULT_INJECTION: forcing a failure. [ 1044.499132] name failslab, interval 1, probability 0, space 0, times 0 [ 1044.512367] CPU: 1 PID: 13111 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 1044.519445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1044.528827] Call Trace: [ 1044.531464] dump_stack+0x172/0x1f0 [ 1044.535134] should_fail.cold+0xa/0x1b [ 1044.539061] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1044.544194] ? lock_downgrade+0x810/0x810 [ 1044.548375] ? ___might_sleep+0x163/0x280 [ 1044.552562] __should_failslab+0x121/0x190 [ 1044.558170] should_failslab+0x9/0x14 [ 1044.561999] kmem_cache_alloc_node+0x26c/0x710 [ 1044.566617] ? find_held_lock+0x35/0x130 [ 1044.570709] __alloc_skb+0xd5/0x5f0 [ 1044.574408] ? skb_scrub_packet+0x490/0x490 [ 1044.578754] ? kasan_check_read+0x11/0x20 [ 1044.582929] alloc_uevent_skb+0x83/0x1e2 [ 1044.587026] kobject_uevent_env+0xaa3/0x101d [ 1044.591515] kobject_uevent+0x20/0x26 [ 1044.595355] device_add+0xb3a/0x1760 [ 1044.599101] ? get_device_parent.isra.0+0x570/0x570 [ 1044.604151] rfkill_register+0x1bf/0xb50 [ 1044.608240] hci_register_dev+0x385/0x880 [ 1044.612443] hci_uart_tty_ioctl+0x761/0xaf0 [ 1044.616794] tty_ioctl+0x8b5/0x1510 [ 1044.620443] ? hci_uart_init_work+0x140/0x140 [ 1044.624965] ? tty_vhangup+0x30/0x30 [ 1044.628712] ? mark_held_locks+0x100/0x100 [ 1044.633059] ? proc_cwd_link+0x1d0/0x1d0 [ 1044.637173] ? __fget+0x340/0x540 [ 1044.640653] ? ___might_sleep+0x163/0x280 [ 1044.644834] ? __might_sleep+0x95/0x190 [ 1044.648836] ? tty_vhangup+0x30/0x30 [ 1044.652587] do_vfs_ioctl+0xd5f/0x1380 [ 1044.656507] ? selinux_file_ioctl+0x46f/0x5e0 [ 1044.661025] ? selinux_file_ioctl+0x125/0x5e0 [ 1044.667087] ? ioctl_preallocate+0x210/0x210 [ 1044.671522] ? selinux_file_mprotect+0x620/0x620 [ 1044.676342] ? iterate_fd+0x360/0x360 [ 1044.680175] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1044.685739] ? fput+0x128/0x1a0 [ 1044.689068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.694627] ? security_file_ioctl+0x8d/0xc0 [ 1044.699062] ksys_ioctl+0xab/0xd0 [ 1044.702552] __x64_sys_ioctl+0x73/0xb0 [ 1044.706466] do_syscall_64+0xfd/0x620 [ 1044.710310] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1044.715514] RIP: 0033:0x459519 [ 1044.718728] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1044.737654] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1044.745409] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 1044.752698] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1044.760006] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1044.767298] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 1044.774597] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1044.786344] Bluetooth: hci4: Frame reassembly failed (-84) [ 1044.852490] Bluetooth: hci1: command 0x1003 tx timeout [ 1044.857946] Bluetooth: hci1: sending frame failed (-49) 14:46:39 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x100000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:40 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xe00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1046.462605] Bluetooth: hci0: command 0x1003 tx timeout [ 1046.468318] Bluetooth: hci0: sending frame failed (-49) [ 1046.532541] Bluetooth: hci2: command 0x1003 tx timeout [ 1046.532799] Bluetooth: hci3: command 0x1003 tx timeout [ 1046.543267] Bluetooth: hci2: sending frame failed (-49) [ 1046.562524] Bluetooth: hci3: sending frame failed (-49) [ 1046.852596] Bluetooth: hci4: command 0x1003 tx timeout [ 1046.858125] Bluetooth: hci4: sending frame failed (-49) [ 1046.932600] Bluetooth: hci1: command 0x1001 tx timeout [ 1046.938039] Bluetooth: hci1: sending frame failed (-49) 14:46:41 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3e00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1048.532479] Bluetooth: hci0: command 0x1001 tx timeout [ 1048.537926] Bluetooth: hci0: sending frame failed (-49) [ 1048.612827] Bluetooth: hci3: command 0x1001 tx timeout [ 1048.618225] Bluetooth: hci2: command 0x1001 tx timeout [ 1048.618262] Bluetooth: hci3: sending frame failed (-49) [ 1048.632567] Bluetooth: hci2: sending frame failed (-49) [ 1048.932752] Bluetooth: hci4: command 0x1001 tx timeout [ 1048.938237] Bluetooth: hci4: sending frame failed (-49) [ 1049.012558] Bluetooth: hci1: command 0x1009 tx timeout [ 1050.612487] Bluetooth: hci0: command 0x1009 tx timeout [ 1050.692558] Bluetooth: hci2: command 0x1009 tx timeout [ 1050.697961] Bluetooth: hci3: command 0x1009 tx timeout [ 1051.012778] Bluetooth: hci4: command 0x1009 tx timeout 14:46:47 executing program 0 (fault-call:2 fault-nth:66): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:46:47 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4000000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1053.401741] FAULT_INJECTION: forcing a failure. [ 1053.401741] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.419864] CPU: 0 PID: 13142 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 1053.426921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.436294] Call Trace: [ 1053.438917] dump_stack+0x172/0x1f0 [ 1053.442577] should_fail.cold+0xa/0x1b [ 1053.446510] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1053.451730] ? __lock_acquire+0x6eb/0x48f0 [ 1053.455983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1053.461536] ? should_fail+0x14d/0x85c [ 1053.465487] __should_failslab+0x121/0x190 [ 1053.469747] should_failslab+0x9/0x14 [ 1053.473569] kmem_cache_alloc_node_trace+0x5a/0x720 [ 1053.478608] ? __alloc_skb+0xd5/0x5f0 [ 1053.482440] __kmalloc_node_track_caller+0x3d/0x80 [ 1053.487400] __kmalloc_reserve.isra.0+0x40/0xf0 [ 1053.492098] __alloc_skb+0x10b/0x5f0 [ 1053.495839] ? skb_scrub_packet+0x490/0x490 [ 1053.500196] ? lock_downgrade+0x810/0x810 [ 1053.504375] hci_sock_dev_event+0xf3/0x580 [ 1053.508810] hci_register_dev+0x568/0x880 [ 1053.512987] hci_uart_tty_ioctl+0x761/0xaf0 [ 1053.517335] tty_ioctl+0x8b5/0x1510 [ 1053.520981] ? hci_uart_init_work+0x140/0x140 [ 1053.525501] ? tty_vhangup+0x30/0x30 [ 1053.529246] ? mark_held_locks+0x100/0x100 [ 1053.533579] ? proc_cwd_link+0x1d0/0x1d0 [ 1053.537675] ? __fget+0x340/0x540 [ 1053.541153] ? ___might_sleep+0x163/0x280 [ 1053.545326] ? __might_sleep+0x95/0x190 [ 1053.549318] ? tty_vhangup+0x30/0x30 [ 1053.553063] do_vfs_ioctl+0xd5f/0x1380 [ 1053.557431] ? selinux_file_ioctl+0x46f/0x5e0 [ 1053.561947] ? selinux_file_ioctl+0x125/0x5e0 [ 1053.566494] ? ioctl_preallocate+0x210/0x210 [ 1053.570920] ? selinux_file_mprotect+0x620/0x620 [ 1053.575707] ? iterate_fd+0x360/0x360 [ 1053.579535] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1053.585089] ? fput+0x128/0x1a0 [ 1053.588408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1053.593981] ? security_file_ioctl+0x8d/0xc0 [ 1053.608875] ksys_ioctl+0xab/0xd0 [ 1053.612872] __x64_sys_ioctl+0x73/0xb0 [ 1053.616787] do_syscall_64+0xfd/0x620 [ 1053.620614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1053.625815] RIP: 0033:0x459519 [ 1053.629084] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1053.648039] RSP: 002b:00007f796f024c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1053.655781] RAX: ffffffffffffffda RBX: 00007f796f024c90 RCX: 0000000000459519 [ 1053.663065] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1053.670347] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1053.677633] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f796f0256d4 [ 1053.684917] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1053.702943] Bluetooth: hci1: Frame reassembly failed (-84) 14:46:48 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:49 executing program 5 (fault-call:2 fault-nth:68): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:46:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000032) 14:46:49 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000064) 14:46:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x30) 14:46:49 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1055.315537] Bluetooth: hci0: Frame reassembly failed (-84) [ 1055.321868] Bluetooth: hci2: Frame reassembly failed (-84) [ 1055.329031] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1055.335916] Bluetooth: hci2: Frame reassembly failed (-84) [ 1055.351501] Bluetooth: hci3: Frame reassembly failed (-84) [ 1055.363351] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 1055.375738] FAULT_INJECTION: forcing a failure. [ 1055.375738] name failslab, interval 1, probability 0, space 0, times 0 [ 1055.388133] CPU: 1 PID: 13160 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 1055.395184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1055.404567] Call Trace: [ 1055.407201] dump_stack+0x172/0x1f0 [ 1055.410930] should_fail.cold+0xa/0x1b [ 1055.414866] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1055.419998] ? lock_downgrade+0x810/0x810 [ 1055.424180] ? ___might_sleep+0x163/0x280 [ 1055.428531] __should_failslab+0x121/0x190 [ 1055.432794] should_failslab+0x9/0x14 [ 1055.436616] kmem_cache_alloc_node+0x26c/0x710 [ 1055.441221] ? find_held_lock+0x35/0x130 [ 1055.445311] __alloc_skb+0xd5/0x5f0 [ 1055.448983] ? skb_scrub_packet+0x490/0x490 [ 1055.453338] ? kasan_check_read+0x11/0x20 [ 1055.457513] alloc_uevent_skb+0x83/0x1e2 [ 1055.461604] kobject_uevent_env+0xaa3/0x101d [ 1055.466051] kobject_uevent+0x20/0x26 [ 1055.469877] device_add+0xb3a/0x1760 [ 1055.473640] ? get_device_parent.isra.0+0x570/0x570 [ 1055.478696] rfkill_register+0x1bf/0xb50 [ 1055.482785] hci_register_dev+0x385/0x880 [ 1055.486960] hci_uart_tty_ioctl+0x761/0xaf0 [ 1055.491333] tty_ioctl+0x8b5/0x1510 [ 1055.495010] ? hci_uart_init_work+0x140/0x140 [ 1055.499551] ? tty_vhangup+0x30/0x30 [ 1055.503290] ? mark_held_locks+0x100/0x100 [ 1055.507549] ? proc_cwd_link+0x1d0/0x1d0 [ 1055.511641] ? __fget+0x340/0x540 [ 1055.515126] ? ___might_sleep+0x163/0x280 [ 1055.519300] ? __might_sleep+0x95/0x190 [ 1055.523363] ? tty_vhangup+0x30/0x30 [ 1055.527104] do_vfs_ioctl+0xd5f/0x1380 [ 1055.531021] ? selinux_file_ioctl+0x46f/0x5e0 [ 1055.535540] ? selinux_file_ioctl+0x125/0x5e0 [ 1055.540064] ? ioctl_preallocate+0x210/0x210 [ 1055.544505] ? selinux_file_mprotect+0x620/0x620 [ 1055.549386] ? iterate_fd+0x360/0x360 [ 1055.553222] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1055.558907] ? fput+0x128/0x1a0 [ 1055.562221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1055.567779] ? security_file_ioctl+0x8d/0xc0 [ 1055.572298] ksys_ioctl+0xab/0xd0 [ 1055.575776] __x64_sys_ioctl+0x73/0xb0 [ 1055.579689] do_syscall_64+0xfd/0x620 [ 1055.583519] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1055.588721] RIP: 0033:0x459519 [ 1055.591929] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1055.610853] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1055.618593] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 1055.625883] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1055.633179] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1055.640480] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 1055.647770] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1055.669388] Bluetooth: hci4: Frame reassembly failed (-84) [ 1055.732462] Bluetooth: hci1: command 0x1003 tx timeout [ 1055.737904] Bluetooth: hci1: sending frame failed (-49) 14:46:50 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:51 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3e]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1057.332466] Bluetooth: hci2: command 0x1003 tx timeout [ 1057.337845] Bluetooth: hci0: command 0x1003 tx timeout [ 1057.337892] Bluetooth: hci2: sending frame failed (-49) [ 1057.351279] Bluetooth: hci0: sending frame failed (-49) [ 1057.412624] Bluetooth: hci3: command 0x1003 tx timeout [ 1057.418078] Bluetooth: hci3: sending frame failed (-49) [ 1057.732548] Bluetooth: hci4: command 0x1003 tx timeout [ 1057.738321] Bluetooth: hci4: sending frame failed (-49) [ 1057.822542] Bluetooth: hci1: command 0x1001 tx timeout [ 1057.828331] Bluetooth: hci1: sending frame failed (-49) 14:46:52 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:46:53 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3e00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1059.412574] Bluetooth: hci0: command 0x1001 tx timeout [ 1059.418212] Bluetooth: hci0: sending frame failed (-49) [ 1059.424202] Bluetooth: hci2: command 0x1001 tx timeout [ 1059.435319] Bluetooth: hci2: sending frame failed (-49) [ 1059.492567] Bluetooth: hci3: command 0x1001 tx timeout [ 1059.497999] Bluetooth: hci3: sending frame failed (-49) [ 1059.812684] Bluetooth: hci4: command 0x1001 tx timeout [ 1059.818116] Bluetooth: hci4: sending frame failed (-49) [ 1059.892482] Bluetooth: hci1: command 0x1009 tx timeout [ 1061.492552] Bluetooth: hci2: command 0x1009 tx timeout [ 1061.498012] Bluetooth: hci0: command 0x1009 tx timeout [ 1061.572521] Bluetooth: hci3: command 0x1009 tx timeout [ 1061.892520] Bluetooth: hci4: command 0x1009 tx timeout 14:46:58 executing program 0 (fault-call:2 fault-nth:67): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:46:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1064.297228] Bluetooth: hci1: Frame reassembly failed (-84) 14:46:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:00 executing program 5 (fault-call:2 fault-nth:69): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:47:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x10000000003e0) 14:47:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x31) 14:47:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000037) 14:47:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1066.193256] Bluetooth: hci0: Frame reassembly failed (-84) [ 1066.200648] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 1066.213671] Bluetooth: hci2: Frame reassembly failed (-84) [ 1066.214072] Bluetooth: hci2: Frame reassembly failed (-84) [ 1066.236217] Bluetooth: hci3: Frame reassembly failed (-84) [ 1066.239512] Bluetooth: hci3: Frame reassembly failed (-84) [ 1066.269006] FAULT_INJECTION: forcing a failure. [ 1066.269006] name failslab, interval 1, probability 0, space 0, times 0 [ 1066.288919] CPU: 1 PID: 13216 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 1066.295996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1066.305379] Call Trace: [ 1066.308138] dump_stack+0x172/0x1f0 [ 1066.311796] should_fail.cold+0xa/0x1b [ 1066.315715] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1066.320932] ? lock_downgrade+0x810/0x810 [ 1066.325108] ? ___might_sleep+0x163/0x280 [ 1066.329297] __should_failslab+0x121/0x190 [ 1066.333565] should_failslab+0x9/0x14 [ 1066.337388] kmem_cache_alloc_node+0x26c/0x710 [ 1066.342006] ? find_held_lock+0x35/0x130 [ 1066.346103] __alloc_skb+0xd5/0x5f0 [ 1066.349752] ? skb_scrub_packet+0x490/0x490 [ 1066.354100] ? kasan_check_read+0x11/0x20 [ 1066.358278] alloc_uevent_skb+0x83/0x1e2 [ 1066.362369] kobject_uevent_env+0xaa3/0x101d [ 1066.366808] kobject_uevent+0x20/0x26 [ 1066.370634] device_add+0xb3a/0x1760 [ 1066.374378] ? get_device_parent.isra.0+0x570/0x570 [ 1066.379427] rfkill_register+0x1bf/0xb50 [ 1066.383514] hci_register_dev+0x385/0x880 [ 1066.387690] hci_uart_tty_ioctl+0x761/0xaf0 [ 1066.392037] tty_ioctl+0x8b5/0x1510 [ 1066.395686] ? hci_uart_init_work+0x140/0x140 [ 1066.400202] ? tty_vhangup+0x30/0x30 [ 1066.403934] ? mark_held_locks+0x100/0x100 [ 1066.408190] ? proc_cwd_link+0x1d0/0x1d0 [ 1066.412282] ? __fget+0x340/0x540 [ 1066.415781] ? ___might_sleep+0x163/0x280 [ 1066.419954] ? __might_sleep+0x95/0x190 [ 1066.423957] ? tty_vhangup+0x30/0x30 [ 1066.427708] do_vfs_ioctl+0xd5f/0x1380 [ 1066.431616] ? selinux_file_ioctl+0x46f/0x5e0 [ 1066.436157] ? selinux_file_ioctl+0x125/0x5e0 [ 1066.440768] ? ioctl_preallocate+0x210/0x210 [ 1066.445194] ? selinux_file_mprotect+0x620/0x620 [ 1066.449990] ? iterate_fd+0x360/0x360 [ 1066.453814] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1066.459367] ? fput+0x128/0x1a0 [ 1066.462680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1066.468235] ? security_file_ioctl+0x8d/0xc0 [ 1066.472672] ksys_ioctl+0xab/0xd0 [ 1066.476149] __x64_sys_ioctl+0x73/0xb0 [ 1066.480054] do_syscall_64+0xfd/0x620 [ 1066.483878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1066.489422] RIP: 0033:0x459519 [ 1066.492747] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1066.512367] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1066.520130] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 1066.527420] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1066.534706] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1066.542002] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 1066.549583] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1066.562472] Bluetooth: hci1: command 0x1003 tx timeout [ 1066.567954] Bluetooth: hci1: sending frame failed (-49) [ 1066.576182] Bluetooth: hci4: Frame reassembly failed (-84) 14:47:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3e000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1068.212493] Bluetooth: hci0: command 0x1003 tx timeout [ 1068.218270] Bluetooth: hci0: sending frame failed (-49) [ 1068.292476] Bluetooth: hci3: command 0x1003 tx timeout [ 1068.292522] Bluetooth: hci2: command 0x1003 tx timeout [ 1068.297968] Bluetooth: hci3: sending frame failed (-49) [ 1068.309444] Bluetooth: hci2: sending frame failed (-49) [ 1068.612464] Bluetooth: hci4: command 0x1003 tx timeout [ 1068.612578] Bluetooth: hci1: command 0x1001 tx timeout [ 1068.618026] Bluetooth: hci4: sending frame failed (-49) [ 1068.630750] Bluetooth: hci1: sending frame failed (-49) 14:47:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x40000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1070.292464] Bluetooth: hci0: command 0x1001 tx timeout [ 1070.297880] Bluetooth: hci0: sending frame failed (-49) [ 1070.372560] Bluetooth: hci2: command 0x1001 tx timeout [ 1070.378115] Bluetooth: hci2: sending frame failed (-49) [ 1070.384072] Bluetooth: hci3: command 0x1001 tx timeout [ 1070.395319] Bluetooth: hci3: sending frame failed (-49) [ 1070.692807] Bluetooth: hci1: command 0x1009 tx timeout [ 1070.709200] Bluetooth: hci4: command 0x1001 tx timeout [ 1070.714714] Bluetooth: hci4: sending frame failed (-49) [ 1072.372451] Bluetooth: hci0: command 0x1009 tx timeout [ 1072.452588] Bluetooth: hci3: command 0x1009 tx timeout [ 1072.458004] Bluetooth: hci2: command 0x1009 tx timeout [ 1072.772521] Bluetooth: hci4: command 0x1009 tx timeout 14:47:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 14:47:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1074.495109] Bluetooth: hci1: Frame reassembly failed (-84) 14:47:09 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1076.532454] Bluetooth: hci1: command 0x1003 tx timeout [ 1076.537976] Bluetooth: hci1: sending frame failed (-49) 14:47:11 executing program 5 (fault-call:2 fault-nth:70): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:47:11 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x100000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:11 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x454402, 0x0) write$UHID_SET_REPORT_REPLY(r1, &(0x7f0000000080)={0xe, 0xa, 0x8}, 0xc) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:47:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000063) 14:47:11 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x32) [ 1077.080751] Bluetooth: hci0: Frame reassembly failed (-84) [ 1077.080797] Bluetooth: hci0: Frame reassembly failed (-84) [ 1077.093502] Bluetooth: hci2: Frame reassembly failed (-84) [ 1077.093603] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 1077.099417] Bluetooth: hci2: Frame reassembly failed (-84) [ 1077.126711] Bluetooth: hci3: Frame reassembly failed (-84) [ 1077.126937] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1077.148155] FAULT_INJECTION: forcing a failure. [ 1077.148155] name failslab, interval 1, probability 0, space 0, times 0 [ 1077.160192] CPU: 1 PID: 13271 Comm: syz-executor.5 Not tainted 4.19.56 #28 [ 1077.167228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1077.176684] Call Trace: [ 1077.179303] dump_stack+0x172/0x1f0 [ 1077.182956] should_fail.cold+0xa/0x1b [ 1077.186877] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1077.192007] ? __lock_acquire+0x6eb/0x48f0 [ 1077.196262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1077.201814] ? should_fail+0x14d/0x85c [ 1077.205725] __should_failslab+0x121/0x190 [ 1077.209979] should_failslab+0x9/0x14 [ 1077.213803] kmem_cache_alloc_node_trace+0x5a/0x720 [ 1077.218840] ? __alloc_skb+0xd5/0x5f0 [ 1077.222660] __kmalloc_node_track_caller+0x3d/0x80 [ 1077.227602] __kmalloc_reserve.isra.0+0x40/0xf0 [ 1077.232368] __alloc_skb+0x10b/0x5f0 [ 1077.236101] ? skb_scrub_packet+0x490/0x490 [ 1077.240443] ? lock_downgrade+0x810/0x810 [ 1077.244612] hci_sock_dev_event+0xf3/0x580 [ 1077.248863] hci_register_dev+0x568/0x880 [ 1077.253037] hci_uart_tty_ioctl+0x761/0xaf0 [ 1077.257382] tty_ioctl+0x8b5/0x1510 [ 1077.261028] ? hci_uart_init_work+0x140/0x140 [ 1077.265539] ? tty_vhangup+0x30/0x30 [ 1077.269271] ? mark_held_locks+0x100/0x100 [ 1077.273524] ? proc_cwd_link+0x1d0/0x1d0 [ 1077.277640] ? __fget+0x340/0x540 [ 1077.281114] ? ___might_sleep+0x163/0x280 [ 1077.285282] ? __might_sleep+0x95/0x190 [ 1077.289278] ? tty_vhangup+0x30/0x30 [ 1077.293021] do_vfs_ioctl+0xd5f/0x1380 [ 1077.296924] ? selinux_file_ioctl+0x46f/0x5e0 [ 1077.301435] ? selinux_file_ioctl+0x125/0x5e0 [ 1077.306048] ? ioctl_preallocate+0x210/0x210 [ 1077.310485] ? selinux_file_mprotect+0x620/0x620 [ 1077.315273] ? iterate_fd+0x360/0x360 [ 1077.319094] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1077.324645] ? fput+0x128/0x1a0 [ 1077.327952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1077.333506] ? security_file_ioctl+0x8d/0xc0 [ 1077.337937] ksys_ioctl+0xab/0xd0 [ 1077.341414] __x64_sys_ioctl+0x73/0xb0 [ 1077.345323] do_syscall_64+0xfd/0x620 [ 1077.349146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1077.354359] RIP: 0033:0x459519 [ 1077.357574] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1077.376489] RSP: 002b:00007f255156ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1077.384222] RAX: ffffffffffffffda RBX: 00007f255156ac90 RCX: 0000000000459519 [ 1077.391497] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1077.398953] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1077.406609] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f255156b6d4 [ 1077.414023] R13: 00000000004c21a5 R14: 00000000004d5330 R15: 0000000000000004 [ 1077.426092] Bluetooth: hci4: Frame reassembly failed (-84) 14:47:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1078.612561] Bluetooth: hci1: command 0x1001 tx timeout [ 1078.618255] Bluetooth: hci1: sending frame failed (-49) 14:47:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3e00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1079.092681] Bluetooth: hci0: command 0x1003 tx timeout [ 1079.098407] Bluetooth: hci0: sending frame failed (-49) [ 1079.172447] Bluetooth: hci3: command 0x1003 tx timeout [ 1079.172479] Bluetooth: hci2: command 0x1003 tx timeout [ 1079.183348] Bluetooth: hci3: sending frame failed (-49) [ 1079.195102] Bluetooth: hci2: sending frame failed (-49) [ 1079.492600] Bluetooth: hci4: command 0x1003 tx timeout [ 1079.498276] Bluetooth: hci4: sending frame failed (-49) 14:47:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1080.692544] Bluetooth: hci1: command 0x1009 tx timeout [ 1081.172687] Bluetooth: hci0: command 0x1001 tx timeout [ 1081.178256] Bluetooth: hci0: sending frame failed (-49) [ 1081.252548] Bluetooth: hci2: command 0x1001 tx timeout [ 1081.258352] Bluetooth: hci2: sending frame failed (-49) [ 1081.264475] Bluetooth: hci3: command 0x1001 tx timeout [ 1081.275659] Bluetooth: hci3: sending frame failed (-49) [ 1081.572520] Bluetooth: hci4: command 0x1001 tx timeout [ 1081.577953] Bluetooth: hci4: sending frame failed (-49) [ 1083.252641] Bluetooth: hci0: command 0x1009 tx timeout [ 1083.332497] Bluetooth: hci3: command 0x1009 tx timeout [ 1083.337901] Bluetooth: hci2: command 0x1009 tx timeout [ 1083.652511] Bluetooth: hci4: command 0x1009 tx timeout 14:47:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x2, 0x4) 14:47:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4b47, 0x4) 14:47:22 executing program 5 (fault-call:2 fault-nth:71): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4b49, 0x4) 14:47:22 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:22 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x33) 14:47:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000064) 14:47:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 1087.963286] Bluetooth: hci0: Frame reassembly failed (-84) [ 1087.963294] Bluetooth: hci0: Frame reassembly failed (-84) [ 1087.993941] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1088.000203] Bluetooth: hci1: Frame reassembly failed (-84) 14:47:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) eventfd2(0xffffffff00000001, 0x1) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x4) [ 1088.014691] Bluetooth: hci2: Frame reassembly failed (-84) [ 1088.020656] Bluetooth: hci2: Frame reassembly failed (-84) 14:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x4) [ 1088.101656] Bluetooth: hci3: Frame reassembly failed (-84) [ 1088.108316] Bluetooth: hci3: Frame reassembly failed (-84) [ 1088.117154] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x4) 14:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x4) 14:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x4) [ 1089.972507] Bluetooth: hci0: command 0x1003 tx timeout [ 1089.977932] Bluetooth: hci0: sending frame failed (-49) [ 1090.052457] Bluetooth: hci2: command 0x1003 tx timeout [ 1090.057871] Bluetooth: hci2: sending frame failed (-49) [ 1090.063816] Bluetooth: hci1: command 0x1003 tx timeout [ 1090.069208] Bluetooth: hci1: sending frame failed (-49) [ 1090.132436] Bluetooth: hci3: command 0x1003 tx timeout [ 1090.137922] Bluetooth: hci3: sending frame failed (-49) [ 1092.052493] Bluetooth: hci0: command 0x1001 tx timeout [ 1092.057999] Bluetooth: hci0: sending frame failed (-49) [ 1092.132529] Bluetooth: hci1: command 0x1001 tx timeout [ 1092.137928] Bluetooth: hci2: command 0x1001 tx timeout [ 1092.137972] Bluetooth: hci1: sending frame failed (-49) [ 1092.143963] Bluetooth: hci2: sending frame failed (-49) [ 1092.212442] Bluetooth: hci3: command 0x1001 tx timeout [ 1092.218116] Bluetooth: hci3: sending frame failed (-49) [ 1094.132479] Bluetooth: hci0: command 0x1009 tx timeout [ 1094.212488] Bluetooth: hci2: command 0x1009 tx timeout [ 1094.212556] Bluetooth: hci1: command 0x1009 tx timeout [ 1094.292466] Bluetooth: hci3: command 0x1009 tx timeout 14:47:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 14:47:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x4) 14:47:32 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x10000000003e0) 14:47:32 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x48) 14:47:32 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x2000, 0x0) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}, 0x1c) [ 1098.257260] Bluetooth: hci1: Frame reassembly failed (-84) [ 1098.257503] Bluetooth: hci1: Frame reassembly failed (-84) [ 1098.277900] Bluetooth: hci0: Frame reassembly failed (-84) [ 1098.278816] Bluetooth: hci0: Frame reassembly failed (-84) [ 1098.291533] Bluetooth: hci0: Frame reassembly failed (-84) 14:47:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x4) [ 1098.307770] Bluetooth: hci2: Frame reassembly failed (-84) [ 1098.308082] Bluetooth: hci3: Frame reassembly failed (-84) [ 1098.313844] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:47:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x4) 14:47:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x4) 14:47:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x4) 14:47:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x4) 14:47:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x4) [ 1100.292452] Bluetooth: hci0: command 0x1003 tx timeout [ 1100.297814] Bluetooth: hci1: command 0x1003 tx timeout [ 1100.297894] Bluetooth: hci0: sending frame failed (-49) [ 1100.312524] Bluetooth: hci1: sending frame failed (-49) [ 1100.372519] Bluetooth: hci3: command 0x1003 tx timeout [ 1100.378146] Bluetooth: hci3: sending frame failed (-49) [ 1100.384184] Bluetooth: hci2: command 0x1003 tx timeout [ 1100.395435] Bluetooth: hci2: sending frame failed (-49) [ 1102.372511] Bluetooth: hci1: command 0x1001 tx timeout [ 1102.377940] Bluetooth: hci1: sending frame failed (-49) [ 1102.383812] Bluetooth: hci0: command 0x1001 tx timeout [ 1102.389181] Bluetooth: hci0: sending frame failed (-49) [ 1102.452560] Bluetooth: hci2: command 0x1001 tx timeout [ 1102.457982] Bluetooth: hci2: sending frame failed (-49) [ 1102.463819] Bluetooth: hci3: command 0x1001 tx timeout [ 1102.469187] Bluetooth: hci3: sending frame failed (-49) [ 1104.452548] Bluetooth: hci0: command 0x1009 tx timeout [ 1104.457943] Bluetooth: hci1: command 0x1009 tx timeout [ 1104.532482] Bluetooth: hci3: command 0x1009 tx timeout [ 1104.537887] Bluetooth: hci2: command 0x1009 tx timeout 14:47:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x2, 0x0) 14:47:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x4) 14:47:42 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3e]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x4c) 14:47:42 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = dup3(r0, r0, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40001000}, 0xc, &(0x7f0000000300)={&(0x7f0000000100)={0x98, r2, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}]}, @TIPC_NLA_MEDIA={0x78, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2e21771}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x40884}, 0x20000000) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) clock_adjtime(0x0, &(0x7f0000000200)={0x6, 0x5, 0x1, 0x0, 0x4, 0x20, 0x4d40, 0x3, 0x0, 0x2, 0x4, 0x9, 0xef, 0x9, 0x80, 0x7f, 0x6, 0x8e5f, 0x18, 0x10000, 0x0, 0x5, 0x100, 0x20, 0x2, 0x101}) 14:47:42 executing program 1: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x102) ioctl$KDSETMODE(r0, 0x4b3a, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:47:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x4) [ 1108.510687] Bluetooth: hci0: Frame reassembly failed (-84) [ 1108.513349] Bluetooth: hci0: Frame reassembly failed (-84) [ 1108.521696] Bluetooth: hci1: Frame reassembly failed (-84) [ 1108.522336] Bluetooth: hci1: Frame reassembly failed (-84) [ 1108.529043] Bluetooth: hci0: Frame reassembly failed (-84) 14:47:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4b47, 0x0) [ 1108.578964] Bluetooth: hci2: Frame reassembly failed (-84) [ 1108.579214] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1108.584973] Bluetooth: hci2: Frame reassembly failed (-84) 14:47:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x4) 14:47:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4b49, 0x0) 14:47:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541f, 0x4) 14:47:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x0) 14:47:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x0) 14:47:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x4) 14:47:43 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 1110.532458] Bluetooth: hci1: command 0x1003 tx timeout [ 1110.537888] Bluetooth: hci1: sending frame failed (-49) [ 1110.543721] Bluetooth: hci0: command 0x1003 tx timeout [ 1110.549092] Bluetooth: hci0: sending frame failed (-49) [ 1110.612522] Bluetooth: hci2: command 0x1003 tx timeout [ 1110.618121] Bluetooth: hci2: sending frame failed (-49) [ 1112.612455] Bluetooth: hci0: command 0x1001 tx timeout [ 1112.617888] Bluetooth: hci0: sending frame failed (-49) [ 1112.623728] Bluetooth: hci1: command 0x1001 tx timeout [ 1112.629099] Bluetooth: hci1: sending frame failed (-49) [ 1112.692514] Bluetooth: hci2: command 0x1001 tx timeout [ 1112.697947] Bluetooth: hci2: sending frame failed (-49) [ 1114.692514] Bluetooth: hci1: command 0x1009 tx timeout [ 1114.697917] Bluetooth: hci0: command 0x1009 tx timeout [ 1114.772600] Bluetooth: hci2: command 0x1009 tx timeout 14:47:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x60) 14:47:52 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x0) 14:47:52 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x4) 14:47:52 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3e00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:47:52 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x0, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000080)={0x9, 0x101, 0x2, 0x1, 0x3, 0x707}) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)=0x12) 14:47:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000000)={0x5, 0xffffffff, 0x8, 0x3ff, 0x9}) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:47:52 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x0) [ 1118.748258] Bluetooth: hci0: Frame reassembly failed (-84) [ 1118.754820] Bluetooth: hci0: Frame reassembly failed (-84) [ 1118.771005] Bluetooth: hci1: Frame reassembly failed (-84) [ 1118.777484] Bluetooth: hci1: Frame reassembly failed (-84) [ 1118.784329] Bluetooth: hci1: Frame reassembly failed (-84) 14:47:52 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x4) [ 1118.810025] Bluetooth: hci2: Frame reassembly failed (-84) [ 1118.810512] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:47:52 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x4) 14:47:52 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x0) 14:47:53 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x0) 14:47:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x4) [ 1120.772443] Bluetooth: hci1: command 0x1003 tx timeout [ 1120.781294] Bluetooth: hci1: sending frame failed (-49) [ 1120.787657] Bluetooth: hci0: command 0x1003 tx timeout [ 1120.793800] Bluetooth: hci0: sending frame failed (-49) [ 1120.852554] Bluetooth: hci2: command 0x1003 tx timeout [ 1120.858618] Bluetooth: hci2: sending frame failed (-49) [ 1122.863122] Bluetooth: hci0: command 0x1001 tx timeout [ 1122.869115] Bluetooth: hci0: sending frame failed (-49) [ 1122.876697] Bluetooth: hci1: command 0x1001 tx timeout [ 1122.892645] Bluetooth: hci1: sending frame failed (-49) [ 1122.932597] Bluetooth: hci2: command 0x1001 tx timeout [ 1122.938712] Bluetooth: hci2: sending frame failed (-49) [ 1124.933305] Bluetooth: hci1: command 0x1009 tx timeout [ 1124.939916] Bluetooth: hci0: command 0x1009 tx timeout [ 1125.013041] Bluetooth: hci2: command 0x1009 tx timeout 14:48:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x68) 14:48:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x0) 14:48:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x4) 14:48:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:48:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x88000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000200)={0x9, 0x3, 0x8, 0x5, &(0x7f0000000100)=[{}, {}, {}]}) ioctl$KDADDIO(r0, 0x400455c8, 0x4) openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x20000, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:48:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:48:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x4) [ 1129.033513] Bluetooth: hci0: Frame reassembly failed (-84) [ 1129.034019] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:48:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x0) [ 1129.076096] Bluetooth: hci2: Frame reassembly failed (-84) [ 1129.086294] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1129.096243] Bluetooth: hci1: Frame reassembly failed (-84) [ 1129.102265] Bluetooth: hci1: Frame reassembly failed (-84) 14:48:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x0) 14:48:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x4) 14:48:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x0) 14:48:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x4) [ 1131.092620] Bluetooth: hci2: command 0x1003 tx timeout [ 1131.098085] Bluetooth: hci2: sending frame failed (-49) [ 1131.104051] Bluetooth: hci0: command 0x1003 tx timeout [ 1131.109476] Bluetooth: hci0: sending frame failed (-49) [ 1131.172470] Bluetooth: hci1: command 0x1003 tx timeout [ 1131.177918] Bluetooth: hci1: sending frame failed (-49) [ 1133.172620] Bluetooth: hci0: command 0x1001 tx timeout [ 1133.178059] Bluetooth: hci0: sending frame failed (-49) [ 1133.183954] Bluetooth: hci2: command 0x1001 tx timeout [ 1133.189367] Bluetooth: hci2: sending frame failed (-49) [ 1133.252473] Bluetooth: hci1: command 0x1001 tx timeout [ 1133.257893] Bluetooth: hci1: sending frame failed (-49) [ 1135.252729] Bluetooth: hci2: command 0x1009 tx timeout [ 1135.258240] Bluetooth: hci0: command 0x1009 tx timeout [ 1135.332491] Bluetooth: hci1: command 0x1009 tx timeout 14:48:13 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x6c) 14:48:13 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x0) 14:48:13 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x4) 14:48:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:48:13 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000100)=[@in={0x2, 0x4e21, @multicast2}, @in6={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @in6={0xa, 0x4e21, 0xffff, @empty, 0x80}, @in6={0xa, 0x4e20, 0x8, @mcast1, 0x6}, @in={0x2, 0x4e20, @remote}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x24}}, @in={0x2, 0x4e24, @multicast2}], 0x94) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:48:13 executing program 1: removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='trusted.overlay.opaque\x00') r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 1139.802012] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1139.811827] Bluetooth: hci0: Frame reassembly failed (-84) 14:48:13 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x4) 14:48:14 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x0) [ 1139.860865] Bluetooth: hci1: Frame reassembly failed (-84) [ 1139.862068] Bluetooth: hci1: Frame reassembly failed (-84) [ 1139.872519] Bluetooth: hci1: Frame reassembly failed (-84) 14:48:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-monitor\x00', 0x10002, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x30, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@fscache='fscache'}, {@msize={'msize', 0x3d, 0x8}}, {@cache_mmap='cache=mmap'}], [{@smackfshat={'smackfshat', 0x3d, '$wlan1!security'}}, {@obj_role={'obj_role', 0x3d, '/dev/ptmx\x00'}}, {@audit='audit'}, {@seclabel='seclabel'}]}}) r2 = dup2(r0, r0) write$P9_RSTAT(r2, &(0x7f0000000100)={0x5b, 0x7d, 0x2, {0x0, 0x54, 0x7, 0x84d4, {0x4a, 0x4}, 0x80000000, 0x7, 0xfffffffffffffff7, 0x0, 0xa, '/dev/ptmx\x00', 0xa, '/dev/ptmx\x00', 0x0, '', 0xd, 'loeth0-\\wlan1'}}, 0x5b) 14:48:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x4) 14:48:14 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x0) 14:48:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x4) [ 1140.031716] Bluetooth: hci2: Frame reassembly failed (-84) [ 1140.038077] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1141.812446] Bluetooth: hci0: command 0x1003 tx timeout [ 1141.817873] Bluetooth: hci0: sending frame failed (-49) [ 1141.902444] Bluetooth: hci1: command 0x1003 tx timeout [ 1141.907866] Bluetooth: hci1: sending frame failed (-49) [ 1142.062446] Bluetooth: hci2: command 0x1003 tx timeout [ 1142.067869] Bluetooth: hci2: sending frame failed (-49) [ 1143.892462] Bluetooth: hci0: command 0x1001 tx timeout [ 1143.897883] Bluetooth: hci0: sending frame failed (-49) [ 1143.972561] Bluetooth: hci1: command 0x1001 tx timeout [ 1143.977980] Bluetooth: hci1: sending frame failed (-49) [ 1144.132431] Bluetooth: hci2: command 0x1001 tx timeout [ 1144.137884] Bluetooth: hci2: sending frame failed (-49) [ 1145.972508] Bluetooth: hci0: command 0x1009 tx timeout [ 1146.052600] Bluetooth: hci1: command 0x1009 tx timeout [ 1146.212470] Bluetooth: hci2: command 0x1009 tx timeout 14:48:24 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x74) 14:48:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x0) 14:48:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x4) 14:48:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:48:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x800000000002, 0x0) sendmsg$kcm(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e0000001a008102a00f80ecdb4cb9040a4865160b000000d4126efb12001b403a7d0020e2000000180000000000", 0x2e}], 0x1}, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:48:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x4) 14:48:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x0) [ 1150.086030] Bluetooth: hci0: Frame reassembly failed (-84) [ 1150.091801] Bluetooth: hci0: Frame reassembly failed (-84) [ 1150.099276] Bluetooth: hci0: Frame reassembly failed (-84) [ 1150.120856] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1150.124698] Bluetooth: hci1: Frame reassembly failed (-84) [ 1150.140891] Bluetooth: hci1: Frame reassembly failed (-84) 14:48:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541f, 0x0) 14:48:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x0) 14:48:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) accept$netrom(r1, &(0x7f0000000100)={{0x3, @rose}, [@null, @netrom, @default, @netrom, @bcast, @netrom, @bcast, @netrom]}, &(0x7f00000002c0)=0xfffffffffffffe8e) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/policy\x00', 0x0, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000200)={0x2, &(0x7f0000000080)=[{0x80000000000, 0x100000000}, {0x1, 0x7}]}) 14:48:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x4) [ 1150.714442] Bluetooth: hci2: Frame reassembly failed (-84) [ 1150.714565] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:48:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x0) [ 1152.132469] Bluetooth: hci1: command 0x1003 tx timeout [ 1152.137917] Bluetooth: hci1: sending frame failed (-49) [ 1152.143755] Bluetooth: hci0: command 0x1003 tx timeout [ 1152.149128] Bluetooth: hci0: sending frame failed (-49) [ 1152.782591] Bluetooth: hci2: command 0x1003 tx timeout [ 1152.788171] Bluetooth: hci2: sending frame failed (-49) [ 1154.212539] Bluetooth: hci0: command 0x1001 tx timeout [ 1154.217968] Bluetooth: hci0: sending frame failed (-49) [ 1154.223898] Bluetooth: hci1: command 0x1001 tx timeout [ 1154.229290] Bluetooth: hci1: sending frame failed (-49) [ 1154.852567] Bluetooth: hci2: command 0x1001 tx timeout [ 1154.858054] Bluetooth: hci2: sending frame failed (-49) [ 1156.292442] Bluetooth: hci1: command 0x1009 tx timeout [ 1156.297840] Bluetooth: hci0: command 0x1009 tx timeout [ 1156.932577] Bluetooth: hci2: command 0x1009 tx timeout 14:48:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x7a) 14:48:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x4) 14:48:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x0) 14:48:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:48:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x10000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x3) ioctl$KDADDIO(r0, 0x400455c8, 0x1) connect(r0, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:48:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x4) 14:48:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x0) 14:48:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) process_vm_readv(r1, &(0x7f0000000080), 0x0, &(0x7f0000000180)=[{&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000000100)=""/108, 0x6c}], 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) ioctl$KDSKBLED(r0, 0x4b65, 0x8000) [ 1160.348146] Bluetooth: hci0: Frame reassembly failed (-84) [ 1160.355776] Bluetooth: hci0: Frame reassembly failed (-84) [ 1160.361790] Bluetooth: hci0: Frame reassembly failed (-84) 14:48:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x4) [ 1160.461504] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1160.461659] Bluetooth: hci1: Frame reassembly failed (-84) 14:48:34 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4800) ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f0000000080)) 14:48:34 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x0) 14:48:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x4) [ 1160.956840] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1160.957196] Bluetooth: hci2: Frame reassembly failed (-84) [ 1160.968956] Bluetooth: hci2: Frame reassembly failed (-84) [ 1162.372475] Bluetooth: hci0: command 0x1003 tx timeout [ 1162.377892] Bluetooth: hci0: sending frame failed (-49) [ 1162.532584] Bluetooth: hci1: command 0x1003 tx timeout [ 1162.538041] Bluetooth: hci1: sending frame failed (-49) [ 1163.012548] Bluetooth: hci2: command 0x1003 tx timeout [ 1163.018125] Bluetooth: hci2: sending frame failed (-49) [ 1164.452586] Bluetooth: hci0: command 0x1001 tx timeout [ 1164.458036] Bluetooth: hci0: sending frame failed (-49) [ 1164.612478] Bluetooth: hci1: command 0x1001 tx timeout [ 1164.618037] Bluetooth: hci1: sending frame failed (-49) [ 1165.092471] Bluetooth: hci2: command 0x1001 tx timeout [ 1165.098033] Bluetooth: hci2: sending frame failed (-49) [ 1166.532543] Bluetooth: hci0: command 0x1009 tx timeout [ 1166.692464] Bluetooth: hci1: command 0x1009 tx timeout [ 1167.172653] Bluetooth: hci2: command 0x1009 tx timeout 14:48:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0xf0) 14:48:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x0) 14:48:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x4) 14:48:44 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3e000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:48:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40087602, 0x4) 14:48:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x0) [ 1170.538162] Bluetooth: hci0: Frame reassembly failed (-84) [ 1170.539643] Bluetooth: hci0: Frame reassembly failed (-84) 14:48:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x0) 14:48:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x41, 0x0) ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:48:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x4) 14:48:45 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x0) 14:48:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 1171.192011] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1171.192673] Bluetooth: hci1: Frame reassembly failed (-84) [ 1171.215399] Bluetooth: hci2: Frame reassembly failed (-84) [ 1171.221290] Bluetooth: hci2: Frame reassembly failed (-84) 14:48:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x4) [ 1171.238797] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1172.612466] Bluetooth: hci0: command 0x1003 tx timeout [ 1172.617954] Bluetooth: hci0: sending frame failed (-49) [ 1173.252461] Bluetooth: hci2: command 0x1003 tx timeout [ 1173.257928] Bluetooth: hci2: sending frame failed (-49) [ 1173.263740] Bluetooth: hci1: command 0x1003 tx timeout [ 1173.269096] Bluetooth: hci1: sending frame failed (-49) [ 1174.692549] Bluetooth: hci0: command 0x1001 tx timeout [ 1174.697972] Bluetooth: hci0: sending frame failed (-49) [ 1175.332477] Bluetooth: hci1: command 0x1001 tx timeout [ 1175.337934] Bluetooth: hci1: sending frame failed (-49) [ 1175.344029] Bluetooth: hci2: command 0x1001 tx timeout [ 1175.349508] Bluetooth: hci2: sending frame failed (-49) [ 1176.772584] Bluetooth: hci0: command 0x1009 tx timeout [ 1177.412596] Bluetooth: hci2: command 0x1009 tx timeout [ 1177.418006] Bluetooth: hci1: command 0x1009 tx timeout 14:48:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x300) 14:48:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x0) 14:48:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x4) 14:48:54 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:48:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x4) 14:48:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x0) [ 1180.800982] Bluetooth: hci0: Frame reassembly failed (-84) [ 1180.813017] Bluetooth: hci0: Frame reassembly failed (-84) 14:48:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x4) 14:48:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000200)={{{@in6=@empty, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@remote}}, &(0x7f0000000000)=0xe8) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x408902, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000300)={0x8, 0x80000000, 0x5, 0x9, 0x0, 0x7cefc5fd, 0x2, 0x1f, 0x0}, &(0x7f0000000340)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000380)={r3, 0xff}, 0x8) getresuid(&(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140)=0x0) setreuid(r1, r4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:48:55 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x0) 14:48:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x4) 14:48:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x400080, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cachefiles\x00', 0x10000, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000240)={r2, r3, 0x8, 0x24, &(0x7f0000000200)="ba175800416f8ee8b47c3d5e81fa8aa9d8ce68f7943b4e923c759a1696cbd395fcfd7a49", 0x4, 0x80000001, 0x1, 0x8000, 0x800, 0x3, 0x5, 'syz1\x00'}) times(&(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r4 = inotify_add_watch(r1, &(0x7f0000000300)='./file0\x00', 0x10) inotify_rm_watch(r2, r4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) r5 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) exit_group(0x7ff) ioctl$sock_bt_bnep_BNEPCONNDEL(r5, 0x400442c9, &(0x7f0000000100)={0x8, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) getsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000340), &(0x7f0000000380)=0xc) 14:48:55 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x0) [ 1181.461170] Bluetooth: hci2: Frame reassembly failed (-84) [ 1181.461615] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1181.475335] Bluetooth: hci1: Frame reassembly failed (-84) [ 1181.481658] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1182.852536] Bluetooth: hci0: command 0x1003 tx timeout [ 1182.858127] Bluetooth: hci0: sending frame failed (-49) [ 1183.492463] Bluetooth: hci1: command 0x1003 tx timeout [ 1183.498071] Bluetooth: hci1: sending frame failed (-49) [ 1183.504151] Bluetooth: hci2: command 0x1003 tx timeout [ 1183.515418] Bluetooth: hci2: sending frame failed (-49) [ 1184.932480] Bluetooth: hci0: command 0x1001 tx timeout [ 1184.937915] Bluetooth: hci0: sending frame failed (-49) [ 1185.572472] Bluetooth: hci2: command 0x1001 tx timeout [ 1185.578626] Bluetooth: hci2: sending frame failed (-49) [ 1185.590738] Bluetooth: hci1: command 0x1001 tx timeout [ 1185.596172] Bluetooth: hci1: sending frame failed (-49) [ 1187.012565] Bluetooth: hci0: command 0x1009 tx timeout [ 1187.652518] Bluetooth: hci1: command 0x1009 tx timeout [ 1187.657942] Bluetooth: hci2: command 0x1009 tx timeout 14:49:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x500) 14:49:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x4) 14:49:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x0) 14:49:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:49:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x4) 14:49:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x0) [ 1191.048882] Bluetooth: hci0: Frame reassembly failed (-84) [ 1191.060826] Bluetooth: hci0: Frame reassembly failed (-84) 14:49:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x0) 14:49:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000080)=0xc) migrate_pages(r1, 0x4, &(0x7f0000000100)=0x9, &(0x7f0000000140)=0x8) 14:49:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x4) 14:49:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x0) 14:49:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x1, 0x2000) ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f0000000200)=""/219) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:49:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80086601, 0x4) [ 1191.661692] Bluetooth: hci1: Frame reassembly failed (-84) [ 1191.672637] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1191.693126] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1191.693445] Bluetooth: hci2: Frame reassembly failed (-84) [ 1193.092455] Bluetooth: hci0: command 0x1003 tx timeout [ 1193.100588] Bluetooth: hci0: sending frame failed (-49) [ 1193.732449] Bluetooth: hci1: command 0x1003 tx timeout [ 1193.737867] Bluetooth: hci1: sending frame failed (-49) [ 1193.743819] Bluetooth: hci2: command 0x1003 tx timeout [ 1193.754090] Bluetooth: hci2: sending frame failed (-49) [ 1195.172511] Bluetooth: hci0: command 0x1001 tx timeout [ 1195.177925] Bluetooth: hci0: sending frame failed (-49) [ 1195.812551] Bluetooth: hci2: command 0x1001 tx timeout [ 1195.817970] Bluetooth: hci2: sending frame failed (-49) [ 1195.823874] Bluetooth: hci1: command 0x1001 tx timeout [ 1195.829270] Bluetooth: hci1: sending frame failed (-49) [ 1197.252604] Bluetooth: hci0: command 0x1009 tx timeout [ 1197.892537] Bluetooth: hci1: command 0x1009 tx timeout [ 1197.897965] Bluetooth: hci2: command 0x1009 tx timeout 14:49:15 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x600) 14:49:15 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x0) 14:49:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80087601, 0x4) 14:49:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:49:15 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x0) 14:49:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x4) [ 1201.262268] Bluetooth: hci0: Frame reassembly failed (-84) [ 1201.268353] Bluetooth: hci0: Frame reassembly failed (-84) 14:49:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x4) 14:49:15 executing program 1: r0 = getuid() getgroups(0x3, &(0x7f0000000080)=[0xee01, 0x0, 0xee00]) chown(&(0x7f0000000000)='./file0\x00', r0, r1) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x4) ioctl$TIOCSETD(r2, 0x5412, &(0x7f00000001c0)=0x1000000000033) 14:49:15 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x0) 14:49:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x4) 14:49:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x100, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) [ 1201.905306] Bluetooth: hci1: Frame reassembly failed (-84) [ 1201.919487] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 14:49:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x0) [ 1201.947064] Bluetooth: hci2: Frame reassembly failed (-84) [ 1201.960398] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1203.342447] Bluetooth: hci0: command 0x1003 tx timeout [ 1203.347871] Bluetooth: hci0: sending frame failed (-49) [ 1203.972585] Bluetooth: hci1: command 0x1003 tx timeout [ 1203.978012] Bluetooth: hci1: sending frame failed (-49) [ 1203.983528] Bluetooth: hci2: command 0x1003 tx timeout [ 1203.988881] Bluetooth: hci2: sending frame failed (-49) [ 1205.412475] Bluetooth: hci0: command 0x1001 tx timeout [ 1205.418329] Bluetooth: hci0: sending frame failed (-49) [ 1206.062526] Bluetooth: hci2: command 0x1001 tx timeout [ 1206.068772] Bluetooth: hci1: command 0x1001 tx timeout [ 1206.068816] Bluetooth: hci2: sending frame failed (-49) [ 1206.075698] Bluetooth: hci1: sending frame failed (-49) [ 1207.492434] Bluetooth: hci0: command 0x1009 tx timeout [ 1208.132515] Bluetooth: hci2: command 0x1009 tx timeout [ 1208.132523] Bluetooth: hci1: command 0x1009 tx timeout 14:49:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x700) 14:49:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x4) 14:49:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40087602, 0x0) 14:49:25 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:49:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x0) 14:49:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 1211.497681] Bluetooth: hci0: Frame reassembly failed (-84) [ 1211.497725] Bluetooth: hci0: Frame reassembly failed (-84) [ 1211.509366] Bluetooth: hci0: Frame reassembly failed (-84) 14:49:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x0) 14:49:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x43ffff, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) ioctl$TCSETXF(r0, 0x5434, &(0x7f0000000000)={0x0, 0x6, [0x9, 0x4, 0x3, 0xbaa1, 0x5], 0x6}) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x9, 0x80000001, 0x6, 0x1, 0xc, 0x6, 0x3, 0xffffffffffff295b, 0x0, 0x49}) 14:49:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x0) 14:49:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 14:49:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x4000, 0x0) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000080)) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000180)={r2, 0xfffffffffffffffe, 0x1}, &(0x7f0000000200)=0x8) 14:49:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) [ 1212.213228] Bluetooth: hci1: Frame reassembly failed (-84) [ 1212.213561] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1213.572467] Bluetooth: hci0: command 0x1003 tx timeout [ 1213.577910] Bluetooth: hci0: sending frame failed (-49) [ 1214.292631] Bluetooth: hci1: command 0x1003 tx timeout [ 1214.298198] Bluetooth: hci1: sending frame failed (-49) [ 1215.652537] Bluetooth: hci0: command 0x1001 tx timeout [ 1215.658077] Bluetooth: hci0: sending frame failed (-49) [ 1216.372493] Bluetooth: hci1: command 0x1001 tx timeout [ 1216.378034] Bluetooth: hci1: sending frame failed (-49) [ 1217.732558] Bluetooth: hci0: command 0x1009 tx timeout [ 1218.452542] Bluetooth: hci1: command 0x1009 tx timeout 14:49:35 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x2000) 14:49:35 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x0) 14:49:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x220000, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000200)={0x3ff, 0x10001, 0x8, 0x0, 0x0, [], [], [], 0x517, 0x9}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000340)={0x1000, 0x5a, 0xfffffffffffffffe, 0x0, 0x0, [], [], [], 0x6, 0x7}) ioctl$KDADDIO(r0, 0x400455c8, 0x4) ioctl$TIOCSETD(r0, 0x5412, &(0x7f00000001c0)=0x1000000000033) r2 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000480)={{0x4, 0x7, 0x6, 0x8, 'syz1\x00'}, 0x4, 0x44, 0x2, r2, 0x2, 0x2, 'syz0\x00', &(0x7f0000000080)=['/dev/ptmx\x00', '@\x00'], 0xc, [], [0x1d, 0x0, 0x3, 0x3]}) 14:49:35 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x204000000bd, @time, 0x0, {}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)) r1 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 14:49:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6) 14:49:35 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x0) 14:49:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) [ 1221.766887] Bluetooth: hci0: Frame reassembly failed (-84) [ 1221.774074] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1221.790766] Bluetooth: hci2: Frame reassembly failed (-84) [ 1221.808324] Bluetooth: hci2: Frame reassembly failed (-84) [ 1221.814640] Bluetooth: hci2: Frame reassembly failed (-84) 14:49:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) 14:49:36 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x0) [ 1221.952546] WARNING: CPU: 0 PID: 10093 at drivers/tty/tty_ioctl.c:319 tty_set_termios+0x7a5/0x8d0 [ 1221.961810] Kernel panic - not syncing: panic_on_warn set ... [ 1221.961810] [ 1221.969239] CPU: 0 PID: 10093 Comm: kworker/u5:5 Not tainted 4.19.56 #28 [ 1221.976091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1221.985511] Workqueue: hci3 hci_power_on [ 1221.989608] Call Trace: [ 1221.992232] dump_stack+0x172/0x1f0 [ 1221.995902] panic+0x263/0x507 [ 1221.999106] ? __warn_printk+0xf3/0xf3 [ 1222.003007] ? tty_set_termios+0x7a5/0x8d0 [ 1222.007355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.012900] ? __warn.cold+0x5/0x4a [ 1222.016534] ? __warn+0xe8/0x1d0 [ 1222.019913] ? tty_set_termios+0x7a5/0x8d0 [ 1222.024172] __warn.cold+0x20/0x4a [ 1222.027721] ? tty_set_termios+0x7a5/0x8d0 [ 1222.031967] report_bug+0x263/0x2b0 [ 1222.035619] do_error_trap+0x204/0x360 [ 1222.039520] ? math_error+0x340/0x340 [ 1222.043339] ? update_curr+0x3c4/0x8a0 [ 1222.047252] ? error_entry+0x76/0xd0 [ 1222.050980] ? trace_hardirqs_off_caller+0x65/0x220 [ 1222.056018] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1222.060873] do_invalid_op+0x1b/0x20 [ 1222.064599] invalid_op+0x14/0x20 [ 1222.068083] RIP: 0010:tty_set_termios+0x7a5/0x8d0 [ 1222.072934] Code: 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 a3 00 00 00 45 89 a7 d0 03 00 00 e9 49 fe ff ff e8 9b 36 05 fe <0f> 0b e9 3e f9 ff ff e8 af 9b 3b fe e9 d6 fa ff ff e8 a5 9b 3b fe [ 1222.091936] RSP: 0018:ffff888056787990 EFLAGS: 00010293 [ 1222.097316] RAX: ffff888057032080 RBX: ffff888056787a50 RCX: ffffffff8365d94d [ 1222.104850] RDX: 0000000000000000 RSI: ffffffff8365e015 RDI: 0000000000000005 [ 1222.112124] RBP: ffff888056787a78 R08: ffff888057032080 R09: fffffbfff15dcbc9 [ 1222.119409] R10: fffffbfff15dcbc8 R11: 0000000000000003 R12: ffff888056787ab8 [ 1222.126687] R13: 0000000000010004 R14: 1ffff1100acf0f51 R15: ffff8880582bd680 [ 1222.133987] ? tty_set_termios+0xdd/0x8d0 [ 1222.138143] ? tty_set_termios+0x7a5/0x8d0 [ 1222.142415] ? tty_wait_until_sent+0x580/0x580 [ 1222.147016] ? __mutex_lock+0x3cd/0x1300 [ 1222.151124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1222.156677] ? tty_termios_encode_baud_rate+0x3ca/0x4e0 [ 1222.162096] hci_uart_set_baudrate+0x157/0x1c0 [ 1222.166719] ? hci_uart_set_speeds+0x90/0x90 [ 1222.171167] ? debug_object_deactivate+0x1e4/0x360 [ 1222.176113] ? find_held_lock+0x35/0x130 [ 1222.180185] hci_uart_setup+0xa2/0x490 [ 1222.184084] ? hci_uart_set_baudrate+0x1c0/0x1c0 [ 1222.188934] hci_dev_do_open+0x674/0x14a0 [ 1222.193089] ? hci_rx_work+0xaa0/0xaa0 [ 1222.197004] ? kasan_check_read+0x11/0x20 [ 1222.201157] ? process_one_work+0x890/0x1750 [ 1222.205573] ? find_held_lock+0x35/0x130 [ 1222.209750] ? process_one_work+0x890/0x1750 [ 1222.214175] hci_power_on+0x10d/0x580 [ 1222.217991] ? hci_error_reset+0xf0/0xf0 [ 1222.222058] ? __lock_is_held+0xb6/0x140 [ 1222.226165] process_one_work+0x989/0x1750 [ 1222.230417] ? pwq_dec_nr_in_flight+0x320/0x320 [ 1222.235112] ? lock_acquire+0x16f/0x3f0 [ 1222.239110] ? kasan_check_write+0x14/0x20 [ 1222.243374] ? do_raw_spin_lock+0xc8/0x240 [ 1222.247627] worker_thread+0x98/0xe40 [ 1222.251434] ? trace_hardirqs_on+0x67/0x220 [ 1222.256216] kthread+0x354/0x420 [ 1222.259588] ? process_one_work+0x1750/0x1750 [ 1222.264188] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 1222.269733] ret_from_fork+0x24/0x30 [ 1222.275037] Kernel Offset: disabled [ 1222.278760] Rebooting in 86400 seconds..