000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.639133] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 501.646438] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:07:39 executing program 0 (fault-call:3 fault-nth:8): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 501.664491] Bluetooth: Can't register HCI device [ 501.671890] Bluetooth: hci2: Frame reassembly failed (-84) 01:07:39 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f000102000000"], 0x8}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:07:39 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 01:07:39 executing program 2 (fault-call:3 fault-nth:5): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:07:39 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 501.831427] FAULT_INJECTION: forcing a failure. [ 501.831427] name failslab, interval 1, probability 0, space 0, times 0 [ 501.893263] CPU: 0 PID: 10553 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 501.900347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.909727] Call Trace: [ 501.912347] dump_stack+0x172/0x1f0 [ 501.916018] should_fail.cold+0xa/0x1b [ 501.919942] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 501.925075] ? lock_downgrade+0x810/0x810 [ 501.929254] ? ___might_sleep+0x163/0x280 [ 501.933446] __should_failslab+0x121/0x190 [ 501.937710] should_failslab+0x9/0x14 01:07:39 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) [ 501.941532] kmem_cache_alloc_node+0x26c/0x710 [ 501.946174] alloc_unbound_pwq+0x4c1/0xc70 [ 501.950456] apply_wqattrs_prepare+0x3c5/0xa30 [ 501.955088] apply_workqueue_attrs_locked+0xcb/0x140 [ 501.960222] apply_workqueue_attrs+0x31/0x50 [ 501.964664] __alloc_workqueue_key+0x8b8/0xee0 [ 501.969296] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 501.974379] hci_register_dev+0x1c6/0x880 [ 501.978556] ? __raw_spin_lock_init+0x2d/0x100 [ 501.983190] hci_uart_tty_ioctl+0x761/0xaf0 [ 501.987550] tty_ioctl+0x8b5/0x1510 [ 501.991205] ? hci_uart_init_work+0x140/0x140 [ 501.995726] ? tty_vhangup+0x30/0x30 [ 501.999470] ? mark_held_locks+0x100/0x100 [ 502.003746] ? perf_trace_lock_acquire+0x380/0x580 [ 502.008715] ? __fget+0x340/0x540 [ 502.012204] ? ___might_sleep+0x163/0x280 [ 502.016382] ? __might_sleep+0x95/0x190 [ 502.020380] ? tty_vhangup+0x30/0x30 [ 502.024120] do_vfs_ioctl+0xd5f/0x1380 [ 502.028038] ? selinux_file_ioctl+0x46f/0x5e0 [ 502.032554] ? selinux_file_ioctl+0x125/0x5e0 [ 502.037074] ? ioctl_preallocate+0x210/0x210 [ 502.041500] ? selinux_file_mprotect+0x620/0x620 [ 502.041534] ? iterate_fd+0x360/0x360 [ 502.041557] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 502.041575] ? fput+0x128/0x1a0 [ 502.041610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 502.041627] ? security_file_ioctl+0x8d/0xc0 [ 502.041657] ksys_ioctl+0xab/0xd0 [ 502.055768] __x64_sys_ioctl+0x73/0xb0 [ 502.055795] do_syscall_64+0xfd/0x620 [ 502.055824] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 502.064638] RIP: 0033:0x459829 [ 502.089059] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 502.089072] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 502.089095] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 502.089106] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 502.089117] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 502.089128] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 502.089139] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 502.107899] FAULT_INJECTION: forcing a failure. [ 502.107899] name failslab, interval 1, probability 0, space 0, times 0 [ 502.146314] Bluetooth: Can't register HCI device [ 502.167515] CPU: 1 PID: 10564 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 502.176099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.176106] Call Trace: [ 502.176127] dump_stack+0x172/0x1f0 [ 502.176151] should_fail.cold+0xa/0x1b [ 502.176180] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 502.188129] ? lock_downgrade+0x810/0x810 [ 502.188149] ? ___might_sleep+0x163/0x280 [ 502.188172] __should_failslab+0x121/0x190 [ 502.188192] should_failslab+0x9/0x14 [ 502.217064] kmem_cache_alloc_trace+0x2cc/0x760 [ 502.221727] ? apply_wqattrs_prepare+0xfb/0xa30 [ 502.226386] apply_wqattrs_prepare+0x13b/0xa30 [ 502.230994] apply_workqueue_attrs_locked+0xcb/0x140 [ 502.236087] apply_workqueue_attrs+0x31/0x50 [ 502.240484] __alloc_workqueue_key+0x8b8/0xee0 [ 502.245057] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 502.250108] hci_register_dev+0x1c6/0x880 [ 502.254245] ? __raw_spin_lock_init+0x2d/0x100 [ 502.258821] hci_uart_tty_ioctl+0x761/0xaf0 [ 502.263134] tty_ioctl+0x8b5/0x1510 [ 502.266768] ? hci_uart_init_work+0x140/0x140 [ 502.271253] ? tty_vhangup+0x30/0x30 [ 502.274954] ? mark_held_locks+0x100/0x100 [ 502.279181] ? debug_smp_processor_id+0x1c/0x20 [ 502.283838] ? __fget+0x340/0x540 [ 502.287280] ? ___might_sleep+0x163/0x280 [ 502.291417] ? __might_sleep+0x95/0x190 [ 502.295379] ? tty_vhangup+0x30/0x30 [ 502.299082] do_vfs_ioctl+0xd5f/0x1380 [ 502.302959] ? selinux_file_ioctl+0x46f/0x5e0 [ 502.307452] ? selinux_file_ioctl+0x125/0x5e0 [ 502.311943] ? ioctl_preallocate+0x210/0x210 [ 502.316343] ? selinux_file_mprotect+0x620/0x620 [ 502.321089] ? iterate_fd+0x360/0x360 [ 502.324881] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 502.330417] ? fput+0x128/0x1a0 [ 502.333711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 502.339250] ? security_file_ioctl+0x8d/0xc0 [ 502.343651] ksys_ioctl+0xab/0xd0 [ 502.347118] __x64_sys_ioctl+0x73/0xb0 [ 502.350998] do_syscall_64+0xfd/0x620 [ 502.354791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 502.359965] RIP: 0033:0x459829 [ 502.363149] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 502.382042] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 502.389756] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 502.397026] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 502.404305] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 502.411562] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 502.418817] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 502.441853] Bluetooth: Can't register HCI device [ 503.698833] Bluetooth: hci2: command 0x1003 tx timeout [ 503.704213] Bluetooth: hci2: sending frame failed (-49) [ 505.778884] Bluetooth: hci2: command 0x1001 tx timeout [ 505.784276] Bluetooth: hci2: sending frame failed (-49) [ 507.858892] Bluetooth: hci2: command 0x1009 tx timeout 01:07:49 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x4b47, 0x0) 01:07:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 01:07:49 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 01:07:49 executing program 0 (fault-call:3 fault-nth:9): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:07:49 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97f"], 0xc}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:07:49 executing program 2 (fault-call:3 fault-nth:6): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 511.924227] FAULT_INJECTION: forcing a failure. [ 511.924227] name failslab, interval 1, probability 0, space 0, times 0 [ 511.939596] FAULT_INJECTION: forcing a failure. [ 511.939596] name failslab, interval 1, probability 0, space 0, times 0 [ 511.961288] CPU: 0 PID: 10580 Comm: syz-executor.0 Not tainted 4.19.60 #33 01:07:49 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 01:07:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 511.968352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.977734] Call Trace: [ 511.980365] dump_stack+0x172/0x1f0 [ 511.984047] should_fail.cold+0xa/0x1b [ 511.987974] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 511.993113] ? lock_downgrade+0x810/0x810 [ 511.997289] ? ___might_sleep+0x163/0x280 [ 512.001473] __should_failslab+0x121/0x190 [ 512.005734] should_failslab+0x9/0x14 [ 512.009564] __kmalloc+0x2e2/0x750 [ 512.013143] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 512.018198] ? pwq_adjust_max_active+0x3b6/0x5c0 [ 512.018221] ? __alloc_workqueue_key+0x139/0xee0 [ 512.018250] __alloc_workqueue_key+0x139/0xee0 [ 512.027786] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 512.027845] hci_register_dev+0x225/0x880 [ 512.041577] hci_uart_tty_ioctl+0x761/0xaf0 [ 512.045935] tty_ioctl+0x8b5/0x1510 [ 512.049585] ? hci_uart_init_work+0x140/0x140 [ 512.049608] ? tty_vhangup+0x30/0x30 [ 512.049627] ? mark_held_locks+0x100/0x100 [ 512.049653] ? perf_trace_lock_acquire+0x380/0x580 [ 512.049683] ? __fget+0x340/0x540 [ 512.062139] ? ___might_sleep+0x163/0x280 [ 512.062172] ? __might_sleep+0x95/0x190 [ 512.079201] ? tty_vhangup+0x30/0x30 [ 512.082953] do_vfs_ioctl+0xd5f/0x1380 [ 512.086867] ? selinux_file_ioctl+0x46f/0x5e0 [ 512.091427] ? selinux_file_ioctl+0x125/0x5e0 [ 512.095951] ? ioctl_preallocate+0x210/0x210 [ 512.100387] ? selinux_file_mprotect+0x620/0x620 [ 512.105195] ? iterate_fd+0x360/0x360 [ 512.109027] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 512.114592] ? fput+0x128/0x1a0 [ 512.117919] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 01:07:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:07:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 512.123485] ? security_file_ioctl+0x8d/0xc0 [ 512.127926] ksys_ioctl+0xab/0xd0 [ 512.131409] __x64_sys_ioctl+0x73/0xb0 [ 512.135326] do_syscall_64+0xfd/0x620 [ 512.139171] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 512.144386] RIP: 0033:0x459829 [ 512.147598] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 512.166515] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.166538] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 512.166556] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 512.188820] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 512.196099] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 512.196112] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 512.222115] CPU: 1 PID: 10581 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 512.229160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.238606] Call Trace: [ 512.241208] dump_stack+0x172/0x1f0 [ 512.244857] should_fail.cold+0xa/0x1b [ 512.248764] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 512.253886] ? lock_downgrade+0x810/0x810 [ 512.258056] ? ___might_sleep+0x163/0x280 [ 512.262230] __should_failslab+0x121/0x190 [ 512.266489] should_failslab+0x9/0x14 [ 512.270310] kmem_cache_alloc_trace+0x2cc/0x760 [ 512.275004] ? apply_wqattrs_prepare+0xfb/0xa30 [ 512.279700] apply_wqattrs_prepare+0x13b/0xa30 [ 512.284318] apply_workqueue_attrs_locked+0xcb/0x140 [ 512.289441] apply_workqueue_attrs+0x31/0x50 [ 512.293852] __alloc_workqueue_key+0x8b8/0xee0 [ 512.298429] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 512.303469] hci_register_dev+0x1c6/0x880 [ 512.307621] ? __raw_spin_lock_init+0x2d/0x100 [ 512.312209] hci_uart_tty_ioctl+0x761/0xaf0 [ 512.316538] tty_ioctl+0x8b5/0x1510 [ 512.320175] ? hci_uart_init_work+0x140/0x140 [ 512.324680] ? tty_vhangup+0x30/0x30 [ 512.328386] ? mark_held_locks+0x100/0x100 [ 512.332616] ? perf_trace_lock_acquire+0x380/0x580 [ 512.337534] ? __fget+0x340/0x540 [ 512.341001] ? ___might_sleep+0x163/0x280 [ 512.345139] ? __might_sleep+0x95/0x190 [ 512.349117] ? tty_vhangup+0x30/0x30 [ 512.352834] do_vfs_ioctl+0xd5f/0x1380 [ 512.356713] ? selinux_file_ioctl+0x46f/0x5e0 [ 512.361210] ? selinux_file_ioctl+0x125/0x5e0 [ 512.365710] ? ioctl_preallocate+0x210/0x210 [ 512.370131] ? selinux_file_mprotect+0x620/0x620 [ 512.374883] ? iterate_fd+0x360/0x360 [ 512.378687] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 512.384211] ? fput+0x128/0x1a0 [ 512.387493] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 512.393029] ? security_file_ioctl+0x8d/0xc0 [ 512.397460] ksys_ioctl+0xab/0xd0 [ 512.400931] __x64_sys_ioctl+0x73/0xb0 [ 512.404821] do_syscall_64+0xfd/0x620 [ 512.408629] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 512.413829] RIP: 0033:0x459829 [ 512.417015] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 512.435921] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.443689] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 512.450966] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 512.458231] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 512.465515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 01:07:50 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x4b49, 0x0) [ 512.472778] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 512.485051] Bluetooth: Can't register HCI device [ 512.493104] Bluetooth: Can't register HCI device 01:07:50 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97f"], 0xc}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:07:50 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 01:07:50 executing program 2 (fault-call:3 fault-nth:7): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:07:50 executing program 0 (fault-call:3 fault-nth:10): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 512.592484] Bluetooth: hci0: Frame reassembly failed (-84) [ 512.724021] FAULT_INJECTION: forcing a failure. [ 512.724021] name failslab, interval 1, probability 0, space 0, times 0 [ 512.741354] CPU: 1 PID: 10619 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 512.748402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.757769] Call Trace: [ 512.760378] dump_stack+0x172/0x1f0 [ 512.764034] should_fail.cold+0xa/0x1b [ 512.767941] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 512.773061] ? lock_downgrade+0x810/0x810 [ 512.773079] ? ___might_sleep+0x163/0x280 [ 512.773101] __should_failslab+0x121/0x190 [ 512.773120] should_failslab+0x9/0x14 [ 512.773135] kmem_cache_alloc_node+0x26c/0x710 [ 512.773163] alloc_unbound_pwq+0x4c1/0xc70 [ 512.773188] apply_wqattrs_prepare+0x3c5/0xa30 [ 512.773217] apply_workqueue_attrs_locked+0xcb/0x140 [ 512.808003] apply_workqueue_attrs+0x31/0x50 [ 512.812433] __alloc_workqueue_key+0x8b8/0xee0 [ 512.817038] ? workqueue_sysfs_register+0x3f0/0x3f0 01:07:50 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 01:07:50 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) [ 512.822090] hci_register_dev+0x1c6/0x880 [ 512.826257] ? __raw_spin_lock_init+0x2d/0x100 [ 512.830863] hci_uart_tty_ioctl+0x761/0xaf0 [ 512.835199] tty_ioctl+0x8b5/0x1510 [ 512.838843] ? hci_uart_init_work+0x140/0x140 [ 512.843356] ? tty_vhangup+0x30/0x30 [ 512.847082] ? mark_held_locks+0x100/0x100 [ 512.851333] ? proc_cwd_link+0x1d0/0x1d0 [ 512.855417] ? __fget+0x340/0x540 [ 512.858894] ? ___might_sleep+0x163/0x280 [ 512.863055] ? __might_sleep+0x95/0x190 [ 512.867046] ? tty_vhangup+0x30/0x30 [ 512.870780] do_vfs_ioctl+0xd5f/0x1380 01:07:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 512.874686] ? selinux_file_ioctl+0x46f/0x5e0 [ 512.879197] ? selinux_file_ioctl+0x125/0x5e0 [ 512.883705] ? ioctl_preallocate+0x210/0x210 [ 512.888129] ? selinux_file_mprotect+0x620/0x620 [ 512.892907] ? iterate_fd+0x360/0x360 [ 512.896730] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 512.902280] ? fput+0x128/0x1a0 [ 512.905583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 512.911130] ? security_file_ioctl+0x8d/0xc0 [ 512.915561] ksys_ioctl+0xab/0xd0 [ 512.919033] __x64_sys_ioctl+0x73/0xb0 [ 512.922934] do_syscall_64+0xfd/0x620 [ 512.926760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 512.931963] RIP: 0033:0x459829 [ 512.935169] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 512.954080] RSP: 002b:00007f9d624c9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.961808] RAX: ffffffffffffffda RBX: 00007f9d624c9c90 RCX: 0000000000459829 [ 512.969088] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 512.976375] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 512.983647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624ca6d4 [ 512.990919] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 513.000312] FAULT_INJECTION: forcing a failure. [ 513.000312] name failslab, interval 1, probability 0, space 0, times 0 [ 513.011668] Bluetooth: Can't register HCI device [ 513.011872] CPU: 1 PID: 10620 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 513.011887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 513.033015] Call Trace: [ 513.035608] dump_stack+0x172/0x1f0 [ 513.039253] should_fail.cold+0xa/0x1b [ 513.043151] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 513.048256] ? lock_downgrade+0x810/0x810 [ 513.052411] ? ___might_sleep+0x163/0x280 [ 513.056567] __should_failslab+0x121/0x190 [ 513.060807] should_failslab+0x9/0x14 [ 513.064608] kmem_cache_alloc_trace+0x2cc/0x760 [ 513.069285] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 513.074302] ? pwq_adjust_max_active+0x3b6/0x5c0 [ 513.079063] ? __alloc_workqueue_key+0x139/0xee0 [ 513.083828] __alloc_workqueue_key+0x18e/0xee0 [ 513.088422] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 513.093464] hci_register_dev+0x225/0x880 [ 513.097621] hci_uart_tty_ioctl+0x761/0xaf0 [ 513.101947] tty_ioctl+0x8b5/0x1510 [ 513.105584] ? hci_uart_init_work+0x140/0x140 [ 513.110082] ? tty_vhangup+0x30/0x30 [ 513.113800] ? mark_held_locks+0x100/0x100 [ 513.118148] ? proc_cwd_link+0x1d0/0x1d0 [ 513.122220] ? __fget+0x340/0x540 [ 513.125682] ? ___might_sleep+0x163/0x280 [ 513.129835] ? __might_sleep+0x95/0x190 [ 513.133839] ? tty_vhangup+0x30/0x30 [ 513.137559] do_vfs_ioctl+0xd5f/0x1380 [ 513.141454] ? selinux_file_ioctl+0x46f/0x5e0 [ 513.145950] ? selinux_file_ioctl+0x125/0x5e0 [ 513.150451] ? ioctl_preallocate+0x210/0x210 [ 513.154862] ? selinux_file_mprotect+0x620/0x620 [ 513.159631] ? iterate_fd+0x360/0x360 [ 513.163441] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 513.168978] ? fput+0x128/0x1a0 [ 513.172268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 513.177808] ? security_file_ioctl+0x8d/0xc0 [ 513.182223] ksys_ioctl+0xab/0xd0 [ 513.186172] __x64_sys_ioctl+0x73/0xb0 [ 513.190073] do_syscall_64+0xfd/0x620 [ 513.193883] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 513.199074] RIP: 0033:0x459829 [ 513.202271] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:07:51 executing program 2 (fault-call:3 fault-nth:8): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 513.221177] RSP: 002b:00007fd01d6e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.228900] RAX: ffffffffffffffda RBX: 00007fd01d6e3c90 RCX: 0000000000459829 [ 513.236174] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 513.243446] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 513.250722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d6e46d4 [ 513.257996] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 513.270436] Bluetooth: Can't register HCI device 01:07:51 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97f"], 0xc}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 513.379999] FAULT_INJECTION: forcing a failure. [ 513.379999] name failslab, interval 1, probability 0, space 0, times 0 [ 513.392988] CPU: 1 PID: 10631 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 513.400025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 513.409390] Call Trace: [ 513.411997] dump_stack+0x172/0x1f0 [ 513.415655] should_fail.cold+0xa/0x1b [ 513.419577] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 513.424701] ? lock_downgrade+0x810/0x810 [ 513.428870] ? ___might_sleep+0x163/0x280 [ 513.433040] __should_failslab+0x121/0x190 [ 513.437292] should_failslab+0x9/0x14 [ 513.441114] kmem_cache_alloc_node+0x26c/0x710 [ 513.445721] alloc_unbound_pwq+0x4c1/0xc70 [ 513.449991] apply_wqattrs_prepare+0x3c5/0xa30 [ 513.454605] apply_workqueue_attrs_locked+0xcb/0x140 [ 513.459727] apply_workqueue_attrs+0x31/0x50 [ 513.464154] __alloc_workqueue_key+0x8b8/0xee0 [ 513.468761] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 513.473814] hci_register_dev+0x1c6/0x880 [ 513.477966] ? __raw_spin_lock_init+0x2d/0x100 [ 513.482555] hci_uart_tty_ioctl+0x761/0xaf0 [ 513.486879] tty_ioctl+0x8b5/0x1510 [ 513.490508] ? hci_uart_init_work+0x140/0x140 [ 513.495002] ? tty_vhangup+0x30/0x30 [ 513.498713] ? mark_held_locks+0x100/0x100 [ 513.502955] ? debug_smp_processor_id+0x1c/0x20 [ 513.507624] ? __fget+0x340/0x540 [ 513.511105] ? ___might_sleep+0x163/0x280 [ 513.515256] ? __might_sleep+0x95/0x190 [ 513.519229] ? tty_vhangup+0x30/0x30 [ 513.523828] do_vfs_ioctl+0xd5f/0x1380 [ 513.527721] ? selinux_file_ioctl+0x46f/0x5e0 [ 513.532214] ? selinux_file_ioctl+0x125/0x5e0 [ 513.536712] ? ioctl_preallocate+0x210/0x210 [ 513.541119] ? selinux_file_mprotect+0x620/0x620 [ 513.545921] ? iterate_fd+0x360/0x360 [ 513.549731] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 513.555267] ? fput+0x128/0x1a0 [ 513.558560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 513.564100] ? security_file_ioctl+0x8d/0xc0 [ 513.568500] ksys_ioctl+0xab/0xd0 [ 513.571962] __x64_sys_ioctl+0x73/0xb0 [ 513.575870] do_syscall_64+0xfd/0x620 [ 513.579702] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 513.584901] RIP: 0033:0x459829 [ 513.588139] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 513.607036] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.614736] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 513.622179] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 513.629457] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 513.636725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 513.643982] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 513.663511] Bluetooth: Can't register HCI device [ 514.498756] Bluetooth: hci2: command 0x1003 tx timeout [ 514.504182] Bluetooth: hci2: sending frame failed (-49) [ 514.658805] Bluetooth: hci0: command 0x1003 tx timeout [ 514.664244] Bluetooth: hci0: sending frame failed (-49) [ 515.298666] Bluetooth: hci4: command 0x1003 tx timeout [ 515.304169] Bluetooth: hci4: sending frame failed (-49) [ 516.578749] Bluetooth: hci2: command 0x1001 tx timeout [ 516.584152] Bluetooth: hci2: sending frame failed (-49) [ 516.738827] Bluetooth: hci0: command 0x1001 tx timeout [ 516.744237] Bluetooth: hci0: sending frame failed (-49) [ 517.378737] Bluetooth: hci4: command 0x1001 tx timeout [ 517.384138] Bluetooth: hci4: sending frame failed (-49) [ 518.658726] Bluetooth: hci2: command 0x1009 tx timeout [ 518.818712] Bluetooth: hci0: command 0x1009 tx timeout [ 519.458709] Bluetooth: hci4: command 0x1009 tx timeout 01:08:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:00 executing program 0 (fault-call:3 fault-nth:11): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5409, 0x0) 01:08:00 executing program 2 (fault-call:3 fault-nth:9): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:00 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb"], 0xe}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 522.786226] FAULT_INJECTION: forcing a failure. [ 522.786226] name failslab, interval 1, probability 0, space 0, times 0 [ 522.804423] CPU: 1 PID: 10639 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 522.811473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.811481] Call Trace: [ 522.811505] dump_stack+0x172/0x1f0 [ 522.811533] should_fail.cold+0xa/0x1b [ 522.811557] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 522.811582] ? lock_downgrade+0x810/0x810 [ 522.811602] ? ___might_sleep+0x163/0x280 [ 522.844427] __should_failslab+0x121/0x190 [ 522.844448] should_failslab+0x9/0x14 [ 522.844464] kmem_cache_alloc_trace+0x2cc/0x760 [ 522.844486] ? apply_wqattrs_prepare+0xfb/0xa30 [ 522.861882] apply_wqattrs_prepare+0x13b/0xa30 [ 522.866493] apply_workqueue_attrs_locked+0xcb/0x140 [ 522.871618] apply_workqueue_attrs+0x31/0x50 [ 522.876049] __alloc_workqueue_key+0x8b8/0xee0 [ 522.880666] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 522.885729] hci_register_dev+0x225/0x880 [ 522.889902] hci_uart_tty_ioctl+0x761/0xaf0 [ 522.894244] tty_ioctl+0x8b5/0x1510 [ 522.897889] ? hci_uart_init_work+0x140/0x140 [ 522.902406] ? tty_vhangup+0x30/0x30 [ 522.906134] ? mark_held_locks+0x100/0x100 [ 522.910384] ? debug_smp_processor_id+0x1c/0x20 [ 522.915058] ? __fget+0x340/0x540 [ 522.918512] ? ___might_sleep+0x163/0x280 [ 522.922667] ? __might_sleep+0x95/0x190 [ 522.926645] ? tty_vhangup+0x30/0x30 [ 522.930368] do_vfs_ioctl+0xd5f/0x1380 [ 522.934261] ? selinux_file_ioctl+0x46f/0x5e0 [ 522.938755] ? selinux_file_ioctl+0x125/0x5e0 [ 522.943256] ? ioctl_preallocate+0x210/0x210 [ 522.947670] ? selinux_file_mprotect+0x620/0x620 [ 522.952441] ? iterate_fd+0x360/0x360 [ 522.956245] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 522.962046] ? fput+0x128/0x1a0 [ 522.965338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 522.970881] ? security_file_ioctl+0x8d/0xc0 [ 522.975295] ksys_ioctl+0xab/0xd0 [ 522.978784] __x64_sys_ioctl+0x73/0xb0 [ 522.982684] do_syscall_64+0xfd/0x620 [ 522.986491] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 522.991685] RIP: 0033:0x459829 [ 522.994882] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 523.013789] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 523.021526] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 523.028796] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 523.036062] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 523.043328] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 523.050595] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 523.062984] Bluetooth: Can't register HCI device [ 523.064110] Bluetooth: hci1: Frame reassembly failed (-84) [ 523.096232] FAULT_INJECTION: forcing a failure. [ 523.096232] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 523.108102] CPU: 0 PID: 10648 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 523.115139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.124530] Call Trace: [ 523.127153] dump_stack+0x172/0x1f0 [ 523.130846] should_fail.cold+0xa/0x1b [ 523.134762] ? perf_trace_run_bpf_submit+0x131/0x190 [ 523.139891] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 523.145031] ? mark_held_locks+0x100/0x100 [ 523.149293] __alloc_pages_nodemask+0x1ee/0x760 [ 523.153983] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 523.159374] ? __alloc_pages_slowpath+0x2870/0x2870 [ 523.164446] cache_grow_begin+0x9c/0x8b0 [ 523.168532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 523.174096] ? check_preemption_disabled+0x48/0x290 [ 523.179151] kmem_cache_alloc_node+0x64d/0x710 [ 523.184118] alloc_unbound_pwq+0x4c1/0xc70 [ 523.188407] apply_wqattrs_prepare+0x3c5/0xa30 [ 523.193039] apply_workqueue_attrs_locked+0xcb/0x140 [ 523.198216] apply_workqueue_attrs+0x31/0x50 [ 523.202649] __alloc_workqueue_key+0x8b8/0xee0 [ 523.207265] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 523.212339] hci_register_dev+0x1c6/0x880 [ 523.216511] ? __raw_spin_lock_init+0x2d/0x100 [ 523.221129] hci_uart_tty_ioctl+0x761/0xaf0 [ 523.225489] tty_ioctl+0x8b5/0x1510 [ 523.229143] ? hci_uart_init_work+0x140/0x140 [ 523.233682] ? tty_vhangup+0x30/0x30 [ 523.237422] ? mark_held_locks+0x100/0x100 [ 523.241685] ? perf_trace_lock_acquire+0x380/0x580 [ 523.246648] ? __fget+0x340/0x540 [ 523.250130] ? ___might_sleep+0x163/0x280 [ 523.254310] ? __might_sleep+0x95/0x190 [ 523.258308] ? tty_vhangup+0x30/0x30 [ 523.262051] do_vfs_ioctl+0xd5f/0x1380 [ 523.265958] ? selinux_file_ioctl+0x46f/0x5e0 [ 523.270477] ? selinux_file_ioctl+0x125/0x5e0 [ 523.274999] ? ioctl_preallocate+0x210/0x210 [ 523.279426] ? selinux_file_mprotect+0x620/0x620 [ 523.284223] ? iterate_fd+0x360/0x360 [ 523.288055] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 523.293616] ? fput+0x128/0x1a0 [ 523.296933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 523.302490] ? security_file_ioctl+0x8d/0xc0 [ 523.306927] ksys_ioctl+0xab/0xd0 [ 523.310409] __x64_sys_ioctl+0x73/0xb0 [ 523.314318] do_syscall_64+0xfd/0x620 [ 523.318158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 523.323404] RIP: 0033:0x459829 [ 523.326613] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:08:01 executing program 0 (fault-call:3 fault-nth:12): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 523.345535] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 523.353281] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 523.360565] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 523.367850] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 523.375139] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 523.382439] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:08:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 523.422489] Bluetooth: hci2: Frame reassembly failed (-84) [ 523.440247] Bluetooth: hci0: Frame reassembly failed (-84) 01:08:01 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb"], 0xe}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 523.503763] FAULT_INJECTION: forcing a failure. [ 523.503763] name failslab, interval 1, probability 0, space 0, times 0 [ 523.526330] CPU: 0 PID: 10659 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 523.533368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.542730] Call Trace: [ 523.545338] dump_stack+0x172/0x1f0 [ 523.548990] should_fail.cold+0xa/0x1b [ 523.552902] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 523.558011] ? lock_downgrade+0x810/0x810 [ 523.562167] ? ___might_sleep+0x163/0x280 [ 523.566324] __should_failslab+0x121/0x190 [ 523.570547] should_failslab+0x9/0x14 [ 523.574334] kmem_cache_alloc_trace+0x2cc/0x760 [ 523.579006] ? apply_wqattrs_prepare+0xfb/0xa30 [ 523.583682] apply_wqattrs_prepare+0x13b/0xa30 [ 523.588259] apply_workqueue_attrs_locked+0xcb/0x140 [ 523.593356] apply_workqueue_attrs+0x31/0x50 [ 523.597769] __alloc_workqueue_key+0x8b8/0xee0 [ 523.602351] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 523.607389] hci_register_dev+0x225/0x880 [ 523.611540] hci_uart_tty_ioctl+0x761/0xaf0 [ 523.615866] tty_ioctl+0x8b5/0x1510 [ 523.619486] ? hci_uart_init_work+0x140/0x140 [ 523.623994] ? tty_vhangup+0x30/0x30 [ 523.627714] ? mark_held_locks+0x100/0x100 [ 523.631948] ? proc_cwd_link+0x1d0/0x1d0 [ 523.636014] ? __fget+0x340/0x540 [ 523.639459] ? ___might_sleep+0x163/0x280 [ 523.643615] ? __might_sleep+0x95/0x190 [ 523.647587] ? tty_vhangup+0x30/0x30 [ 523.651291] do_vfs_ioctl+0xd5f/0x1380 [ 523.655173] ? selinux_file_ioctl+0x46f/0x5e0 [ 523.659654] ? selinux_file_ioctl+0x125/0x5e0 [ 523.664140] ? ioctl_preallocate+0x210/0x210 [ 523.668537] ? selinux_file_mprotect+0x620/0x620 [ 523.673286] ? iterate_fd+0x360/0x360 [ 523.677077] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 523.682600] ? fput+0x128/0x1a0 [ 523.685870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 523.691410] ? security_file_ioctl+0x8d/0xc0 [ 523.695821] ksys_ioctl+0xab/0xd0 [ 523.699265] __x64_sys_ioctl+0x73/0xb0 [ 523.703145] do_syscall_64+0xfd/0x620 [ 523.706984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 523.712170] RIP: 0033:0x459829 [ 523.715347] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 523.734236] RSP: 002b:00007fd01d6e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 523.741946] RAX: ffffffffffffffda RBX: 00007fd01d6e3c90 RCX: 0000000000459829 01:08:01 executing program 0 (fault-call:3 fault-nth:13): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 523.749215] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 523.756474] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 523.763742] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d6e46d4 [ 523.771006] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 523.780477] Bluetooth: Can't register HCI device 01:08:01 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb"], 0xe}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 523.916369] FAULT_INJECTION: forcing a failure. [ 523.916369] name failslab, interval 1, probability 0, space 0, times 0 [ 523.938511] CPU: 0 PID: 10669 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 523.945593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.954970] Call Trace: [ 523.957579] dump_stack+0x172/0x1f0 [ 523.961232] should_fail.cold+0xa/0x1b [ 523.965138] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 523.970263] ? lock_downgrade+0x810/0x810 [ 523.974426] ? ___might_sleep+0x163/0x280 [ 523.978624] __should_failslab+0x121/0x190 [ 523.982883] should_failslab+0x9/0x14 [ 523.986695] kmem_cache_alloc_trace+0x2cc/0x760 [ 523.991401] apply_wqattrs_prepare+0x1c7/0xa30 [ 523.996021] apply_workqueue_attrs_locked+0xcb/0x140 [ 524.001142] apply_workqueue_attrs+0x31/0x50 [ 524.005574] __alloc_workqueue_key+0x8b8/0xee0 [ 524.010188] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 524.015259] hci_register_dev+0x225/0x880 [ 524.019432] hci_uart_tty_ioctl+0x761/0xaf0 [ 524.023773] tty_ioctl+0x8b5/0x1510 [ 524.027410] ? hci_uart_init_work+0x140/0x140 [ 524.031919] ? tty_vhangup+0x30/0x30 [ 524.035642] ? mark_held_locks+0x100/0x100 [ 524.039893] ? perf_trace_lock_acquire+0x380/0x580 [ 524.044842] ? __fget+0x340/0x540 [ 524.048325] ? ___might_sleep+0x163/0x280 [ 524.052498] ? __might_sleep+0x95/0x190 [ 524.056486] ? tty_vhangup+0x30/0x30 [ 524.060217] do_vfs_ioctl+0xd5f/0x1380 [ 524.064114] ? selinux_file_ioctl+0x46f/0x5e0 [ 524.068625] ? selinux_file_ioctl+0x125/0x5e0 [ 524.073155] ? ioctl_preallocate+0x210/0x210 [ 524.078110] ? selinux_file_mprotect+0x620/0x620 [ 524.082894] ? iterate_fd+0x360/0x360 [ 524.086710] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 524.092257] ? fput+0x128/0x1a0 [ 524.095562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 524.101107] ? security_file_ioctl+0x8d/0xc0 [ 524.105535] ksys_ioctl+0xab/0xd0 [ 524.109009] __x64_sys_ioctl+0x73/0xb0 [ 524.112917] do_syscall_64+0xfd/0x620 [ 524.116740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 524.121943] RIP: 0033:0x459829 [ 524.125147] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 524.144073] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 524.151803] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 524.159080] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 524.166355] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 524.173636] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 524.180914] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 524.189639] Bluetooth: Can't register HCI device 01:08:02 executing program 0 (fault-call:3 fault-nth:14): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 524.277285] FAULT_INJECTION: forcing a failure. [ 524.277285] name failslab, interval 1, probability 0, space 0, times 0 [ 524.288930] CPU: 0 PID: 10675 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 524.295971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.305339] Call Trace: [ 524.307948] dump_stack+0x172/0x1f0 [ 524.311602] should_fail.cold+0xa/0x1b [ 524.315508] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 524.320627] ? lock_downgrade+0x810/0x810 [ 524.324790] ? ___might_sleep+0x163/0x280 [ 524.328961] __should_failslab+0x121/0x190 [ 524.333218] should_failslab+0x9/0x14 [ 524.337033] kmem_cache_alloc_node+0x26c/0x710 [ 524.341654] alloc_unbound_pwq+0x4c1/0xc70 [ 524.345923] apply_wqattrs_prepare+0x3c5/0xa30 [ 524.350541] apply_workqueue_attrs_locked+0xcb/0x140 [ 524.355664] apply_workqueue_attrs+0x31/0x50 [ 524.360090] __alloc_workqueue_key+0x8b8/0xee0 [ 524.364696] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 524.369761] hci_register_dev+0x225/0x880 [ 524.373935] hci_uart_tty_ioctl+0x761/0xaf0 [ 524.378281] tty_ioctl+0x8b5/0x1510 [ 524.381922] ? hci_uart_init_work+0x140/0x140 [ 524.386466] ? tty_vhangup+0x30/0x30 [ 524.390193] ? mark_held_locks+0x100/0x100 [ 524.394445] ? perf_trace_lock_acquire+0x380/0x580 [ 524.399396] ? __fget+0x340/0x540 [ 524.402861] ? ___might_sleep+0x163/0x280 [ 524.407022] ? __might_sleep+0x95/0x190 [ 524.411009] ? tty_vhangup+0x30/0x30 [ 524.414740] do_vfs_ioctl+0xd5f/0x1380 [ 524.418647] ? selinux_file_ioctl+0x46f/0x5e0 [ 524.423150] ? selinux_file_ioctl+0x125/0x5e0 [ 524.427662] ? ioctl_preallocate+0x210/0x210 [ 524.432082] ? selinux_file_mprotect+0x620/0x620 [ 524.436862] ? iterate_fd+0x360/0x360 [ 524.440680] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 524.446232] ? fput+0x128/0x1a0 [ 524.449534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 524.455085] ? security_file_ioctl+0x8d/0xc0 [ 524.459516] ksys_ioctl+0xab/0xd0 [ 524.462993] __x64_sys_ioctl+0x73/0xb0 [ 524.466897] do_syscall_64+0xfd/0x620 [ 524.470740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 524.475942] RIP: 0033:0x459829 [ 524.479146] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 524.498071] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 524.505805] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 524.513086] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 524.520364] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 01:08:02 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb01"], 0xf}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 524.527640] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 524.534916] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 524.545360] Bluetooth: Can't register HCI device [ 525.138707] Bluetooth: hci1: command 0x1003 tx timeout [ 525.144230] Bluetooth: hci1: sending frame failed (-49) [ 525.458650] Bluetooth: hci0: command 0x1003 tx timeout [ 525.458686] Bluetooth: hci2: command 0x1003 tx timeout [ 525.464167] Bluetooth: hci0: sending frame failed (-49) [ 525.475212] Bluetooth: hci2: sending frame failed (-49) [ 525.538632] Bluetooth: hci3: command 0x1003 tx timeout [ 525.544104] Bluetooth: hci3: sending frame failed (-49) [ 527.218674] Bluetooth: hci1: command 0x1001 tx timeout [ 527.224100] Bluetooth: hci1: sending frame failed (-49) [ 527.538763] Bluetooth: hci2: command 0x1001 tx timeout [ 527.544160] Bluetooth: hci0: command 0x1001 tx timeout [ 527.544216] Bluetooth: hci2: sending frame failed (-49) [ 527.550029] Bluetooth: hci0: sending frame failed (-49) [ 527.618661] Bluetooth: hci3: command 0x1001 tx timeout [ 527.624068] Bluetooth: hci3: sending frame failed (-49) [ 529.298680] Bluetooth: hci1: command 0x1009 tx timeout [ 529.618705] Bluetooth: hci2: command 0x1009 tx timeout [ 529.618726] Bluetooth: hci0: command 0x1009 tx timeout [ 529.698716] Bluetooth: hci3: command 0x1009 tx timeout 01:08:11 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:11 executing program 0 (fault-call:3 fault-nth:15): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:11 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x540b, 0x0) 01:08:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb01"], 0xf}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:08:11 executing program 2 (fault-call:3 fault-nth:10): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:11 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 533.747483] FAULT_INJECTION: forcing a failure. [ 533.747483] name failslab, interval 1, probability 0, space 0, times 0 [ 533.795600] CPU: 1 PID: 10689 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 533.802688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.808484] FAULT_INJECTION: forcing a failure. [ 533.808484] name failslab, interval 1, probability 0, space 0, times 0 [ 533.812148] Call Trace: [ 533.812228] dump_stack+0x172/0x1f0 [ 533.812256] should_fail.cold+0xa/0x1b [ 533.812283] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 533.812304] ? lock_downgrade+0x810/0x810 [ 533.812324] ? ___might_sleep+0x163/0x280 [ 533.812350] __should_failslab+0x121/0x190 [ 533.812379] should_failslab+0x9/0x14 [ 533.855444] kmem_cache_alloc+0x2ae/0x700 [ 533.859706] ? perf_trace_lock_acquire+0x380/0x580 [ 533.864668] ? perf_swevent_put_recursion_context+0xa0/0xa0 [ 533.870410] __d_alloc+0x2e/0x9c0 [ 533.873890] ? find_held_lock+0x35/0x130 [ 533.877977] d_alloc+0x4d/0x280 [ 533.881287] ? __lock_acquire+0x6eb/0x48f0 [ 533.885580] d_alloc_parallel+0xf4/0x1bb0 [ 533.889777] ? perf_trace_lock_acquire+0x380/0x580 [ 533.894730] ? __d_lookup_rcu+0x6b0/0x6b0 [ 533.898902] ? __d_lookup+0x40c/0x760 [ 533.902726] ? __lockdep_init_map+0x10c/0x5b0 [ 533.907250] ? __lockdep_init_map+0x10c/0x5b0 [ 533.911777] __lookup_slow+0x1ab/0x500 [ 533.915701] ? vfs_unlink+0x500/0x500 [ 533.919544] ? lockdep_hardirqs_on+0x415/0x5d0 [ 533.924160] ? d_lookup+0x19e/0x260 [ 533.927821] lookup_one_len+0x16d/0x1a0 [ 533.931823] ? lookup_one_len_unlocked+0x100/0x100 [ 533.936786] start_creating+0xbf/0x1e0 [ 533.940708] debugfs_create_dir+0x23/0x3c0 [ 533.944972] hci_register_dev+0x2b5/0x880 [ 533.949152] hci_uart_tty_ioctl+0x761/0xaf0 [ 533.953672] tty_ioctl+0x8b5/0x1510 [ 533.957327] ? hci_uart_init_work+0x140/0x140 [ 533.961846] ? tty_vhangup+0x30/0x30 [ 533.965594] ? mark_held_locks+0x100/0x100 [ 533.969864] ? perf_trace_lock_acquire+0x380/0x580 [ 533.974821] ? __fget+0x340/0x540 [ 533.978395] ? ___might_sleep+0x163/0x280 [ 533.982569] ? __might_sleep+0x95/0x190 [ 533.986639] ? tty_vhangup+0x30/0x30 [ 533.990383] do_vfs_ioctl+0xd5f/0x1380 [ 533.994301] ? selinux_file_ioctl+0x46f/0x5e0 [ 533.998818] ? selinux_file_ioctl+0x125/0x5e0 [ 534.003339] ? ioctl_preallocate+0x210/0x210 [ 534.007774] ? selinux_file_mprotect+0x620/0x620 [ 534.012568] ? iterate_fd+0x360/0x360 [ 534.016482] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 534.022041] ? fput+0x128/0x1a0 [ 534.025360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 534.030918] ? security_file_ioctl+0x8d/0xc0 [ 534.035356] ksys_ioctl+0xab/0xd0 [ 534.038834] __x64_sys_ioctl+0x73/0xb0 [ 534.043101] do_syscall_64+0xfd/0x620 [ 534.046934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 534.052148] RIP: 0033:0x459829 [ 534.055366] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 534.074593] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 534.082612] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 534.089903] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 534.097197] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 534.104487] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 534.111782] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 534.122979] CPU: 0 PID: 10696 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 534.130059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.130068] Call Trace: [ 534.130093] dump_stack+0x172/0x1f0 [ 534.130125] should_fail.cold+0xa/0x1b [ 534.130151] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 534.130181] ? lock_downgrade+0x810/0x810 [ 534.130204] ? ___might_sleep+0x163/0x280 [ 534.130235] __should_failslab+0x121/0x190 [ 534.130259] should_failslab+0x9/0x14 [ 534.130277] kmem_cache_alloc_trace+0x2cc/0x760 [ 534.130301] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 534.130320] ? pwq_adjust_max_active+0x3b6/0x5c0 [ 534.130340] ? __alloc_workqueue_key+0x139/0xee0 [ 534.130368] __alloc_workqueue_key+0x18e/0xee0 [ 534.142540] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 534.142599] hci_register_dev+0x225/0x880 [ 534.150112] hci_uart_tty_ioctl+0x761/0xaf0 [ 534.150140] tty_ioctl+0x8b5/0x1510 [ 534.150158] ? hci_uart_init_work+0x140/0x140 [ 534.159455] ? tty_vhangup+0x30/0x30 [ 534.159475] ? mark_held_locks+0x100/0x100 [ 534.159501] ? perf_trace_lock_acquire+0x380/0x580 [ 534.159530] ? __fget+0x340/0x540 [ 534.168047] ? ___might_sleep+0x163/0x280 [ 534.168074] ? __might_sleep+0x95/0x190 [ 534.168099] ? tty_vhangup+0x30/0x30 [ 534.176592] do_vfs_ioctl+0xd5f/0x1380 [ 534.176614] ? selinux_file_ioctl+0x46f/0x5e0 [ 534.176631] ? selinux_file_ioctl+0x125/0x5e0 [ 534.176652] ? ioctl_preallocate+0x210/0x210 [ 534.186588] ? selinux_file_mprotect+0x620/0x620 [ 534.186625] ? iterate_fd+0x360/0x360 [ 534.186652] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 534.196035] ? fput+0x128/0x1a0 [ 534.196071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 534.196089] ? security_file_ioctl+0x8d/0xc0 [ 534.205311] ksys_ioctl+0xab/0xd0 [ 534.205339] __x64_sys_ioctl+0x73/0xb0 [ 534.205364] do_syscall_64+0xfd/0x620 [ 534.213475] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 534.213492] RIP: 0033:0x459829 [ 534.213515] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 534.221793] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 534.221816] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 01:08:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb01"], 0xf}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 534.221828] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 534.221840] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 534.221851] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 534.221865] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 534.243798] Bluetooth: Can't register HCI device 01:08:12 executing program 2 (fault-call:3 fault-nth:11): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 534.414519] Bluetooth: hci4: Frame reassembly failed (-84) [ 534.481668] FAULT_INJECTION: forcing a failure. [ 534.481668] name failslab, interval 1, probability 0, space 0, times 0 [ 534.499815] CPU: 1 PID: 10706 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 534.506869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.516421] Call Trace: [ 534.519164] dump_stack+0x172/0x1f0 [ 534.522804] should_fail.cold+0xa/0x1b [ 534.526884] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 534.532025] ? lock_downgrade+0x810/0x810 [ 534.536182] ? ___might_sleep+0x163/0x280 [ 534.540339] __should_failslab+0x121/0x190 [ 534.544591] should_failslab+0x9/0x14 [ 534.548544] __kmalloc+0x2e2/0x750 [ 534.552154] ? __lock_is_held+0xb6/0x140 [ 534.556309] ? apply_wqattrs_prepare+0xfb/0xa30 [ 534.561155] apply_wqattrs_prepare+0xfb/0xa30 [ 534.565671] apply_workqueue_attrs_locked+0xcb/0x140 [ 534.570778] apply_workqueue_attrs+0x31/0x50 [ 534.575204] __alloc_workqueue_key+0x8b8/0xee0 [ 534.579829] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 534.584873] hci_register_dev+0x225/0x880 [ 534.589198] hci_uart_tty_ioctl+0x761/0xaf0 [ 534.593542] tty_ioctl+0x8b5/0x1510 [ 534.597396] ? hci_uart_init_work+0x140/0x140 [ 534.601916] ? tty_vhangup+0x30/0x30 [ 534.605776] ? mark_held_locks+0x100/0x100 [ 534.610016] ? debug_smp_processor_id+0x1c/0x20 [ 534.614690] ? __fget+0x340/0x540 [ 534.618146] ? ___might_sleep+0x163/0x280 [ 534.622378] ? __might_sleep+0x95/0x190 [ 534.626466] ? tty_vhangup+0x30/0x30 [ 534.630207] do_vfs_ioctl+0xd5f/0x1380 [ 534.634124] ? selinux_file_ioctl+0x46f/0x5e0 [ 534.638738] ? selinux_file_ioctl+0x125/0x5e0 [ 534.643240] ? ioctl_preallocate+0x210/0x210 [ 534.647671] ? selinux_file_mprotect+0x620/0x620 [ 534.652526] ? iterate_fd+0x360/0x360 [ 534.656331] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 534.661873] ? fput+0x128/0x1a0 [ 534.665276] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 534.670953] ? security_file_ioctl+0x8d/0xc0 [ 534.675379] ksys_ioctl+0xab/0xd0 [ 534.678839] __x64_sys_ioctl+0x73/0xb0 [ 534.682743] do_syscall_64+0xfd/0x620 [ 534.686617] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 534.691858] RIP: 0033:0x459829 [ 534.695054] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 534.714141] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 534.721861] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 01:08:12 executing program 2 (fault-call:3 fault-nth:12): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 534.729197] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 534.736563] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 534.743897] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 534.751171] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 534.760576] Bluetooth: Can't register HCI device 01:08:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 534.890264] FAULT_INJECTION: forcing a failure. [ 534.890264] name failslab, interval 1, probability 0, space 0, times 0 [ 534.901965] CPU: 0 PID: 10709 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 534.909133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.918526] Call Trace: [ 534.921158] dump_stack+0x172/0x1f0 [ 534.924845] should_fail.cold+0xa/0x1b [ 534.928788] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 534.934028] ? lock_downgrade+0x810/0x810 [ 534.938221] ? ___might_sleep+0x163/0x280 [ 534.942424] __should_failslab+0x121/0x190 [ 534.946711] should_failslab+0x9/0x14 [ 534.950553] kmem_cache_alloc_trace+0x2cc/0x760 [ 534.955272] ? apply_wqattrs_prepare+0xfb/0xa30 [ 534.959975] apply_wqattrs_prepare+0x13b/0xa30 [ 534.964626] apply_workqueue_attrs_locked+0xcb/0x140 [ 534.969849] apply_workqueue_attrs+0x31/0x50 [ 534.974289] __alloc_workqueue_key+0x8b8/0xee0 [ 534.978909] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 534.984056] hci_register_dev+0x225/0x880 [ 534.988244] hci_uart_tty_ioctl+0x761/0xaf0 [ 534.992650] tty_ioctl+0x8b5/0x1510 [ 534.996311] ? hci_uart_init_work+0x140/0x140 [ 535.000892] ? tty_vhangup+0x30/0x30 [ 535.004626] ? mark_held_locks+0x100/0x100 [ 535.008892] ? perf_trace_lock_acquire+0x380/0x580 [ 535.013858] ? __fget+0x340/0x540 [ 535.017335] ? ___might_sleep+0x163/0x280 [ 535.021517] ? __might_sleep+0x95/0x190 [ 535.025516] ? tty_vhangup+0x30/0x30 [ 535.029259] do_vfs_ioctl+0xd5f/0x1380 [ 535.033180] ? selinux_file_ioctl+0x46f/0x5e0 [ 535.037695] ? selinux_file_ioctl+0x125/0x5e0 [ 535.042218] ? ioctl_preallocate+0x210/0x210 [ 535.046644] ? selinux_file_mprotect+0x620/0x620 [ 535.051440] ? iterate_fd+0x360/0x360 [ 535.055269] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 535.060830] ? fput+0x128/0x1a0 [ 535.064146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 535.069714] ? security_file_ioctl+0x8d/0xc0 [ 535.074152] ksys_ioctl+0xab/0xd0 [ 535.077703] __x64_sys_ioctl+0x73/0xb0 [ 535.081622] do_syscall_64+0xfd/0x620 [ 535.085454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 535.090784] RIP: 0033:0x459829 [ 535.094011] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 535.113107] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 535.120962] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 535.128275] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 535.135685] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 535.142974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 535.150352] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 535.164476] Bluetooth: Can't register HCI device 01:08:13 executing program 2 (fault-call:3 fault-nth:13): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:13 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 535.345083] FAULT_INJECTION: forcing a failure. [ 535.345083] name failslab, interval 1, probability 0, space 0, times 0 [ 535.364883] CPU: 1 PID: 10716 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 535.371966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.381360] Call Trace: [ 535.384120] dump_stack+0x172/0x1f0 [ 535.387792] should_fail.cold+0xa/0x1b [ 535.391716] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 535.396849] ? lock_downgrade+0x810/0x810 [ 535.401029] ? ___might_sleep+0x163/0x280 [ 535.405211] __should_failslab+0x121/0x190 [ 535.409472] should_failslab+0x9/0x14 [ 535.413434] kmem_cache_alloc_node+0x26c/0x710 [ 535.418060] alloc_unbound_pwq+0x4c1/0xc70 [ 535.422337] apply_wqattrs_prepare+0x3c5/0xa30 [ 535.427057] apply_workqueue_attrs_locked+0xcb/0x140 [ 535.432195] apply_workqueue_attrs+0x31/0x50 [ 535.436707] __alloc_workqueue_key+0x8b8/0xee0 [ 535.441318] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 535.446484] hci_register_dev+0x225/0x880 [ 535.450656] hci_uart_tty_ioctl+0x761/0xaf0 [ 535.455002] tty_ioctl+0x8b5/0x1510 [ 535.458645] ? hci_uart_init_work+0x140/0x140 [ 535.463167] ? tty_vhangup+0x30/0x30 [ 535.467044] ? mark_held_locks+0x100/0x100 [ 535.471313] ? debug_smp_processor_id+0x1c/0x20 [ 535.476161] ? __fget+0x340/0x540 [ 535.479631] ? ___might_sleep+0x163/0x280 [ 535.483885] ? __might_sleep+0x95/0x190 [ 535.487879] ? tty_vhangup+0x30/0x30 [ 535.491609] do_vfs_ioctl+0xd5f/0x1380 [ 535.495520] ? selinux_file_ioctl+0x46f/0x5e0 [ 535.500039] ? selinux_file_ioctl+0x125/0x5e0 [ 535.504551] ? ioctl_preallocate+0x210/0x210 [ 535.509003] ? selinux_file_mprotect+0x620/0x620 [ 535.513793] ? iterate_fd+0x360/0x360 [ 535.517613] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 535.523233] ? fput+0x128/0x1a0 [ 535.526534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 535.532129] ? security_file_ioctl+0x8d/0xc0 [ 535.536555] ksys_ioctl+0xab/0xd0 [ 535.540057] __x64_sys_ioctl+0x73/0xb0 [ 535.543974] do_syscall_64+0xfd/0x620 [ 535.548047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 535.553253] RIP: 0033:0x459829 [ 535.556605] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 535.575612] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 535.583354] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 535.590791] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 535.598114] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 535.605394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 535.612684] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 535.623842] Bluetooth: Can't register HCI device [ 536.338712] Bluetooth: hci1: command 0x1003 tx timeout [ 536.344243] Bluetooth: hci0: command 0x1003 tx timeout [ 536.344287] Bluetooth: hci1: sending frame failed (-49) [ 536.355118] Bluetooth: hci0: sending frame failed (-49) [ 536.418780] Bluetooth: hci4: command 0x1003 tx timeout [ 536.424217] Bluetooth: hci3: command 0x1003 tx timeout [ 536.424307] Bluetooth: hci4: sending frame failed (-49) [ 536.435789] Bluetooth: hci3: sending frame failed (-49) [ 538.418733] Bluetooth: hci1: command 0x1001 tx timeout [ 538.418758] Bluetooth: hci0: command 0x1001 tx timeout [ 538.424148] Bluetooth: hci1: sending frame failed (-49) [ 538.429812] Bluetooth: hci0: sending frame failed (-49) [ 538.498716] Bluetooth: hci3: command 0x1001 tx timeout [ 538.498723] Bluetooth: hci4: command 0x1001 tx timeout [ 538.498803] Bluetooth: hci4: sending frame failed (-49) [ 538.504096] Bluetooth: hci3: sending frame failed (-49) [ 540.498697] Bluetooth: hci0: command 0x1009 tx timeout [ 540.498720] Bluetooth: hci1: command 0x1009 tx timeout [ 540.578686] Bluetooth: hci4: command 0x1009 tx timeout [ 540.578693] Bluetooth: hci3: command 0x1009 tx timeout 01:08:22 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:22 executing program 0 (fault-call:3 fault-nth:16): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:22 executing program 2 (fault-call:3 fault-nth:14): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:22 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:08:22 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x540c, 0x0) 01:08:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 544.615613] FAULT_INJECTION: forcing a failure. [ 544.615613] name failslab, interval 1, probability 0, space 0, times 0 [ 544.691055] CPU: 1 PID: 10723 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 544.698128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.707501] Call Trace: [ 544.710132] dump_stack+0x172/0x1f0 [ 544.713789] should_fail.cold+0xa/0x1b [ 544.717715] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 544.722844] ? lock_downgrade+0x810/0x810 [ 544.727014] ? ___might_sleep+0x163/0x280 [ 544.731185] __should_failslab+0x121/0x190 [ 544.735441] should_failslab+0x9/0x14 [ 544.739256] kmem_cache_alloc+0x2ae/0x700 [ 544.743413] ? debug_smp_processor_id+0x1c/0x20 [ 544.748087] ? perf_trace_lock_acquire+0xf5/0x580 [ 544.752947] ? __save_stack_trace+0x99/0x100 [ 544.757362] __d_alloc+0x2e/0x9c0 [ 544.760828] ? find_held_lock+0x35/0x130 [ 544.764906] d_alloc+0x4d/0x280 [ 544.768196] ? __lock_acquire+0x6eb/0x48f0 [ 544.772451] d_alloc_parallel+0xf4/0x1bb0 [ 544.776611] ? debug_smp_processor_id+0x1c/0x20 [ 544.781285] ? __d_lookup_rcu+0x6b0/0x6b0 [ 544.785444] ? __d_lookup+0x40c/0x760 [ 544.789268] ? __lockdep_init_map+0x10c/0x5b0 [ 544.793775] ? __lockdep_init_map+0x10c/0x5b0 [ 544.798281] __lookup_slow+0x1ab/0x500 [ 544.802172] ? vfs_unlink+0x500/0x500 [ 544.805972] ? lockdep_hardirqs_on+0x415/0x5d0 [ 544.810561] ? d_lookup+0x19e/0x260 [ 544.814210] lookup_one_len+0x16d/0x1a0 [ 544.818190] ? lookup_one_len_unlocked+0x100/0x100 [ 544.823114] start_creating+0xbf/0x1e0 [ 544.827005] debugfs_create_dir+0x23/0x3c0 [ 544.831270] hci_register_dev+0x2b5/0x880 [ 544.835439] hci_uart_tty_ioctl+0x761/0xaf0 [ 544.839781] tty_ioctl+0x8b5/0x1510 [ 544.843410] ? hci_uart_init_work+0x140/0x140 [ 544.847895] ? tty_vhangup+0x30/0x30 [ 544.851607] ? mark_held_locks+0x100/0x100 [ 544.855843] ? debug_smp_processor_id+0x1c/0x20 [ 544.860520] ? __fget+0x340/0x540 [ 544.863976] ? ___might_sleep+0x163/0x280 [ 544.868133] ? __might_sleep+0x95/0x190 [ 544.872108] ? tty_vhangup+0x30/0x30 [ 544.875832] do_vfs_ioctl+0xd5f/0x1380 [ 544.879730] ? selinux_file_ioctl+0x46f/0x5e0 [ 544.884236] ? selinux_file_ioctl+0x125/0x5e0 [ 544.888749] ? ioctl_preallocate+0x210/0x210 [ 544.893167] ? selinux_file_mprotect+0x620/0x620 [ 544.897928] ? iterate_fd+0x360/0x360 [ 544.901734] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 544.907283] ? fput+0x128/0x1a0 [ 544.910575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 544.916115] ? security_file_ioctl+0x8d/0xc0 [ 544.920530] ksys_ioctl+0xab/0xd0 [ 544.923988] __x64_sys_ioctl+0x73/0xb0 [ 544.927881] do_syscall_64+0xfd/0x620 [ 544.931696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 544.936896] RIP: 0033:0x459829 [ 544.940104] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 544.959017] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 544.966741] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 544.974009] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 544.981288] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 01:08:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 544.988566] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 544.995841] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 545.019725] FAULT_INJECTION: forcing a failure. [ 545.019725] name failslab, interval 1, probability 0, space 0, times 0 [ 545.032909] Bluetooth: hci0: Frame reassembly failed (-84) [ 545.039615] Bluetooth: hci2: Frame reassembly failed (-84) [ 545.064000] CPU: 0 PID: 10736 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 545.071070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.080968] Call Trace: [ 545.083588] dump_stack+0x172/0x1f0 [ 545.087249] should_fail.cold+0xa/0x1b [ 545.091184] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 545.096307] ? lock_downgrade+0x810/0x810 [ 545.096332] ? ___might_sleep+0x163/0x280 [ 545.096361] __should_failslab+0x121/0x190 [ 545.104657] should_failslab+0x9/0x14 [ 545.112699] kmem_cache_alloc+0x2ae/0x700 [ 545.116882] ? lookup_one_len+0x10e/0x1a0 [ 545.121075] alloc_inode+0xb6/0x190 [ 545.124732] new_inode_pseudo+0x19/0xf0 [ 545.128738] new_inode+0x1f/0x40 [ 545.132133] debugfs_get_inode+0x1a/0x130 [ 545.136308] debugfs_create_dir+0x77/0x3c0 [ 545.140578] hci_register_dev+0x2b5/0x880 [ 545.144760] hci_uart_tty_ioctl+0x761/0xaf0 [ 545.149114] tty_ioctl+0x8b5/0x1510 [ 545.152773] ? hci_uart_init_work+0x140/0x140 [ 545.157297] ? tty_vhangup+0x30/0x30 [ 545.161038] ? mark_held_locks+0x100/0x100 [ 545.165307] ? perf_trace_lock_acquire+0x380/0x580 [ 545.170274] ? __fget+0x340/0x540 [ 545.173760] ? ___might_sleep+0x163/0x280 [ 545.177942] ? __might_sleep+0x95/0x190 [ 545.181949] ? tty_vhangup+0x30/0x30 [ 545.186129] do_vfs_ioctl+0xd5f/0x1380 [ 545.190042] ? selinux_file_ioctl+0x46f/0x5e0 [ 545.194555] ? selinux_file_ioctl+0x125/0x5e0 [ 545.199075] ? ioctl_preallocate+0x210/0x210 [ 545.203505] ? selinux_file_mprotect+0x620/0x620 [ 545.208295] ? iterate_fd+0x360/0x360 01:08:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 01:08:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 01:08:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 01:08:23 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 545.208321] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 545.208339] ? fput+0x128/0x1a0 [ 545.217706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 545.217732] ? security_file_ioctl+0x8d/0xc0 [ 545.230977] ksys_ioctl+0xab/0xd0 [ 545.234466] __x64_sys_ioctl+0x73/0xb0 [ 545.238387] do_syscall_64+0xfd/0x620 [ 545.242231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 545.247445] RIP: 0033:0x459829 01:08:23 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 545.250653] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 545.269584] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 545.277328] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 545.284651] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 545.291945] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 545.299229] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 545.306509] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 545.324349] Bluetooth: hci3: Frame reassembly failed (-84) [ 547.058913] Bluetooth: hci2: command 0x1003 tx timeout [ 547.064301] Bluetooth: hci2: sending frame failed (-49) [ 547.069807] Bluetooth: hci1: command 0x1003 tx timeout [ 547.075120] Bluetooth: hci0: command 0x1003 tx timeout [ 547.075164] Bluetooth: hci1: sending frame failed (-49) [ 547.080519] Bluetooth: hci0: sending frame failed (-49) [ 547.378730] Bluetooth: hci3: command 0x1003 tx timeout [ 547.384194] Bluetooth: hci3: sending frame failed (-49) [ 549.138729] Bluetooth: hci1: command 0x1001 tx timeout [ 549.138956] Bluetooth: hci0: command 0x1001 tx timeout [ 549.144119] Bluetooth: hci1: sending frame failed (-49) [ 549.155336] Bluetooth: hci2: command 0x1001 tx timeout [ 549.155398] Bluetooth: hci0: sending frame failed (-49) [ 549.161031] Bluetooth: hci2: sending frame failed (-49) [ 549.458895] Bluetooth: hci3: command 0x1001 tx timeout [ 549.464327] Bluetooth: hci3: sending frame failed (-49) [ 551.218715] Bluetooth: hci0: command 0x1009 tx timeout [ 551.218919] Bluetooth: hci2: command 0x1009 tx timeout [ 551.224083] Bluetooth: hci1: command 0x1009 tx timeout [ 551.538708] Bluetooth: hci3: command 0x1009 tx timeout 01:08:33 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:33 executing program 0 (fault-call:3 fault-nth:17): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:33 executing program 2 (fault-call:3 fault-nth:15): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:33 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:08:33 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x540d, 0x0) 01:08:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 01:08:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 555.551633] Bluetooth: hci0: Frame reassembly failed (-84) [ 555.572874] FAULT_INJECTION: forcing a failure. [ 555.572874] name failslab, interval 1, probability 0, space 0, times 0 [ 555.591586] CPU: 0 PID: 10777 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 555.598630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 555.598641] Call Trace: [ 555.598670] dump_stack+0x172/0x1f0 [ 555.598710] should_fail.cold+0xa/0x1b [ 555.598746] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 555.598774] ? lock_downgrade+0x810/0x810 [ 555.598801] ? ___might_sleep+0x163/0x280 [ 555.627514] __should_failslab+0x121/0x190 [ 555.627547] should_failslab+0x9/0x14 [ 555.639731] kmem_cache_alloc_node+0x26c/0x710 [ 555.644373] alloc_unbound_pwq+0x4c1/0xc70 [ 555.648675] apply_wqattrs_prepare+0x3c5/0xa30 [ 555.653306] apply_workqueue_attrs_locked+0xcb/0x140 [ 555.658441] apply_workqueue_attrs+0x31/0x50 [ 555.662876] __alloc_workqueue_key+0x8b8/0xee0 [ 555.667499] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 555.672580] hci_register_dev+0x225/0x880 [ 555.676772] hci_uart_tty_ioctl+0x761/0xaf0 [ 555.681127] tty_ioctl+0x8b5/0x1510 [ 555.684787] ? hci_uart_init_work+0x140/0x140 [ 555.689302] ? tty_vhangup+0x30/0x30 [ 555.689322] ? mark_held_locks+0x100/0x100 [ 555.689348] ? perf_trace_lock_acquire+0x380/0x580 01:08:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 555.689378] ? __fget+0x340/0x540 [ 555.689402] ? ___might_sleep+0x163/0x280 [ 555.689427] ? __might_sleep+0x95/0x190 [ 555.689449] ? tty_vhangup+0x30/0x30 [ 555.689472] do_vfs_ioctl+0xd5f/0x1380 [ 555.705807] ? selinux_file_ioctl+0x46f/0x5e0 [ 555.705827] ? selinux_file_ioctl+0x125/0x5e0 [ 555.705851] ? ioctl_preallocate+0x210/0x210 [ 555.705870] ? selinux_file_mprotect+0x620/0x620 [ 555.739744] ? iterate_fd+0x360/0x360 [ 555.743580] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 555.749147] ? fput+0x128/0x1a0 [ 555.752566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 555.758126] ? security_file_ioctl+0x8d/0xc0 [ 555.762576] ksys_ioctl+0xab/0xd0 [ 555.766072] __x64_sys_ioctl+0x73/0xb0 [ 555.769996] do_syscall_64+0xfd/0x620 [ 555.773830] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 555.779048] RIP: 0033:0x459829 [ 555.782267] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:08:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 555.801204] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 555.808951] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 555.816238] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 555.823534] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 555.830829] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 555.830840] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 555.839381] FAULT_INJECTION: forcing a failure. [ 555.839381] name failslab, interval 1, probability 0, space 0, times 0 [ 555.863370] Bluetooth: Can't register HCI device [ 555.865039] CPU: 1 PID: 10775 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 555.875188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 555.884544] Call Trace: [ 555.884567] dump_stack+0x172/0x1f0 [ 555.884591] should_fail.cold+0xa/0x1b [ 555.884612] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 555.884633] ? ___might_sleep+0x163/0x280 [ 555.884658] __should_failslab+0x121/0x190 [ 555.884685] should_failslab+0x9/0x14 [ 555.884703] kmem_cache_alloc+0x2ae/0x700 [ 555.894792] ? map_id_range_down+0x1ee/0x370 [ 555.894814] ? __put_user_ns+0x70/0x70 [ 555.894839] selinux_inode_alloc_security+0xb6/0x2a0 [ 555.894861] security_inode_alloc+0x8a/0xd0 [ 555.894881] inode_init_always+0x56e/0xb40 [ 555.938210] alloc_inode+0x81/0x190 [ 555.941854] new_inode_pseudo+0x19/0xf0 [ 555.945852] new_inode+0x1f/0x40 [ 555.949236] debugfs_get_inode+0x1a/0x130 01:08:33 executing program 2 (fault-call:3 fault-nth:16): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 555.953393] debugfs_create_dir+0x77/0x3c0 [ 555.953418] hci_register_dev+0x2b5/0x880 [ 555.953442] hci_uart_tty_ioctl+0x761/0xaf0 [ 555.961837] tty_ioctl+0x8b5/0x1510 [ 555.961855] ? hci_uart_init_work+0x140/0x140 [ 555.961872] ? tty_vhangup+0x30/0x30 [ 555.978018] ? mark_held_locks+0x100/0x100 [ 555.982276] ? perf_trace_lock_acquire+0x380/0x580 [ 555.987229] ? __fget+0x340/0x540 [ 555.990710] ? ___might_sleep+0x163/0x280 [ 555.994877] ? __might_sleep+0x95/0x190 [ 555.998870] ? tty_vhangup+0x30/0x30 [ 556.002606] do_vfs_ioctl+0xd5f/0x1380 [ 556.006513] ? selinux_file_ioctl+0x46f/0x5e0 [ 556.011014] ? selinux_file_ioctl+0x125/0x5e0 [ 556.015515] ? ioctl_preallocate+0x210/0x210 [ 556.019911] ? selinux_file_mprotect+0x620/0x620 [ 556.024658] ? iterate_fd+0x360/0x360 [ 556.028459] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 556.033983] ? fput+0x128/0x1a0 [ 556.037256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 556.042780] ? security_file_ioctl+0x8d/0xc0 [ 556.047181] ksys_ioctl+0xab/0xd0 [ 556.050624] __x64_sys_ioctl+0x73/0xb0 [ 556.054501] do_syscall_64+0xfd/0x620 [ 556.058292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 556.063469] RIP: 0033:0x459829 [ 556.066690] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 556.085929] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 556.093639] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 01:08:33 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:08:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 556.100917] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 556.108174] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 556.115430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 556.122689] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 556.159710] Bluetooth: hci3: Frame reassembly failed (-84) [ 556.209087] FAULT_INJECTION: forcing a failure. [ 556.209087] name failslab, interval 1, probability 0, space 0, times 0 [ 556.240505] CPU: 0 PID: 10796 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 556.247556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 556.256919] Call Trace: [ 556.259529] dump_stack+0x172/0x1f0 [ 556.263186] should_fail.cold+0xa/0x1b [ 556.267098] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 556.272224] ? ___might_sleep+0x163/0x280 [ 556.276391] __should_failslab+0x121/0x190 [ 556.276412] should_failslab+0x9/0x14 [ 556.276428] kmem_cache_alloc+0x2ae/0x700 [ 556.276445] ? map_id_range_down+0x1ee/0x370 [ 556.276465] ? __put_user_ns+0x70/0x70 [ 556.284532] selinux_inode_alloc_security+0xb6/0x2a0 [ 556.302048] security_inode_alloc+0x8a/0xd0 [ 556.306390] inode_init_always+0x56e/0xb40 [ 556.310642] alloc_inode+0x81/0x190 [ 556.314282] new_inode_pseudo+0x19/0xf0 [ 556.318274] new_inode+0x1f/0x40 [ 556.321660] debugfs_get_inode+0x1a/0x130 [ 556.325822] debugfs_create_dir+0x77/0x3c0 [ 556.330084] hci_register_dev+0x2b5/0x880 [ 556.334255] hci_uart_tty_ioctl+0x761/0xaf0 [ 556.338594] tty_ioctl+0x8b5/0x1510 [ 556.342226] ? hci_uart_init_work+0x140/0x140 [ 556.346712] ? tty_vhangup+0x30/0x30 [ 556.350429] ? mark_held_locks+0x100/0x100 [ 556.354668] ? proc_cwd_link+0x1d0/0x1d0 [ 556.358738] ? __fget+0x340/0x540 [ 556.362206] ? ___might_sleep+0x163/0x280 [ 556.366365] ? __might_sleep+0x95/0x190 [ 556.370345] ? tty_vhangup+0x30/0x30 [ 556.374069] do_vfs_ioctl+0xd5f/0x1380 [ 556.377972] ? selinux_file_ioctl+0x46f/0x5e0 [ 556.382484] ? selinux_file_ioctl+0x125/0x5e0 [ 556.386988] ? ioctl_preallocate+0x210/0x210 [ 556.391403] ? selinux_file_mprotect+0x620/0x620 [ 556.396177] ? iterate_fd+0x360/0x360 [ 556.399980] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 556.405528] ? fput+0x128/0x1a0 [ 556.408828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 556.414388] ? security_file_ioctl+0x8d/0xc0 [ 556.418801] ksys_ioctl+0xab/0xd0 [ 556.422253] __x64_sys_ioctl+0x73/0xb0 [ 556.426179] do_syscall_64+0xfd/0x620 [ 556.429995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 556.435190] RIP: 0033:0x459829 [ 556.438371] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 556.457262] RSP: 002b:00007f9d624c9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 556.464973] RAX: ffffffffffffffda RBX: 00007f9d624c9c90 RCX: 0000000000459829 [ 556.472239] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 556.479516] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 556.486787] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624ca6d4 [ 556.494047] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 556.505384] Bluetooth: hci2: Frame reassembly failed (-84) [ 557.618655] Bluetooth: hci0: command 0x1003 tx timeout [ 557.624178] Bluetooth: hci0: sending frame failed (-49) [ 557.778811] Bluetooth: hci1: command 0x1003 tx timeout [ 557.784334] Bluetooth: hci1: sending frame failed (-49) [ 558.178838] Bluetooth: hci3: command 0x1003 tx timeout [ 558.184387] Bluetooth: hci3: sending frame failed (-49) [ 558.578744] Bluetooth: hci2: command 0x1003 tx timeout [ 558.584217] Bluetooth: hci2: sending frame failed (-49) [ 559.698747] Bluetooth: hci0: command 0x1001 tx timeout [ 559.704183] Bluetooth: hci0: sending frame failed (-49) [ 559.858780] Bluetooth: hci1: command 0x1001 tx timeout [ 559.864176] Bluetooth: hci1: sending frame failed (-49) [ 560.258828] Bluetooth: hci3: command 0x1001 tx timeout [ 560.264227] Bluetooth: hci3: sending frame failed (-49) [ 560.658763] Bluetooth: hci2: command 0x1001 tx timeout [ 560.664195] Bluetooth: hci2: sending frame failed (-49) [ 561.778683] Bluetooth: hci0: command 0x1009 tx timeout [ 561.938721] Bluetooth: hci1: command 0x1009 tx timeout [ 562.338835] Bluetooth: hci3: command 0x1009 tx timeout [ 562.738738] Bluetooth: hci2: command 0x1009 tx timeout 01:08:43 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 565.657804] Bluetooth: hci0: Frame reassembly failed (-84) 01:08:44 executing program 0 (fault-call:3 fault-nth:18): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 01:08:44 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:08:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5412, 0x0) 01:08:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 566.377919] FAULT_INJECTION: forcing a failure. [ 566.377919] name failslab, interval 1, probability 0, space 0, times 0 [ 566.402861] CPU: 0 PID: 10813 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 566.409916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 566.419280] Call Trace: [ 566.419310] dump_stack+0x172/0x1f0 01:08:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 566.419349] should_fail.cold+0xa/0x1b [ 566.419381] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 566.419406] ? lock_downgrade+0x810/0x810 [ 566.433246] Bluetooth: hci1: sending frame failed (-49) [ 566.434604] ? ___might_sleep+0x163/0x280 [ 566.434639] __should_failslab+0x121/0x190 [ 566.434664] should_failslab+0x9/0x14 [ 566.434686] kmem_cache_alloc+0x2ae/0x700 [ 566.460518] ? lookup_one_len+0x10e/0x1a0 [ 566.464701] alloc_inode+0xb6/0x190 [ 566.468353] new_inode_pseudo+0x19/0xf0 [ 566.472359] new_inode+0x1f/0x40 [ 566.475760] debugfs_get_inode+0x1a/0x130 [ 566.479936] debugfs_create_dir+0x77/0x3c0 [ 566.484214] hci_register_dev+0x2b5/0x880 [ 566.488409] hci_uart_tty_ioctl+0x761/0xaf0 [ 566.492769] tty_ioctl+0x8b5/0x1510 [ 566.496427] ? hci_uart_init_work+0x140/0x140 [ 566.500955] ? tty_vhangup+0x30/0x30 [ 566.504698] ? mark_held_locks+0x100/0x100 [ 566.508969] ? perf_trace_lock_acquire+0x380/0x580 [ 566.513938] ? __fget+0x340/0x540 [ 566.517421] ? ___might_sleep+0x163/0x280 [ 566.521593] ? __might_sleep+0x95/0x190 01:08:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) [ 566.525592] ? tty_vhangup+0x30/0x30 [ 566.529331] do_vfs_ioctl+0xd5f/0x1380 [ 566.533269] ? selinux_file_ioctl+0x46f/0x5e0 [ 566.537783] ? selinux_file_ioctl+0x125/0x5e0 [ 566.537807] ? ioctl_preallocate+0x210/0x210 [ 566.537826] ? selinux_file_mprotect+0x620/0x620 [ 566.537861] ? iterate_fd+0x360/0x360 [ 566.546785] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 566.546806] ? fput+0x128/0x1a0 [ 566.546842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 566.569745] ? security_file_ioctl+0x8d/0xc0 [ 566.574202] ksys_ioctl+0xab/0xd0 [ 566.577671] __x64_sys_ioctl+0x73/0xb0 [ 566.581574] do_syscall_64+0xfd/0x620 [ 566.585392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 566.590584] RIP: 0033:0x459829 [ 566.593787] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 566.612687] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 566.620390] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 566.627659] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 566.634941] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 566.642201] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 566.649478] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:08:44 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 566.686080] Bluetooth: hci3: Frame reassembly failed (-84) 01:08:44 executing program 2 (fault-call:3 fault-nth:17): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:44 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 566.965851] FAULT_INJECTION: forcing a failure. [ 566.965851] name failslab, interval 1, probability 0, space 0, times 0 [ 566.977316] CPU: 1 PID: 10833 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 566.984353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 566.993710] Call Trace: [ 566.996291] dump_stack+0x172/0x1f0 [ 566.999914] should_fail.cold+0xa/0x1b [ 567.003826] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 567.008925] ? lock_downgrade+0x810/0x810 [ 567.013077] ? ___might_sleep+0x163/0x280 [ 567.017226] __should_failslab+0x121/0x190 [ 567.021456] should_failslab+0x9/0x14 [ 567.025254] kmem_cache_alloc+0x2ae/0x700 [ 567.029398] ? lookup_one_len+0x10e/0x1a0 [ 567.033549] alloc_inode+0xb6/0x190 [ 567.037170] new_inode_pseudo+0x19/0xf0 [ 567.041152] new_inode+0x1f/0x40 [ 567.044511] debugfs_get_inode+0x1a/0x130 [ 567.048655] debugfs_create_dir+0x77/0x3c0 [ 567.052926] hci_register_dev+0x2b5/0x880 [ 567.057088] hci_uart_tty_ioctl+0x761/0xaf0 [ 567.061416] tty_ioctl+0x8b5/0x1510 [ 567.065045] ? hci_uart_init_work+0x140/0x140 [ 567.069551] ? tty_vhangup+0x30/0x30 [ 567.073269] ? mark_held_locks+0x100/0x100 [ 567.077503] ? debug_smp_processor_id+0x1c/0x20 [ 567.082169] ? __fget+0x340/0x540 [ 567.085615] ? ___might_sleep+0x163/0x280 [ 567.089763] ? __might_sleep+0x95/0x190 [ 567.093738] ? tty_vhangup+0x30/0x30 [ 567.097484] do_vfs_ioctl+0xd5f/0x1380 [ 567.101361] ? selinux_file_ioctl+0x46f/0x5e0 [ 567.105843] ? selinux_file_ioctl+0x125/0x5e0 [ 567.110325] ? ioctl_preallocate+0x210/0x210 [ 567.114723] ? selinux_file_mprotect+0x620/0x620 [ 567.119470] ? iterate_fd+0x360/0x360 [ 567.123263] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 567.128785] ? fput+0x128/0x1a0 [ 567.132055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 567.137579] ? security_file_ioctl+0x8d/0xc0 [ 567.141992] ksys_ioctl+0xab/0xd0 [ 567.145438] __x64_sys_ioctl+0x73/0xb0 [ 567.149313] do_syscall_64+0xfd/0x620 [ 567.153132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 567.158314] RIP: 0033:0x459829 [ 567.161506] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 567.180397] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 567.188095] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 567.195350] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 567.202605] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 567.209860] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 01:08:45 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 567.217122] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 567.233701] Bluetooth: hci2: Frame reassembly failed (-84) [ 567.698699] Bluetooth: hci0: command 0x1003 tx timeout [ 567.704119] Bluetooth: hci0: sending frame failed (-49) [ 568.418653] Bluetooth: hci1: command 0x1003 tx timeout [ 568.424170] Bluetooth: hci1: sending frame failed (-49) [ 568.738826] Bluetooth: hci4: command 0x1003 tx timeout [ 568.744178] Bluetooth: hci3: command 0x1003 tx timeout [ 568.744260] Bluetooth: hci4: sending frame failed (-49) [ 568.754937] Bluetooth: hci3: sending frame failed (-49) [ 569.298775] Bluetooth: hci2: command 0x1003 tx timeout [ 569.304186] Bluetooth: hci2: sending frame failed (-49) [ 569.778705] Bluetooth: hci0: command 0x1001 tx timeout [ 569.784900] Bluetooth: hci0: sending frame failed (-49) [ 570.498677] Bluetooth: hci1: command 0x1001 tx timeout [ 570.504070] Bluetooth: hci1: sending frame failed (-49) [ 570.818709] Bluetooth: hci3: command 0x1001 tx timeout [ 570.824048] Bluetooth: hci4: command 0x1001 tx timeout [ 570.824116] Bluetooth: hci3: sending frame failed (-49) [ 570.829829] Bluetooth: hci4: sending frame failed (-49) [ 571.378777] Bluetooth: hci2: command 0x1001 tx timeout [ 571.384181] Bluetooth: hci2: sending frame failed (-49) [ 571.858747] Bluetooth: hci0: command 0x1009 tx timeout [ 572.578698] Bluetooth: hci1: command 0x1009 tx timeout [ 572.898698] Bluetooth: hci4: command 0x1009 tx timeout [ 572.898878] Bluetooth: hci3: command 0x1009 tx timeout [ 573.458694] Bluetooth: hci2: command 0x1009 tx timeout 01:08:53 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 575.896307] Bluetooth: hci0: Frame reassembly failed (-84) 01:08:54 executing program 0 (fault-call:3 fault-nth:19): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:54 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:08:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5413, 0x0) 01:08:54 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) [ 577.232512] Bluetooth: hci1: Frame reassembly failed (-84) [ 577.257091] Bluetooth: hci3: Frame reassembly failed (-84) [ 577.272706] FAULT_INJECTION: forcing a failure. [ 577.272706] name failslab, interval 1, probability 0, space 0, times 0 [ 577.284001] CPU: 1 PID: 10854 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 577.291028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.300382] Call Trace: [ 577.302991] dump_stack+0x172/0x1f0 [ 577.306612] should_fail.cold+0xa/0x1b [ 577.310488] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 577.315580] ? lock_downgrade+0x810/0x810 [ 577.319726] ? ___might_sleep+0x163/0x280 [ 577.323883] __should_failslab+0x121/0x190 [ 577.328108] should_failslab+0x9/0x14 [ 577.331901] kmem_cache_alloc_trace+0x2cc/0x760 [ 577.336592] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 577.342143] ? refcount_inc_checked+0x2b/0x70 [ 577.346661] device_add+0xe5e/0x1760 [ 577.350424] ? device_initialize+0x440/0x440 [ 577.354872] ? get_device_parent.isra.0+0x570/0x570 [ 577.359901] hci_register_dev+0x304/0x880 [ 577.364065] hci_uart_tty_ioctl+0x761/0xaf0 [ 577.368392] tty_ioctl+0x8b5/0x1510 [ 577.372011] ? hci_uart_init_work+0x140/0x140 [ 577.376498] ? tty_vhangup+0x30/0x30 [ 577.380210] ? mark_held_locks+0x100/0x100 [ 577.384450] ? proc_cwd_link+0x1d0/0x1d0 [ 577.388500] ? __fget+0x340/0x540 [ 577.391941] ? ___might_sleep+0x163/0x280 [ 577.396079] ? __might_sleep+0x95/0x190 [ 577.400038] ? tty_vhangup+0x30/0x30 [ 577.403751] do_vfs_ioctl+0xd5f/0x1380 [ 577.407642] ? selinux_file_ioctl+0x46f/0x5e0 [ 577.412125] ? selinux_file_ioctl+0x125/0x5e0 [ 577.416606] ? ioctl_preallocate+0x210/0x210 [ 577.420999] ? selinux_file_mprotect+0x620/0x620 [ 577.425757] ? iterate_fd+0x360/0x360 [ 577.429563] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 577.435090] ? fput+0x128/0x1a0 [ 577.438364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 577.443887] ? security_file_ioctl+0x8d/0xc0 [ 577.448284] ksys_ioctl+0xab/0xd0 [ 577.451727] __x64_sys_ioctl+0x73/0xb0 [ 577.455619] do_syscall_64+0xfd/0x620 [ 577.459428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 577.464611] RIP: 0033:0x459829 [ 577.467802] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 577.486694] RSP: 002b:00007fd01d6e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 577.494413] RAX: ffffffffffffffda RBX: 00007fd01d6e3c90 RCX: 0000000000459829 [ 577.501684] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 577.509069] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 577.516337] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d6e46d4 [ 577.523608] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:08:55 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 577.533097] Bluetooth: Can't register HCI device 01:08:55 executing program 0 (fault-call:3 fault-nth:20): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 577.642929] FAULT_INJECTION: forcing a failure. [ 577.642929] name failslab, interval 1, probability 0, space 0, times 0 [ 577.655425] CPU: 1 PID: 10860 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 577.662449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.671809] Call Trace: [ 577.674387] dump_stack+0x172/0x1f0 [ 577.678046] should_fail.cold+0xa/0x1b [ 577.681922] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 577.687017] ? lock_downgrade+0x810/0x810 [ 577.691152] ? ___might_sleep+0x163/0x280 [ 577.695293] __should_failslab+0x121/0x190 [ 577.699525] should_failslab+0x9/0x14 [ 577.703318] kmem_cache_alloc+0x2ae/0x700 [ 577.707461] ? kasan_check_write+0x14/0x20 [ 577.711685] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 577.716518] __kernfs_new_node+0xef/0x680 [ 577.720657] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 577.725580] ? mutex_unlock+0xd/0x10 [ 577.729284] ? kernfs_activate+0x192/0x1f0 [ 577.733528] ? perf_trace_run_bpf_submit+0x131/0x190 [ 577.738630] kernfs_new_node+0x99/0x130 [ 577.742594] __kernfs_create_file+0x51/0x340 [ 577.746989] sysfs_add_file_mode_ns+0x222/0x560 [ 577.751677] sysfs_create_file_ns+0x13a/0x1c0 [ 577.756164] ? sysfs_add_file_mode_ns+0x560/0x560 [ 577.760998] ? up_read+0x1a/0x110 [ 577.764456] device_create_file+0xfa/0x1e0 [ 577.768692] ? acpi_bind_one+0x830/0x830 [ 577.772738] device_add+0x411/0x1760 [ 577.776437] ? device_initialize+0x440/0x440 [ 577.780838] ? get_device_parent.isra.0+0x570/0x570 [ 577.785842] ? start_creating+0x163/0x1e0 [ 577.790000] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 577.795528] hci_register_dev+0x304/0x880 [ 577.799674] hci_uart_tty_ioctl+0x761/0xaf0 [ 577.803987] tty_ioctl+0x8b5/0x1510 [ 577.807620] ? hci_uart_init_work+0x140/0x140 [ 577.812108] ? tty_vhangup+0x30/0x30 [ 577.815808] ? mark_held_locks+0x100/0x100 [ 577.820034] ? perf_trace_lock_acquire+0x380/0x580 [ 577.824950] ? __fget+0x340/0x540 [ 577.828390] ? ___might_sleep+0x163/0x280 [ 577.832549] ? __might_sleep+0x95/0x190 [ 577.836514] ? tty_vhangup+0x30/0x30 [ 577.840219] do_vfs_ioctl+0xd5f/0x1380 [ 577.844103] ? selinux_file_ioctl+0x46f/0x5e0 [ 577.848601] ? selinux_file_ioctl+0x125/0x5e0 [ 577.853086] ? ioctl_preallocate+0x210/0x210 [ 577.857483] ? selinux_file_mprotect+0x620/0x620 [ 577.862336] ? iterate_fd+0x360/0x360 [ 577.866129] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 577.871657] ? fput+0x128/0x1a0 [ 577.874935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 577.880457] ? security_file_ioctl+0x8d/0xc0 [ 577.884853] ksys_ioctl+0xab/0xd0 [ 577.888302] __x64_sys_ioctl+0x73/0xb0 [ 577.892196] do_syscall_64+0xfd/0x620 [ 577.895987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 577.901160] RIP: 0033:0x459829 [ 577.904344] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 577.923253] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 577.930952] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 577.938210] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 577.945466] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 577.952723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 577.959977] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 577.977390] Bluetooth: hci0: command 0x1003 tx timeout [ 577.984493] Bluetooth: Can't register HCI device 01:08:55 executing program 2 (fault-call:3 fault-nth:18): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:08:55 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 577.991859] Bluetooth: hci0: sending frame failed (-49) 01:08:55 executing program 0 (fault-call:3 fault-nth:21): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 578.084241] FAULT_INJECTION: forcing a failure. [ 578.084241] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 578.128834] CPU: 1 PID: 10864 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 578.135899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.147868] Call Trace: [ 578.150478] dump_stack+0x172/0x1f0 [ 578.154129] should_fail.cold+0xa/0x1b [ 578.158040] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 578.163151] ? ___might_sleep+0x163/0x280 [ 578.167289] ? __might_sleep+0x95/0x190 [ 578.171273] __alloc_pages_nodemask+0x1ee/0x760 [ 578.175947] ? __alloc_pages_slowpath+0x2870/0x2870 [ 578.180956] ? lock_downgrade+0x810/0x810 [ 578.185113] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 578.190678] alloc_pages_current+0x107/0x210 [ 578.195118] __get_free_pages+0xc/0x40 [ 578.199014] inode_doinit_with_dentry+0x6f0/0x1150 [ 578.204023] ? selinux_capset+0x120/0x120 [ 578.208164] ? current_time+0xde/0x140 [ 578.212060] selinux_d_instantiate+0x28/0x40 [ 578.216477] security_d_instantiate+0x57/0xf0 [ 578.220965] d_instantiate+0x60/0xa0 [ 578.224690] debugfs_create_dir+0x11f/0x3c0 [ 578.229071] hci_register_dev+0x2b5/0x880 [ 578.233240] hci_uart_tty_ioctl+0x761/0xaf0 [ 578.237555] tty_ioctl+0x8b5/0x1510 [ 578.241174] ? hci_uart_init_work+0x140/0x140 [ 578.245678] ? tty_vhangup+0x30/0x30 [ 578.249389] ? mark_held_locks+0x100/0x100 [ 578.253619] ? perf_trace_lock_acquire+0x380/0x580 [ 578.258543] ? __fget+0x340/0x540 [ 578.262009] ? ___might_sleep+0x163/0x280 [ 578.266168] ? __might_sleep+0x95/0x190 [ 578.270133] ? tty_vhangup+0x30/0x30 [ 578.273847] do_vfs_ioctl+0xd5f/0x1380 [ 578.277733] ? selinux_file_ioctl+0x46f/0x5e0 [ 578.282239] ? selinux_file_ioctl+0x125/0x5e0 [ 578.286722] ? ioctl_preallocate+0x210/0x210 [ 578.291135] ? selinux_file_mprotect+0x620/0x620 [ 578.295886] ? iterate_fd+0x360/0x360 [ 578.299685] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 578.305219] ? fput+0x128/0x1a0 [ 578.308514] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 578.314061] ? security_file_ioctl+0x8d/0xc0 [ 578.318489] ksys_ioctl+0xab/0xd0 [ 578.321955] __x64_sys_ioctl+0x73/0xb0 [ 578.325851] do_syscall_64+0xfd/0x620 [ 578.329659] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 578.334845] RIP: 0033:0x459829 [ 578.338032] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 578.356943] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 578.364646] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 578.371904] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 578.379167] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 578.386424] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 578.393685] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 578.406205] Bluetooth: hci2: Frame reassembly failed (-84) [ 578.419708] FAULT_INJECTION: forcing a failure. [ 578.419708] name failslab, interval 1, probability 0, space 0, times 0 [ 578.423973] Bluetooth: hci2: Frame reassembly failed (-84) [ 578.432460] CPU: 1 PID: 10869 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 578.443810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.453171] Call Trace: [ 578.455776] dump_stack+0x172/0x1f0 [ 578.459415] should_fail.cold+0xa/0x1b [ 578.463308] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 578.468420] ? lock_downgrade+0x810/0x810 [ 578.472585] ? ___might_sleep+0x163/0x280 [ 578.476753] __should_failslab+0x121/0x190 [ 578.480999] should_failslab+0x9/0x14 [ 578.484802] kmem_cache_alloc+0x2ae/0x700 [ 578.488966] __kernfs_new_node+0xef/0x680 [ 578.493116] ? mark_held_locks+0x100/0x100 [ 578.497359] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 578.502118] ? perf_trace_lock_acquire+0xf5/0x580 [ 578.506965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 578.512510] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 578.517963] ? find_held_lock+0x35/0x130 [ 578.522026] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 578.527489] kernfs_new_node+0x99/0x130 [ 578.531471] kernfs_create_link+0xdd/0x250 [ 578.535718] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 578.541000] sysfs_create_link+0x65/0xc0 [ 578.545066] device_add+0x4a7/0x1760 [ 578.548791] ? get_device_parent.isra.0+0x570/0x570 [ 578.553811] ? start_creating+0x163/0x1e0 [ 578.557967] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 578.563511] hci_register_dev+0x304/0x880 [ 578.567674] hci_uart_tty_ioctl+0x761/0xaf0 [ 578.572002] tty_ioctl+0x8b5/0x1510 [ 578.575631] ? hci_uart_init_work+0x140/0x140 [ 578.580150] ? tty_vhangup+0x30/0x30 [ 578.583870] ? mark_held_locks+0x100/0x100 [ 578.588109] ? perf_trace_lock_acquire+0x380/0x580 [ 578.593046] ? __fget+0x340/0x540 [ 578.596501] ? ___might_sleep+0x163/0x280 [ 578.600652] ? __might_sleep+0x95/0x190 [ 578.604642] ? tty_vhangup+0x30/0x30 [ 578.608359] do_vfs_ioctl+0xd5f/0x1380 [ 578.612249] ? selinux_file_ioctl+0x46f/0x5e0 [ 578.616744] ? selinux_file_ioctl+0x125/0x5e0 [ 578.621245] ? ioctl_preallocate+0x210/0x210 [ 578.625652] ? selinux_file_mprotect+0x620/0x620 [ 578.630420] ? iterate_fd+0x360/0x360 [ 578.634267] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 578.639807] ? fput+0x128/0x1a0 [ 578.643102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 578.648640] ? security_file_ioctl+0x8d/0xc0 [ 578.653058] ksys_ioctl+0xab/0xd0 [ 578.656514] __x64_sys_ioctl+0x73/0xb0 [ 578.660406] do_syscall_64+0xfd/0x620 [ 578.664212] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 578.669403] RIP: 0033:0x459829 [ 578.672599] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 578.691504] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 578.699218] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 578.706499] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 578.713776] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 578.721048] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 01:08:56 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 578.728330] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 578.749888] Bluetooth: Can't register HCI device 01:08:56 executing program 0 (fault-call:3 fault-nth:22): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 578.854233] FAULT_INJECTION: forcing a failure. [ 578.854233] name failslab, interval 1, probability 0, space 0, times 0 [ 578.865940] CPU: 1 PID: 10876 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 578.872976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.882364] Call Trace: [ 578.884966] dump_stack+0x172/0x1f0 [ 578.888617] should_fail.cold+0xa/0x1b [ 578.892523] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 578.892544] ? lock_downgrade+0x810/0x810 [ 578.892561] ? ___might_sleep+0x163/0x280 [ 578.892584] __should_failslab+0x121/0x190 [ 578.901843] should_failslab+0x9/0x14 [ 578.901860] kmem_cache_alloc+0x2ae/0x700 [ 578.901882] ? kernfs_activate+0x34/0x1f0 [ 578.901904] __kernfs_new_node+0xef/0x680 [ 578.926495] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 578.931272] ? kernfs_activate+0x192/0x1f0 [ 578.935541] ? lock_downgrade+0x810/0x810 [ 578.939693] ? kasan_check_read+0x11/0x20 [ 578.943837] ? mutex_trylock+0x1e0/0x1e0 [ 578.947897] ? lock_downgrade+0x810/0x810 [ 578.952052] kernfs_new_node+0x99/0x130 [ 578.956020] kernfs_create_dir_ns+0x52/0x160 [ 578.960420] internal_create_group+0x1cb/0xc30 [ 578.965054] ? mutex_unlock+0xd/0x10 [ 578.968775] ? remove_files.isra.0+0x190/0x190 [ 578.973354] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 578.978886] ? kernfs_put+0x3c2/0x5d0 [ 578.982687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 578.988227] ? kernfs_create_link+0x1d2/0x250 [ 578.992726] sysfs_create_group+0x20/0x30 [ 578.996883] dpm_sysfs_add+0x26/0x210 [ 579.000704] device_add+0xa47/0x1760 [ 579.004420] ? get_device_parent.isra.0+0x570/0x570 [ 579.009447] ? start_creating+0x163/0x1e0 [ 579.013655] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 579.019312] hci_register_dev+0x304/0x880 [ 579.023461] hci_uart_tty_ioctl+0x761/0xaf0 [ 579.027781] tty_ioctl+0x8b5/0x1510 [ 579.031411] ? hci_uart_init_work+0x140/0x140 [ 579.035899] ? tty_vhangup+0x30/0x30 [ 579.039623] ? mark_held_locks+0x100/0x100 [ 579.044145] ? debug_smp_processor_id+0x1c/0x20 [ 579.048866] ? __fget+0x340/0x540 [ 579.052318] ? ___might_sleep+0x163/0x280 [ 579.056465] ? __might_sleep+0x95/0x190 [ 579.060447] ? tty_vhangup+0x30/0x30 [ 579.064154] do_vfs_ioctl+0xd5f/0x1380 [ 579.068079] ? selinux_file_ioctl+0x46f/0x5e0 [ 579.072583] ? selinux_file_ioctl+0x125/0x5e0 [ 579.077091] ? ioctl_preallocate+0x210/0x210 [ 579.081511] ? selinux_file_mprotect+0x620/0x620 [ 579.086442] ? iterate_fd+0x360/0x360 [ 579.090238] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 579.095769] ? fput+0x128/0x1a0 [ 579.099046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 579.104571] ? security_file_ioctl+0x8d/0xc0 [ 579.108969] ksys_ioctl+0xab/0xd0 [ 579.112415] __x64_sys_ioctl+0x73/0xb0 [ 579.116296] do_syscall_64+0xfd/0x620 [ 579.120099] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 579.125285] RIP: 0033:0x459829 [ 579.128470] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 579.147371] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 579.155093] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 579.162366] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 579.169634] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 579.176907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 579.184179] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 579.194226] Bluetooth: Can't register HCI device [ 579.298762] Bluetooth: hci3: command 0x1003 tx timeout [ 579.304271] Bluetooth: hci1: command 0x1003 tx timeout [ 579.304321] Bluetooth: hci3: sending frame failed (-49) [ 579.309837] Bluetooth: hci1: sending frame failed (-49) [ 580.018657] Bluetooth: hci0: command 0x1001 tx timeout [ 580.024120] Bluetooth: hci0: sending frame failed (-49) [ 580.418777] Bluetooth: hci2: command 0x1003 tx timeout [ 580.424154] Bluetooth: hci2: sending frame failed (-49) [ 581.378729] Bluetooth: hci3: command 0x1001 tx timeout [ 581.378736] Bluetooth: hci1: command 0x1001 tx timeout [ 581.378814] Bluetooth: hci1: sending frame failed (-49) [ 581.384111] Bluetooth: hci3: sending frame failed (-49) [ 582.098815] Bluetooth: hci0: command 0x1009 tx timeout [ 582.498706] Bluetooth: hci2: command 0x1001 tx timeout [ 582.504116] Bluetooth: hci2: sending frame failed (-49) [ 583.458679] Bluetooth: hci1: command 0x1009 tx timeout [ 583.458699] Bluetooth: hci3: command 0x1009 tx timeout [ 584.578773] Bluetooth: hci2: command 0x1009 tx timeout 01:09:03 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:03 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:03 executing program 0 (fault-call:3 fault-nth:23): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 586.139025] FAULT_INJECTION: forcing a failure. [ 586.139025] name failslab, interval 1, probability 0, space 0, times 0 [ 586.159583] CPU: 1 PID: 10881 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 586.166642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 586.166650] Call Trace: [ 586.166680] dump_stack+0x172/0x1f0 [ 586.166710] should_fail.cold+0xa/0x1b [ 586.186623] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 586.191754] ? lock_downgrade+0x810/0x810 [ 586.195927] ? ___might_sleep+0x163/0x280 [ 586.200100] __should_failslab+0x121/0x190 [ 586.204350] should_failslab+0x9/0x14 [ 586.204367] kmem_cache_alloc+0x2ae/0x700 [ 586.204383] ? kasan_check_write+0x14/0x20 [ 586.204403] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 586.212360] __kernfs_new_node+0xef/0x680 [ 586.212382] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 586.212398] ? mutex_unlock+0xd/0x10 [ 586.212416] ? kernfs_activate+0x192/0x1f0 [ 586.212437] ? kernfs_add_one+0x131/0x4d0 [ 586.212465] kernfs_new_node+0x99/0x130 [ 586.225694] __kernfs_create_file+0x51/0x340 [ 586.234155] sysfs_add_file_mode_ns+0x222/0x560 [ 586.234181] sysfs_create_file_ns+0x13a/0x1c0 [ 586.234201] ? sysfs_add_file_mode_ns+0x560/0x560 [ 586.234224] ? up_read+0x1a/0x110 [ 586.242599] device_create_file+0xfa/0x1e0 [ 586.242616] ? acpi_bind_one+0x830/0x830 [ 586.242632] device_add+0x411/0x1760 [ 586.242650] ? device_initialize+0x440/0x440 [ 586.252157] Bluetooth: hci4: Frame reassembly failed (-84) [ 586.255698] ? get_device_parent.isra.0+0x570/0x570 [ 586.255731] hci_register_dev+0x304/0x880 [ 586.255756] hci_uart_tty_ioctl+0x761/0xaf0 [ 586.303872] tty_ioctl+0x8b5/0x1510 [ 586.307493] ? hci_uart_init_work+0x140/0x140 [ 586.312018] ? tty_vhangup+0x30/0x30 [ 586.315731] ? mark_held_locks+0x100/0x100 [ 586.319974] ? debug_smp_processor_id+0x1c/0x20 [ 586.324635] ? __fget+0x340/0x540 [ 586.328102] ? ___might_sleep+0x163/0x280 [ 586.332257] ? __might_sleep+0x95/0x190 [ 586.336220] ? tty_vhangup+0x30/0x30 [ 586.339922] do_vfs_ioctl+0xd5f/0x1380 [ 586.343809] ? selinux_file_ioctl+0x46f/0x5e0 [ 586.348319] ? selinux_file_ioctl+0x125/0x5e0 [ 586.352835] ? ioctl_preallocate+0x210/0x210 [ 586.357248] ? selinux_file_mprotect+0x620/0x620 [ 586.361996] ? iterate_fd+0x360/0x360 [ 586.365789] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 586.371315] ? fput+0x128/0x1a0 [ 586.374591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 586.380116] ? security_file_ioctl+0x8d/0xc0 [ 586.384528] ksys_ioctl+0xab/0xd0 [ 586.387977] __x64_sys_ioctl+0x73/0xb0 [ 586.391861] do_syscall_64+0xfd/0x620 [ 586.395656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 586.400887] RIP: 0033:0x459829 [ 586.404072] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 586.422983] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 586.430696] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 586.437955] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 586.445218] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 586.452513] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 586.459786] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 586.470773] Bluetooth: Can't register HCI device 01:09:05 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5414, 0x0) 01:09:05 executing program 0 (fault-call:3 fault-nth:24): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:05 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) [ 587.469878] FAULT_INJECTION: forcing a failure. [ 587.469878] name failslab, interval 1, probability 0, space 0, times 0 [ 587.502371] CPU: 1 PID: 10893 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 587.509413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.509421] Call Trace: [ 587.509444] dump_stack+0x172/0x1f0 [ 587.509473] should_fail.cold+0xa/0x1b [ 587.509498] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 587.509521] ? lock_downgrade+0x810/0x810 [ 587.509541] ? ___might_sleep+0x163/0x280 [ 587.509565] __should_failslab+0x121/0x190 [ 587.509587] should_failslab+0x9/0x14 [ 587.509603] kmem_cache_alloc+0x2ae/0x700 [ 587.509620] ? kasan_check_write+0x14/0x20 [ 587.509637] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 587.509673] __kernfs_new_node+0xef/0x680 [ 587.509699] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 587.509717] ? mutex_unlock+0xd/0x10 [ 587.509736] ? kernfs_activate+0x192/0x1f0 [ 587.509759] ? kernfs_add_one+0x131/0x4d0 [ 587.521724] kernfs_new_node+0x99/0x130 [ 587.521750] __kernfs_create_file+0x51/0x340 [ 587.521770] sysfs_add_file_mode_ns+0x222/0x560 [ 587.521794] sysfs_create_file_ns+0x13a/0x1c0 [ 587.529300] ? sysfs_add_file_mode_ns+0x560/0x560 [ 587.529326] ? up_read+0x1a/0x110 [ 587.529349] device_create_file+0xfa/0x1e0 [ 587.529364] ? acpi_bind_one+0x830/0x830 [ 587.529380] device_add+0x411/0x1760 [ 587.529396] ? device_initialize+0x440/0x440 [ 587.529419] ? get_device_parent.isra.0+0x570/0x570 [ 587.631897] hci_register_dev+0x304/0x880 [ 587.636061] hci_uart_tty_ioctl+0x761/0xaf0 [ 587.640407] tty_ioctl+0x8b5/0x1510 [ 587.644024] ? hci_uart_init_work+0x140/0x140 [ 587.648574] ? tty_vhangup+0x30/0x30 [ 587.652295] ? mark_held_locks+0x100/0x100 [ 587.656520] ? debug_smp_processor_id+0x1c/0x20 [ 587.661203] ? __fget+0x340/0x540 [ 587.664646] ? ___might_sleep+0x163/0x280 [ 587.668818] ? __might_sleep+0x95/0x190 [ 587.672780] ? tty_vhangup+0x30/0x30 [ 587.676493] do_vfs_ioctl+0xd5f/0x1380 [ 587.680385] ? selinux_file_ioctl+0x46f/0x5e0 [ 587.684886] ? selinux_file_ioctl+0x125/0x5e0 [ 587.689370] ? ioctl_preallocate+0x210/0x210 [ 587.693765] ? selinux_file_mprotect+0x620/0x620 [ 587.698544] ? iterate_fd+0x360/0x360 [ 587.702350] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 587.707877] ? fput+0x128/0x1a0 [ 587.711156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 587.716689] ? security_file_ioctl+0x8d/0xc0 [ 587.721100] ksys_ioctl+0xab/0xd0 [ 587.724552] __x64_sys_ioctl+0x73/0xb0 [ 587.728430] do_syscall_64+0xfd/0x620 [ 587.732246] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 587.737428] RIP: 0033:0x459829 [ 587.740622] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 587.759508] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 587.767204] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 587.774469] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 587.781732] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 587.788988] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 587.796259] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 587.805387] Bluetooth: Can't register HCI device [ 588.258744] Bluetooth: hci4: command 0x1003 tx timeout [ 588.265709] Bluetooth: hci4: sending frame failed (-49) 01:09:06 executing program 2 (fault-call:3 fault-nth:19): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:06 executing program 0 (fault-call:3 fault-nth:25): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:06 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 588.698119] FAULT_INJECTION: forcing a failure. [ 588.698119] name failslab, interval 1, probability 0, space 0, times 0 [ 588.732110] CPU: 1 PID: 10903 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 588.739164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 588.748528] Call Trace: [ 588.751142] dump_stack+0x172/0x1f0 [ 588.754801] should_fail.cold+0xa/0x1b [ 588.758715] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 588.763836] ? lock_downgrade+0x810/0x810 [ 588.764950] FAULT_INJECTION: forcing a failure. [ 588.764950] name failslab, interval 1, probability 0, space 0, times 0 [ 588.767999] ? ___might_sleep+0x163/0x280 [ 588.768024] __should_failslab+0x121/0x190 [ 588.768043] should_failslab+0x9/0x14 [ 588.768073] kmem_cache_alloc+0x2ae/0x700 [ 588.795565] ? lock_downgrade+0x810/0x810 [ 588.799723] ? kasan_check_read+0x11/0x20 [ 588.803893] __kernfs_new_node+0xef/0x680 [ 588.808056] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 588.812824] ? wait_for_completion+0x440/0x440 [ 588.817424] ? mutex_unlock+0xd/0x10 [ 588.821153] ? kernfs_activate+0x192/0x1f0 [ 588.825409] kernfs_new_node+0x99/0x130 [ 588.829405] __kernfs_create_file+0x51/0x340 [ 588.833826] sysfs_add_file_mode_ns+0x222/0x560 [ 588.838521] sysfs_merge_group+0x1a0/0x340 [ 588.842771] ? sysfs_mount+0x1e0/0x1e0 [ 588.846675] ? kernfs_put+0x3c2/0x5d0 [ 588.850510] dpm_sysfs_add+0x164/0x210 [ 588.854419] device_add+0xa47/0x1760 [ 588.858152] ? get_device_parent.isra.0+0x570/0x570 [ 588.863181] ? start_creating+0x163/0x1e0 [ 588.867346] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 588.872902] hci_register_dev+0x304/0x880 [ 588.877073] hci_uart_tty_ioctl+0x761/0xaf0 [ 588.881415] tty_ioctl+0x8b5/0x1510 [ 588.885052] ? hci_uart_init_work+0x140/0x140 [ 588.889558] ? tty_vhangup+0x30/0x30 [ 588.893280] ? mark_held_locks+0x100/0x100 [ 588.897532] ? perf_trace_lock_acquire+0x380/0x580 [ 588.902495] ? __fget+0x340/0x540 [ 588.905961] ? ___might_sleep+0x163/0x280 [ 588.910121] ? __might_sleep+0x95/0x190 [ 588.914108] ? tty_vhangup+0x30/0x30 [ 588.917839] do_vfs_ioctl+0xd5f/0x1380 [ 588.921743] ? selinux_file_ioctl+0x46f/0x5e0 [ 588.926248] ? selinux_file_ioctl+0x125/0x5e0 [ 588.930755] ? ioctl_preallocate+0x210/0x210 [ 588.935176] ? selinux_file_mprotect+0x620/0x620 [ 588.939954] ? iterate_fd+0x360/0x360 [ 588.943774] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 588.949319] ? fput+0x128/0x1a0 [ 588.952626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 588.958176] ? security_file_ioctl+0x8d/0xc0 [ 588.962599] ksys_ioctl+0xab/0xd0 [ 588.966066] __x64_sys_ioctl+0x73/0xb0 [ 588.969972] do_syscall_64+0xfd/0x620 [ 588.973788] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 588.978984] RIP: 0033:0x459829 [ 588.982212] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 589.001132] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 589.008858] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 589.016135] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 589.023412] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 589.030697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 589.037973] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 589.046063] CPU: 0 PID: 10906 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 589.053103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 589.053112] Call Trace: [ 589.053136] dump_stack+0x172/0x1f0 [ 589.053177] should_fail.cold+0xa/0x1b [ 589.053204] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 589.065149] ? lock_downgrade+0x810/0x810 [ 589.065181] ? ___might_sleep+0x163/0x280 [ 589.065212] __should_failslab+0x121/0x190 [ 589.071154] Bluetooth: Can't register HCI device [ 589.072719] should_failslab+0x9/0x14 [ 589.072740] kmem_cache_alloc_trace+0x2cc/0x760 [ 589.072769] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 589.072788] ? refcount_inc_checked+0x2b/0x70 [ 589.082054] device_add+0xe5e/0x1760 [ 589.082076] ? device_initialize+0x440/0x440 [ 589.082107] ? get_device_parent.isra.0+0x570/0x570 [ 589.082148] hci_register_dev+0x304/0x880 [ 589.082191] hci_uart_tty_ioctl+0x761/0xaf0 [ 589.090550] tty_ioctl+0x8b5/0x1510 [ 589.090570] ? hci_uart_init_work+0x140/0x140 [ 589.090592] ? tty_vhangup+0x30/0x30 [ 589.090610] ? mark_held_locks+0x100/0x100 [ 589.090636] ? perf_trace_lock_acquire+0x380/0x580 [ 589.099199] ? __fget+0x340/0x540 [ 589.099224] ? ___might_sleep+0x163/0x280 [ 589.099249] ? __might_sleep+0x95/0x190 [ 589.099271] ? tty_vhangup+0x30/0x30 [ 589.171675] do_vfs_ioctl+0xd5f/0x1380 [ 589.175581] ? selinux_file_ioctl+0x46f/0x5e0 [ 589.180070] ? selinux_file_ioctl+0x125/0x5e0 [ 589.184828] ? ioctl_preallocate+0x210/0x210 [ 589.189231] ? selinux_file_mprotect+0x620/0x620 [ 589.193993] ? iterate_fd+0x360/0x360 [ 589.197792] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 589.203341] ? fput+0x128/0x1a0 [ 589.206657] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 589.212208] ? security_file_ioctl+0x8d/0xc0 [ 589.216615] ksys_ioctl+0xab/0xd0 [ 589.220065] __x64_sys_ioctl+0x73/0xb0 [ 589.223951] do_syscall_64+0xfd/0x620 [ 589.227755] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 589.232939] RIP: 0033:0x459829 [ 589.236151] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 589.255087] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 589.262791] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 589.270071] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 589.277336] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 589.284599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 589.291858] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 589.301441] Bluetooth: Can't register HCI device 01:09:07 executing program 0 (fault-call:3 fault-nth:26): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:07 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 589.446730] FAULT_INJECTION: forcing a failure. [ 589.446730] name failslab, interval 1, probability 0, space 0, times 0 [ 589.463449] CPU: 0 PID: 10912 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 589.470508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 589.479888] Call Trace: [ 589.482511] dump_stack+0x172/0x1f0 [ 589.486191] should_fail.cold+0xa/0x1b [ 589.490103] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 589.495223] ? lock_downgrade+0x810/0x810 [ 589.499390] ? ___might_sleep+0x163/0x280 [ 589.503565] __should_failslab+0x121/0x190 [ 589.507808] should_failslab+0x9/0x14 [ 589.511604] kmem_cache_alloc+0x2ae/0x700 [ 589.515763] ? lock_downgrade+0x810/0x810 [ 589.519916] ? kasan_check_read+0x11/0x20 [ 589.524062] __kernfs_new_node+0xef/0x680 [ 589.528210] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 589.532961] ? wait_for_completion+0x440/0x440 [ 589.537547] ? mutex_unlock+0xd/0x10 [ 589.541268] ? kernfs_activate+0x192/0x1f0 [ 589.545516] kernfs_new_node+0x99/0x130 [ 589.549491] __kernfs_create_file+0x51/0x340 [ 589.553897] sysfs_add_file_mode_ns+0x222/0x560 [ 589.558580] sysfs_merge_group+0x1a0/0x340 [ 589.562824] ? sysfs_mount+0x1e0/0x1e0 [ 589.566702] ? kernfs_put+0x3c2/0x5d0 [ 589.570524] dpm_sysfs_add+0x164/0x210 [ 589.574410] device_add+0xa47/0x1760 [ 589.578124] ? get_device_parent.isra.0+0x570/0x570 [ 589.583160] ? start_creating+0x163/0x1e0 [ 589.587319] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 589.592859] hci_register_dev+0x304/0x880 [ 589.597038] hci_uart_tty_ioctl+0x761/0xaf0 [ 589.601362] tty_ioctl+0x8b5/0x1510 [ 589.604985] ? hci_uart_init_work+0x140/0x140 [ 589.609476] ? tty_vhangup+0x30/0x30 [ 589.613185] ? mark_held_locks+0x100/0x100 [ 589.617419] ? debug_smp_processor_id+0x1c/0x20 [ 589.622086] ? __fget+0x340/0x540 [ 589.625549] ? ___might_sleep+0x163/0x280 [ 589.629705] ? __might_sleep+0x95/0x190 [ 589.633680] ? tty_vhangup+0x30/0x30 [ 589.637389] do_vfs_ioctl+0xd5f/0x1380 [ 589.641271] ? selinux_file_ioctl+0x46f/0x5e0 [ 589.645757] ? selinux_file_ioctl+0x125/0x5e0 [ 589.650250] ? ioctl_preallocate+0x210/0x210 [ 589.654655] ? selinux_file_mprotect+0x620/0x620 [ 589.659608] ? iterate_fd+0x360/0x360 [ 589.663410] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 589.668956] ? fput+0x128/0x1a0 [ 589.672253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 589.677814] ? security_file_ioctl+0x8d/0xc0 [ 589.682220] ksys_ioctl+0xab/0xd0 [ 589.685674] __x64_sys_ioctl+0x73/0xb0 [ 589.689561] do_syscall_64+0xfd/0x620 [ 589.693361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 589.698544] RIP: 0033:0x459829 [ 589.701745] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 589.720642] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 589.728361] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 589.735621] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 589.742880] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 589.750141] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 589.757429] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 589.766272] Bluetooth: hci3: command 0x1003 tx timeout [ 589.769019] Bluetooth: hci0: command 0x1003 tx timeout [ 589.777150] Bluetooth: hci0: sending frame failed (-49) [ 589.783493] Bluetooth: hci3: sending frame failed (-49) [ 589.785063] Bluetooth: Can't register HCI device [ 590.338813] Bluetooth: hci4: command 0x1001 tx timeout [ 590.344262] Bluetooth: hci4: sending frame failed (-49) [ 591.858663] Bluetooth: hci3: command 0x1001 tx timeout [ 591.863993] Bluetooth: hci0: command 0x1001 tx timeout [ 591.864079] Bluetooth: hci3: sending frame failed (-49) [ 591.874813] Bluetooth: hci0: sending frame failed (-49) [ 592.418778] Bluetooth: hci4: command 0x1009 tx timeout [ 593.938675] Bluetooth: hci3: command 0x1009 tx timeout [ 593.938694] Bluetooth: hci0: command 0x1009 tx timeout 01:09:14 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:14 executing program 2 (fault-call:3 fault-nth:20): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:14 executing program 0 (fault-call:3 fault-nth:27): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 596.382060] FAULT_INJECTION: forcing a failure. [ 596.382060] name failslab, interval 1, probability 0, space 0, times 0 [ 596.402218] CPU: 0 PID: 10920 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 596.407994] FAULT_INJECTION: forcing a failure. [ 596.407994] name failslab, interval 1, probability 0, space 0, times 0 [ 596.409271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 596.409282] Call Trace: [ 596.409311] dump_stack+0x172/0x1f0 [ 596.409357] should_fail.cold+0xa/0x1b [ 596.439993] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 596.445119] ? lock_downgrade+0x810/0x810 [ 596.449294] ? ___might_sleep+0x163/0x280 [ 596.453475] __should_failslab+0x121/0x190 [ 596.457738] should_failslab+0x9/0x14 [ 596.461558] kmem_cache_alloc+0x2ae/0x700 [ 596.465730] ? lock_downgrade+0x810/0x810 [ 596.469903] ? kasan_check_read+0x11/0x20 [ 596.474086] __kernfs_new_node+0xef/0x680 [ 596.478262] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 596.483038] ? wait_for_completion+0x440/0x440 [ 596.487659] ? mutex_unlock+0xd/0x10 [ 596.491396] ? kernfs_activate+0x192/0x1f0 [ 596.495663] kernfs_new_node+0x99/0x130 [ 596.499670] __kernfs_create_file+0x51/0x340 [ 596.504110] sysfs_add_file_mode_ns+0x222/0x560 [ 596.508815] sysfs_merge_group+0x1a0/0x340 [ 596.513071] ? sysfs_mount+0x1e0/0x1e0 [ 596.516979] ? kernfs_put+0x3c2/0x5d0 [ 596.520828] dpm_sysfs_add+0x164/0x210 [ 596.524743] device_add+0xa47/0x1760 [ 596.528493] ? get_device_parent.isra.0+0x570/0x570 [ 596.533535] ? start_creating+0x163/0x1e0 [ 596.537706] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 596.543273] hci_register_dev+0x304/0x880 [ 596.547459] hci_uart_tty_ioctl+0x761/0xaf0 [ 596.551808] tty_ioctl+0x8b5/0x1510 [ 596.555453] ? hci_uart_init_work+0x140/0x140 [ 596.559969] ? tty_vhangup+0x30/0x30 [ 596.563698] ? mark_held_locks+0x100/0x100 [ 596.567964] ? perf_trace_lock_acquire+0x380/0x580 [ 596.572932] ? __fget+0x340/0x540 [ 596.576450] ? ___might_sleep+0x163/0x280 [ 596.580626] ? __might_sleep+0x95/0x190 [ 596.584623] ? tty_vhangup+0x30/0x30 [ 596.588360] do_vfs_ioctl+0xd5f/0x1380 [ 596.592271] ? selinux_file_ioctl+0x46f/0x5e0 [ 596.596787] ? selinux_file_ioctl+0x125/0x5e0 [ 596.601341] ? ioctl_preallocate+0x210/0x210 [ 596.605764] ? selinux_file_mprotect+0x620/0x620 [ 596.610552] ? iterate_fd+0x360/0x360 [ 596.614377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 596.619937] ? fput+0x128/0x1a0 [ 596.623250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 596.628809] ? security_file_ioctl+0x8d/0xc0 [ 596.633248] ksys_ioctl+0xab/0xd0 [ 596.636731] __x64_sys_ioctl+0x73/0xb0 [ 596.640640] do_syscall_64+0xfd/0x620 [ 596.644473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 596.649676] RIP: 0033:0x459829 [ 596.652884] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 596.671801] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 596.679539] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 596.686823] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 596.694104] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 596.701387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 596.708668] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 596.716032] CPU: 1 PID: 10921 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 596.723063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 596.723069] Call Trace: [ 596.723091] dump_stack+0x172/0x1f0 [ 596.723115] should_fail.cold+0xa/0x1b [ 596.723136] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 596.723158] ? lock_downgrade+0x810/0x810 [ 596.735098] ? ___might_sleep+0x163/0x280 [ 596.735123] __should_failslab+0x121/0x190 [ 596.735142] should_failslab+0x9/0x14 [ 596.735160] kmem_cache_alloc+0x2ae/0x700 [ 596.741740] Bluetooth: Can't register HCI device [ 596.742672] ? kasan_check_write+0x14/0x20 [ 596.742690] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 596.742715] __kernfs_new_node+0xef/0x680 [ 596.742737] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 596.751972] ? mutex_unlock+0xd/0x10 [ 596.751989] ? kernfs_activate+0x192/0x1f0 [ 596.752010] ? kernfs_add_one+0x131/0x4d0 [ 596.752040] kernfs_new_node+0x99/0x130 [ 596.752064] __kernfs_create_file+0x51/0x340 [ 596.752084] sysfs_add_file_mode_ns+0x222/0x560 [ 596.752112] sysfs_create_file_ns+0x13a/0x1c0 [ 596.760496] ? sysfs_add_file_mode_ns+0x560/0x560 [ 596.760522] ? up_read+0x1a/0x110 [ 596.760545] device_create_file+0xfa/0x1e0 [ 596.760564] ? acpi_bind_one+0x830/0x830 [ 596.768512] device_add+0x411/0x1760 [ 596.768530] ? device_initialize+0x440/0x440 [ 596.768553] ? get_device_parent.isra.0+0x570/0x570 [ 596.768569] ? start_creating+0x163/0x1e0 [ 596.768590] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 596.768613] hci_register_dev+0x304/0x880 [ 596.768638] hci_uart_tty_ioctl+0x761/0xaf0 [ 596.768657] tty_ioctl+0x8b5/0x1510 [ 596.807390] ? hci_uart_init_work+0x140/0x140 [ 596.816452] ? tty_vhangup+0x30/0x30 [ 596.880393] ? mark_held_locks+0x100/0x100 [ 596.884617] ? debug_smp_processor_id+0x1c/0x20 [ 596.889276] ? __fget+0x340/0x540 [ 596.892716] ? ___might_sleep+0x163/0x280 [ 596.896852] ? __might_sleep+0x95/0x190 [ 596.900831] ? tty_vhangup+0x30/0x30 [ 596.904531] do_vfs_ioctl+0xd5f/0x1380 [ 596.908404] ? selinux_file_ioctl+0x46f/0x5e0 [ 596.912903] ? selinux_file_ioctl+0x125/0x5e0 [ 596.917385] ? ioctl_preallocate+0x210/0x210 [ 596.921781] ? selinux_file_mprotect+0x620/0x620 [ 596.926524] ? iterate_fd+0x360/0x360 [ 596.930312] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 596.935831] ? fput+0x128/0x1a0 [ 596.939106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 596.944626] ? security_file_ioctl+0x8d/0xc0 [ 596.949021] ksys_ioctl+0xab/0xd0 [ 596.952463] __x64_sys_ioctl+0x73/0xb0 [ 596.956335] do_syscall_64+0xfd/0x620 [ 596.960123] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 596.965299] RIP: 0033:0x459829 [ 596.968476] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 596.987367] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 596.995062] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 597.002315] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 597.009588] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 597.016855] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 597.024112] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 597.032910] Bluetooth: Can't register HCI device 01:09:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5415, 0x0) 01:09:15 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:15 executing program 0 (fault-call:3 fault-nth:28): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:15 executing program 2 (fault-call:3 fault-nth:21): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:15 executing program 4: r0 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f00000002c0)=""/127) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000340)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@initdev}}, &(0x7f00000000c0)=0xe8) ioprio_get$uid(0x3, r1) socket$inet_udp(0x2, 0x2, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000280)={'U-', 0x8}, 0x63c, 0x1) socket$inet_udp(0x2, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(0xffffffffffffffff) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="7f454cf2deda40729b25fb0000000000004000588171001000720155c4af96311d39962100001600380001000900ff030100029ebd6ce1afd40e4ec61030cf4b0794000000094baa1014256024989fb0daa1e1dc3a7d03463851928c68c9ffe59594233c796be7a99e4c75ecb2d3b988779663c376cc5b11e0400ed69a0d0c8a195b53a10000008164d810e7d64ea463c66f2160aa2f34694decda23b6d7badba63de91bdd024bec7cf34ac962e54ec3223009d40aac51742ff7d807142074f3f3b1da8951138a35761568e5c668f6c25058c26fe16f22ff45c7b54e061bc29d02eba0f392d9062561a800000000000000000000000000000011e2f7b21ef8c9837a009698513ce3c2a427ff2453c8f74acfed3cbb61f2f3a4"], 0x119) setsockopt$inet6_tcp_int(r4, 0x6, 0x3, &(0x7f0000000000)=0x2, 0x4) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0x40a85323, &(0x7f0000000180)={{0x6, 0x8}, 'port1\x00', 0x49, 0x40, 0x3ff, 0x2, 0x6, 0x67d, 0x1, 0x0, 0x7, 0x3f}) recvmmsg(r3, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) sendmsg$TIPC_NL_SOCK_GET(r4, 0xfffffffffffffffd, 0x40000) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000440)={0x2, &(0x7f0000000100)=[{}, {}]}) ioctl$KVM_SET_XSAVE(r4, 0x5000aea5, &(0x7f0000000640)={"34dcd2f9c44dca06e8cfd2525ec26118278d9688452578f54b544c38bf5964d58bf54eb15b65336d5a1f7d462724746e1a9095e99a27bac3c032326e41def3a6e39c17e2af2a3eb57099c8b43e3cbf9c846956c4b552978e35d18eb2ee31e254d40aabc520abd616d31cee14d5a1de9c5d87740bef589684509012c9939d112944d1eb71c422c02d84b9536a3e0fc840d2d696beea69305059a8480dac0f94c960421f59a6993f5b2383456104fe9814eefc16489845c207bcb6a7325d5093ea70ca8ff3e0f1cde3dba7e2e92b44a4ddffbde0a8a04da057770e0bb36877edf08cf56c9b380dbe39642c7bab107cfaebc69d25841fb79324e35ac98a53f3b4937f5f23baf63492f37e015cf61c58a1b3a60a7e98fdd8388a15f523d7e9d0ddb09b68aa0d6f08b148bd97e4111f2af71801832e797e371dfc1cc002a70d103c4747a63c81bbe0d2690077ca42691c7cf98b26286c6ab1bf141bfe66ff3376244b857bc6c62a2d2d06f1972d2ab389db9ab265e1c77d065c75d81e5abbb725983170cd6f1093aaa815c9c581b48cc1ade4a813a30d26a64f7b03bb0a366d8298be898968bc36766f1cd60e905ea317bb9d7461aa2c4eefa47af53967815b9ea6bd9824a2fb9d797cb34fe66b9734a5141be04be0d6c7df3fa77eecb4c6a165a91ce50c9841e45809e9174ffd2807200ac2a941d4affd4474a7273d075ff6d795134da11aab300895ca02eabff4bcff5708815acd84bc5d865386ff9c10a357db7ff459bc6adf076cc262d76b77c8d8205effb0887982bdd2b03d7512705241fdb8ba9c20ce5e22eefe25ac0f3f57e20b8c3b01bca423728e03a8608e2fb1487bb0d55e1fecb934b8a8e3ee51c5c2958f4cd81b040ceba222785a3ecfed83175f669001163d2cb073b695556481e02b94b3c205b60a374d6e6847fc33c29380679180c0f55238655bc015cc6f49732c1f1d28e04e1d0fce05a5ee64c07e8f856c8fa71f27cad725057897e44d3c223a3b04450d2f915333fdcd4361b0fe3446ce59edccbda5f8880dc460d156f3d56aa67cf27bcb82aa14a962925f5da9379ce96a04c89b7b483d9f972b6d9e0c5d8eec831064e9b2f1f2105280aa1d1d4450eac8d3114dad768a4161fb69e9c7544735db3cd4015cb7805ee3d16e8bd4efb6c8ad536c4cc18641f637ddb82022ec4d2cc456df213f85f246d259ef3763330c758aec5fbbb2d8b6650c040557ab8752fc21bb54f71dc4f2bfcd9d07c53a959f462ab5832973159deae0103f4fef177a2f60eabe7a947449ac907797fd72911d73db59ff8672ea0ab76ee0123e9ddf1079f3b8a82c6004f77977be7ccca3bf9778a498efa6784b3cd5f63c1c8f73086b201ff489e7a4d1349add96f1a00462bb6cabd1b41dc33cfb48c792c5153cc0e22a776c90d9e44b480311806b08c4756e2930"}) [ 597.697063] FAULT_INJECTION: forcing a failure. [ 597.697063] name failslab, interval 1, probability 0, space 0, times 0 [ 597.723284] FAULT_INJECTION: forcing a failure. [ 597.723284] name failslab, interval 1, probability 0, space 0, times 0 [ 597.749063] CPU: 0 PID: 10931 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 597.756107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.765486] Call Trace: [ 597.768107] dump_stack+0x172/0x1f0 [ 597.771772] should_fail.cold+0xa/0x1b [ 597.775698] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 597.780829] ? lock_downgrade+0x810/0x810 [ 597.785005] ? ___might_sleep+0x163/0x280 [ 597.789190] __should_failslab+0x121/0x190 [ 597.793449] should_failslab+0x9/0x14 [ 597.797270] kmem_cache_alloc+0x2ae/0x700 [ 597.801444] ? lock_downgrade+0x810/0x810 [ 597.805608] ? kasan_check_read+0x11/0x20 [ 597.809791] __kernfs_new_node+0xef/0x680 [ 597.814030] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 597.818809] ? wait_for_completion+0x440/0x440 [ 597.823435] ? mutex_unlock+0xd/0x10 [ 597.827176] ? kernfs_activate+0x192/0x1f0 [ 597.831444] kernfs_new_node+0x99/0x130 [ 597.835450] __kernfs_create_file+0x51/0x340 [ 597.839910] sysfs_add_file_mode_ns+0x222/0x560 [ 597.844620] sysfs_merge_group+0x1a0/0x340 [ 597.848883] ? sysfs_mount+0x1e0/0x1e0 [ 597.852796] ? kernfs_put+0x3c2/0x5d0 [ 597.856647] dpm_sysfs_add+0x164/0x210 [ 597.860566] device_add+0xa47/0x1760 [ 597.864314] ? get_device_parent.isra.0+0x570/0x570 [ 597.869354] ? start_creating+0x163/0x1e0 [ 597.873526] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 597.879100] hci_register_dev+0x304/0x880 [ 597.883289] hci_uart_tty_ioctl+0x761/0xaf0 [ 597.887637] tty_ioctl+0x8b5/0x1510 [ 597.891289] ? hci_uart_init_work+0x140/0x140 [ 597.895804] ? tty_vhangup+0x30/0x30 [ 597.899538] ? mark_held_locks+0x100/0x100 [ 597.903805] ? debug_smp_processor_id+0x1c/0x20 [ 597.908503] ? __fget+0x340/0x540 [ 597.911981] ? ___might_sleep+0x163/0x280 [ 597.916159] ? __might_sleep+0x95/0x190 [ 597.920180] ? tty_vhangup+0x30/0x30 [ 597.923917] do_vfs_ioctl+0xd5f/0x1380 [ 597.927828] ? selinux_file_ioctl+0x46f/0x5e0 [ 597.932344] ? selinux_file_ioctl+0x125/0x5e0 [ 597.936865] ? ioctl_preallocate+0x210/0x210 [ 597.941290] ? selinux_file_mprotect+0x620/0x620 [ 597.946084] ? iterate_fd+0x360/0x360 [ 597.949907] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 597.955462] ? fput+0x128/0x1a0 [ 597.958782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.964339] ? security_file_ioctl+0x8d/0xc0 [ 597.968776] ksys_ioctl+0xab/0xd0 [ 597.972261] __x64_sys_ioctl+0x73/0xb0 [ 597.976177] do_syscall_64+0xfd/0x620 [ 597.980010] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 597.985218] RIP: 0033:0x459829 [ 597.988427] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 598.007349] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.015085] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 598.022372] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 598.029654] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 598.036936] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 598.044218] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 598.051545] CPU: 1 PID: 10929 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 598.058573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 598.058580] Call Trace: [ 598.058601] dump_stack+0x172/0x1f0 [ 598.058626] should_fail.cold+0xa/0x1b [ 598.058648] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 598.058674] ? lock_downgrade+0x810/0x810 [ 598.058694] ? ___might_sleep+0x163/0x280 [ 598.058716] __should_failslab+0x121/0x190 [ 598.070877] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 598.074277] should_failslab+0x9/0x14 [ 598.074294] __kmalloc_track_caller+0x2de/0x750 [ 598.074313] ? __lock_acquire+0x6eb/0x48f0 [ 598.074331] ? kstrdup_const+0x66/0x80 [ 598.074351] kstrdup+0x3a/0x70 [ 598.074367] kstrdup_const+0x66/0x80 [ 598.074385] __kernfs_new_node+0xb0/0x680 [ 598.074407] ? mark_held_locks+0x100/0x100 [ 598.074427] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 598.084020] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 598.156063] ? find_held_lock+0x35/0x130 [ 598.160149] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 598.165619] ? kernfs_activate+0x192/0x1f0 [ 598.169874] kernfs_new_node+0x99/0x130 [ 598.173870] kernfs_create_link+0xdd/0x250 [ 598.178125] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 598.183867] sysfs_create_link+0x65/0xc0 [ 598.187972] device_add+0x7ce/0x1760 [ 598.191712] ? get_device_parent.isra.0+0x570/0x570 [ 598.196751] ? start_creating+0x163/0x1e0 [ 598.200921] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 598.206478] hci_register_dev+0x304/0x880 [ 598.210652] hci_uart_tty_ioctl+0x761/0xaf0 [ 598.214993] tty_ioctl+0x8b5/0x1510 [ 598.215010] ? hci_uart_init_work+0x140/0x140 [ 598.215027] ? tty_vhangup+0x30/0x30 [ 598.215044] ? mark_held_locks+0x100/0x100 [ 598.215065] ? perf_trace_lock_acquire+0x380/0x580 [ 598.215086] ? __fget+0x340/0x540 [ 598.215105] ? ___might_sleep+0x163/0x280 [ 598.215123] ? __might_sleep+0x95/0x190 [ 598.215141] ? tty_vhangup+0x30/0x30 [ 598.227067] do_vfs_ioctl+0xd5f/0x1380 [ 598.227085] ? selinux_file_ioctl+0x46f/0x5e0 [ 598.227100] ? selinux_file_ioctl+0x125/0x5e0 [ 598.227118] ? ioctl_preallocate+0x210/0x210 [ 598.227133] ? selinux_file_mprotect+0x620/0x620 [ 598.227157] ? iterate_fd+0x360/0x360 [ 598.227177] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 598.227192] ? fput+0x128/0x1a0 [ 598.227216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.232241] Bluetooth: Can't register HCI device [ 598.236374] ? security_file_ioctl+0x8d/0xc0 [ 598.236393] ksys_ioctl+0xab/0xd0 [ 598.236413] __x64_sys_ioctl+0x73/0xb0 [ 598.236435] do_syscall_64+0xfd/0x620 [ 598.236458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 598.236471] RIP: 0033:0x459829 [ 598.236486] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 598.236500] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 [ 598.244087] ORIG_RAX: 0000000000000010 [ 598.244098] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 598.244107] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 598.244116] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 598.244126] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 598.244136] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 598.304604] Bluetooth: hci2: Frame reassembly failed (-84) [ 598.396842] Bluetooth: Can't register HCI device 01:09:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:16 executing program 0 (fault-call:3 fault-nth:29): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:16 executing program 4: clone(0x800081ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 01:09:16 executing program 2 (fault-call:3 fault-nth:22): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 598.514842] FAULT_INJECTION: forcing a failure. [ 598.514842] name failslab, interval 1, probability 0, space 0, times 0 [ 598.534726] CPU: 1 PID: 10947 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 598.541771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 598.551137] Call Trace: [ 598.553746] dump_stack+0x172/0x1f0 [ 598.557404] should_fail.cold+0xa/0x1b [ 598.561333] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 598.566459] ? lock_downgrade+0x810/0x810 [ 598.570629] ? ___might_sleep+0x163/0x280 [ 598.570658] __should_failslab+0x121/0x190 [ 598.579075] should_failslab+0x9/0x14 [ 598.579091] kmem_cache_alloc_trace+0x2cc/0x760 [ 598.579106] ? kasan_check_write+0x14/0x20 [ 598.579121] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 598.579143] kobject_uevent_env+0x387/0x101d [ 598.579169] kobject_uevent+0x20/0x26 [ 598.579187] device_add+0xb3a/0x1760 [ 598.579207] ? get_device_parent.isra.0+0x570/0x570 [ 598.579226] ? start_creating+0x163/0x1e0 [ 598.617842] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 598.623399] hci_register_dev+0x304/0x880 [ 598.627574] hci_uart_tty_ioctl+0x761/0xaf0 [ 598.631936] tty_ioctl+0x8b5/0x1510 [ 598.635584] ? hci_uart_init_work+0x140/0x140 [ 598.640092] ? tty_vhangup+0x30/0x30 [ 598.643826] ? mark_held_locks+0x100/0x100 [ 598.648079] ? debug_smp_processor_id+0x1c/0x20 [ 598.652765] ? __fget+0x340/0x540 [ 598.656238] ? ___might_sleep+0x163/0x280 [ 598.660401] ? __might_sleep+0x95/0x190 [ 598.660419] ? tty_vhangup+0x30/0x30 [ 598.660437] do_vfs_ioctl+0xd5f/0x1380 [ 598.660454] ? selinux_file_ioctl+0x46f/0x5e0 [ 598.660469] ? selinux_file_ioctl+0x125/0x5e0 [ 598.660486] ? ioctl_preallocate+0x210/0x210 [ 598.660502] ? selinux_file_mprotect+0x620/0x620 [ 598.660524] ? iterate_fd+0x360/0x360 [ 598.660545] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 598.660560] ? fput+0x128/0x1a0 [ 598.660585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.660601] ? security_file_ioctl+0x8d/0xc0 [ 598.660619] ksys_ioctl+0xab/0xd0 [ 598.670341] FAULT_INJECTION: forcing a failure. [ 598.670341] name failslab, interval 1, probability 0, space 0, times 0 [ 598.672194] __x64_sys_ioctl+0x73/0xb0 [ 598.672216] do_syscall_64+0xfd/0x620 [ 598.672240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 598.672253] RIP: 0033:0x459829 [ 598.672268] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 598.672277] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.738747] Bluetooth: hci4: command 0x1003 tx timeout [ 598.740441] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 598.740452] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 598.740462] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 598.740471] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 598.740481] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 598.799738] CPU: 0 PID: 10955 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 598.812281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 598.812290] Call Trace: [ 598.812314] dump_stack+0x172/0x1f0 [ 598.812347] should_fail.cold+0xa/0x1b [ 598.812374] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 598.828747] ? lock_downgrade+0x810/0x810 [ 598.828771] ? ___might_sleep+0x163/0x280 [ 598.828802] __should_failslab+0x121/0x190 [ 598.839737] Bluetooth: hci0: Frame reassembly failed (-84) [ 598.844007] should_failslab+0x9/0x14 [ 598.844034] __kmalloc_track_caller+0x2de/0x750 [ 598.848291] Bluetooth: hci0: Frame reassembly failed (-84) [ 598.852335] ? __lock_acquire+0x6eb/0x48f0 [ 598.852359] ? kstrdup_const+0x66/0x80 [ 598.852386] kstrdup+0x3a/0x70 [ 598.852409] kstrdup_const+0x66/0x80 [ 598.852431] __kernfs_new_node+0xb0/0x680 [ 598.895431] ? mark_held_locks+0x100/0x100 [ 598.899669] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 598.904426] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 598.909874] ? find_held_lock+0x35/0x130 [ 598.913931] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 598.919399] ? kernfs_activate+0x192/0x1f0 [ 598.923639] kernfs_new_node+0x99/0x130 [ 598.927613] kernfs_create_link+0xdd/0x250 [ 598.931847] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 598.937130] sysfs_create_link+0x65/0xc0 [ 598.941213] device_add+0x7ce/0x1760 [ 598.944948] ? get_device_parent.isra.0+0x570/0x570 [ 598.949981] ? start_creating+0x163/0x1e0 [ 598.954129] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 598.959692] hci_register_dev+0x304/0x880 [ 598.963883] hci_uart_tty_ioctl+0x761/0xaf0 [ 598.968222] tty_ioctl+0x8b5/0x1510 [ 598.971843] ? hci_uart_init_work+0x140/0x140 [ 598.976332] ? tty_vhangup+0x30/0x30 [ 598.980038] ? mark_held_locks+0x100/0x100 [ 598.984269] ? perf_trace_lock_acquire+0x380/0x580 [ 598.989225] ? __fget+0x340/0x540 [ 598.992678] ? ___might_sleep+0x163/0x280 [ 598.996824] ? __might_sleep+0x95/0x190 [ 599.000814] ? tty_vhangup+0x30/0x30 [ 599.004526] do_vfs_ioctl+0xd5f/0x1380 [ 599.008423] ? selinux_file_ioctl+0x46f/0x5e0 [ 599.012922] ? selinux_file_ioctl+0x125/0x5e0 [ 599.017413] ? ioctl_preallocate+0x210/0x210 [ 599.021815] ? selinux_file_mprotect+0x620/0x620 [ 599.026570] ? iterate_fd+0x360/0x360 [ 599.030374] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 599.035902] ? fput+0x128/0x1a0 [ 599.039190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 599.046157] ? security_file_ioctl+0x8d/0xc0 [ 599.050600] ksys_ioctl+0xab/0xd0 [ 599.054078] __x64_sys_ioctl+0x73/0xb0 [ 599.057964] do_syscall_64+0xfd/0x620 [ 599.061786] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 599.066977] RIP: 0033:0x459829 [ 599.070170] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 599.089069] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 599.096777] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 599.104052] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 599.111327] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 599.118597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 599.125887] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 599.134844] Bluetooth: hci4: sending frame failed (-49) [ 599.141125] Bluetooth: Can't register HCI device [ 600.338743] Bluetooth: hci2: command 0x1003 tx timeout [ 600.344211] Bluetooth: hci2: sending frame failed (-49) [ 600.818721] Bluetooth: hci0: command 0x1003 tx timeout [ 600.824115] Bluetooth: hci0: sending frame failed (-49) [ 601.218828] Bluetooth: hci4: command 0x1001 tx timeout [ 601.224239] Bluetooth: hci4: sending frame failed (-49) [ 602.418827] Bluetooth: hci2: command 0x1001 tx timeout [ 602.424232] Bluetooth: hci2: sending frame failed (-49) [ 602.898743] Bluetooth: hci0: command 0x1001 tx timeout [ 602.904164] Bluetooth: hci0: sending frame failed (-49) [ 603.298901] Bluetooth: hci4: command 0x1009 tx timeout [ 604.498949] Bluetooth: hci2: command 0x1009 tx timeout [ 604.978700] Bluetooth: hci0: command 0x1009 tx timeout 01:09:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e0bcfe87b0071") r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r1, 0x8995, &(0x7f0000000040)={'bond0\x00\x00\x19\x00@\x00\x00\x00\x00?\x00', @ifru_names='lo\x00\x00\x00`\xff\xff\xff\xff\x00'}) 01:09:24 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:24 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 607.255176] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 607.294378] Bluetooth: hci1: Frame reassembly failed (-84) 01:09:26 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5416, 0x0) 01:09:26 executing program 2 (fault-call:3 fault-nth:23): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:26 executing program 4: r0 = socket$inet(0x10, 0x2000000000000002, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="2f0000001d0005c5ffffff000d0000000200001f0100000000000ac9130001000a00000050800000d18e1092e0c875", 0x2f}], 0x1}, 0x0) 01:09:26 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 608.536540] FAULT_INJECTION: forcing a failure. [ 608.536540] name failslab, interval 1, probability 0, space 0, times 0 [ 608.561156] CPU: 0 PID: 10972 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 608.568244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.577624] Call Trace: [ 608.580252] dump_stack+0x172/0x1f0 [ 608.583925] should_fail.cold+0xa/0x1b [ 608.587849] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 608.593146] ? lock_downgrade+0x810/0x810 [ 608.597316] ? ___might_sleep+0x163/0x280 [ 608.601489] __should_failslab+0x121/0x190 [ 608.605742] should_failslab+0x9/0x14 [ 608.609552] kmem_cache_alloc+0x2ae/0x700 [ 608.613741] ? kernfs_activate+0x34/0x1f0 [ 608.617910] __kernfs_new_node+0xef/0x680 [ 608.622077] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 608.626843] ? kernfs_activate+0x192/0x1f0 [ 608.631121] ? lock_downgrade+0x810/0x810 [ 608.635283] ? kasan_check_read+0x11/0x20 [ 608.639445] ? mutex_trylock+0x1e0/0x1e0 [ 608.643515] ? lock_downgrade+0x810/0x810 [ 608.647682] kernfs_new_node+0x99/0x130 [ 608.651680] kernfs_create_dir_ns+0x52/0x160 [ 608.656108] internal_create_group+0x1cb/0xc30 [ 608.660711] ? mutex_unlock+0xd/0x10 [ 608.664448] ? remove_files.isra.0+0x190/0x190 [ 608.669049] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 608.674598] ? kernfs_put+0x3c2/0x5d0 [ 608.678433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.683992] ? kernfs_create_link+0x1d2/0x250 [ 608.688506] sysfs_create_group+0x20/0x30 [ 608.692671] dpm_sysfs_add+0x26/0x210 [ 608.696489] device_add+0xa47/0x1760 [ 608.700229] ? get_device_parent.isra.0+0x570/0x570 [ 608.705258] ? start_creating+0x163/0x1e0 [ 608.709426] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 608.714989] hci_register_dev+0x304/0x880 [ 608.719173] hci_uart_tty_ioctl+0x761/0xaf0 [ 608.723542] tty_ioctl+0x8b5/0x1510 [ 608.727184] ? hci_uart_init_work+0x140/0x140 [ 608.731696] ? tty_vhangup+0x30/0x30 [ 608.735422] ? mark_held_locks+0x100/0x100 [ 608.739675] ? perf_trace_lock_acquire+0x380/0x580 [ 608.744627] ? __fget+0x340/0x540 [ 608.748098] ? ___might_sleep+0x163/0x280 [ 608.752266] ? __might_sleep+0x95/0x190 [ 608.756256] ? tty_vhangup+0x30/0x30 [ 608.759983] do_vfs_ioctl+0xd5f/0x1380 [ 608.763881] ? selinux_file_ioctl+0x46f/0x5e0 [ 608.768383] ? selinux_file_ioctl+0x125/0x5e0 [ 608.772894] ? ioctl_preallocate+0x210/0x210 [ 608.777316] ? selinux_file_mprotect+0x620/0x620 [ 608.782096] ? iterate_fd+0x360/0x360 [ 608.785913] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 608.791464] ? fput+0x128/0x1a0 [ 608.794771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.800322] ? security_file_ioctl+0x8d/0xc0 [ 608.804750] ksys_ioctl+0xab/0xd0 [ 608.808224] __x64_sys_ioctl+0x73/0xb0 [ 608.812133] do_syscall_64+0xfd/0x620 [ 608.815957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 608.821157] RIP: 0033:0x459829 [ 608.824369] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 608.843285] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 608.851012] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 608.858295] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 608.865594] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 608.872873] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 608.880151] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:09:26 executing program 4: r0 = socket$inet(0x10, 0x2000000000000002, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="2f0000001d0005c5ffffff000d0000000200001f0100000000000ac9130001000a00000050800000d18e1092e0c875", 0x2f}], 0x1}, 0x0) [ 608.894889] Bluetooth: Can't register HCI device 01:09:26 executing program 2 (fault-call:3 fault-nth:24): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 608.923944] Bluetooth: hci2: Frame reassembly failed (-84) [ 609.059687] FAULT_INJECTION: forcing a failure. [ 609.059687] name failslab, interval 1, probability 0, space 0, times 0 [ 609.071753] CPU: 1 PID: 10984 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 609.078784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.078792] Call Trace: [ 609.078818] dump_stack+0x172/0x1f0 [ 609.078848] should_fail.cold+0xa/0x1b [ 609.078872] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 609.078896] ? lock_downgrade+0x810/0x810 [ 609.090840] ? ___might_sleep+0x163/0x280 [ 609.090862] __should_failslab+0x121/0x190 [ 609.090881] should_failslab+0x9/0x14 [ 609.090896] kmem_cache_alloc+0x2ae/0x700 [ 609.090909] ? memcpy+0x46/0x50 [ 609.090925] ? kstrdup+0x5a/0x70 [ 609.090948] __kernfs_new_node+0xef/0x680 [ 609.090968] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 609.139779] ? debug_smp_processor_id+0x1c/0x20 [ 609.144455] ? tick_nohz_tick_stopped+0x1a/0x90 [ 609.149130] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 609.154671] ? __irq_work_queue_local+0xaf/0x170 [ 609.159429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.164970] ? irq_work_queue+0x30/0x90 [ 609.168949] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.174485] ? wake_up_klogd+0x99/0xd0 [ 609.178365] kernfs_new_node+0x99/0x130 [ 609.182376] kernfs_create_dir_ns+0x52/0x160 [ 609.186782] sysfs_create_dir_ns+0x131/0x290 [ 609.191191] ? sysfs_create_mount_point+0xa0/0xa0 [ 609.196039] ? class_dir_child_ns_type+0xd/0x60 [ 609.200715] kobject_add_internal.cold+0xe5/0x5d1 [ 609.205567] kobject_add+0x150/0x1c0 [ 609.209285] ? kset_create_and_add+0x1a0/0x1a0 [ 609.213870] ? kasan_check_read+0x11/0x20 [ 609.218006] ? mutex_unlock+0xd/0x10 [ 609.221714] device_add+0x3cc/0x1760 [ 609.225429] ? device_initialize+0x440/0x440 [ 609.229862] ? get_device_parent.isra.0+0x570/0x570 [ 609.234894] hci_register_dev+0x304/0x880 [ 609.239050] hci_uart_tty_ioctl+0x761/0xaf0 [ 609.243373] tty_ioctl+0x8b5/0x1510 [ 609.246989] ? hci_uart_init_work+0x140/0x140 [ 609.251490] ? tty_vhangup+0x30/0x30 [ 609.255246] ? mark_held_locks+0x100/0x100 [ 609.259489] ? debug_smp_processor_id+0x1c/0x20 [ 609.264160] ? __fget+0x340/0x540 [ 609.267645] ? ___might_sleep+0x163/0x280 [ 609.271822] ? __might_sleep+0x95/0x190 [ 609.275811] ? tty_vhangup+0x30/0x30 [ 609.279530] do_vfs_ioctl+0xd5f/0x1380 [ 609.283417] ? selinux_file_ioctl+0x46f/0x5e0 [ 609.287919] ? selinux_file_ioctl+0x125/0x5e0 [ 609.292418] ? ioctl_preallocate+0x210/0x210 [ 609.296841] ? selinux_file_mprotect+0x620/0x620 [ 609.298712] Bluetooth: hci1: command 0x1003 tx timeout [ 609.301603] ? iterate_fd+0x360/0x360 [ 609.301624] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 609.301642] ? fput+0x128/0x1a0 [ 609.307100] Bluetooth: hci1: sending frame failed (-49) [ 609.310723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.310739] ? security_file_ioctl+0x8d/0xc0 [ 609.310756] ksys_ioctl+0xab/0xd0 [ 609.310775] __x64_sys_ioctl+0x73/0xb0 [ 609.310794] do_syscall_64+0xfd/0x620 [ 609.310816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 609.310829] RIP: 0033:0x459829 [ 609.310844] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 609.310852] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 609.381005] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 609.388278] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 609.395535] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 609.402804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 01:09:27 executing program 0 (fault-call:3 fault-nth:30): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:27 executing program 4: fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000d00)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x4c02, 0x0) 01:09:27 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 609.410079] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 609.418934] kobject_add_internal failed for hci3 (error: -12 parent: bluetooth) [ 609.426562] Bluetooth: Can't register HCI device 01:09:27 executing program 2 (fault-call:3 fault-nth:25): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 609.518611] FAULT_INJECTION: forcing a failure. [ 609.518611] name failslab, interval 1, probability 0, space 0, times 0 [ 609.541260] CPU: 1 PID: 10992 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 609.548307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.557671] Call Trace: [ 609.557767] dump_stack+0x172/0x1f0 [ 609.557792] should_fail.cold+0xa/0x1b 01:09:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = socket$inet6(0xa, 0x400000000000002, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040), 0x135) [ 609.557815] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 609.557834] ? lock_downgrade+0x810/0x810 [ 609.557853] ? ___might_sleep+0x163/0x280 [ 609.557876] __should_failslab+0x121/0x190 [ 609.557897] should_failslab+0x9/0x14 [ 609.557913] kmem_cache_alloc_node+0x26c/0x710 [ 609.557939] ? find_held_lock+0x35/0x130 [ 609.598119] __alloc_skb+0xd5/0x5f0 [ 609.601769] ? skb_scrub_packet+0x490/0x490 [ 609.606118] ? kasan_check_read+0x11/0x20 [ 609.610323] alloc_uevent_skb+0x83/0x1e2 [ 609.614406] kobject_uevent_env+0xaa3/0x101d [ 609.618850] kobject_uevent+0x20/0x26 [ 609.622677] device_add+0xb3a/0x1760 [ 609.626418] ? get_device_parent.isra.0+0x570/0x570 [ 609.631473] ? start_creating+0x163/0x1e0 [ 609.631497] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 609.631523] hci_register_dev+0x304/0x880 [ 609.631548] hci_uart_tty_ioctl+0x761/0xaf0 [ 609.631574] tty_ioctl+0x8b5/0x1510 [ 609.638530] FAULT_INJECTION: forcing a failure. [ 609.638530] name failslab, interval 1, probability 0, space 0, times 0 [ 609.641263] ? hci_uart_init_work+0x140/0x140 [ 609.641280] ? tty_vhangup+0x30/0x30 [ 609.641297] ? mark_held_locks+0x100/0x100 [ 609.641319] ? debug_smp_processor_id+0x1c/0x20 [ 609.641341] ? __fget+0x340/0x540 [ 609.641359] ? ___might_sleep+0x163/0x280 [ 609.641379] ? __might_sleep+0x95/0x190 [ 609.641395] ? tty_vhangup+0x30/0x30 [ 609.641412] do_vfs_ioctl+0xd5f/0x1380 [ 609.641428] ? selinux_file_ioctl+0x46f/0x5e0 [ 609.641443] ? selinux_file_ioctl+0x125/0x5e0 [ 609.641459] ? ioctl_preallocate+0x210/0x210 [ 609.641473] ? selinux_file_mprotect+0x620/0x620 [ 609.641499] ? iterate_fd+0x360/0x360 [ 609.722919] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 609.728469] ? fput+0x128/0x1a0 [ 609.731774] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.737320] ? security_file_ioctl+0x8d/0xc0 [ 609.741745] ksys_ioctl+0xab/0xd0 [ 609.745219] __x64_sys_ioctl+0x73/0xb0 [ 609.749123] do_syscall_64+0xfd/0x620 [ 609.752953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 609.758162] RIP: 0033:0x459829 [ 609.761366] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 609.780284] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 609.788015] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 609.795301] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 609.802585] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 609.809862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 609.817141] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 609.827292] CPU: 0 PID: 10996 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 609.834337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.834346] Call Trace: [ 609.834369] dump_stack+0x172/0x1f0 [ 609.834403] should_fail.cold+0xa/0x1b [ 609.834430] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 609.834452] ? lock_downgrade+0x810/0x810 [ 609.834475] ? ___might_sleep+0x163/0x280 [ 609.834506] __should_failslab+0x121/0x190 [ 609.834537] should_failslab+0x9/0x14 [ 609.846484] kmem_cache_alloc+0x2ae/0x700 [ 609.846509] ? lock_downgrade+0x810/0x810 [ 609.846533] ? kasan_check_read+0x11/0x20 [ 609.854072] __kernfs_new_node+0xef/0x680 [ 609.854106] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 609.863362] ? wait_for_completion+0x440/0x440 [ 609.871759] ? mutex_unlock+0xd/0x10 [ 609.871779] ? kernfs_activate+0x192/0x1f0 [ 609.871809] kernfs_new_node+0x99/0x130 [ 609.913659] __kernfs_create_file+0x51/0x340 [ 609.918107] sysfs_add_file_mode_ns+0x222/0x560 [ 609.922830] sysfs_merge_group+0x1a0/0x340 [ 609.927100] ? sysfs_mount+0x1e0/0x1e0 [ 609.931017] ? kernfs_put+0x3c2/0x5d0 [ 609.934877] dpm_sysfs_add+0x164/0x210 [ 609.938791] device_add+0xa47/0x1760 [ 609.942566] ? get_device_parent.isra.0+0x570/0x570 [ 609.947589] ? start_creating+0x163/0x1e0 [ 609.951753] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 609.957335] hci_register_dev+0x304/0x880 [ 609.961517] hci_uart_tty_ioctl+0x761/0xaf0 [ 609.965845] tty_ioctl+0x8b5/0x1510 [ 609.969470] ? hci_uart_init_work+0x140/0x140 [ 609.973960] ? tty_vhangup+0x30/0x30 [ 609.977670] ? mark_held_locks+0x100/0x100 [ 609.981904] ? perf_trace_lock_acquire+0x380/0x580 [ 609.986832] ? __fget+0x340/0x540 [ 609.990288] ? ___might_sleep+0x163/0x280 [ 609.994546] ? __might_sleep+0x95/0x190 [ 609.998613] ? tty_vhangup+0x30/0x30 [ 610.002348] do_vfs_ioctl+0xd5f/0x1380 [ 610.006289] ? selinux_file_ioctl+0x46f/0x5e0 [ 610.010861] ? selinux_file_ioctl+0x125/0x5e0 [ 610.015361] ? ioctl_preallocate+0x210/0x210 [ 610.019765] ? selinux_file_mprotect+0x620/0x620 [ 610.024530] ? iterate_fd+0x360/0x360 [ 610.028335] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 610.033871] ? fput+0x128/0x1a0 [ 610.037175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.042734] ? security_file_ioctl+0x8d/0xc0 [ 610.047173] ksys_ioctl+0xab/0xd0 [ 610.050669] __x64_sys_ioctl+0x73/0xb0 [ 610.054565] do_syscall_64+0xfd/0x620 [ 610.058371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 610.063602] RIP: 0033:0x459829 [ 610.066809] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 610.085711] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 610.093426] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 610.100695] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 610.107969] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 610.115237] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 610.122502] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 610.136715] Bluetooth: Can't register HCI device [ 610.978701] Bluetooth: hci2: command 0x1003 tx timeout [ 610.984176] Bluetooth: hci2: sending frame failed (-49) [ 611.378706] Bluetooth: hci1: command 0x1001 tx timeout [ 611.384122] Bluetooth: hci1: sending frame failed (-49) [ 611.858849] Bluetooth: hci0: command 0x1003 tx timeout [ 611.864279] Bluetooth: hci0: sending frame failed (-49) [ 613.058713] Bluetooth: hci2: command 0x1001 tx timeout [ 613.064121] Bluetooth: hci2: sending frame failed (-49) [ 613.458716] Bluetooth: hci1: command 0x1009 tx timeout [ 613.938819] Bluetooth: hci0: command 0x1001 tx timeout [ 613.944243] Bluetooth: hci0: sending frame failed (-49) [ 615.138693] Bluetooth: hci2: command 0x1009 tx timeout [ 616.018694] Bluetooth: hci0: command 0x1009 tx timeout 01:09:35 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 617.500193] Bluetooth: hci1: Frame reassembly failed (-84) 01:09:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5418, 0x0) 01:09:37 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5415, 0x0) 01:09:37 executing program 2 (fault-call:3 fault-nth:26): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:37 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 619.436326] FAULT_INJECTION: forcing a failure. [ 619.436326] name failslab, interval 1, probability 0, space 0, times 0 [ 619.465450] CPU: 0 PID: 11009 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 619.472671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.482067] Call Trace: [ 619.484707] dump_stack+0x172/0x1f0 [ 619.488524] should_fail.cold+0xa/0x1b [ 619.492460] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 619.497595] ? lock_downgrade+0x810/0x810 [ 619.497620] ? ___might_sleep+0x163/0x280 [ 619.497649] __should_failslab+0x121/0x190 [ 619.505969] should_failslab+0x9/0x14 [ 619.505989] kmem_cache_alloc+0x2ae/0x700 [ 619.506012] ? lock_downgrade+0x810/0x810 [ 619.514069] ? kasan_check_read+0x11/0x20 [ 619.514105] __kernfs_new_node+0xef/0x680 [ 619.514133] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 619.522441] ? wait_for_completion+0x440/0x440 [ 619.522482] ? mutex_unlock+0xd/0x10 [ 619.522502] ? kernfs_activate+0x192/0x1f0 [ 619.522531] kernfs_new_node+0x99/0x130 [ 619.552274] __kernfs_create_file+0x51/0x340 [ 619.556714] sysfs_add_file_mode_ns+0x222/0x560 [ 619.561400] sysfs_merge_group+0x1a0/0x340 [ 619.565676] ? sysfs_mount+0x1e0/0x1e0 [ 619.569633] ? kernfs_put+0x3c2/0x5d0 [ 619.573456] dpm_sysfs_add+0x164/0x210 [ 619.577355] device_add+0xa47/0x1760 [ 619.581087] ? get_device_parent.isra.0+0x570/0x570 [ 619.586109] ? start_creating+0x163/0x1e0 [ 619.590269] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 619.595867] hci_register_dev+0x304/0x880 [ 619.600030] hci_uart_tty_ioctl+0x761/0xaf0 [ 619.604373] tty_ioctl+0x8b5/0x1510 [ 619.608005] ? hci_uart_init_work+0x140/0x140 [ 619.612507] ? tty_vhangup+0x30/0x30 [ 619.616238] ? mark_held_locks+0x100/0x100 [ 619.620566] ? perf_trace_lock_acquire+0x380/0x580 [ 619.625523] ? __fget+0x340/0x540 [ 619.629017] ? ___might_sleep+0x163/0x280 [ 619.633200] ? __might_sleep+0x95/0x190 [ 619.637190] ? tty_vhangup+0x30/0x30 [ 619.640979] do_vfs_ioctl+0xd5f/0x1380 [ 619.644881] ? selinux_file_ioctl+0x46f/0x5e0 [ 619.649498] ? selinux_file_ioctl+0x125/0x5e0 [ 619.654139] ? ioctl_preallocate+0x210/0x210 [ 619.658570] ? selinux_file_mprotect+0x620/0x620 [ 619.663481] ? iterate_fd+0x360/0x360 [ 619.667291] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 619.672849] ? fput+0x128/0x1a0 [ 619.676244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 619.681859] ? security_file_ioctl+0x8d/0xc0 [ 619.686278] ksys_ioctl+0xab/0xd0 [ 619.689741] __x64_sys_ioctl+0x73/0xb0 [ 619.693657] do_syscall_64+0xfd/0x620 [ 619.697489] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 619.702733] RIP: 0033:0x459829 [ 619.706002] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 619.724917] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.732641] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 619.739915] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 619.747310] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 619.754650] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 619.761940] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 619.770481] Bluetooth: Can't register HCI device [ 619.778894] Bluetooth: hci1: command 0x1003 tx timeout 01:09:37 executing program 2 (fault-call:3 fault-nth:27): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 619.784382] Bluetooth: hci1: sending frame failed (-49) 01:09:37 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 619.894847] FAULT_INJECTION: forcing a failure. [ 619.894847] name failslab, interval 1, probability 0, space 0, times 0 [ 619.923053] CPU: 1 PID: 11021 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 619.930127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.939622] Call Trace: [ 619.942253] dump_stack+0x172/0x1f0 [ 619.946094] should_fail.cold+0xa/0x1b [ 619.950097] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 619.955227] ? lock_downgrade+0x810/0x810 [ 619.959455] ? ___might_sleep+0x163/0x280 [ 619.963631] __should_failslab+0x121/0x190 [ 619.967878] should_failslab+0x9/0x14 [ 619.971716] kmem_cache_alloc+0x2ae/0x700 [ 619.975880] ? lock_downgrade+0x810/0x810 [ 619.980038] ? kasan_check_read+0x11/0x20 [ 619.984206] __kernfs_new_node+0xef/0x680 [ 619.988378] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 619.993148] ? wait_for_completion+0x440/0x440 [ 619.997754] ? mutex_unlock+0xd/0x10 [ 620.001483] ? kernfs_activate+0x192/0x1f0 [ 620.005738] kernfs_new_node+0x99/0x130 [ 620.009735] __kernfs_create_file+0x51/0x340 [ 620.014308] sysfs_add_file_mode_ns+0x222/0x560 [ 620.019003] sysfs_merge_group+0x1a0/0x340 [ 620.023252] ? sysfs_mount+0x1e0/0x1e0 [ 620.027230] ? kernfs_put+0x3c2/0x5d0 [ 620.031059] dpm_sysfs_add+0x164/0x210 [ 620.035017] device_add+0xa47/0x1760 [ 620.038752] ? get_device_parent.isra.0+0x570/0x570 [ 620.043785] ? start_creating+0x163/0x1e0 [ 620.047950] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 620.053572] hci_register_dev+0x304/0x880 [ 620.057748] hci_uart_tty_ioctl+0x761/0xaf0 [ 620.062090] tty_ioctl+0x8b5/0x1510 [ 620.065732] ? hci_uart_init_work+0x140/0x140 [ 620.070250] ? tty_vhangup+0x30/0x30 [ 620.073977] ? mark_held_locks+0x100/0x100 [ 620.078537] ? debug_smp_processor_id+0x1c/0x20 [ 620.083229] ? __fget+0x340/0x540 [ 620.086709] ? ___might_sleep+0x163/0x280 [ 620.090869] ? __might_sleep+0x95/0x190 [ 620.094871] ? tty_vhangup+0x30/0x30 [ 620.098602] do_vfs_ioctl+0xd5f/0x1380 [ 620.102506] ? selinux_file_ioctl+0x46f/0x5e0 [ 620.107022] ? selinux_file_ioctl+0x125/0x5e0 [ 620.111532] ? ioctl_preallocate+0x210/0x210 [ 620.115953] ? selinux_file_mprotect+0x620/0x620 [ 620.120730] ? iterate_fd+0x360/0x360 [ 620.124550] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 620.130100] ? fput+0x128/0x1a0 [ 620.133404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.138955] ? security_file_ioctl+0x8d/0xc0 [ 620.143378] ksys_ioctl+0xab/0xd0 [ 620.146851] __x64_sys_ioctl+0x73/0xb0 [ 620.150872] do_syscall_64+0xfd/0x620 [ 620.154731] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 620.160044] RIP: 0033:0x459829 [ 620.163247] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 620.182165] RSP: 002b:00007f9d624c9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:09:38 executing program 0 (fault-call:3 fault-nth:31): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 620.189975] RAX: ffffffffffffffda RBX: 00007f9d624c9c90 RCX: 0000000000459829 [ 620.197253] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 620.204537] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 620.211905] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624ca6d4 [ 620.219185] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 620.229048] Bluetooth: Can't register HCI device 01:09:38 executing program 2 (fault-call:3 fault-nth:28): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 620.307757] FAULT_INJECTION: forcing a failure. [ 620.307757] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 620.319754] CPU: 1 PID: 11028 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 620.319765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.319771] Call Trace: [ 620.319797] dump_stack+0x172/0x1f0 [ 620.319825] should_fail.cold+0xa/0x1b [ 620.319853] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 620.336349] ? mark_held_locks+0x100/0x100 [ 620.336373] __alloc_pages_nodemask+0x1ee/0x760 [ 620.336391] ? irq_work_claim+0x98/0xc0 [ 620.364759] ? __alloc_pages_slowpath+0x2870/0x2870 [ 620.369824] cache_grow_begin+0x9c/0x8b0 [ 620.373920] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 620.379484] ? check_preemption_disabled+0x48/0x290 [ 620.379509] kmem_cache_alloc_trace+0x685/0x760 [ 620.379525] ? kasan_check_write+0x14/0x20 [ 620.379552] kobject_uevent_env+0x387/0x101d [ 620.379582] kobject_uevent+0x20/0x26 [ 620.379601] device_add+0xb3a/0x1760 [ 620.379625] ? get_device_parent.isra.0+0x570/0x570 [ 620.379642] ? start_creating+0x163/0x1e0 [ 620.379664] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 620.385283] FAULT_INJECTION: forcing a failure. [ 620.385283] name failslab, interval 1, probability 0, space 0, times 0 [ 620.389397] hci_register_dev+0x304/0x880 [ 620.389424] hci_uart_tty_ioctl+0x761/0xaf0 [ 620.389444] tty_ioctl+0x8b5/0x1510 [ 620.389459] ? hci_uart_init_work+0x140/0x140 [ 620.389475] ? tty_vhangup+0x30/0x30 [ 620.389492] ? mark_held_locks+0x100/0x100 [ 620.389511] ? debug_smp_processor_id+0x1c/0x20 [ 620.389532] ? __fget+0x340/0x540 [ 620.389551] ? ___might_sleep+0x163/0x280 [ 620.468420] ? __might_sleep+0x95/0x190 [ 620.472428] ? tty_vhangup+0x30/0x30 [ 620.476252] do_vfs_ioctl+0xd5f/0x1380 [ 620.480165] ? selinux_file_ioctl+0x46f/0x5e0 [ 620.484686] ? selinux_file_ioctl+0x125/0x5e0 [ 620.489202] ? ioctl_preallocate+0x210/0x210 [ 620.493635] ? selinux_file_mprotect+0x620/0x620 [ 620.498427] ? iterate_fd+0x360/0x360 [ 620.502255] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 620.507935] ? fput+0x128/0x1a0 [ 620.511255] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.516810] ? security_file_ioctl+0x8d/0xc0 [ 620.521242] ksys_ioctl+0xab/0xd0 [ 620.524722] __x64_sys_ioctl+0x73/0xb0 [ 620.528638] do_syscall_64+0xfd/0x620 [ 620.532478] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 620.537708] RIP: 0033:0x459829 [ 620.540921] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 620.559837] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.567673] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 620.574962] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 620.582251] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 620.589709] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 620.596999] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 620.604317] CPU: 0 PID: 11031 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 620.611585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.611594] Call Trace: [ 620.611620] dump_stack+0x172/0x1f0 [ 620.611653] should_fail.cold+0xa/0x1b [ 620.611680] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 620.627392] ? lock_downgrade+0x810/0x810 [ 620.627417] ? ___might_sleep+0x163/0x280 [ 620.627449] __should_failslab+0x121/0x190 [ 620.627472] should_failslab+0x9/0x14 [ 620.636478] kmem_cache_alloc+0x2ae/0x700 [ 620.636503] ? lock_downgrade+0x810/0x810 [ 620.636520] ? kasan_check_read+0x11/0x20 [ 620.636552] __kernfs_new_node+0xef/0x680 [ 620.669680] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 620.674480] ? wait_for_completion+0x440/0x440 [ 620.679253] ? mutex_unlock+0xd/0x10 [ 620.683042] ? kernfs_activate+0x192/0x1f0 [ 620.687443] kernfs_new_node+0x99/0x130 [ 620.691608] __kernfs_create_file+0x51/0x340 [ 620.696046] sysfs_add_file_mode_ns+0x222/0x560 [ 620.700730] sysfs_merge_group+0x1a0/0x340 [ 620.705126] ? sysfs_mount+0x1e0/0x1e0 [ 620.709137] ? kernfs_put+0x3c2/0x5d0 [ 620.712965] dpm_sysfs_add+0x164/0x210 [ 620.716875] device_add+0xa47/0x1760 [ 620.720610] ? get_device_parent.isra.0+0x570/0x570 [ 620.725693] ? start_creating+0x163/0x1e0 [ 620.729921] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 620.735475] hci_register_dev+0x304/0x880 [ 620.739647] hci_uart_tty_ioctl+0x761/0xaf0 [ 620.743993] tty_ioctl+0x8b5/0x1510 [ 620.747624] ? hci_uart_init_work+0x140/0x140 [ 620.752128] ? tty_vhangup+0x30/0x30 [ 620.755850] ? mark_held_locks+0x100/0x100 [ 620.760147] ? perf_trace_lock_acquire+0x380/0x580 [ 620.765158] ? __fget+0x340/0x540 [ 620.768641] ? ___might_sleep+0x163/0x280 [ 620.772806] ? __might_sleep+0x95/0x190 [ 620.776787] ? tty_vhangup+0x30/0x30 [ 620.780541] do_vfs_ioctl+0xd5f/0x1380 [ 620.784433] ? selinux_file_ioctl+0x46f/0x5e0 [ 620.789002] ? selinux_file_ioctl+0x125/0x5e0 [ 620.793519] ? ioctl_preallocate+0x210/0x210 [ 620.798010] ? selinux_file_mprotect+0x620/0x620 [ 620.802801] ? iterate_fd+0x360/0x360 [ 620.806663] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 620.812260] ? fput+0x128/0x1a0 [ 620.815556] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.821112] ? security_file_ioctl+0x8d/0xc0 [ 620.825610] ksys_ioctl+0xab/0xd0 [ 620.829151] __x64_sys_ioctl+0x73/0xb0 [ 620.833081] do_syscall_64+0xfd/0x620 [ 620.836893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 620.842135] RIP: 0033:0x459829 [ 620.845345] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 620.864421] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 620.872145] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 620.879422] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 620.886696] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 620.894114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 620.901385] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 620.910613] Bluetooth: Can't register HCI device 01:09:38 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:38 executing program 2 (fault-call:3 fault-nth:29): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 621.073251] FAULT_INJECTION: forcing a failure. [ 621.073251] name failslab, interval 1, probability 0, space 0, times 0 [ 621.084701] CPU: 1 PID: 11038 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 621.091742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.101112] Call Trace: [ 621.103722] dump_stack+0x172/0x1f0 [ 621.107367] should_fail.cold+0xa/0x1b [ 621.111280] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 621.116486] ? lock_downgrade+0x810/0x810 [ 621.120652] ? ___might_sleep+0x163/0x280 [ 621.124940] __should_failslab+0x121/0x190 [ 621.129199] should_failslab+0x9/0x14 [ 621.133101] kmem_cache_alloc_trace+0x2cc/0x760 [ 621.137784] ? kasan_check_write+0x14/0x20 [ 621.142032] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 621.147141] kobject_uevent_env+0x387/0x101d [ 621.151581] kobject_uevent+0x20/0x26 [ 621.155413] device_add+0xb3a/0x1760 [ 621.159157] ? get_device_parent.isra.0+0x570/0x570 [ 621.164189] ? start_creating+0x163/0x1e0 [ 621.168437] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 621.174004] hci_register_dev+0x304/0x880 [ 621.178283] hci_uart_tty_ioctl+0x761/0xaf0 [ 621.183128] tty_ioctl+0x8b5/0x1510 [ 621.186788] ? hci_uart_init_work+0x140/0x140 [ 621.191301] ? tty_vhangup+0x30/0x30 [ 621.195031] ? mark_held_locks+0x100/0x100 [ 621.199283] ? debug_smp_processor_id+0x1c/0x20 [ 621.203969] ? __fget+0x340/0x540 [ 621.207435] ? ___might_sleep+0x163/0x280 [ 621.211651] ? __might_sleep+0x95/0x190 [ 621.215646] ? tty_vhangup+0x30/0x30 [ 621.219382] do_vfs_ioctl+0xd5f/0x1380 [ 621.223288] ? selinux_file_ioctl+0x46f/0x5e0 [ 621.227957] ? selinux_file_ioctl+0x125/0x5e0 [ 621.232530] ? ioctl_preallocate+0x210/0x210 [ 621.236948] ? selinux_file_mprotect+0x620/0x620 [ 621.241722] ? iterate_fd+0x360/0x360 [ 621.245536] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 621.251083] ? fput+0x128/0x1a0 [ 621.254428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 621.260065] ? security_file_ioctl+0x8d/0xc0 [ 621.264489] ksys_ioctl+0xab/0xd0 [ 621.267958] __x64_sys_ioctl+0x73/0xb0 [ 621.271865] do_syscall_64+0xfd/0x620 [ 621.275690] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 621.280895] RIP: 0033:0x459829 [ 621.284099] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 621.303015] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.310741] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 01:09:39 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 621.318019] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 621.325298] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 621.332580] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 621.339863] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 621.354284] Bluetooth: hci3: Frame reassembly failed (-84) [ 621.538819] Bluetooth: hci4: command 0x1003 tx timeout [ 621.544332] Bluetooth: hci4: sending frame failed (-49) [ 621.550150] Bluetooth: hci2: command 0x1003 tx timeout [ 621.555559] Bluetooth: hci2: sending frame failed (-49) [ 621.858819] Bluetooth: hci1: command 0x1001 tx timeout [ 621.864473] Bluetooth: hci1: sending frame failed (-49) [ 622.659100] Bluetooth: hci0: command 0x1003 tx timeout [ 622.664643] Bluetooth: hci0: sending frame failed (-49) [ 623.378906] Bluetooth: hci3: command 0x1003 tx timeout [ 623.384346] Bluetooth: hci3: sending frame failed (-49) [ 623.618693] Bluetooth: hci2: command 0x1001 tx timeout [ 623.624129] Bluetooth: hci2: sending frame failed (-49) [ 623.629617] Bluetooth: hci4: command 0x1001 tx timeout [ 623.635235] Bluetooth: hci4: sending frame failed (-49) [ 623.938797] Bluetooth: hci1: command 0x1009 tx timeout [ 624.739003] Bluetooth: hci0: command 0x1001 tx timeout [ 624.744406] Bluetooth: hci0: sending frame failed (-49) [ 625.458775] Bluetooth: hci3: command 0x1001 tx timeout [ 625.464195] Bluetooth: hci3: sending frame failed (-49) [ 625.698709] Bluetooth: hci2: command 0x1009 tx timeout [ 625.698716] Bluetooth: hci4: command 0x1009 tx timeout [ 626.818707] Bluetooth: hci0: command 0x1009 tx timeout [ 627.538701] Bluetooth: hci3: command 0x1009 tx timeout 01:09:45 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 627.732784] Bluetooth: hci1: Frame reassembly failed (-84) 01:09:47 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x541b, 0x0) 01:09:47 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:47 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:47 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(0x0, 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 629.741053] Bluetooth: hci2: Frame reassembly failed (-84) [ 629.778786] Bluetooth: hci1: command 0x1003 tx timeout [ 629.784187] Bluetooth: hci1: sending frame failed (-49) 01:09:47 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:47 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(0x0, 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:48 executing program 0 (fault-call:3 fault-nth:32): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:48 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:48 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(0x0, 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 630.957332] FAULT_INJECTION: forcing a failure. [ 630.957332] name failslab, interval 1, probability 0, space 0, times 0 [ 630.969754] CPU: 1 PID: 11069 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 630.976792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.986159] Call Trace: [ 630.988770] dump_stack+0x172/0x1f0 [ 630.992426] should_fail.cold+0xa/0x1b [ 630.996338] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 631.001469] ? lock_downgrade+0x810/0x810 [ 631.005631] ? ___might_sleep+0x163/0x280 [ 631.009802] __should_failslab+0x121/0x190 [ 631.014052] should_failslab+0x9/0x14 [ 631.017860] kmem_cache_alloc+0x2ae/0x700 [ 631.022014] ? refcount_add_not_zero_checked+0x240/0x240 [ 631.027483] ? lock_downgrade+0x810/0x810 [ 631.031661] skb_clone+0x156/0x3e0 [ 631.035214] netlink_broadcast_filtered+0x86e/0xb20 [ 631.040258] netlink_broadcast+0x3a/0x50 [ 631.044326] kobject_uevent_env+0xad4/0x101d [ 631.048782] kobject_uevent+0x20/0x26 [ 631.052604] device_add+0xb3a/0x1760 [ 631.056327] ? get_device_parent.isra.0+0x570/0x570 [ 631.061359] ? start_creating+0x163/0x1e0 [ 631.065517] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 631.071078] hci_register_dev+0x304/0x880 [ 631.075254] hci_uart_tty_ioctl+0x761/0xaf0 [ 631.079594] tty_ioctl+0x8b5/0x1510 [ 631.083233] ? hci_uart_init_work+0x140/0x140 [ 631.087746] ? tty_vhangup+0x30/0x30 [ 631.091479] ? mark_held_locks+0x100/0x100 [ 631.095731] ? debug_smp_processor_id+0x1c/0x20 [ 631.100419] ? __fget+0x340/0x540 [ 631.103875] ? ___might_sleep+0x163/0x280 [ 631.108012] ? __might_sleep+0x95/0x190 [ 631.111989] ? tty_vhangup+0x30/0x30 [ 631.115714] do_vfs_ioctl+0xd5f/0x1380 [ 631.119614] ? selinux_file_ioctl+0x46f/0x5e0 [ 631.124109] ? selinux_file_ioctl+0x125/0x5e0 [ 631.128609] ? ioctl_preallocate+0x210/0x210 [ 631.133063] ? selinux_file_mprotect+0x620/0x620 [ 631.137813] ? iterate_fd+0x360/0x360 [ 631.141621] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 631.147217] ? fput+0x128/0x1a0 [ 631.150535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 631.156074] ? security_file_ioctl+0x8d/0xc0 [ 631.160495] ksys_ioctl+0xab/0xd0 [ 631.163949] __x64_sys_ioctl+0x73/0xb0 [ 631.167831] do_syscall_64+0xfd/0x620 [ 631.171641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 631.176832] RIP: 0033:0x459829 [ 631.180026] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 631.199415] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 631.207132] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 631.214389] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 631.221655] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 631.228939] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 631.236219] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 631.246868] Bluetooth: hci0: Frame reassembly failed (-84) 01:09:49 executing program 2 (fault-call:3 fault-nth:30): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:49 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 631.665839] FAULT_INJECTION: forcing a failure. [ 631.665839] name failslab, interval 1, probability 0, space 0, times 0 [ 631.686946] CPU: 0 PID: 11077 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 631.694003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.703384] Call Trace: [ 631.706007] dump_stack+0x172/0x1f0 [ 631.709676] should_fail.cold+0xa/0x1b [ 631.713599] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 631.718732] ? lock_downgrade+0x810/0x810 [ 631.722907] ? ___might_sleep+0x163/0x280 [ 631.727089] __should_failslab+0x121/0x190 [ 631.731358] should_failslab+0x9/0x14 [ 631.735187] __kmalloc+0x2e2/0x750 [ 631.738768] ? rcu_read_lock_sched_held+0x110/0x130 [ 631.743811] ? kobject_get_path+0xc4/0x1b0 [ 631.748082] kobject_get_path+0xc4/0x1b0 [ 631.752184] kobject_uevent_env+0x3ab/0x101d [ 631.756642] kobject_uevent+0x20/0x26 [ 631.760473] device_add+0xb3a/0x1760 [ 631.764235] ? get_device_parent.isra.0+0x570/0x570 [ 631.769279] ? start_creating+0x163/0x1e0 [ 631.773463] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 631.779039] hci_register_dev+0x304/0x880 [ 631.783243] hci_uart_tty_ioctl+0x761/0xaf0 [ 631.787598] tty_ioctl+0x8b5/0x1510 [ 631.791257] ? hci_uart_init_work+0x140/0x140 [ 631.795779] ? tty_vhangup+0x30/0x30 [ 631.799515] ? mark_held_locks+0x100/0x100 [ 631.803787] ? perf_trace_lock_acquire+0x380/0x580 [ 631.808755] ? __fget+0x340/0x540 [ 631.812240] ? ___might_sleep+0x163/0x280 [ 631.816418] ? __might_sleep+0x95/0x190 [ 631.820419] ? tty_vhangup+0x30/0x30 [ 631.824164] do_vfs_ioctl+0xd5f/0x1380 [ 631.828083] ? selinux_file_ioctl+0x46f/0x5e0 [ 631.832601] ? selinux_file_ioctl+0x125/0x5e0 [ 631.837123] ? ioctl_preallocate+0x210/0x210 [ 631.841563] ? selinux_file_mprotect+0x620/0x620 [ 631.846363] ? iterate_fd+0x360/0x360 [ 631.850202] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 631.855764] ? fput+0x128/0x1a0 [ 631.859085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 631.864649] ? security_file_ioctl+0x8d/0xc0 [ 631.869091] ksys_ioctl+0xab/0xd0 [ 631.872575] __x64_sys_ioctl+0x73/0xb0 [ 631.876497] do_syscall_64+0xfd/0x620 [ 631.880332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 631.885543] RIP: 0033:0x459829 [ 631.888756] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 631.907680] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 631.915441] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 631.922730] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 631.930023] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 631.937312] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 631.944601] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 631.958627] Bluetooth: hci1: command 0x1001 tx timeout [ 631.958894] Bluetooth: hci2: command 0x1003 tx timeout [ 631.963993] Bluetooth: hci1: sending frame failed (-49) [ 631.983869] Bluetooth: hci3: Frame reassembly failed (-84) [ 631.989690] Bluetooth: hci2: sending frame failed (-49) [ 633.298693] Bluetooth: hci0: command 0x1003 tx timeout [ 633.304237] Bluetooth: hci0: sending frame failed (-49) [ 634.018660] Bluetooth: hci2: command 0x1001 tx timeout [ 634.024046] Bluetooth: hci2: sending frame failed (-49) [ 634.029856] Bluetooth: hci3: command 0x1003 tx timeout [ 634.035218] Bluetooth: hci3: sending frame failed (-49) [ 634.040902] Bluetooth: hci1: command 0x1009 tx timeout [ 635.378686] Bluetooth: hci0: command 0x1001 tx timeout [ 635.384586] Bluetooth: hci0: sending frame failed (-49) [ 636.098706] Bluetooth: hci3: command 0x1001 tx timeout [ 636.104105] Bluetooth: hci3: sending frame failed (-49) [ 636.109950] Bluetooth: hci2: command 0x1009 tx timeout [ 637.458722] Bluetooth: hci0: command 0x1009 tx timeout 01:09:55 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 638.178678] Bluetooth: hci3: command 0x1009 tx timeout 01:09:57 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x541d, 0x0) 01:09:57 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:57 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:57 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:57 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:57 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 640.034040] Bluetooth: hci1: Frame reassembly failed (-84) 01:09:59 executing program 0 (fault-call:3 fault-nth:33): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:09:59 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:09:59 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 641.923983] FAULT_INJECTION: forcing a failure. [ 641.923983] name failslab, interval 1, probability 0, space 0, times 0 [ 641.942966] CPU: 0 PID: 11101 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 641.950002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.959364] Call Trace: [ 641.961970] dump_stack+0x172/0x1f0 [ 641.965627] should_fail.cold+0xa/0x1b [ 641.969542] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 641.974660] ? lock_downgrade+0x810/0x810 [ 641.978821] ? ___might_sleep+0x163/0x280 [ 641.982985] __should_failslab+0x121/0x190 [ 641.987236] should_failslab+0x9/0x14 [ 641.991049] kmem_cache_alloc_node_trace+0x274/0x720 [ 641.996177] ? __alloc_skb+0xd5/0x5f0 [ 642.000000] __kmalloc_node_track_caller+0x3d/0x80 [ 642.004946] __kmalloc_reserve.isra.0+0x40/0xf0 [ 642.009629] __alloc_skb+0x10b/0x5f0 [ 642.013359] ? skb_scrub_packet+0x490/0x490 [ 642.017701] ? kasan_check_read+0x11/0x20 [ 642.021867] alloc_uevent_skb+0x83/0x1e2 [ 642.025943] kobject_uevent_env+0xaa3/0x101d [ 642.030374] kobject_uevent+0x20/0x26 [ 642.034198] device_add+0xb3a/0x1760 [ 642.037932] ? get_device_parent.isra.0+0x570/0x570 [ 642.042959] ? start_creating+0x163/0x1e0 [ 642.047120] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 642.052677] hci_register_dev+0x304/0x880 [ 642.056851] hci_uart_tty_ioctl+0x761/0xaf0 [ 642.061196] tty_ioctl+0x8b5/0x1510 [ 642.064833] ? hci_uart_init_work+0x140/0x140 [ 642.069338] ? tty_vhangup+0x30/0x30 [ 642.073061] ? mark_held_locks+0x100/0x100 [ 642.077774] ? proc_cwd_link+0x1d0/0x1d0 [ 642.081855] ? __fget+0x340/0x540 [ 642.085332] ? ___might_sleep+0x163/0x280 [ 642.089495] ? __might_sleep+0x95/0x190 [ 642.093480] ? tty_vhangup+0x30/0x30 [ 642.097207] do_vfs_ioctl+0xd5f/0x1380 [ 642.101104] ? selinux_file_ioctl+0x46f/0x5e0 [ 642.105611] ? selinux_file_ioctl+0x125/0x5e0 [ 642.110119] ? ioctl_preallocate+0x210/0x210 [ 642.114536] ? selinux_file_mprotect+0x620/0x620 [ 642.119337] ? iterate_fd+0x360/0x360 [ 642.123159] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 642.128713] ? fput+0x128/0x1a0 [ 642.132014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.137562] ? security_file_ioctl+0x8d/0xc0 [ 642.141986] ksys_ioctl+0xab/0xd0 [ 642.145452] __x64_sys_ioctl+0x73/0xb0 [ 642.149354] do_syscall_64+0xfd/0x620 [ 642.153182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.158382] RIP: 0033:0x459829 [ 642.161584] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 642.180493] RSP: 002b:00007fd01d6e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 642.188221] RAX: ffffffffffffffda RBX: 00007fd01d6e3c90 RCX: 0000000000459829 [ 642.195495] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 642.202770] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 642.210044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d6e46d4 [ 642.217320] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 642.229335] Bluetooth: hci1: command 0x1003 tx timeout [ 642.238721] Bluetooth: hci1: sending frame failed (-49) [ 642.246949] Bluetooth: hci0: Frame reassembly failed (-84) 01:10:00 executing program 2 (fault-call:3 fault-nth:31): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:00 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:00 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 642.477519] FAULT_INJECTION: forcing a failure. [ 642.477519] name failslab, interval 1, probability 0, space 0, times 0 [ 642.514304] CPU: 1 PID: 11107 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 642.521401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.530766] Call Trace: [ 642.533380] dump_stack+0x172/0x1f0 [ 642.537037] should_fail.cold+0xa/0x1b [ 642.540951] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 642.546072] ? lock_downgrade+0x810/0x810 [ 642.550265] ? ___might_sleep+0x163/0x280 [ 642.554435] __should_failslab+0x121/0x190 [ 642.558695] should_failslab+0x9/0x14 [ 642.562515] kmem_cache_alloc_trace+0x2cc/0x760 [ 642.567199] ? kasan_check_write+0x14/0x20 [ 642.571455] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 642.576330] kobject_uevent_env+0x387/0x101d [ 642.580773] kobject_uevent+0x20/0x26 [ 642.584592] device_add+0xb3a/0x1760 [ 642.588336] ? get_device_parent.isra.0+0x570/0x570 [ 642.593371] ? start_creating+0x163/0x1e0 [ 642.597543] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 642.603108] hci_register_dev+0x304/0x880 [ 642.607283] hci_uart_tty_ioctl+0x761/0xaf0 [ 642.611623] tty_ioctl+0x8b5/0x1510 [ 642.615271] ? hci_uart_init_work+0x140/0x140 [ 642.619787] ? tty_vhangup+0x30/0x30 [ 642.623517] ? mark_held_locks+0x100/0x100 [ 642.627775] ? debug_smp_processor_id+0x1c/0x20 [ 642.632464] ? __fget+0x340/0x540 [ 642.635933] ? ___might_sleep+0x163/0x280 [ 642.640097] ? __might_sleep+0x95/0x190 [ 642.644094] ? tty_vhangup+0x30/0x30 [ 642.647829] do_vfs_ioctl+0xd5f/0x1380 [ 642.651738] ? selinux_file_ioctl+0x46f/0x5e0 [ 642.656248] ? selinux_file_ioctl+0x125/0x5e0 [ 642.660763] ? ioctl_preallocate+0x210/0x210 [ 642.665185] ? selinux_file_mprotect+0x620/0x620 [ 642.669968] ? iterate_fd+0x360/0x360 [ 642.673790] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 642.679340] ? fput+0x128/0x1a0 [ 642.682647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.688202] ? security_file_ioctl+0x8d/0xc0 [ 642.692630] ksys_ioctl+0xab/0xd0 [ 642.696107] __x64_sys_ioctl+0x73/0xb0 [ 642.700017] do_syscall_64+0xfd/0x620 [ 642.703836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.709035] RIP: 0033:0x459829 [ 642.712245] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 642.731163] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 642.738895] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 642.746179] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 642.753463] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 642.760744] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 642.768022] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 642.787883] Bluetooth: hci2: Frame reassembly failed (-84) [ 644.258634] Bluetooth: hci1: command 0x1001 tx timeout [ 644.264032] Bluetooth: hci1: sending frame failed (-49) [ 644.269848] Bluetooth: hci0: command 0x1003 tx timeout [ 644.275224] Bluetooth: hci0: sending frame failed (-49) [ 644.818656] Bluetooth: hci2: command 0x1003 tx timeout [ 644.824055] Bluetooth: hci2: sending frame failed (-49) [ 646.338661] Bluetooth: hci0: command 0x1001 tx timeout [ 646.344072] Bluetooth: hci0: sending frame failed (-49) [ 646.349877] Bluetooth: hci1: command 0x1009 tx timeout [ 646.898674] Bluetooth: hci2: command 0x1001 tx timeout [ 646.904069] Bluetooth: hci2: sending frame failed (-49) [ 648.418689] Bluetooth: hci0: command 0x1009 tx timeout [ 648.978772] Bluetooth: hci2: command 0x1009 tx timeout 01:10:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x541f, 0x0) 01:10:07 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:07 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:07 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97f"], 0xc}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:07 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 650.254953] Bluetooth: hci1: Frame reassembly failed (-84) 01:10:08 executing program 4: [ 652.258678] Bluetooth: hci1: command 0x1003 tx timeout [ 652.264162] Bluetooth: hci1: sending frame failed (-49) 01:10:10 executing program 0 (fault-call:3 fault-nth:34): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:10 executing program 4: 01:10:10 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 652.735059] FAULT_INJECTION: forcing a failure. [ 652.735059] name failslab, interval 1, probability 0, space 0, times 0 [ 652.746935] CPU: 0 PID: 11124 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 652.753985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 652.763358] Call Trace: [ 652.765987] dump_stack+0x172/0x1f0 [ 652.769660] should_fail.cold+0xa/0x1b [ 652.773581] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 652.778720] ? lock_downgrade+0x810/0x810 [ 652.782899] ? ___might_sleep+0x163/0x280 [ 652.787091] __should_failslab+0x121/0x190 [ 652.791361] should_failslab+0x9/0x14 [ 652.795203] kmem_cache_alloc_node_trace+0x274/0x720 [ 652.800334] ? refcount_dec_and_test_checked+0x1b/0x20 [ 652.805641] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 652.811206] ? kobject_put+0x84/0xe0 [ 652.814964] __kmalloc_node_track_caller+0x3d/0x80 [ 652.819925] devm_kmalloc+0x92/0x1a0 [ 652.823680] hci_leds_init+0x32/0x1c0 [ 652.827528] hci_register_dev+0x328/0x880 [ 652.831723] hci_uart_tty_ioctl+0x761/0xaf0 [ 652.836084] tty_ioctl+0x8b5/0x1510 [ 652.839734] ? hci_uart_init_work+0x140/0x140 [ 652.844253] ? tty_vhangup+0x30/0x30 [ 652.847999] ? mark_held_locks+0x100/0x100 [ 652.852269] ? perf_trace_lock_acquire+0x380/0x580 [ 652.857240] ? __fget+0x340/0x540 [ 652.860725] ? ___might_sleep+0x163/0x280 [ 652.864914] ? __might_sleep+0x95/0x190 [ 652.868919] ? tty_vhangup+0x30/0x30 [ 652.872665] do_vfs_ioctl+0xd5f/0x1380 [ 652.876579] ? selinux_file_ioctl+0x46f/0x5e0 [ 652.881098] ? selinux_file_ioctl+0x125/0x5e0 [ 652.885619] ? ioctl_preallocate+0x210/0x210 [ 652.890052] ? selinux_file_mprotect+0x620/0x620 [ 652.894849] ? iterate_fd+0x360/0x360 [ 652.898682] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 652.904248] ? fput+0x128/0x1a0 [ 652.907570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 652.913131] ? security_file_ioctl+0x8d/0xc0 [ 652.917578] ksys_ioctl+0xab/0xd0 [ 652.921068] __x64_sys_ioctl+0x73/0xb0 [ 652.924990] do_syscall_64+0xfd/0x620 [ 652.928832] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 652.934043] RIP: 0033:0x459829 [ 652.937256] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 652.956186] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 652.963933] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 652.971225] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 652.978518] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 652.985806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 652.993099] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 653.003264] Bluetooth: hci0: Frame reassembly failed (-84) 01:10:11 executing program 2 (fault-call:3 fault-nth:32): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:11 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:11 executing program 4: [ 653.377976] FAULT_INJECTION: forcing a failure. [ 653.377976] name failslab, interval 1, probability 0, space 0, times 0 [ 653.397509] CPU: 1 PID: 11129 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 653.404583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 653.413955] Call Trace: [ 653.416534] dump_stack+0x172/0x1f0 [ 653.420153] should_fail.cold+0xa/0x1b [ 653.424048] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 653.429149] ? lock_downgrade+0x810/0x810 [ 653.433290] ? ___might_sleep+0x163/0x280 [ 653.437429] __should_failslab+0x121/0x190 [ 653.441654] should_failslab+0x9/0x14 [ 653.445444] kmem_cache_alloc_node+0x26c/0x710 [ 653.450119] ? find_held_lock+0x35/0x130 [ 653.454187] __alloc_skb+0xd5/0x5f0 [ 653.457804] ? skb_scrub_packet+0x490/0x490 [ 653.462114] ? kasan_check_read+0x11/0x20 [ 653.466253] alloc_uevent_skb+0x83/0x1e2 [ 653.470304] kobject_uevent_env+0xaa3/0x101d [ 653.474704] kobject_uevent+0x20/0x26 [ 653.478496] device_add+0xb3a/0x1760 [ 653.482203] ? get_device_parent.isra.0+0x570/0x570 [ 653.487211] ? start_creating+0x163/0x1e0 [ 653.491351] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 653.496881] hci_register_dev+0x304/0x880 [ 653.501022] hci_uart_tty_ioctl+0x761/0xaf0 [ 653.505335] tty_ioctl+0x8b5/0x1510 [ 653.508948] ? hci_uart_init_work+0x140/0x140 [ 653.513468] ? tty_vhangup+0x30/0x30 [ 653.517197] ? mark_held_locks+0x100/0x100 [ 653.521422] ? perf_trace_lock_acquire+0x380/0x580 [ 653.526341] ? __fget+0x340/0x540 [ 653.529784] ? ___might_sleep+0x163/0x280 [ 653.533922] ? __might_sleep+0x95/0x190 [ 653.537884] ? tty_vhangup+0x30/0x30 [ 653.541624] do_vfs_ioctl+0xd5f/0x1380 [ 653.545505] ? selinux_file_ioctl+0x46f/0x5e0 [ 653.549988] ? selinux_file_ioctl+0x125/0x5e0 [ 653.554471] ? ioctl_preallocate+0x210/0x210 [ 653.558864] ? selinux_file_mprotect+0x620/0x620 [ 653.563618] ? iterate_fd+0x360/0x360 [ 653.567453] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 653.572979] ? fput+0x128/0x1a0 [ 653.576252] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 653.581778] ? security_file_ioctl+0x8d/0xc0 [ 653.586181] ksys_ioctl+0xab/0xd0 [ 653.589626] __x64_sys_ioctl+0x73/0xb0 [ 653.593503] do_syscall_64+0xfd/0x620 [ 653.597292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 653.602472] RIP: 0033:0x459829 [ 653.605673] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 653.624582] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 653.632288] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 653.639563] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 653.646821] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 653.654077] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 653.661368] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 653.676060] Bluetooth: hci2: Frame reassembly failed (-84) [ 654.338646] Bluetooth: hci1: command 0x1001 tx timeout [ 654.344046] Bluetooth: hci1: sending frame failed (-49) [ 655.058754] Bluetooth: hci0: command 0x1003 tx timeout [ 655.064163] Bluetooth: hci0: sending frame failed (-49) [ 655.698641] Bluetooth: hci2: command 0x1003 tx timeout [ 655.704150] Bluetooth: hci2: sending frame failed (-49) [ 656.418686] Bluetooth: hci1: command 0x1009 tx timeout [ 657.138716] Bluetooth: hci0: command 0x1001 tx timeout [ 657.144125] Bluetooth: hci0: sending frame failed (-49) [ 657.778658] Bluetooth: hci2: command 0x1001 tx timeout [ 657.784058] Bluetooth: hci2: sending frame failed (-49) [ 659.218663] Bluetooth: hci0: command 0x1009 tx timeout [ 659.858637] Bluetooth: hci2: command 0x1009 tx timeout 01:10:18 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5421, 0x0) 01:10:18 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:18 executing program 4: 01:10:18 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:18 executing program 4: 01:10:18 executing program 4: [ 660.442568] Bluetooth: hci1: Frame reassembly failed (-84) [ 662.498644] Bluetooth: hci1: command 0x1003 tx timeout [ 662.504128] Bluetooth: hci1: sending frame failed (-49) 01:10:21 executing program 0 (fault-call:3 fault-nth:35): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:21 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:21 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 663.656885] FAULT_INJECTION: forcing a failure. [ 663.656885] name failslab, interval 1, probability 0, space 0, times 0 [ 663.668389] CPU: 0 PID: 11144 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 663.675435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.684811] Call Trace: [ 663.687430] dump_stack+0x172/0x1f0 [ 663.691097] should_fail.cold+0xa/0x1b [ 663.695019] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 663.700152] ? lock_downgrade+0x810/0x810 [ 663.704335] ? ___might_sleep+0x163/0x280 [ 663.708521] __should_failslab+0x121/0x190 [ 663.712784] should_failslab+0x9/0x14 [ 663.716615] kmem_cache_alloc_node_trace+0x274/0x720 [ 663.721748] ? vsnprintf+0x32a/0x19a0 [ 663.725601] __kmalloc_node_track_caller+0x3d/0x80 [ 663.730564] devm_kmalloc+0x92/0x1a0 [ 663.734315] devm_kvasprintf+0xcd/0x140 [ 663.738313] ? devm_kmemdup+0x60/0x60 [ 663.742134] ? devres_add+0x40/0x50 [ 663.745803] ? mark_held_locks+0xb1/0x100 [ 663.749988] devm_kasprintf+0xbb/0xf0 [ 663.753816] ? devm_kvasprintf+0x140/0x140 [ 663.758090] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 663.763231] ? devres_add+0x40/0x50 [ 663.766913] hci_leds_init+0xb3/0x1c0 [ 663.770753] hci_register_dev+0x328/0x880 [ 663.774943] hci_uart_tty_ioctl+0x761/0xaf0 [ 663.779300] tty_ioctl+0x8b5/0x1510 [ 663.782952] ? hci_uart_init_work+0x140/0x140 [ 663.787474] ? tty_vhangup+0x30/0x30 [ 663.791220] ? mark_held_locks+0x100/0x100 [ 663.795484] ? perf_trace_lock_acquire+0x380/0x580 [ 663.800448] ? __fget+0x340/0x540 [ 663.803925] ? ___might_sleep+0x163/0x280 [ 663.808103] ? __might_sleep+0x95/0x190 [ 663.812106] ? tty_vhangup+0x30/0x30 [ 663.815851] do_vfs_ioctl+0xd5f/0x1380 [ 663.819764] ? selinux_file_ioctl+0x46f/0x5e0 [ 663.824279] ? selinux_file_ioctl+0x125/0x5e0 [ 663.828800] ? ioctl_preallocate+0x210/0x210 [ 663.833228] ? selinux_file_mprotect+0x620/0x620 [ 663.838028] ? iterate_fd+0x360/0x360 [ 663.841860] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 663.847428] ? fput+0x128/0x1a0 [ 663.850749] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.856309] ? security_file_ioctl+0x8d/0xc0 [ 663.860752] ksys_ioctl+0xab/0xd0 [ 663.864243] __x64_sys_ioctl+0x73/0xb0 [ 663.868156] do_syscall_64+0xfd/0x620 [ 663.872001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.877209] RIP: 0033:0x459829 [ 663.880424] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 663.899352] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 663.907118] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 663.916578] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 663.923866] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 663.931154] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 663.938445] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 663.951764] Bluetooth: hci0: Frame reassembly failed (-84) 01:10:21 executing program 2 (fault-call:3 fault-nth:33): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:21 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:21 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 664.281499] FAULT_INJECTION: forcing a failure. [ 664.281499] name failslab, interval 1, probability 0, space 0, times 0 [ 664.315928] CPU: 1 PID: 11150 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 664.322979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.332343] Call Trace: [ 664.334947] dump_stack+0x172/0x1f0 [ 664.338595] should_fail.cold+0xa/0x1b [ 664.342502] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 664.347620] ? lock_downgrade+0x810/0x810 [ 664.351781] ? ___might_sleep+0x163/0x280 [ 664.355950] __should_failslab+0x121/0x190 [ 664.360206] should_failslab+0x9/0x14 [ 664.364017] kmem_cache_alloc_node_trace+0x274/0x720 [ 664.369137] ? __alloc_skb+0xd5/0x5f0 [ 664.372962] __kmalloc_node_track_caller+0x3d/0x80 [ 664.377908] __kmalloc_reserve.isra.0+0x40/0xf0 [ 664.382593] __alloc_skb+0x10b/0x5f0 [ 664.386322] ? skb_scrub_packet+0x490/0x490 [ 664.390659] ? kasan_check_read+0x11/0x20 [ 664.394830] alloc_uevent_skb+0x83/0x1e2 [ 664.398908] kobject_uevent_env+0xaa3/0x101d [ 664.403343] kobject_uevent+0x20/0x26 [ 664.407156] device_add+0xb3a/0x1760 [ 664.410890] ? get_device_parent.isra.0+0x570/0x570 [ 664.415946] ? start_creating+0x163/0x1e0 [ 664.420146] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 664.425707] hci_register_dev+0x304/0x880 [ 664.429876] hci_uart_tty_ioctl+0x761/0xaf0 [ 664.434214] tty_ioctl+0x8b5/0x1510 [ 664.437854] ? hci_uart_init_work+0x140/0x140 [ 664.442359] ? tty_vhangup+0x30/0x30 [ 664.446082] ? mark_held_locks+0x100/0x100 [ 664.450337] ? debug_smp_processor_id+0x1c/0x20 [ 664.455026] ? __fget+0x340/0x540 [ 664.458490] ? ___might_sleep+0x163/0x280 [ 664.462652] ? __might_sleep+0x95/0x190 [ 664.466640] ? tty_vhangup+0x30/0x30 [ 664.470370] do_vfs_ioctl+0xd5f/0x1380 [ 664.474267] ? selinux_file_ioctl+0x46f/0x5e0 [ 664.478772] ? selinux_file_ioctl+0x125/0x5e0 [ 664.483279] ? ioctl_preallocate+0x210/0x210 [ 664.487698] ? selinux_file_mprotect+0x620/0x620 [ 664.492477] ? iterate_fd+0x360/0x360 [ 664.496291] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 664.501837] ? fput+0x128/0x1a0 [ 664.505137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.510688] ? security_file_ioctl+0x8d/0xc0 [ 664.515111] ksys_ioctl+0xab/0xd0 [ 664.518572] __x64_sys_ioctl+0x73/0xb0 [ 664.522477] do_syscall_64+0xfd/0x620 [ 664.526295] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 664.531494] RIP: 0033:0x459829 [ 664.534700] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 664.553612] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 664.561336] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 664.568614] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 664.575889] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 664.583164] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 664.590440] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 664.598912] Bluetooth: hci1: command 0x1001 tx timeout [ 664.614447] Bluetooth: hci1: sending frame failed (-49) [ 664.632367] Bluetooth: hci2: Frame reassembly failed (-84) [ 666.028642] Bluetooth: hci0: command 0x1003 tx timeout [ 666.034057] Bluetooth: hci0: sending frame failed (-49) [ 666.668848] Bluetooth: hci2: command 0x1003 tx timeout [ 666.674198] Bluetooth: hci1: command 0x1009 tx timeout [ 666.674243] Bluetooth: hci2: sending frame failed (-49) [ 668.108642] Bluetooth: hci0: command 0x1001 tx timeout [ 668.114055] Bluetooth: hci0: sending frame failed (-49) [ 668.738752] Bluetooth: hci2: command 0x1001 tx timeout [ 668.744162] Bluetooth: hci2: sending frame failed (-49) [ 670.178684] Bluetooth: hci0: command 0x1009 tx timeout 01:10:28 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5423, 0x0) 01:10:28 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x541d, 0x0) 01:10:28 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:28 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:28 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) [ 670.650432] Bluetooth: hci1: Frame reassembly failed (-84) [ 670.672885] Bluetooth: hci3: Frame reassembly failed (-84) 01:10:28 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 670.818902] Bluetooth: hci2: command 0x1009 tx timeout [ 672.658690] Bluetooth: hci1: command 0x1003 tx timeout [ 672.664215] Bluetooth: hci1: sending frame failed (-49) [ 672.738683] Bluetooth: hci3: command 0x1003 tx timeout [ 672.744203] Bluetooth: hci3: sending frame failed (-49) 01:10:32 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 01:10:32 executing program 0 (fault-call:3 fault-nth:36): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:32 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 674.552490] FAULT_INJECTION: forcing a failure. [ 674.552490] name failslab, interval 1, probability 0, space 0, times 0 [ 674.577982] CPU: 1 PID: 11171 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 674.585024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 674.594382] Call Trace: [ 674.596988] dump_stack+0x172/0x1f0 [ 674.600732] should_fail.cold+0xa/0x1b [ 674.604643] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 674.609769] ? lock_downgrade+0x810/0x810 [ 674.613935] ? ___might_sleep+0x163/0x280 [ 674.618104] __should_failslab+0x121/0x190 [ 674.622359] should_failslab+0x9/0x14 [ 674.626175] kmem_cache_alloc_node_trace+0x274/0x720 [ 674.631306] __kmalloc_node_track_caller+0x3d/0x80 [ 674.636254] ? led_trigger_unregister+0x2f0/0x2f0 [ 674.641110] __devres_alloc_node+0x69/0x160 [ 674.645456] devm_led_trigger_register+0x36/0xd0 [ 674.650227] hci_leds_init+0xee/0x1c0 [ 674.654045] hci_register_dev+0x328/0x880 [ 674.658216] hci_uart_tty_ioctl+0x761/0xaf0 [ 674.662555] tty_ioctl+0x8b5/0x1510 [ 674.666203] ? hci_uart_init_work+0x140/0x140 [ 674.670709] ? tty_vhangup+0x30/0x30 [ 674.670726] ? mark_held_locks+0x100/0x100 [ 674.670746] ? proc_cwd_link+0x1d0/0x1d0 [ 674.678696] ? __fget+0x340/0x540 [ 674.678714] ? ___might_sleep+0x163/0x280 [ 674.678732] ? __might_sleep+0x95/0x190 [ 674.678748] ? tty_vhangup+0x30/0x30 [ 674.678766] do_vfs_ioctl+0xd5f/0x1380 [ 674.701960] ? selinux_file_ioctl+0x46f/0x5e0 [ 674.706468] ? selinux_file_ioctl+0x125/0x5e0 [ 674.710981] ? ioctl_preallocate+0x210/0x210 [ 674.715407] ? selinux_file_mprotect+0x620/0x620 [ 674.720190] ? iterate_fd+0x360/0x360 [ 674.724008] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 674.729558] ? fput+0x128/0x1a0 [ 674.732864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.738413] ? security_file_ioctl+0x8d/0xc0 [ 674.742841] ksys_ioctl+0xab/0xd0 [ 674.746312] __x64_sys_ioctl+0x73/0xb0 [ 674.750222] do_syscall_64+0xfd/0x620 [ 674.754041] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 674.759233] RIP: 0033:0x459829 [ 674.762432] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 674.781341] RSP: 002b:00007fd01d6e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 674.789082] RAX: ffffffffffffffda RBX: 00007fd01d6e3c90 RCX: 0000000000459829 [ 674.796359] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 674.803638] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 674.810921] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d6e46d4 [ 674.818197] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 674.827586] Bluetooth: hci1: command 0x1001 tx timeout [ 674.833275] Bluetooth: hci1: sending frame failed (-49) [ 674.838960] Bluetooth: hci3: command 0x1001 tx timeout [ 674.844550] Bluetooth: hci3: sending frame failed (-49) [ 674.852793] Bluetooth: hci0: Frame reassembly failed (-84) 01:10:32 executing program 2 (fault-call:3 fault-nth:34): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:32 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x0) 01:10:32 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 675.141775] FAULT_INJECTION: forcing a failure. [ 675.141775] name failslab, interval 1, probability 0, space 0, times 0 [ 675.188748] CPU: 0 PID: 11177 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 675.195822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 675.205205] Call Trace: [ 675.207824] dump_stack+0x172/0x1f0 [ 675.211496] should_fail.cold+0xa/0x1b [ 675.215415] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 675.220540] ? lock_downgrade+0x810/0x810 [ 675.224724] ? ___might_sleep+0x163/0x280 [ 675.228910] __should_failslab+0x121/0x190 [ 675.233188] should_failslab+0x9/0x14 [ 675.237016] kmem_cache_alloc+0x2ae/0x700 [ 675.241199] ? refcount_add_not_zero_checked+0x240/0x240 [ 675.246672] ? lock_downgrade+0x810/0x810 [ 675.250845] skb_clone+0x156/0x3e0 [ 675.254385] netlink_broadcast_filtered+0x86e/0xb20 [ 675.259409] netlink_broadcast+0x3a/0x50 [ 675.263467] kobject_uevent_env+0xad4/0x101d [ 675.267881] kobject_uevent+0x20/0x26 [ 675.271676] device_add+0xb3a/0x1760 [ 675.275392] ? get_device_parent.isra.0+0x570/0x570 [ 675.280400] ? start_creating+0x163/0x1e0 [ 675.284544] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 675.290079] hci_register_dev+0x304/0x880 [ 675.294227] hci_uart_tty_ioctl+0x761/0xaf0 [ 675.298560] tty_ioctl+0x8b5/0x1510 [ 675.302199] ? hci_uart_init_work+0x140/0x140 [ 675.306687] ? tty_vhangup+0x30/0x30 [ 675.310393] ? mark_held_locks+0x100/0x100 [ 675.314624] ? debug_smp_processor_id+0x1c/0x20 [ 675.319291] ? __fget+0x340/0x540 [ 675.322737] ? ___might_sleep+0x163/0x280 [ 675.326881] ? __might_sleep+0x95/0x190 [ 675.330856] ? tty_vhangup+0x30/0x30 [ 675.334566] do_vfs_ioctl+0xd5f/0x1380 [ 675.338447] ? selinux_file_ioctl+0x46f/0x5e0 [ 675.342933] ? selinux_file_ioctl+0x125/0x5e0 [ 675.347472] ? ioctl_preallocate+0x210/0x210 [ 675.351891] ? selinux_file_mprotect+0x620/0x620 [ 675.356657] ? iterate_fd+0x360/0x360 [ 675.360456] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 675.366002] ? fput+0x128/0x1a0 [ 675.369317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.374848] ? security_file_ioctl+0x8d/0xc0 [ 675.379252] ksys_ioctl+0xab/0xd0 [ 675.382709] __x64_sys_ioctl+0x73/0xb0 [ 675.386592] do_syscall_64+0xfd/0x620 [ 675.390394] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 675.395593] RIP: 0033:0x459829 [ 675.398780] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 675.417691] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 675.425394] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 675.432669] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 675.439931] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 675.447192] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 675.454450] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 675.466714] Bluetooth: hci2: Frame reassembly failed (-84) [ 676.898656] Bluetooth: hci0: command 0x1003 tx timeout [ 676.904022] Bluetooth: hci3: command 0x1009 tx timeout [ 676.904087] Bluetooth: hci0: sending frame failed (-49) [ 676.909742] Bluetooth: hci1: command 0x1009 tx timeout [ 677.538658] Bluetooth: hci2: command 0x1003 tx timeout [ 677.544044] Bluetooth: hci2: sending frame failed (-49) [ 678.978622] Bluetooth: hci0: command 0x1001 tx timeout [ 678.984033] Bluetooth: hci0: sending frame failed (-49) [ 679.618618] Bluetooth: hci2: command 0x1001 tx timeout [ 679.624029] Bluetooth: hci2: sending frame failed (-49) 01:10:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5424, 0x0) 01:10:38 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB]}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:38 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:38 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x2, 0x0) [ 680.924840] Bluetooth: hci1: Frame reassembly failed (-84) [ 680.938321] Bluetooth: hci1: Frame reassembly failed (-84) 01:10:38 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 681.013960] Bluetooth: hci3: Frame reassembly failed (-84) [ 681.058703] Bluetooth: hci0: command 0x1009 tx timeout 01:10:38 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB]}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 681.698665] Bluetooth: hci2: command 0x1009 tx timeout [ 682.978655] Bluetooth: hci1: command 0x1003 tx timeout [ 682.984200] Bluetooth: hci1: sending frame failed (-49) [ 683.058645] Bluetooth: hci3: command 0x1003 tx timeout [ 683.064165] Bluetooth: hci3: sending frame failed (-49) [ 685.058645] Bluetooth: hci1: command 0x1001 tx timeout [ 685.064057] Bluetooth: hci1: sending frame failed (-49) [ 685.138644] Bluetooth: hci3: command 0x1001 tx timeout [ 685.144055] Bluetooth: hci3: sending frame failed (-49) 01:10:43 executing program 0 (fault-call:3 fault-nth:37): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:43 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:43 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[]}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 685.405474] FAULT_INJECTION: forcing a failure. [ 685.405474] name failslab, interval 1, probability 0, space 0, times 0 [ 685.434635] CPU: 0 PID: 11195 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 685.441694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.451071] Call Trace: [ 685.453695] dump_stack+0x172/0x1f0 [ 685.457366] should_fail.cold+0xa/0x1b [ 685.461290] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 685.466420] ? lock_downgrade+0x810/0x810 [ 685.470600] ? ___might_sleep+0x163/0x280 [ 685.474785] __should_failslab+0x121/0x190 [ 685.479051] should_failslab+0x9/0x14 [ 685.482874] __kmalloc+0x2e2/0x750 [ 685.486445] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 685.491580] ? devres_add+0x40/0x50 [ 685.495235] ? rfkill_alloc+0xaa/0x2b0 [ 685.499158] rfkill_alloc+0xaa/0x2b0 [ 685.502907] ? hci_leds_init+0x104/0x1c0 [ 685.507007] hci_register_dev+0x342/0x880 [ 685.511203] hci_uart_tty_ioctl+0x761/0xaf0 [ 685.515561] tty_ioctl+0x8b5/0x1510 [ 685.519221] ? hci_uart_init_work+0x140/0x140 [ 685.523745] ? tty_vhangup+0x30/0x30 [ 685.527494] ? mark_held_locks+0x100/0x100 [ 685.531760] ? perf_trace_lock_acquire+0x380/0x580 [ 685.536730] ? __fget+0x340/0x540 [ 685.540216] ? ___might_sleep+0x163/0x280 [ 685.544400] ? __might_sleep+0x95/0x190 [ 685.548406] ? tty_vhangup+0x30/0x30 [ 685.552153] do_vfs_ioctl+0xd5f/0x1380 [ 685.556074] ? selinux_file_ioctl+0x46f/0x5e0 [ 685.560596] ? selinux_file_ioctl+0x125/0x5e0 [ 685.565123] ? ioctl_preallocate+0x210/0x210 [ 685.569556] ? selinux_file_mprotect+0x620/0x620 [ 685.574359] ? iterate_fd+0x360/0x360 [ 685.578201] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 685.583769] ? fput+0x128/0x1a0 [ 685.587094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.592664] ? security_file_ioctl+0x8d/0xc0 [ 685.597105] ksys_ioctl+0xab/0xd0 [ 685.600593] __x64_sys_ioctl+0x73/0xb0 [ 685.604518] do_syscall_64+0xfd/0x620 [ 685.608351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.613561] RIP: 0033:0x459829 [ 685.616780] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 685.635703] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 685.643443] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 685.650730] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 685.658020] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 685.665306] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 685.672597] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 685.682482] Bluetooth: hci0: Frame reassembly failed (-84) 01:10:43 executing program 2 (fault-call:3 fault-nth:35): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:43 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[]}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:43 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 686.242201] FAULT_INJECTION: forcing a failure. [ 686.242201] name failslab, interval 1, probability 0, space 0, times 0 [ 686.261197] CPU: 1 PID: 11201 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 686.268229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.277593] Call Trace: [ 686.280206] dump_stack+0x172/0x1f0 [ 686.283862] should_fail.cold+0xa/0x1b [ 686.287772] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 686.292892] ? lock_downgrade+0x810/0x810 [ 686.297055] ? ___might_sleep+0x163/0x280 [ 686.301227] __should_failslab+0x121/0x190 [ 686.305477] should_failslab+0x9/0x14 [ 686.309289] kmem_cache_alloc_node_trace+0x274/0x720 [ 686.314403] ? refcount_dec_and_test_checked+0x1b/0x20 [ 686.319700] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 686.325336] ? kobject_put+0x84/0xe0 [ 686.329071] __kmalloc_node_track_caller+0x3d/0x80 [ 686.334019] devm_kmalloc+0x92/0x1a0 [ 686.337805] hci_leds_init+0x32/0x1c0 [ 686.341626] hci_register_dev+0x328/0x880 [ 686.345800] hci_uart_tty_ioctl+0x761/0xaf0 [ 686.350143] tty_ioctl+0x8b5/0x1510 [ 686.353784] ? hci_uart_init_work+0x140/0x140 [ 686.358291] ? tty_vhangup+0x30/0x30 [ 686.362019] ? mark_held_locks+0x100/0x100 [ 686.366273] ? debug_smp_processor_id+0x1c/0x20 [ 686.370961] ? __fget+0x340/0x540 [ 686.374431] ? ___might_sleep+0x163/0x280 [ 686.378591] ? __might_sleep+0x95/0x190 [ 686.382584] ? tty_vhangup+0x30/0x30 [ 686.386319] do_vfs_ioctl+0xd5f/0x1380 [ 686.390221] ? selinux_file_ioctl+0x46f/0x5e0 [ 686.394728] ? selinux_file_ioctl+0x125/0x5e0 [ 686.399241] ? ioctl_preallocate+0x210/0x210 [ 686.403661] ? selinux_file_mprotect+0x620/0x620 [ 686.408445] ? iterate_fd+0x360/0x360 [ 686.412264] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 686.417814] ? fput+0x128/0x1a0 [ 686.421115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.426668] ? security_file_ioctl+0x8d/0xc0 [ 686.431099] ksys_ioctl+0xab/0xd0 [ 686.434584] __x64_sys_ioctl+0x73/0xb0 [ 686.438487] do_syscall_64+0xfd/0x620 [ 686.442307] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.447508] RIP: 0033:0x459829 [ 686.450716] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 686.469631] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 686.477360] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 686.484641] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 686.491926] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 686.499207] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 686.506485] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 686.532822] Bluetooth: hci2: Frame reassembly failed (-84) [ 687.138705] Bluetooth: hci1: command 0x1009 tx timeout [ 687.218700] Bluetooth: hci3: command 0x1009 tx timeout [ 687.698703] Bluetooth: hci0: command 0x1003 tx timeout [ 687.704107] Bluetooth: hci0: sending frame failed (-49) [ 688.578657] Bluetooth: hci2: command 0x1003 tx timeout [ 688.584173] Bluetooth: hci2: sending frame failed (-49) [ 689.778788] Bluetooth: hci0: command 0x1001 tx timeout [ 689.784190] Bluetooth: hci0: sending frame failed (-49) [ 690.658651] Bluetooth: hci2: command 0x1001 tx timeout [ 690.664084] Bluetooth: hci2: sending frame failed (-49) 01:10:48 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:48 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5425, 0x0) 01:10:48 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[]}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:48 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 691.166891] Bluetooth: hci1: Frame reassembly failed (-84) 01:10:49 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:49 executing program 4 (fault-call:3 fault-nth:0): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 691.391165] FAULT_INJECTION: forcing a failure. [ 691.391165] name failslab, interval 1, probability 0, space 0, times 0 [ 691.411375] CPU: 1 PID: 11213 Comm: syz-executor.4 Not tainted 4.19.60 #33 [ 691.418413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.427776] Call Trace: [ 691.430388] dump_stack+0x172/0x1f0 [ 691.434041] should_fail.cold+0xa/0x1b [ 691.437951] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 691.443078] ? lock_downgrade+0x810/0x810 [ 691.447242] ? ___might_sleep+0x163/0x280 [ 691.451412] __should_failslab+0x121/0x190 [ 691.455668] should_failslab+0x9/0x14 [ 691.459497] kmem_cache_alloc_trace+0x2cc/0x760 [ 691.464183] ? ___might_sleep+0x163/0x280 [ 691.468360] hci_alloc_dev+0x43/0x1d00 [ 691.472266] hci_uart_tty_ioctl+0x2d7/0xaf0 [ 691.476609] tty_ioctl+0x8b5/0x1510 [ 691.480255] ? hci_uart_init_work+0x140/0x140 [ 691.484765] ? tty_vhangup+0x30/0x30 [ 691.488493] ? mark_held_locks+0x100/0x100 [ 691.492749] ? debug_smp_processor_id+0x1c/0x20 [ 691.497432] ? __fget+0x340/0x540 [ 691.500929] ? ___might_sleep+0x163/0x280 [ 691.505095] ? __might_sleep+0x95/0x190 [ 691.509083] ? tty_vhangup+0x30/0x30 [ 691.512814] do_vfs_ioctl+0xd5f/0x1380 [ 691.516715] ? selinux_file_ioctl+0x46f/0x5e0 [ 691.521232] ? selinux_file_ioctl+0x125/0x5e0 [ 691.525745] ? ioctl_preallocate+0x210/0x210 [ 691.530165] ? selinux_file_mprotect+0x620/0x620 [ 691.534946] ? iterate_fd+0x360/0x360 [ 691.538767] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 691.544318] ? fput+0x128/0x1a0 [ 691.547622] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.553175] ? security_file_ioctl+0x8d/0xc0 [ 691.557603] ksys_ioctl+0xab/0xd0 [ 691.561074] __x64_sys_ioctl+0x73/0xb0 [ 691.564981] do_syscall_64+0xfd/0x620 [ 691.568801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.574000] RIP: 0033:0x459829 [ 691.577203] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 691.596116] RSP: 002b:00007fd5c262dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 691.603840] RAX: ffffffffffffffda RBX: 00007fd5c262dc90 RCX: 0000000000459829 [ 691.611125] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 691.618403] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 691.625687] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5c262e6d4 [ 691.632965] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 691.655511] Bluetooth: Can't allocate HCI device [ 691.858714] Bluetooth: hci0: command 0x1009 tx timeout [ 692.738663] Bluetooth: hci2: command 0x1009 tx timeout [ 693.218647] Bluetooth: hci1: command 0x1003 tx timeout [ 693.224141] Bluetooth: hci1: sending frame failed (-49) [ 695.298669] Bluetooth: hci1: command 0x1001 tx timeout [ 695.304087] Bluetooth: hci1: sending frame failed (-49) 01:10:53 executing program 0 (fault-call:3 fault-nth:38): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:53 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:53 executing program 4 (fault-call:3 fault-nth:1): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 696.242271] FAULT_INJECTION: forcing a failure. [ 696.242271] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 696.254157] CPU: 0 PID: 11217 Comm: syz-executor.4 Not tainted 4.19.60 #33 [ 696.261201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.261211] Call Trace: [ 696.261241] dump_stack+0x172/0x1f0 [ 696.261279] should_fail.cold+0xa/0x1b [ 696.273223] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 696.273252] ? mark_held_locks+0x100/0x100 [ 696.273283] __alloc_pages_nodemask+0x1ee/0x760 [ 696.280790] ? __alloc_pages_slowpath+0x2870/0x2870 [ 696.280846] cache_grow_begin+0x9c/0x8b0 [ 696.280869] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 696.287199] FAULT_INJECTION: forcing a failure. [ 696.287199] name failslab, interval 1, probability 0, space 0, times 0 [ 696.290214] ? check_preemption_disabled+0x48/0x290 [ 696.290247] kmem_cache_alloc_trace+0x685/0x760 [ 696.290292] hci_alloc_dev+0x43/0x1d00 [ 696.334349] hci_uart_tty_ioctl+0x2d7/0xaf0 [ 696.338743] tty_ioctl+0x8b5/0x1510 [ 696.342394] ? hci_uart_init_work+0x140/0x140 [ 696.346918] ? tty_vhangup+0x30/0x30 [ 696.350653] ? mark_held_locks+0x100/0x100 [ 696.354926] ? perf_trace_lock_acquire+0x380/0x580 [ 696.359888] ? __fget+0x340/0x540 [ 696.363369] ? ___might_sleep+0x163/0x280 [ 696.367546] ? __might_sleep+0x95/0x190 [ 696.371547] ? tty_vhangup+0x30/0x30 [ 696.375290] do_vfs_ioctl+0xd5f/0x1380 [ 696.379203] ? selinux_file_ioctl+0x46f/0x5e0 [ 696.383717] ? selinux_file_ioctl+0x125/0x5e0 [ 696.388238] ? ioctl_preallocate+0x210/0x210 [ 696.392672] ? selinux_file_mprotect+0x620/0x620 [ 696.397463] ? iterate_fd+0x360/0x360 [ 696.401286] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 696.406846] ? fput+0x128/0x1a0 [ 696.410164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.415731] ? security_file_ioctl+0x8d/0xc0 [ 696.420179] ksys_ioctl+0xab/0xd0 [ 696.423660] __x64_sys_ioctl+0x73/0xb0 [ 696.427571] do_syscall_64+0xfd/0x620 [ 696.431409] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.436612] RIP: 0033:0x459829 [ 696.439835] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 696.458761] RSP: 002b:00007fd5c262dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 696.466504] RAX: ffffffffffffffda RBX: 00007fd5c262dc90 RCX: 0000000000459829 [ 696.473792] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 696.481083] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 696.488368] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5c262e6d4 [ 696.495655] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 696.502986] CPU: 1 PID: 11219 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 696.510018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.519385] Call Trace: [ 696.521994] dump_stack+0x172/0x1f0 [ 696.525641] should_fail.cold+0xa/0x1b [ 696.529551] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 696.534678] ? lock_downgrade+0x810/0x810 [ 696.538843] ? ___might_sleep+0x163/0x280 [ 696.543014] __should_failslab+0x121/0x190 [ 696.547267] should_failslab+0x9/0x14 [ 696.551085] kmem_cache_alloc_trace+0x2cc/0x760 [ 696.555786] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 696.561335] ? refcount_inc_checked+0x2b/0x70 [ 696.565851] device_add+0xe5e/0x1760 [ 696.569579] ? device_initialize+0x440/0x440 [ 696.574022] ? get_device_parent.isra.0+0x570/0x570 [ 696.579068] rfkill_register+0x1bf/0xb50 [ 696.583149] hci_register_dev+0x385/0x880 [ 696.587318] hci_uart_tty_ioctl+0x761/0xaf0 [ 696.591658] tty_ioctl+0x8b5/0x1510 [ 696.595309] ? hci_uart_init_work+0x140/0x140 [ 696.599844] ? tty_vhangup+0x30/0x30 [ 696.603578] ? mark_held_locks+0x100/0x100 [ 696.607832] ? debug_smp_processor_id+0x1c/0x20 [ 696.612519] ? __fget+0x340/0x540 [ 696.615994] ? ___might_sleep+0x163/0x280 [ 696.620164] ? __might_sleep+0x95/0x190 [ 696.624160] ? tty_vhangup+0x30/0x30 [ 696.627890] do_vfs_ioctl+0xd5f/0x1380 [ 696.631798] ? selinux_file_ioctl+0x46f/0x5e0 [ 696.636312] ? selinux_file_ioctl+0x125/0x5e0 [ 696.640829] ? ioctl_preallocate+0x210/0x210 [ 696.645248] ? selinux_file_mprotect+0x620/0x620 [ 696.650024] ? iterate_fd+0x360/0x360 [ 696.653842] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 696.659388] ? fput+0x128/0x1a0 [ 696.662694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.668240] ? security_file_ioctl+0x8d/0xc0 [ 696.672666] ksys_ioctl+0xab/0xd0 [ 696.676145] __x64_sys_ioctl+0x73/0xb0 [ 696.680051] do_syscall_64+0xfd/0x620 [ 696.683875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.689076] RIP: 0033:0x459829 [ 696.692281] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 696.711198] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 696.718930] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 696.726210] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 696.733495] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 696.740780] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 696.748065] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 696.760485] Bluetooth: hci0: Frame reassembly failed (-84) [ 696.774102] Bluetooth: hci3: Frame reassembly failed (-84) 01:10:54 executing program 2 (fault-call:3 fault-nth:36): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:10:54 executing program 5 (fault-call:3 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 696.874889] Bluetooth: hci2: Frame reassembly failed (-84) 01:10:54 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 696.919379] FAULT_INJECTION: forcing a failure. [ 696.919379] name failslab, interval 1, probability 0, space 0, times 0 [ 696.956558] CPU: 1 PID: 11225 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 696.963653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.973029] Call Trace: [ 696.975636] dump_stack+0x172/0x1f0 [ 696.979295] should_fail.cold+0xa/0x1b [ 696.983204] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 696.988325] ? lock_downgrade+0x810/0x810 [ 696.992491] ? ___might_sleep+0x163/0x280 [ 696.996654] __should_failslab+0x121/0x190 [ 697.000910] should_failslab+0x9/0x14 [ 697.004718] __kmalloc+0x2e2/0x750 [ 697.008273] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 697.013386] ? devres_add+0x40/0x50 [ 697.017018] ? rfkill_alloc+0xaa/0x2b0 [ 697.020911] rfkill_alloc+0xaa/0x2b0 [ 697.024629] ? hci_leds_init+0x104/0x1c0 [ 697.028703] hci_register_dev+0x342/0x880 [ 697.032860] hci_uart_tty_ioctl+0x761/0xaf0 [ 697.037189] tty_ioctl+0x8b5/0x1510 [ 697.040821] ? hci_uart_init_work+0x140/0x140 [ 697.045331] ? tty_vhangup+0x30/0x30 [ 697.049046] ? mark_held_locks+0x100/0x100 [ 697.053302] ? debug_smp_processor_id+0x1c/0x20 [ 697.057976] ? __fget+0x340/0x540 [ 697.061435] ? ___might_sleep+0x163/0x280 [ 697.065586] ? __might_sleep+0x95/0x190 [ 697.069561] ? tty_vhangup+0x30/0x30 [ 697.073281] do_vfs_ioctl+0xd5f/0x1380 [ 697.077175] ? selinux_file_ioctl+0x46f/0x5e0 [ 697.081676] ? selinux_file_ioctl+0x125/0x5e0 [ 697.086173] ? ioctl_preallocate+0x210/0x210 [ 697.090584] ? selinux_file_mprotect+0x620/0x620 [ 697.095365] ? iterate_fd+0x360/0x360 [ 697.099174] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 697.104713] ? fput+0x128/0x1a0 [ 697.108002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.113539] ? security_file_ioctl+0x8d/0xc0 [ 697.117953] ksys_ioctl+0xab/0xd0 [ 697.121410] __x64_sys_ioctl+0x73/0xb0 [ 697.125304] do_syscall_64+0xfd/0x620 [ 697.129114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.134307] RIP: 0033:0x459829 [ 697.137502] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 697.156405] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 697.164129] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 697.171398] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 697.178677] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 697.186470] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 697.193740] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 697.235017] Bluetooth: hci4: Frame reassembly failed (-84) [ 697.378664] Bluetooth: hci1: command 0x1009 tx timeout 01:10:55 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 698.818880] Bluetooth: hci3: command 0x1003 tx timeout [ 698.824531] Bluetooth: hci3: sending frame failed (-49) [ 698.830505] Bluetooth: hci0: command 0x1003 tx timeout [ 698.841874] Bluetooth: hci0: sending frame failed (-49) [ 698.898741] Bluetooth: hci2: command 0x1003 tx timeout [ 698.904334] Bluetooth: hci2: sending frame failed (-49) [ 699.298805] Bluetooth: hci4: command 0x1003 tx timeout [ 699.304401] Bluetooth: hci4: sending frame failed (-49) [ 700.898847] Bluetooth: hci0: command 0x1001 tx timeout [ 700.904246] Bluetooth: hci0: sending frame failed (-49) [ 700.910153] Bluetooth: hci3: command 0x1001 tx timeout [ 700.915515] Bluetooth: hci3: sending frame failed (-49) [ 700.978746] Bluetooth: hci2: command 0x1001 tx timeout [ 700.984156] Bluetooth: hci2: sending frame failed (-49) 01:10:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5427, 0x0) 01:10:59 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x0, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 701.350237] Bluetooth: hci1: Frame reassembly failed (-84) [ 701.378861] Bluetooth: hci4: command 0x1001 tx timeout [ 701.384370] Bluetooth: hci4: sending frame failed (-49) 01:10:59 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x0, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:59 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x0, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:10:59 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x0, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 702.988791] Bluetooth: hci3: command 0x1009 tx timeout [ 702.994138] Bluetooth: hci0: command 0x1009 tx timeout [ 703.058650] Bluetooth: hci2: command 0x1009 tx timeout [ 703.378698] Bluetooth: hci1: command 0x1003 tx timeout [ 703.384121] Bluetooth: hci1: sending frame failed (-49) [ 703.468732] Bluetooth: hci4: command 0x1009 tx timeout [ 705.468651] Bluetooth: hci1: command 0x1001 tx timeout [ 705.474064] Bluetooth: hci1: sending frame failed (-49) [ 707.058855] FAULT_INJECTION: forcing a failure. [ 707.058855] name failslab, interval 1, probability 0, space 0, times 0 [ 707.095693] CPU: 0 PID: 11223 Comm: syz-executor.5 Not tainted 4.19.60 #33 [ 707.102752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.112117] Call Trace: [ 707.114750] dump_stack+0x172/0x1f0 [ 707.118407] should_fail.cold+0xa/0x1b [ 707.122309] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 707.127430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.132984] ? __cancel_work_timer+0x313/0x520 [ 707.137571] ? mutex_trylock+0x1e0/0x1e0 [ 707.141647] __should_failslab+0x121/0x190 [ 707.145891] should_failslab+0x9/0x14 [ 707.149696] kmem_cache_alloc_node+0x56/0x710 [ 707.154218] __alloc_skb+0xd5/0x5f0 [ 707.157852] ? skb_scrub_packet+0x490/0x490 [ 707.162199] ? lock_downgrade+0x810/0x810 [ 707.166379] ? hci_dev_open+0x220/0x220 [ 707.170368] hci_sock_dev_event+0xf3/0x580 [ 707.174614] hci_unregister_dev+0x253/0x820 [ 707.178953] hci_uart_tty_close+0x1fc/0x250 [ 707.183513] ? hci_uart_close+0x50/0x50 [ 707.187495] tty_ldisc_close.isra.0+0xab/0xe0 [ 707.192003] tty_ldisc_kill+0x4b/0xc0 [ 707.195812] tty_ldisc_hangup+0x2d9/0x630 [ 707.199968] __tty_hangup.part.0+0x2cc/0x6f0 [ 707.204383] ? tty_read+0x2a0/0x2a0 [ 707.208015] tty_ioctl+0xefb/0x1510 [ 707.211653] ? tty_vhangup+0x30/0x30 [ 707.215373] ? mark_held_locks+0x100/0x100 [ 707.219611] ? proc_cwd_link+0x1d0/0x1d0 [ 707.223681] ? __fget+0x340/0x540 [ 707.227143] ? ___might_sleep+0x163/0x280 [ 707.231303] ? __might_sleep+0x95/0x190 [ 707.235285] ? tty_vhangup+0x30/0x30 [ 707.239007] do_vfs_ioctl+0xd5f/0x1380 [ 707.242901] ? selinux_file_ioctl+0x46f/0x5e0 [ 707.247398] ? selinux_file_ioctl+0x125/0x5e0 [ 707.251898] ? ioctl_preallocate+0x210/0x210 [ 707.256312] ? selinux_file_mprotect+0x620/0x620 [ 707.261084] ? iterate_fd+0x360/0x360 [ 707.264889] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 707.270431] ? fput+0x128/0x1a0 [ 707.273725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.279267] ? security_file_ioctl+0x8d/0xc0 [ 707.283685] ksys_ioctl+0xab/0xd0 [ 707.287148] __x64_sys_ioctl+0x73/0xb0 [ 707.291050] do_syscall_64+0xfd/0x620 [ 707.294860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.300052] RIP: 0033:0x459829 [ 707.303244] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 707.322153] RSP: 002b:00007efe9baeec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 707.329878] RAX: ffffffffffffffda RBX: 00007efe9baeec90 RCX: 0000000000459829 [ 707.337154] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000003 [ 707.344426] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 707.351698] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efe9baef6d4 01:11:04 executing program 0 (fault-call:3 fault-nth:39): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:11:04 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x0, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:04 executing program 4 (fault-call:3 fault-nth:2): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 707.358972] R13: 00000000004c4145 R14: 00000000004d80f8 R15: 0000000000000004 [ 707.395860] FAULT_INJECTION: forcing a failure. [ 707.395860] name failslab, interval 1, probability 0, space 0, times 0 [ 707.416764] FAULT_INJECTION: forcing a failure. [ 707.416764] name failslab, interval 1, probability 0, space 0, times 0 [ 707.438181] CPU: 0 PID: 11247 Comm: syz-executor.4 Not tainted 4.19.60 #33 [ 707.445270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.454641] Call Trace: [ 707.457266] dump_stack+0x172/0x1f0 [ 707.460944] should_fail.cold+0xa/0x1b [ 707.464871] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 707.470007] ? lock_downgrade+0x810/0x810 [ 707.474192] ? ___might_sleep+0x163/0x280 [ 707.478382] __should_failslab+0x121/0x190 [ 707.482650] should_failslab+0x9/0x14 [ 707.486474] kmem_cache_alloc_trace+0x2cc/0x760 [ 707.491177] ? pm_runtime_init+0x347/0x400 [ 707.495452] ? device_initialize+0x1a1/0x440 [ 707.499902] h4_open+0x46/0x160 [ 707.503221] hci_uart_tty_ioctl+0x704/0xaf0 [ 707.507584] tty_ioctl+0x8b5/0x1510 [ 707.511237] ? hci_uart_init_work+0x140/0x140 [ 707.515761] ? tty_vhangup+0x30/0x30 [ 707.519500] ? mark_held_locks+0x100/0x100 [ 707.523769] ? perf_trace_lock_acquire+0x380/0x580 [ 707.528734] ? __fget+0x340/0x540 [ 707.532224] ? ___might_sleep+0x163/0x280 [ 707.536406] ? __might_sleep+0x95/0x190 [ 707.540409] ? tty_vhangup+0x30/0x30 [ 707.544151] do_vfs_ioctl+0xd5f/0x1380 [ 707.548071] ? selinux_file_ioctl+0x46f/0x5e0 [ 707.552588] ? selinux_file_ioctl+0x125/0x5e0 [ 707.557116] ? ioctl_preallocate+0x210/0x210 [ 707.561550] ? selinux_file_mprotect+0x620/0x620 [ 707.566350] ? iterate_fd+0x360/0x360 [ 707.570192] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 707.575753] ? fput+0x128/0x1a0 [ 707.579075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.584636] ? security_file_ioctl+0x8d/0xc0 [ 707.589077] ksys_ioctl+0xab/0xd0 [ 707.592567] __x64_sys_ioctl+0x73/0xb0 [ 707.596489] do_syscall_64+0xfd/0x620 [ 707.600326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.605540] RIP: 0033:0x459829 [ 707.608758] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 707.627682] RSP: 002b:00007fd5c262dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 707.635426] RAX: ffffffffffffffda RBX: 00007fd5c262dc90 RCX: 0000000000459829 [ 707.642714] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 707.650002] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 707.657292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5c262e6d4 [ 707.664583] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 707.672361] CPU: 0 PID: 11246 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 707.679411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.688640] Bluetooth: hci1: command 0x1009 tx timeout [ 707.688782] Call Trace: [ 707.696660] dump_stack+0x172/0x1f0 [ 707.700327] should_fail.cold+0xa/0x1b [ 707.704249] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 707.709386] ? lock_downgrade+0x810/0x810 [ 707.713572] ? ___might_sleep+0x163/0x280 [ 707.717756] __should_failslab+0x121/0x190 [ 707.722025] should_failslab+0x9/0x14 [ 707.725855] __kmalloc_track_caller+0x2de/0x750 [ 707.730546] ? pointer+0x970/0x970 [ 707.734117] ? rfkill_register+0x3a/0xb50 [ 707.738305] ? kvasprintf_const+0x65/0x190 [ 707.742578] kvasprintf+0xc8/0x170 [ 707.746145] ? bust_spinlocks+0xe0/0xe0 [ 707.750159] ? __mutex_lock+0x3cd/0x1300 [ 707.754254] ? __debug_object_init+0x190/0xc30 [ 707.758861] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 707.763990] ? rfkill_register+0x3a/0xb50 [ 707.768181] kvasprintf_const+0x65/0x190 [ 707.772285] kobject_set_name_vargs+0x5b/0x150 [ 707.776897] dev_set_name+0xbd/0xf0 [ 707.780553] ? device_initialize+0x440/0x440 [ 707.784997] ? lockdep_init_map+0x9/0x10 [ 707.789081] ? __init_waitqueue_head+0x36/0x90 [ 707.793738] rfkill_register+0xf0/0xb50 [ 707.797753] hci_register_dev+0x385/0x880 [ 707.801945] hci_uart_tty_ioctl+0x761/0xaf0 [ 707.806331] tty_ioctl+0x8b5/0x1510 [ 707.809984] ? hci_uart_init_work+0x140/0x140 [ 707.814508] ? tty_vhangup+0x30/0x30 [ 707.818268] ? mark_held_locks+0x100/0x100 [ 707.822538] ? perf_trace_lock_acquire+0x380/0x580 [ 707.827506] ? __fget+0x340/0x540 [ 707.830998] ? ___might_sleep+0x163/0x280 [ 707.835193] ? __might_sleep+0x95/0x190 [ 707.839207] ? tty_vhangup+0x30/0x30 [ 707.842955] do_vfs_ioctl+0xd5f/0x1380 [ 707.846869] ? selinux_file_ioctl+0x46f/0x5e0 [ 707.851389] ? selinux_file_ioctl+0x125/0x5e0 [ 707.855913] ? ioctl_preallocate+0x210/0x210 [ 707.860343] ? selinux_file_mprotect+0x620/0x620 [ 707.865135] ? iterate_fd+0x360/0x360 [ 707.868978] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 707.874549] ? fput+0x128/0x1a0 [ 707.877871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.883435] ? security_file_ioctl+0x8d/0xc0 [ 707.887878] ksys_ioctl+0xab/0xd0 [ 707.891367] __x64_sys_ioctl+0x73/0xb0 [ 707.895293] do_syscall_64+0xfd/0x620 [ 707.899134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.904352] RIP: 0033:0x459829 [ 707.907567] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 707.926494] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 707.934236] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 707.941515] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 707.948791] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 707.956066] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 01:11:05 executing program 2 (fault-call:3 fault-nth:37): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:11:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 707.963365] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 707.975207] Bluetooth: hci0: Frame reassembly failed (-84) 01:11:05 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 708.057180] Bluetooth: hci2: Frame reassembly failed (-84) 01:11:05 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x0, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 708.122858] FAULT_INJECTION: forcing a failure. [ 708.122858] name failslab, interval 1, probability 0, space 0, times 0 [ 708.166245] Bluetooth: hci4: Frame reassembly failed (-84) [ 708.172771] CPU: 0 PID: 11254 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 708.179832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.189219] Call Trace: [ 708.191841] dump_stack+0x172/0x1f0 [ 708.195502] should_fail.cold+0xa/0x1b [ 708.199426] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 708.204561] ? lock_downgrade+0x810/0x810 [ 708.208739] ? ___might_sleep+0x163/0x280 [ 708.212923] __should_failslab+0x121/0x190 [ 708.217200] should_failslab+0x9/0x14 [ 708.221030] kmem_cache_alloc_node_trace+0x274/0x720 [ 708.226216] __kmalloc_node_track_caller+0x3d/0x80 [ 708.231177] ? led_trigger_unregister+0x2f0/0x2f0 [ 708.236054] __devres_alloc_node+0x69/0x160 [ 708.240409] devm_led_trigger_register+0x36/0xd0 [ 708.245206] hci_leds_init+0xee/0x1c0 [ 708.249047] hci_register_dev+0x328/0x880 [ 708.253240] hci_uart_tty_ioctl+0x761/0xaf0 [ 708.257596] tty_ioctl+0x8b5/0x1510 [ 708.261244] ? hci_uart_init_work+0x140/0x140 [ 708.265767] ? tty_vhangup+0x30/0x30 [ 708.269502] ? mark_held_locks+0x100/0x100 [ 708.273770] ? perf_trace_lock_acquire+0x380/0x580 [ 708.278736] ? __fget+0x340/0x540 [ 708.282222] ? ___might_sleep+0x163/0x280 [ 708.286402] ? __might_sleep+0x95/0x190 [ 708.290410] ? tty_vhangup+0x30/0x30 [ 708.294148] do_vfs_ioctl+0xd5f/0x1380 [ 708.298070] ? selinux_file_ioctl+0x46f/0x5e0 [ 708.302586] ? selinux_file_ioctl+0x125/0x5e0 [ 708.307113] ? ioctl_preallocate+0x210/0x210 [ 708.311549] ? selinux_file_mprotect+0x620/0x620 [ 708.316344] ? iterate_fd+0x360/0x360 [ 708.320181] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 708.325740] ? fput+0x128/0x1a0 [ 708.329057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.334615] ? security_file_ioctl+0x8d/0xc0 [ 708.339053] ksys_ioctl+0xab/0xd0 [ 708.342539] __x64_sys_ioctl+0x73/0xb0 [ 708.346460] do_syscall_64+0xfd/0x620 [ 708.350332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 708.355551] RIP: 0033:0x459829 [ 708.358763] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 708.377779] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 708.385520] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 708.392808] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 708.400098] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 708.407389] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 708.414682] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 708.432788] Bluetooth: hci3: Frame reassembly failed (-84) [ 710.018803] Bluetooth: hci0: command 0x1003 tx timeout [ 710.024490] Bluetooth: hci0: sending frame failed (-49) [ 710.098651] Bluetooth: hci2: command 0x1003 tx timeout [ 710.104266] Bluetooth: hci2: sending frame failed (-49) [ 710.178652] Bluetooth: hci4: command 0x1003 tx timeout [ 710.184269] Bluetooth: hci4: sending frame failed (-49) [ 710.498962] Bluetooth: hci3: command 0x1003 tx timeout [ 710.504517] Bluetooth: hci3: sending frame failed (-49) 01:11:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5428, 0x0) 01:11:09 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 711.590453] Bluetooth: hci1: Frame reassembly failed (-84) 01:11:09 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:09 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 712.099170] Bluetooth: hci0: command 0x1001 tx timeout [ 712.104716] Bluetooth: hci0: sending frame failed (-49) [ 712.179300] Bluetooth: hci2: command 0x1001 tx timeout [ 712.184705] Bluetooth: hci2: sending frame failed (-49) 01:11:10 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, 0x0, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 712.258664] Bluetooth: hci4: command 0x1001 tx timeout [ 712.264198] Bluetooth: hci4: sending frame failed (-49) [ 712.578870] Bluetooth: hci3: command 0x1001 tx timeout [ 712.584401] Bluetooth: hci3: sending frame failed (-49) [ 713.618643] Bluetooth: hci1: command 0x1003 tx timeout [ 713.624134] Bluetooth: hci1: sending frame failed (-49) [ 714.178803] Bluetooth: hci0: command 0x1009 tx timeout [ 714.258649] Bluetooth: hci2: command 0x1009 tx timeout [ 714.338686] Bluetooth: hci4: command 0x1009 tx timeout [ 714.658991] Bluetooth: hci3: command 0x1009 tx timeout [ 715.698680] Bluetooth: hci1: command 0x1001 tx timeout [ 715.704086] Bluetooth: hci1: sending frame failed (-49) [ 717.778661] Bluetooth: hci1: command 0x1009 tx timeout 01:11:16 executing program 0 (fault-call:3 fault-nth:40): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:11:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, 0x0, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:16 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x2, 0x0) 01:11:16 executing program 2 (fault-call:3 fault-nth:38): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:11:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x2, 0x0) [ 718.742715] Bluetooth: hci0: Frame reassembly failed (-84) [ 718.780968] FAULT_INJECTION: forcing a failure. [ 718.780968] name failslab, interval 1, probability 0, space 0, times 0 [ 718.800473] CPU: 1 PID: 11281 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 718.807534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 718.816905] Call Trace: [ 718.819519] dump_stack+0x172/0x1f0 [ 718.823176] should_fail.cold+0xa/0x1b [ 718.827088] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 718.832209] ? lock_downgrade+0x810/0x810 [ 718.836377] ? ___might_sleep+0x163/0x280 [ 718.840549] __should_failslab+0x121/0x190 [ 718.844800] should_failslab+0x9/0x14 [ 718.848613] __kmalloc_track_caller+0x2de/0x750 [ 718.853301] ? pointer+0x970/0x970 [ 718.856853] ? rfkill_register+0x3a/0xb50 [ 718.861026] ? kvasprintf_const+0x65/0x190 [ 718.865280] kvasprintf+0xc8/0x170 [ 718.868837] ? bust_spinlocks+0xe0/0xe0 [ 718.872827] ? __mutex_lock+0x3cd/0x1300 [ 718.876903] ? __debug_object_init+0x190/0xc30 [ 718.881502] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 718.886619] ? rfkill_register+0x3a/0xb50 [ 718.890815] kvasprintf_const+0x65/0x190 [ 718.894890] kobject_set_name_vargs+0x5b/0x150 [ 718.899493] dev_set_name+0xbd/0xf0 [ 718.903137] ? device_initialize+0x440/0x440 [ 718.907562] ? lockdep_init_map+0x9/0x10 [ 718.911632] ? __init_waitqueue_head+0x36/0x90 [ 718.916247] rfkill_register+0xf0/0xb50 [ 718.920244] hci_register_dev+0x385/0x880 [ 718.924413] hci_uart_tty_ioctl+0x761/0xaf0 [ 718.928755] tty_ioctl+0x8b5/0x1510 [ 718.932400] ? hci_uart_init_work+0x140/0x140 [ 718.936910] ? tty_vhangup+0x30/0x30 [ 718.940636] ? mark_held_locks+0x100/0x100 [ 718.944891] ? proc_cwd_link+0x1d0/0x1d0 [ 718.948972] ? __fget+0x340/0x540 [ 718.952437] ? ___might_sleep+0x163/0x280 [ 718.956602] ? __might_sleep+0x95/0x190 [ 718.960586] ? tty_vhangup+0x30/0x30 [ 718.964315] do_vfs_ioctl+0xd5f/0x1380 [ 718.968220] ? selinux_file_ioctl+0x46f/0x5e0 [ 718.972731] ? selinux_file_ioctl+0x125/0x5e0 [ 718.977236] ? ioctl_preallocate+0x210/0x210 [ 718.981667] ? selinux_file_mprotect+0x620/0x620 [ 718.986454] ? iterate_fd+0x360/0x360 [ 718.990271] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 718.995822] ? fput+0x128/0x1a0 [ 718.999133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 719.004692] ? security_file_ioctl+0x8d/0xc0 [ 719.009127] ksys_ioctl+0xab/0xd0 [ 719.012603] __x64_sys_ioctl+0x73/0xb0 [ 719.016511] do_syscall_64+0xfd/0x620 [ 719.020331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 719.025534] RIP: 0033:0x459829 [ 719.028734] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 719.047909] RSP: 002b:00007f9d624c9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 719.055648] RAX: ffffffffffffffda RBX: 00007f9d624c9c90 RCX: 0000000000459829 [ 719.062950] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 719.070236] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 719.077524] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624ca6d4 [ 719.084812] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:11:16 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4b47, 0x0) [ 719.126757] FAULT_INJECTION: forcing a failure. [ 719.126757] name failslab, interval 1, probability 0, space 0, times 0 [ 719.149705] Bluetooth: hci2: Frame reassembly failed (-84) [ 719.164436] CPU: 1 PID: 11280 Comm: syz-executor.0 Not tainted 4.19.60 #33 01:11:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, 0x0, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 719.171496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 719.180859] Call Trace: [ 719.183969] dump_stack+0x172/0x1f0 [ 719.187616] should_fail.cold+0xa/0x1b [ 719.191525] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 719.196642] ? lock_downgrade+0x810/0x810 [ 719.200812] ? ___might_sleep+0x163/0x280 [ 719.204982] __should_failslab+0x121/0x190 [ 719.209224] should_failslab+0x9/0x14 [ 719.209242] kmem_cache_alloc_trace+0x2cc/0x760 [ 719.209265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 719.209281] ? refcount_inc_checked+0x2b/0x70 [ 719.209303] device_add+0xe5e/0x1760 [ 719.209319] ? device_initialize+0x440/0x440 [ 719.209339] ? get_device_parent.isra.0+0x570/0x570 [ 719.209367] rfkill_register+0x1bf/0xb50 [ 719.209394] hci_register_dev+0x385/0x880 [ 719.249235] hci_uart_tty_ioctl+0x761/0xaf0 [ 719.253581] tty_ioctl+0x8b5/0x1510 [ 719.257219] ? hci_uart_init_work+0x140/0x140 [ 719.261719] ? tty_vhangup+0x30/0x30 [ 719.265434] ? mark_held_locks+0x100/0x100 [ 719.269670] ? proc_cwd_link+0x1d0/0x1d0 [ 719.273743] ? __fget+0x340/0x540 [ 719.277216] ? ___might_sleep+0x163/0x280 [ 719.281370] ? __might_sleep+0x95/0x190 [ 719.285345] ? tty_vhangup+0x30/0x30 [ 719.289061] do_vfs_ioctl+0xd5f/0x1380 [ 719.292948] ? selinux_file_ioctl+0x46f/0x5e0 [ 719.297444] ? selinux_file_ioctl+0x125/0x5e0 [ 719.301938] ? ioctl_preallocate+0x210/0x210 [ 719.306344] ? selinux_file_mprotect+0x620/0x620 [ 719.311109] ? iterate_fd+0x360/0x360 [ 719.314923] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 719.320462] ? fput+0x128/0x1a0 [ 719.323750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 719.329285] ? security_file_ioctl+0x8d/0xc0 [ 719.333698] ksys_ioctl+0xab/0xd0 [ 719.337164] __x64_sys_ioctl+0x73/0xb0 [ 719.341058] do_syscall_64+0xfd/0x620 [ 719.344866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 719.350053] RIP: 0033:0x459829 [ 719.353247] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 719.372148] RSP: 002b:00007fd01d6e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 719.379861] RAX: ffffffffffffffda RBX: 00007fd01d6e3c90 RCX: 0000000000459829 [ 719.387126] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 719.394393] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 719.401659] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d6e46d4 [ 719.408931] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 719.434653] Bluetooth: hci3: Frame reassembly failed (-84) [ 720.818656] Bluetooth: hci0: command 0x1003 tx timeout [ 720.824209] Bluetooth: hci0: sending frame failed (-49) [ 721.218785] Bluetooth: hci2: command 0x1003 tx timeout [ 721.224353] Bluetooth: hci2: sending frame failed (-49) [ 721.458642] Bluetooth: hci3: command 0x1003 tx timeout [ 721.464217] Bluetooth: hci3: sending frame failed (-49) 01:11:19 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5441, 0x0) 01:11:19 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4b49, 0x0) 01:11:19 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:19 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x0) [ 721.909557] Bluetooth: hci1: Frame reassembly failed (-84) 01:11:19 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 722.898640] Bluetooth: hci0: command 0x1001 tx timeout [ 722.904050] Bluetooth: hci0: sending frame failed (-49) [ 723.298845] Bluetooth: hci2: command 0x1001 tx timeout [ 723.304358] Bluetooth: hci2: sending frame failed (-49) [ 723.538755] Bluetooth: hci3: command 0x1001 tx timeout [ 723.544159] Bluetooth: hci3: sending frame failed (-49) [ 723.938856] Bluetooth: hci1: command 0x1003 tx timeout [ 723.944259] Bluetooth: hci1: sending frame failed (-49) [ 724.978722] Bluetooth: hci0: command 0x1009 tx timeout [ 725.378818] Bluetooth: hci2: command 0x1009 tx timeout [ 725.618651] Bluetooth: hci3: command 0x1009 tx timeout [ 726.018783] Bluetooth: hci1: command 0x1001 tx timeout [ 726.024189] Bluetooth: hci1: sending frame failed (-49) [ 728.098773] Bluetooth: hci1: command 0x1009 tx timeout 01:11:27 executing program 0 (fault-call:3 fault-nth:41): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:11:27 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x0) 01:11:27 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:27 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x4b47, 0x0) 01:11:27 executing program 2 (fault-call:3 fault-nth:39): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 729.575972] FAULT_INJECTION: forcing a failure. [ 729.575972] name failslab, interval 1, probability 0, space 0, times 0 [ 729.590491] CPU: 1 PID: 11311 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 729.597539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.606999] Call Trace: [ 729.609607] dump_stack+0x172/0x1f0 [ 729.613243] should_fail.cold+0xa/0x1b [ 729.617139] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 729.622251] ? lock_downgrade+0x810/0x810 [ 729.626404] ? ___might_sleep+0x163/0x280 [ 729.630561] __should_failslab+0x121/0x190 [ 729.634800] should_failslab+0x9/0x14 [ 729.638603] __kmalloc_track_caller+0x2de/0x750 [ 729.643279] ? pointer+0x970/0x970 [ 729.646822] ? rfkill_register+0x3a/0xb50 [ 729.651063] ? kvasprintf_const+0x65/0x190 [ 729.655302] kvasprintf+0xc8/0x170 [ 729.658861] ? bust_spinlocks+0xe0/0xe0 [ 729.662840] ? __mutex_lock+0x3cd/0x1300 [ 729.666908] ? __debug_object_init+0x190/0xc30 [ 729.671494] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 729.676598] ? rfkill_register+0x3a/0xb50 [ 729.680754] kvasprintf_const+0x65/0x190 [ 729.684822] kobject_set_name_vargs+0x5b/0x150 [ 729.689409] dev_set_name+0xbd/0xf0 [ 729.693043] ? device_initialize+0x440/0x440 [ 729.697458] ? lockdep_init_map+0x9/0x10 [ 729.701523] ? __init_waitqueue_head+0x36/0x90 [ 729.706118] rfkill_register+0xf0/0xb50 [ 729.710104] hci_register_dev+0x385/0x880 [ 729.714268] hci_uart_tty_ioctl+0x761/0xaf0 [ 729.718595] tty_ioctl+0x8b5/0x1510 [ 729.722233] ? hci_uart_init_work+0x140/0x140 [ 729.726732] ? tty_vhangup+0x30/0x30 [ 729.730470] ? mark_held_locks+0x100/0x100 [ 729.734713] ? perf_trace_lock_acquire+0x380/0x580 [ 729.739663] ? __fget+0x340/0x540 [ 729.743128] ? ___might_sleep+0x163/0x280 [ 729.747279] ? __might_sleep+0x95/0x190 [ 729.751258] ? tty_vhangup+0x30/0x30 [ 729.754978] do_vfs_ioctl+0xd5f/0x1380 [ 729.758874] ? selinux_file_ioctl+0x46f/0x5e0 [ 729.763370] ? selinux_file_ioctl+0x125/0x5e0 [ 729.767874] ? ioctl_preallocate+0x210/0x210 [ 729.772285] ? selinux_file_mprotect+0x620/0x620 [ 729.777052] ? iterate_fd+0x360/0x360 [ 729.780859] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 729.786397] ? fput+0x128/0x1a0 [ 729.789693] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.795232] ? security_file_ioctl+0x8d/0xc0 [ 729.799646] ksys_ioctl+0xab/0xd0 [ 729.803107] __x64_sys_ioctl+0x73/0xb0 [ 729.806998] do_syscall_64+0xfd/0x620 [ 729.810808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 729.815995] RIP: 0033:0x459829 [ 729.819197] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 729.838113] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 729.845840] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 729.853121] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 729.860395] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 729.867677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 729.874952] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:11:27 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x0) [ 729.907777] FAULT_INJECTION: forcing a failure. [ 729.907777] name failslab, interval 1, probability 0, space 0, times 0 [ 729.930407] Bluetooth: hci2: Frame reassembly failed (-84) [ 729.965010] CPU: 1 PID: 11313 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 729.972075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.981440] Call Trace: [ 729.984051] dump_stack+0x172/0x1f0 [ 729.987706] should_fail.cold+0xa/0x1b [ 729.991621] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 729.996739] ? lock_downgrade+0x810/0x810 [ 730.000905] ? ___might_sleep+0x163/0x280 [ 730.005071] __should_failslab+0x121/0x190 [ 730.009328] should_failslab+0x9/0x14 [ 730.013147] kmem_cache_alloc_trace+0x2cc/0x760 [ 730.017835] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 730.023396] ? refcount_inc_checked+0x2b/0x70 [ 730.027912] device_add+0xe5e/0x1760 [ 730.031669] ? device_initialize+0x440/0x440 [ 730.036103] ? get_device_parent.isra.0+0x570/0x570 [ 730.041149] rfkill_register+0x1bf/0xb50 [ 730.045227] hci_register_dev+0x385/0x880 [ 730.049395] hci_uart_tty_ioctl+0x761/0xaf0 [ 730.053730] tty_ioctl+0x8b5/0x1510 [ 730.057367] ? hci_uart_init_work+0x140/0x140 [ 730.061875] ? tty_vhangup+0x30/0x30 [ 730.065600] ? mark_held_locks+0x100/0x100 [ 730.069851] ? perf_trace_lock_acquire+0x380/0x580 [ 730.074983] ? __fget+0x340/0x540 [ 730.078441] ? ___might_sleep+0x163/0x280 [ 730.082610] ? __might_sleep+0x95/0x190 [ 730.086595] ? tty_vhangup+0x30/0x30 [ 730.090320] do_vfs_ioctl+0xd5f/0x1380 [ 730.094221] ? selinux_file_ioctl+0x46f/0x5e0 [ 730.098725] ? selinux_file_ioctl+0x125/0x5e0 [ 730.103230] ? ioctl_preallocate+0x210/0x210 [ 730.107646] ? selinux_file_mprotect+0x620/0x620 [ 730.112429] ? iterate_fd+0x360/0x360 [ 730.116248] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 730.121801] ? fput+0x128/0x1a0 [ 730.125101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 730.130653] ? security_file_ioctl+0x8d/0xc0 [ 730.135096] ksys_ioctl+0xab/0xd0 [ 730.138560] __x64_sys_ioctl+0x73/0xb0 [ 730.142466] do_syscall_64+0xfd/0x620 [ 730.146302] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 730.151500] RIP: 0033:0x459829 [ 730.154707] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 730.173619] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 730.181333] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 730.188601] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 730.195872] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 730.203139] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 730.210408] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 730.242821] Bluetooth: hci3: Frame reassembly failed (-84) 01:11:28 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, 0x0, 0x0) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 731.548863] Bluetooth: hci0: command 0x1003 tx timeout [ 731.554302] Bluetooth: hci0: sending frame failed (-49) [ 731.938636] Bluetooth: hci2: command 0x1003 tx timeout [ 731.944081] Bluetooth: hci2: sending frame failed (-49) 01:11:29 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x0) 01:11:29 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5450, 0x0) 01:11:29 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, 0x0, 0x0) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:29 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x0) [ 732.131658] Bluetooth: hci1: Frame reassembly failed (-84) 01:11:30 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, 0x0, 0x0) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 732.258772] Bluetooth: hci3: command 0x1003 tx timeout [ 732.264164] Bluetooth: hci3: sending frame failed (-49) [ 733.618664] Bluetooth: hci0: command 0x1001 tx timeout [ 733.624152] Bluetooth: hci0: sending frame failed (-49) [ 734.018688] Bluetooth: hci2: command 0x1001 tx timeout [ 734.024182] Bluetooth: hci2: sending frame failed (-49) [ 734.178642] Bluetooth: hci1: command 0x1003 tx timeout [ 734.184125] Bluetooth: hci1: sending frame failed (-49) [ 734.338796] Bluetooth: hci3: command 0x1001 tx timeout [ 734.344200] Bluetooth: hci3: sending frame failed (-49) [ 735.698669] Bluetooth: hci0: command 0x1009 tx timeout [ 736.098668] Bluetooth: hci2: command 0x1009 tx timeout [ 736.258684] Bluetooth: hci1: command 0x1001 tx timeout [ 736.264088] Bluetooth: hci1: sending frame failed (-49) [ 736.418807] Bluetooth: hci3: command 0x1009 tx timeout [ 738.338645] Bluetooth: hci1: command 0x1009 tx timeout 01:11:38 executing program 0 (fault-call:3 fault-nth:42): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:11:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x0) 01:11:38 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x0, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x4b49, 0x0) 01:11:38 executing program 2 (fault-call:3 fault-nth:40): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 740.411859] Bluetooth: hci0: Frame reassembly failed (-84) [ 740.467699] FAULT_INJECTION: forcing a failure. [ 740.467699] name failslab, interval 1, probability 0, space 0, times 0 [ 740.496226] CPU: 1 PID: 11342 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 740.503274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.503282] Call Trace: [ 740.503309] dump_stack+0x172/0x1f0 [ 740.503335] should_fail.cold+0xa/0x1b [ 740.503359] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 740.518941] ? lock_downgrade+0x810/0x810 [ 740.518961] ? ___might_sleep+0x163/0x280 [ 740.518986] __should_failslab+0x121/0x190 [ 740.519005] should_failslab+0x9/0x14 [ 740.519020] __kmalloc_track_caller+0x2de/0x750 [ 740.519035] ? pointer+0x970/0x970 [ 740.519056] ? rfkill_register+0x3a/0xb50 [ 740.556704] ? kvasprintf_const+0x65/0x190 [ 740.560960] kvasprintf+0xc8/0x170 [ 740.564515] ? bust_spinlocks+0xe0/0xe0 [ 740.568506] ? __mutex_lock+0x3cd/0x1300 [ 740.572581] ? __debug_object_init+0x190/0xc30 [ 740.577181] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 740.582315] ? rfkill_register+0x3a/0xb50 [ 740.586484] kvasprintf_const+0x65/0x190 [ 740.590567] kobject_set_name_vargs+0x5b/0x150 [ 740.595173] dev_set_name+0xbd/0xf0 [ 740.598818] ? device_initialize+0x440/0x440 [ 740.603246] ? lockdep_init_map+0x9/0x10 [ 740.607322] ? __init_waitqueue_head+0x36/0x90 [ 740.611935] rfkill_register+0xf0/0xb50 [ 740.615933] hci_register_dev+0x385/0x880 [ 740.620108] hci_uart_tty_ioctl+0x761/0xaf0 [ 740.624450] tty_ioctl+0x8b5/0x1510 [ 740.628092] ? hci_uart_init_work+0x140/0x140 [ 740.632602] ? tty_vhangup+0x30/0x30 [ 740.636327] ? mark_held_locks+0x100/0x100 [ 740.640584] ? debug_smp_processor_id+0x1c/0x20 [ 740.645273] ? __fget+0x340/0x540 [ 740.648748] ? ___might_sleep+0x163/0x280 [ 740.652910] ? __might_sleep+0x95/0x190 [ 740.656902] ? tty_vhangup+0x30/0x30 [ 740.660640] do_vfs_ioctl+0xd5f/0x1380 [ 740.664549] ? selinux_file_ioctl+0x46f/0x5e0 [ 740.669060] ? selinux_file_ioctl+0x125/0x5e0 [ 740.673572] ? ioctl_preallocate+0x210/0x210 [ 740.677993] ? selinux_file_mprotect+0x620/0x620 [ 740.682771] ? iterate_fd+0x360/0x360 [ 740.686596] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 740.692148] ? fput+0x128/0x1a0 [ 740.695462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 740.701010] ? security_file_ioctl+0x8d/0xc0 [ 740.705436] ksys_ioctl+0xab/0xd0 [ 740.708907] __x64_sys_ioctl+0x73/0xb0 [ 740.712822] do_syscall_64+0xfd/0x620 [ 740.716644] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 740.721851] RIP: 0033:0x459829 [ 740.725060] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 740.743986] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 740.751717] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 740.759001] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 01:11:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x0) [ 740.766280] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 740.773556] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 740.780838] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 740.790616] FAULT_INJECTION: forcing a failure. [ 740.790616] name failslab, interval 1, probability 0, space 0, times 0 [ 740.802429] Bluetooth: hci3: Frame reassembly failed (-84) [ 740.818671] Bluetooth: hci3: Frame reassembly failed (-84) [ 740.824402] CPU: 1 PID: 11343 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 740.831431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.840790] Call Trace: [ 740.843401] dump_stack+0x172/0x1f0 [ 740.847054] should_fail.cold+0xa/0x1b [ 740.850965] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 740.856086] ? lock_downgrade+0x810/0x810 [ 740.860248] ? ___might_sleep+0x163/0x280 [ 740.864422] __should_failslab+0x121/0x190 [ 740.868671] should_failslab+0x9/0x14 [ 740.872494] kmem_cache_alloc+0x2ae/0x700 [ 740.876653] ? memcpy+0x46/0x50 [ 740.879956] ? kstrdup+0x5a/0x70 [ 740.883344] __kernfs_new_node+0xef/0x680 [ 740.887515] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 740.892288] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 740.897318] ? console_unlock+0x85f/0x10b0 [ 740.901578] ? preempt_count_add+0xbc/0x1b0 [ 740.905914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 740.911469] ? wake_up_klogd+0x99/0xd0 [ 740.915382] kernfs_new_node+0x99/0x130 [ 740.919379] kernfs_create_dir_ns+0x52/0x160 [ 740.923805] sysfs_create_dir_ns+0x131/0x290 [ 740.928225] ? sysfs_create_mount_point+0xa0/0xa0 [ 740.933102] kobject_add_internal.cold+0xe5/0x5d1 [ 740.937973] kobject_add+0x150/0x1c0 [ 740.941703] ? kset_create_and_add+0x1a0/0x1a0 [ 740.946306] ? __lockdep_init_map+0x10c/0x5b0 [ 740.950902] ? rcu_read_lock_sched_held+0x110/0x130 [ 740.955939] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 740.961497] device_add+0x3cc/0x1760 [ 740.965238] ? get_device_parent.isra.0+0x570/0x570 [ 740.970282] rfkill_register+0x1bf/0xb50 [ 740.974365] hci_register_dev+0x385/0x880 [ 740.978538] hci_uart_tty_ioctl+0x761/0xaf0 [ 740.982876] tty_ioctl+0x8b5/0x1510 [ 740.986521] ? hci_uart_init_work+0x140/0x140 [ 740.991032] ? tty_vhangup+0x30/0x30 [ 740.994766] ? mark_held_locks+0x100/0x100 [ 740.999019] ? perf_trace_lock_acquire+0x380/0x580 [ 741.003968] ? __fget+0x340/0x540 [ 741.007439] ? ___might_sleep+0x163/0x280 [ 741.011607] ? __might_sleep+0x95/0x190 [ 741.015594] ? tty_vhangup+0x30/0x30 [ 741.019324] do_vfs_ioctl+0xd5f/0x1380 [ 741.023231] ? selinux_file_ioctl+0x46f/0x5e0 [ 741.027745] ? selinux_file_ioctl+0x125/0x5e0 [ 741.032256] ? ioctl_preallocate+0x210/0x210 [ 741.036684] ? selinux_file_mprotect+0x620/0x620 [ 741.041459] ? iterate_fd+0x360/0x360 [ 741.045802] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 741.051352] ? fput+0x128/0x1a0 [ 741.054655] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 741.060208] ? security_file_ioctl+0x8d/0xc0 [ 741.064635] ksys_ioctl+0xab/0xd0 [ 741.068107] __x64_sys_ioctl+0x73/0xb0 [ 741.072023] do_syscall_64+0xfd/0x620 [ 741.075841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 741.081043] RIP: 0033:0x459829 [ 741.084253] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 741.103167] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 741.110895] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 01:11:38 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x0, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 741.118175] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 741.125453] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 741.132821] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 741.140095] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:11:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x0) [ 741.195289] kobject_add_internal failed for rfkill160 (error: -12 parent: hci2) [ 741.210621] Bluetooth: hci2: Frame reassembly failed (-84) [ 741.216653] Bluetooth: hci2: Frame reassembly failed (-84) 01:11:40 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5451, 0x0) 01:11:40 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x0, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:40 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x0) [ 742.407732] Bluetooth: hci1: Frame reassembly failed (-84) [ 742.418694] Bluetooth: hci0: command 0x1003 tx timeout [ 742.424075] Bluetooth: hci0: sending frame failed (-49) 01:11:40 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 742.818776] Bluetooth: hci3: command 0x1003 tx timeout [ 742.824178] Bluetooth: hci3: sending frame failed (-49) [ 743.218793] Bluetooth: hci2: command 0x1003 tx timeout [ 743.224400] Bluetooth: hci2: sending frame failed (-49) [ 744.418690] Bluetooth: hci1: command 0x1003 tx timeout [ 744.424092] Bluetooth: hci1: sending frame failed (-49) [ 744.498653] Bluetooth: hci0: command 0x1001 tx timeout [ 744.504071] Bluetooth: hci0: sending frame failed (-49) [ 744.899055] Bluetooth: hci3: command 0x1001 tx timeout [ 744.904451] Bluetooth: hci3: sending frame failed (-49) [ 745.298821] Bluetooth: hci2: command 0x1001 tx timeout [ 745.304313] Bluetooth: hci2: sending frame failed (-49) [ 746.498702] Bluetooth: hci1: command 0x1001 tx timeout [ 746.504109] Bluetooth: hci1: sending frame failed (-49) [ 746.578663] Bluetooth: hci0: command 0x1009 tx timeout [ 746.978747] Bluetooth: hci3: command 0x1009 tx timeout [ 747.378796] Bluetooth: hci2: command 0x1009 tx timeout [ 748.578655] Bluetooth: hci1: command 0x1009 tx timeout 01:11:49 executing program 0 (fault-call:3 fault-nth:43): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:11:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5409, 0x0) 01:11:49 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x0) 01:11:49 executing program 2 (fault-call:3 fault-nth:41): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 751.290654] Bluetooth: hci0: Frame reassembly failed (-84) [ 751.373773] FAULT_INJECTION: forcing a failure. [ 751.373773] name failslab, interval 1, probability 0, space 0, times 0 [ 751.405063] CPU: 1 PID: 11376 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 751.412122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 751.421482] Call Trace: [ 751.424093] dump_stack+0x172/0x1f0 [ 751.427741] should_fail.cold+0xa/0x1b [ 751.431647] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 751.436770] ? lock_downgrade+0x810/0x810 [ 751.440936] ? ___might_sleep+0x163/0x280 [ 751.445110] __should_failslab+0x121/0x190 [ 751.449360] should_failslab+0x9/0x14 [ 751.453176] __kmalloc_track_caller+0x2de/0x750 [ 751.457857] ? pointer+0x970/0x970 [ 751.461419] ? rfkill_register+0x3a/0xb50 [ 751.465588] ? kvasprintf_const+0x65/0x190 [ 751.469836] kvasprintf+0xc8/0x170 [ 751.473395] ? bust_spinlocks+0xe0/0xe0 [ 751.477384] ? __mutex_lock+0x3cd/0x1300 [ 751.481458] ? __debug_object_init+0x190/0xc30 [ 751.486054] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 751.491170] ? rfkill_register+0x3a/0xb50 [ 751.495338] kvasprintf_const+0x65/0x190 [ 751.499417] kobject_set_name_vargs+0x5b/0x150 [ 751.504015] dev_set_name+0xbd/0xf0 [ 751.507656] ? device_initialize+0x440/0x440 [ 751.512086] ? lockdep_init_map+0x9/0x10 [ 751.516163] ? __init_waitqueue_head+0x36/0x90 [ 751.520774] rfkill_register+0xf0/0xb50 [ 751.524783] hci_register_dev+0x385/0x880 [ 751.528957] hci_uart_tty_ioctl+0x761/0xaf0 [ 751.533296] tty_ioctl+0x8b5/0x1510 [ 751.536938] ? hci_uart_init_work+0x140/0x140 [ 751.541446] ? tty_vhangup+0x30/0x30 [ 751.545175] ? mark_held_locks+0x100/0x100 [ 751.549424] ? proc_cwd_link+0x1d0/0x1d0 [ 751.553510] ? __fget+0x340/0x540 [ 751.556981] ? ___might_sleep+0x163/0x280 [ 751.561149] ? __might_sleep+0x95/0x190 [ 751.565134] ? tty_vhangup+0x30/0x30 [ 751.568867] do_vfs_ioctl+0xd5f/0x1380 [ 751.572770] ? selinux_file_ioctl+0x46f/0x5e0 [ 751.577276] ? selinux_file_ioctl+0x125/0x5e0 [ 751.581788] ? ioctl_preallocate+0x210/0x210 [ 751.586213] ? selinux_file_mprotect+0x620/0x620 [ 751.590989] ? iterate_fd+0x360/0x360 [ 751.594807] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 751.600355] ? fput+0x128/0x1a0 [ 751.603660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 751.609216] ? security_file_ioctl+0x8d/0xc0 [ 751.613640] ksys_ioctl+0xab/0xd0 [ 751.617116] __x64_sys_ioctl+0x73/0xb0 [ 751.621021] do_syscall_64+0xfd/0x620 [ 751.624841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 751.630039] RIP: 0033:0x459829 [ 751.633247] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 751.652162] RSP: 002b:00007f9d624c9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 751.659886] RAX: ffffffffffffffda RBX: 00007f9d624c9c90 RCX: 0000000000459829 [ 751.667162] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 751.674443] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 751.681722] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624ca6d4 [ 751.689000] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 751.711179] FAULT_INJECTION: forcing a failure. [ 751.711179] name failslab, interval 1, probability 0, space 0, times 0 [ 751.723553] Bluetooth: hci2: Frame reassembly failed (-84) [ 751.726002] CPU: 1 PID: 11377 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 751.736219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 751.745610] Call Trace: [ 751.748216] dump_stack+0x172/0x1f0 [ 751.751862] should_fail.cold+0xa/0x1b [ 751.755770] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 751.760889] ? lock_downgrade+0x810/0x810 [ 751.765052] ? ___might_sleep+0x163/0x280 [ 751.769220] __should_failslab+0x121/0x190 [ 751.773474] should_failslab+0x9/0x14 [ 751.777283] kmem_cache_alloc+0x2ae/0x700 [ 751.781449] ? kasan_check_write+0x14/0x20 [ 751.785701] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 751.790567] __kernfs_new_node+0xef/0x680 [ 751.794732] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 751.799510] ? mutex_unlock+0xd/0x10 [ 751.803238] ? kernfs_activate+0x192/0x1f0 [ 751.807491] ? kernfs_add_one+0x131/0x4d0 [ 751.811663] kernfs_new_node+0x99/0x130 [ 751.815665] __kernfs_create_file+0x51/0x340 [ 751.820099] sysfs_add_file_mode_ns+0x222/0x560 [ 751.824791] sysfs_create_file_ns+0x13a/0x1c0 [ 751.829303] ? sysfs_add_file_mode_ns+0x560/0x560 [ 751.834165] ? up_read+0x1a/0x110 [ 751.837642] device_create_file+0xfa/0x1e0 [ 751.841897] ? acpi_bind_one+0x830/0x830 [ 751.845975] device_add+0x411/0x1760 [ 751.849719] ? get_device_parent.isra.0+0x570/0x570 [ 751.854761] rfkill_register+0x1bf/0xb50 [ 751.858837] hci_register_dev+0x385/0x880 [ 751.863009] hci_uart_tty_ioctl+0x761/0xaf0 [ 751.867346] tty_ioctl+0x8b5/0x1510 [ 751.870990] ? hci_uart_init_work+0x140/0x140 [ 751.875505] ? tty_vhangup+0x30/0x30 [ 751.879231] ? mark_held_locks+0x100/0x100 [ 751.883479] ? proc_cwd_link+0x1d0/0x1d0 [ 751.887560] ? __fget+0x340/0x540 [ 751.891029] ? ___might_sleep+0x163/0x280 [ 751.895190] ? __might_sleep+0x95/0x190 [ 751.899177] ? tty_vhangup+0x30/0x30 [ 751.902906] do_vfs_ioctl+0xd5f/0x1380 [ 751.906808] ? selinux_file_ioctl+0x46f/0x5e0 [ 751.911319] ? selinux_file_ioctl+0x125/0x5e0 [ 751.915827] ? ioctl_preallocate+0x210/0x210 [ 751.920249] ? selinux_file_mprotect+0x620/0x620 [ 751.925026] ? iterate_fd+0x360/0x360 [ 751.928847] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 751.934398] ? fput+0x128/0x1a0 [ 751.937708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 751.943259] ? security_file_ioctl+0x8d/0xc0 [ 751.947692] ksys_ioctl+0xab/0xd0 [ 751.951173] __x64_sys_ioctl+0x73/0xb0 [ 751.955076] do_syscall_64+0xfd/0x620 [ 751.958898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 751.964094] RIP: 0033:0x459829 [ 751.967302] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 751.986214] RSP: 002b:00007fd01d6e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 751.993942] RAX: ffffffffffffffda RBX: 00007fd01d6e3c90 RCX: 0000000000459829 [ 752.001220] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 752.008500] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 752.015776] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d6e46d4 [ 752.023055] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:11:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x0) [ 752.050836] Bluetooth: hci3: Frame reassembly failed (-84) 01:11:49 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:50 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x0) 01:11:50 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5452, 0x0) 01:11:50 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x0) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:50 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x0) [ 752.621211] Bluetooth: hci1: Frame reassembly failed (-84) 01:11:50 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x0) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 753.298689] Bluetooth: hci0: command 0x1003 tx timeout [ 753.304295] Bluetooth: hci0: sending frame failed (-49) [ 753.778858] Bluetooth: hci2: command 0x1003 tx timeout [ 753.784465] Bluetooth: hci2: sending frame failed (-49) [ 754.098718] Bluetooth: hci3: command 0x1003 tx timeout [ 754.104334] Bluetooth: hci3: sending frame failed (-49) [ 754.658802] Bluetooth: hci1: command 0x1003 tx timeout [ 754.664219] Bluetooth: hci1: sending frame failed (-49) [ 755.378717] Bluetooth: hci0: command 0x1001 tx timeout [ 755.384111] Bluetooth: hci0: sending frame failed (-49) [ 755.858696] Bluetooth: hci2: command 0x1001 tx timeout [ 755.864098] Bluetooth: hci2: sending frame failed (-49) [ 756.178683] Bluetooth: hci3: command 0x1001 tx timeout [ 756.184089] Bluetooth: hci3: sending frame failed (-49) [ 756.738702] Bluetooth: hci1: command 0x1001 tx timeout [ 756.744109] Bluetooth: hci1: sending frame failed (-49) [ 757.458649] Bluetooth: hci0: command 0x1009 tx timeout [ 757.938682] Bluetooth: hci2: command 0x1009 tx timeout [ 758.258686] Bluetooth: hci3: command 0x1009 tx timeout [ 758.818690] Bluetooth: hci1: command 0x1009 tx timeout 01:11:59 executing program 0 (fault-call:3 fault-nth:44): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:11:59 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x0) 01:11:59 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x0) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:11:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x540b, 0x0) 01:11:59 executing program 2 (fault-call:3 fault-nth:42): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 762.171436] Bluetooth: hci0: Frame reassembly failed (-84) [ 762.239671] FAULT_INJECTION: forcing a failure. [ 762.239671] name failslab, interval 1, probability 0, space 0, times 0 [ 762.267480] CPU: 1 PID: 11406 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 762.274535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.283900] Call Trace: [ 762.286512] dump_stack+0x172/0x1f0 [ 762.290163] should_fail.cold+0xa/0x1b [ 762.294074] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 762.299194] ? lock_downgrade+0x810/0x810 [ 762.303354] ? ___might_sleep+0x163/0x280 [ 762.307524] __should_failslab+0x121/0x190 [ 762.311780] should_failslab+0x9/0x14 [ 762.315594] kmem_cache_alloc+0x2ae/0x700 [ 762.319757] ? kasan_check_write+0x14/0x20 [ 762.324003] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 762.328865] __kernfs_new_node+0xef/0x680 [ 762.333043] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 762.337816] ? mutex_unlock+0xd/0x10 [ 762.341548] ? kernfs_activate+0x192/0x1f0 [ 762.345802] ? kernfs_add_one+0x131/0x4d0 [ 762.349980] kernfs_new_node+0x99/0x130 [ 762.353978] __kernfs_create_file+0x51/0x340 [ 762.358407] sysfs_add_file_mode_ns+0x222/0x560 [ 762.363105] sysfs_create_file_ns+0x13a/0x1c0 [ 762.367622] ? sysfs_add_file_mode_ns+0x560/0x560 [ 762.372484] ? up_read+0x1a/0x110 [ 762.375959] device_create_file+0xfa/0x1e0 [ 762.380204] ? acpi_bind_one+0x830/0x830 [ 762.384279] device_add+0x411/0x1760 [ 762.388021] ? get_device_parent.isra.0+0x570/0x570 [ 762.393068] rfkill_register+0x1bf/0xb50 [ 762.397152] hci_register_dev+0x385/0x880 [ 762.401329] hci_uart_tty_ioctl+0x761/0xaf0 [ 762.405671] tty_ioctl+0x8b5/0x1510 [ 762.409322] ? hci_uart_init_work+0x140/0x140 [ 762.413830] ? tty_vhangup+0x30/0x30 [ 762.417559] ? mark_held_locks+0x100/0x100 [ 762.421818] ? debug_smp_processor_id+0x1c/0x20 [ 762.426506] ? __fget+0x340/0x540 [ 762.429972] ? ___might_sleep+0x163/0x280 [ 762.434134] ? __might_sleep+0x95/0x190 [ 762.438121] ? tty_vhangup+0x30/0x30 [ 762.441846] do_vfs_ioctl+0xd5f/0x1380 [ 762.445747] ? selinux_file_ioctl+0x46f/0x5e0 [ 762.450254] ? selinux_file_ioctl+0x125/0x5e0 [ 762.454764] ? ioctl_preallocate+0x210/0x210 [ 762.459184] ? selinux_file_mprotect+0x620/0x620 [ 762.463959] ? iterate_fd+0x360/0x360 [ 762.467776] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 762.473325] ? fput+0x128/0x1a0 [ 762.476629] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 762.482182] ? security_file_ioctl+0x8d/0xc0 [ 762.486606] ksys_ioctl+0xab/0xd0 [ 762.490073] __x64_sys_ioctl+0x73/0xb0 [ 762.493973] do_syscall_64+0xfd/0x620 [ 762.497799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 762.502999] RIP: 0033:0x459829 [ 762.506206] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 762.525121] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 762.532849] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 01:12:00 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x0) [ 762.540127] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 762.547414] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 762.554700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 762.561982] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 762.592171] FAULT_INJECTION: forcing a failure. [ 762.592171] name failslab, interval 1, probability 0, space 0, times 0 [ 762.603818] Bluetooth: hci2: Frame reassembly failed (-84) [ 762.610522] CPU: 0 PID: 11407 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 762.617569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.626944] Call Trace: [ 762.629562] dump_stack+0x172/0x1f0 [ 762.633238] should_fail.cold+0xa/0x1b [ 762.637162] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 762.642296] ? lock_downgrade+0x810/0x810 [ 762.646473] ? ___might_sleep+0x163/0x280 [ 762.650656] __should_failslab+0x121/0x190 [ 762.654929] should_failslab+0x9/0x14 [ 762.658748] kmem_cache_alloc+0x2ae/0x700 [ 762.658769] ? kasan_check_write+0x14/0x20 [ 762.658789] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 762.658825] __kernfs_new_node+0xef/0x680 [ 762.658853] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 762.667237] ? mutex_unlock+0xd/0x10 [ 762.684696] ? kernfs_activate+0x192/0x1f0 [ 762.688974] ? perf_trace_run_bpf_submit+0x131/0x190 [ 762.694134] kernfs_new_node+0x99/0x130 [ 762.698151] __kernfs_create_file+0x51/0x340 [ 762.702596] sysfs_add_file_mode_ns+0x222/0x560 [ 762.707308] sysfs_create_file_ns+0x13a/0x1c0 [ 762.711836] ? sysfs_add_file_mode_ns+0x560/0x560 [ 762.716718] ? up_read+0x1a/0x110 [ 762.720217] device_create_file+0xfa/0x1e0 [ 762.724475] ? acpi_bind_one+0x830/0x830 [ 762.728558] device_add+0x411/0x1760 [ 762.732312] ? get_device_parent.isra.0+0x570/0x570 [ 762.737385] rfkill_register+0x1bf/0xb50 [ 762.741482] hci_register_dev+0x385/0x880 [ 762.745674] hci_uart_tty_ioctl+0x761/0xaf0 [ 762.750028] tty_ioctl+0x8b5/0x1510 [ 762.753682] ? hci_uart_init_work+0x140/0x140 [ 762.758210] ? tty_vhangup+0x30/0x30 [ 762.761948] ? mark_held_locks+0x100/0x100 [ 762.766218] ? perf_trace_lock_acquire+0x380/0x580 [ 762.771193] ? __fget+0x340/0x540 [ 762.774680] ? ___might_sleep+0x163/0x280 [ 762.778865] ? __might_sleep+0x95/0x190 [ 762.782865] ? tty_vhangup+0x30/0x30 [ 762.786612] do_vfs_ioctl+0xd5f/0x1380 [ 762.790523] ? selinux_file_ioctl+0x46f/0x5e0 [ 762.795045] ? selinux_file_ioctl+0x125/0x5e0 [ 762.799573] ? ioctl_preallocate+0x210/0x210 [ 762.804006] ? selinux_file_mprotect+0x620/0x620 [ 762.808797] ? iterate_fd+0x360/0x360 [ 762.812630] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 762.818197] ? fput+0x128/0x1a0 [ 762.821519] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 762.827078] ? security_file_ioctl+0x8d/0xc0 [ 762.831517] ksys_ioctl+0xab/0xd0 [ 762.835005] __x64_sys_ioctl+0x73/0xb0 [ 762.838920] do_syscall_64+0xfd/0x620 [ 762.842759] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 762.847968] RIP: 0033:0x459829 [ 762.851191] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 762.870118] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 762.877867] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 762.885156] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 01:12:00 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(0xffffffffffffffff, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 762.892458] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 762.899752] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 762.907039] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:12:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x545d, 0x0) [ 762.946543] Bluetooth: hci3: Frame reassembly failed (-84) 01:12:00 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541f, 0x0) [ 763.022057] Bluetooth: hci1: Frame reassembly failed (-84) 01:12:00 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(0xffffffffffffffff, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:01 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x0) 01:12:01 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(0xffffffffffffffff, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 764.178741] Bluetooth: hci0: command 0x1003 tx timeout [ 764.184144] Bluetooth: hci0: sending frame failed (-49) [ 764.658635] Bluetooth: hci2: command 0x1003 tx timeout [ 764.664054] Bluetooth: hci2: sending frame failed (-49) [ 764.978879] Bluetooth: hci3: command 0x1003 tx timeout [ 764.984273] Bluetooth: hci3: sending frame failed (-49) [ 765.058773] Bluetooth: hci1: command 0x1003 tx timeout [ 765.064415] Bluetooth: hci1: sending frame failed (-49) [ 766.258772] Bluetooth: hci0: command 0x1001 tx timeout [ 766.264173] Bluetooth: hci0: sending frame failed (-49) [ 766.738697] Bluetooth: hci2: command 0x1001 tx timeout [ 766.744103] Bluetooth: hci2: sending frame failed (-49) [ 767.058657] Bluetooth: hci3: command 0x1001 tx timeout [ 767.064060] Bluetooth: hci3: sending frame failed (-49) [ 767.138701] Bluetooth: hci1: command 0x1001 tx timeout [ 767.144104] Bluetooth: hci1: sending frame failed (-49) [ 768.338711] Bluetooth: hci0: command 0x1009 tx timeout [ 768.818700] Bluetooth: hci2: command 0x1009 tx timeout [ 769.138677] Bluetooth: hci3: command 0x1009 tx timeout [ 769.218723] Bluetooth: hci1: command 0x1009 tx timeout 01:12:10 executing program 0 (fault-call:3 fault-nth:45): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:12:10 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x0) 01:12:10 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) fcntl$getown(r3, 0x9) getpgid(0x0) read(r2, &(0x7f0000000200)=""/168, 0xa8) r4 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r4, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r4, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x540c, 0x0) 01:12:10 executing program 2 (fault-call:3 fault-nth:43): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 773.054851] Bluetooth: hci0: Frame reassembly failed (-84) 01:12:10 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x0) [ 773.116830] FAULT_INJECTION: forcing a failure. [ 773.116830] name failslab, interval 1, probability 0, space 0, times 0 [ 773.163717] CPU: 0 PID: 11433 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 773.170789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.180166] Call Trace: [ 773.183022] dump_stack+0x172/0x1f0 [ 773.186695] should_fail.cold+0xa/0x1b [ 773.190623] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 773.195761] ? lock_downgrade+0x810/0x810 [ 773.199945] ? ___might_sleep+0x163/0x280 [ 773.204133] __should_failslab+0x121/0x190 [ 773.208406] should_failslab+0x9/0x14 [ 773.212233] kmem_cache_alloc+0x2ae/0x700 [ 773.216408] ? perf_trace_run_bpf_submit+0x131/0x190 [ 773.221538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 773.227119] __kernfs_new_node+0xef/0x680 [ 773.231328] ? mark_held_locks+0x100/0x100 [ 773.235598] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 773.240393] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 773.245874] ? find_held_lock+0x35/0x130 [ 773.249962] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 773.255448] ? kernfs_activate+0x192/0x1f0 [ 773.259717] kernfs_new_node+0x99/0x130 [ 773.263780] kernfs_create_link+0xdd/0x250 [ 773.268052] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 773.273371] sysfs_create_link+0x65/0xc0 [ 773.277473] device_add+0x536/0x1760 [ 773.281241] ? get_device_parent.isra.0+0x570/0x570 [ 773.286309] rfkill_register+0x1bf/0xb50 [ 773.290413] hci_register_dev+0x385/0x880 [ 773.294604] hci_uart_tty_ioctl+0x761/0xaf0 [ 773.298955] tty_ioctl+0x8b5/0x1510 [ 773.302604] ? hci_uart_init_work+0x140/0x140 [ 773.307132] ? tty_vhangup+0x30/0x30 [ 773.310876] ? mark_held_locks+0x100/0x100 [ 773.315141] ? perf_trace_lock_acquire+0x380/0x580 [ 773.320114] ? __fget+0x340/0x540 [ 773.323601] ? ___might_sleep+0x163/0x280 [ 773.327782] ? __might_sleep+0x95/0x190 [ 773.331788] ? tty_vhangup+0x30/0x30 [ 773.335532] do_vfs_ioctl+0xd5f/0x1380 [ 773.339444] ? selinux_file_ioctl+0x46f/0x5e0 [ 773.343963] ? selinux_file_ioctl+0x125/0x5e0 [ 773.348483] ? ioctl_preallocate+0x210/0x210 [ 773.352918] ? selinux_file_mprotect+0x620/0x620 [ 773.357715] ? iterate_fd+0x360/0x360 [ 773.361556] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 773.367118] ? fput+0x128/0x1a0 [ 773.370439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 773.375997] ? security_file_ioctl+0x8d/0xc0 [ 773.380435] ksys_ioctl+0xab/0xd0 [ 773.383916] __x64_sys_ioctl+0x73/0xb0 [ 773.387841] do_syscall_64+0xfd/0x620 [ 773.391677] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 773.396889] RIP: 0033:0x459829 [ 773.400107] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 773.419032] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 773.426769] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 773.434064] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 773.441359] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 773.448651] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 773.455939] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 773.467270] FAULT_INJECTION: forcing a failure. [ 773.467270] name failslab, interval 1, probability 0, space 0, times 0 [ 773.494971] CPU: 0 PID: 11435 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 773.502046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.511420] Call Trace: [ 773.514032] dump_stack+0x172/0x1f0 [ 773.517696] should_fail.cold+0xa/0x1b [ 773.521619] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 773.526750] ? lock_downgrade+0x810/0x810 [ 773.530934] ? ___might_sleep+0x163/0x280 [ 773.535112] __should_failslab+0x121/0x190 [ 773.539369] should_failslab+0x9/0x14 [ 773.543209] kmem_cache_alloc+0x2ae/0x700 [ 773.547384] ? kasan_check_write+0x14/0x20 [ 773.551644] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 773.556519] __kernfs_new_node+0xef/0x680 [ 773.560709] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 773.565493] ? mutex_unlock+0xd/0x10 [ 773.569227] ? kernfs_activate+0x192/0x1f0 [ 773.573492] ? perf_trace_run_bpf_submit+0x131/0x190 [ 773.578633] kernfs_new_node+0x99/0x130 [ 773.582646] __kernfs_create_file+0x51/0x340 [ 773.587089] sysfs_add_file_mode_ns+0x222/0x560 [ 773.591801] sysfs_create_file_ns+0x13a/0x1c0 [ 773.596333] ? sysfs_add_file_mode_ns+0x560/0x560 [ 773.601224] ? up_read+0x1a/0x110 [ 773.604717] device_create_file+0xfa/0x1e0 [ 773.608976] ? acpi_bind_one+0x830/0x830 [ 773.613059] device_add+0x411/0x1760 [ 773.616833] ? get_device_parent.isra.0+0x570/0x570 [ 773.621905] rfkill_register+0x1bf/0xb50 [ 773.626003] hci_register_dev+0x385/0x880 [ 773.630198] hci_uart_tty_ioctl+0x761/0xaf0 [ 773.634549] tty_ioctl+0x8b5/0x1510 [ 773.638196] ? hci_uart_init_work+0x140/0x140 [ 773.642706] ? tty_vhangup+0x30/0x30 [ 773.642724] ? mark_held_locks+0x100/0x100 [ 773.642749] ? perf_trace_lock_acquire+0x380/0x580 [ 773.642778] ? __fget+0x340/0x540 [ 773.642802] ? ___might_sleep+0x163/0x280 [ 773.642826] ? __might_sleep+0x95/0x190 [ 773.642842] ? tty_vhangup+0x30/0x30 [ 773.642860] do_vfs_ioctl+0xd5f/0x1380 [ 773.642876] ? selinux_file_ioctl+0x46f/0x5e0 [ 773.671206] ? selinux_file_ioctl+0x125/0x5e0 [ 773.671231] ? ioctl_preallocate+0x210/0x210 [ 773.671248] ? selinux_file_mprotect+0x620/0x620 [ 773.671282] ? iterate_fd+0x360/0x360 [ 773.693317] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 773.693342] ? fput+0x128/0x1a0 [ 773.705985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 773.711548] ? security_file_ioctl+0x8d/0xc0 [ 773.715999] ksys_ioctl+0xab/0xd0 [ 773.719486] __x64_sys_ioctl+0x73/0xb0 [ 773.723399] do_syscall_64+0xfd/0x620 [ 773.727234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 773.732445] RIP: 0033:0x459829 [ 773.735667] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 773.754600] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:12:11 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x0) 01:12:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) fcntl$getown(r3, 0x9) getpgid(0x0) read(r2, &(0x7f0000000200)=""/168, 0xa8) r4 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r4, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r4, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:11 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5460, 0x0) [ 773.762350] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 773.769636] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 773.776918] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 773.784218] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 773.791515] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 773.805010] Bluetooth: hci3: sending frame failed (-49) 01:12:11 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x0) [ 773.936099] Bluetooth: hci1: Frame reassembly failed (-84) 01:12:11 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x0) 01:12:12 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) fcntl$getown(r3, 0x9) getpgid(0x0) read(r2, &(0x7f0000000200)=""/168, 0xa8) r4 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r4, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r4, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 775.058649] Bluetooth: hci0: command 0x1003 tx timeout [ 775.064068] Bluetooth: hci0: sending frame failed (-49) [ 775.538684] Bluetooth: hci2: command 0x1003 tx timeout [ 775.544090] Bluetooth: hci2: sending frame failed (-49) [ 775.858638] Bluetooth: hci3: command 0x1003 tx timeout [ 775.864041] Bluetooth: hci3: sending frame failed (-49) [ 775.938637] Bluetooth: hci1: command 0x1003 tx timeout [ 775.944027] Bluetooth: hci1: sending frame failed (-49) [ 777.138650] Bluetooth: hci0: command 0x1001 tx timeout [ 777.144048] Bluetooth: hci0: sending frame failed (-49) [ 777.618736] Bluetooth: hci2: command 0x1001 tx timeout [ 777.624136] Bluetooth: hci2: sending frame failed (-49) [ 777.938645] Bluetooth: hci3: command 0x1001 tx timeout [ 777.944048] Bluetooth: hci3: sending frame failed (-49) [ 778.018670] Bluetooth: hci1: command 0x1001 tx timeout [ 778.024064] Bluetooth: hci1: sending frame failed (-49) [ 779.218668] Bluetooth: hci0: command 0x1009 tx timeout [ 779.698697] Bluetooth: hci2: command 0x1009 tx timeout [ 780.018705] Bluetooth: hci3: command 0x1009 tx timeout [ 780.098646] Bluetooth: hci1: command 0x1009 tx timeout 01:12:21 executing program 0 (fault-call:3 fault-nth:46): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:12:21 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x0) 01:12:21 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r3 = fcntl$getown(r2, 0x9) getpgid(r3) read(0xffffffffffffffff, &(0x7f0000000200)=""/168, 0xa8) r4 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r4, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r2, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r4, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r2, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:21 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x540d, 0x0) 01:12:21 executing program 2 (fault-call:3 fault-nth:44): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 783.949282] Bluetooth: hci0: Frame reassembly failed (-84) [ 784.001167] FAULT_INJECTION: forcing a failure. [ 784.001167] name failslab, interval 1, probability 0, space 0, times 0 [ 784.012789] CPU: 1 PID: 11465 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 784.019810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.029161] Call Trace: [ 784.031757] dump_stack+0x172/0x1f0 [ 784.035394] should_fail.cold+0xa/0x1b [ 784.039284] ? is_bpf_text_address+0xd3/0x170 [ 784.043787] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 784.048895] ? __kernel_text_address+0xd/0x40 [ 784.053398] ? unwind_get_return_address+0x61/0xa0 [ 784.058335] __should_failslab+0x121/0x190 [ 784.062575] should_failslab+0x9/0x14 [ 784.066374] kmem_cache_alloc+0x47/0x700 [ 784.070444] ? save_stack+0xa9/0xd0 [ 784.074077] radix_tree_node_alloc.constprop.0+0x1eb/0x340 [ 784.079912] idr_get_free+0x50f/0xa20 [ 784.083731] idr_alloc_u32+0x1d6/0x390 [ 784.087624] ? __fprop_inc_percpu_max+0x230/0x230 [ 784.092467] ? __lock_is_held+0xb6/0x140 [ 784.096526] ? should_fail+0x14d/0x85c [ 784.100423] ? perf_trace_lock+0x510/0x510 [ 784.104656] ? __lock_is_held+0xb6/0x140 [ 784.108745] idr_alloc_cyclic+0x132/0x270 [ 784.112899] ? idr_alloc+0x150/0x150 [ 784.116616] ? kasan_check_write+0x14/0x20 [ 784.120853] ? do_raw_spin_lock+0xc8/0x240 [ 784.125098] __kernfs_new_node+0x171/0x680 [ 784.129343] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 784.134102] ? perf_trace_lock_acquire+0xf5/0x580 [ 784.138952] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 784.144404] ? find_held_lock+0x35/0x130 [ 784.148466] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 784.153921] ? kernfs_activate+0x192/0x1f0 [ 784.158165] kernfs_new_node+0x99/0x130 [ 784.162149] kernfs_create_link+0xdd/0x250 [ 784.166390] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 784.171672] sysfs_create_link+0x65/0xc0 [ 784.175741] device_add+0x536/0x1760 [ 784.179465] ? get_device_parent.isra.0+0x570/0x570 [ 784.185002] rfkill_register+0x1bf/0xb50 [ 784.189090] hci_register_dev+0x385/0x880 [ 784.193250] hci_uart_tty_ioctl+0x761/0xaf0 [ 784.197575] tty_ioctl+0x8b5/0x1510 [ 784.201205] ? hci_uart_init_work+0x140/0x140 [ 784.205704] ? tty_vhangup+0x30/0x30 [ 784.209417] ? mark_held_locks+0x100/0x100 [ 784.213657] ? debug_smp_processor_id+0x1c/0x20 [ 784.218334] ? __fget+0x340/0x540 [ 784.221792] ? ___might_sleep+0x163/0x280 [ 784.225944] ? __might_sleep+0x95/0x190 [ 784.229921] ? tty_vhangup+0x30/0x30 [ 784.233636] do_vfs_ioctl+0xd5f/0x1380 [ 784.237523] ? selinux_file_ioctl+0x46f/0x5e0 [ 784.242018] ? selinux_file_ioctl+0x125/0x5e0 [ 784.246519] ? ioctl_preallocate+0x210/0x210 [ 784.250928] ? selinux_file_mprotect+0x620/0x620 [ 784.255696] ? iterate_fd+0x360/0x360 [ 784.259501] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 784.265037] ? fput+0x128/0x1a0 [ 784.268322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.273858] ? security_file_ioctl+0x8d/0xc0 [ 784.278271] ksys_ioctl+0xab/0xd0 [ 784.281730] __x64_sys_ioctl+0x73/0xb0 [ 784.285638] do_syscall_64+0xfd/0x620 [ 784.289447] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.294633] RIP: 0033:0x459829 [ 784.297837] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 784.316743] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 784.324458] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 784.331729] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 784.338995] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 01:12:22 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x0) [ 784.346262] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 784.353528] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 784.450378] FAULT_INJECTION: forcing a failure. [ 784.450378] name failslab, interval 1, probability 0, space 0, times 0 [ 784.462327] Bluetooth: hci2: Frame reassembly failed (-84) [ 784.489770] CPU: 1 PID: 11464 Comm: syz-executor.2 Not tainted 4.19.60 #33 [ 784.496846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.506209] Call Trace: [ 784.508817] dump_stack+0x172/0x1f0 [ 784.512464] should_fail.cold+0xa/0x1b [ 784.516372] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 784.521492] ? lock_downgrade+0x810/0x810 [ 784.525647] ? ___might_sleep+0x163/0x280 [ 784.529821] __should_failslab+0x121/0x190 [ 784.534073] should_failslab+0x9/0x14 [ 784.537881] kmem_cache_alloc+0x2ae/0x700 [ 784.537898] ? kasan_check_write+0x14/0x20 [ 784.537915] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 784.537945] __kernfs_new_node+0xef/0x680 [ 784.546330] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 784.546348] ? mutex_unlock+0xd/0x10 [ 784.546364] ? kernfs_activate+0x192/0x1f0 [ 784.546387] ? perf_trace_run_bpf_submit+0x131/0x190 [ 784.573168] kernfs_new_node+0x99/0x130 [ 784.577166] __kernfs_create_file+0x51/0x340 [ 784.581598] sysfs_add_file_mode_ns+0x222/0x560 [ 784.586316] sysfs_create_file_ns+0x13a/0x1c0 [ 784.590832] ? sysfs_add_file_mode_ns+0x560/0x560 [ 784.595703] ? up_read+0x1a/0x110 [ 784.599177] device_create_file+0xfa/0x1e0 [ 784.603431] ? acpi_bind_one+0x830/0x830 [ 784.607507] device_add+0x411/0x1760 [ 784.611241] ? get_device_parent.isra.0+0x570/0x570 [ 784.616284] rfkill_register+0x1bf/0xb50 [ 784.620371] hci_register_dev+0x385/0x880 [ 784.624547] hci_uart_tty_ioctl+0x761/0xaf0 [ 784.628887] tty_ioctl+0x8b5/0x1510 [ 784.632522] ? hci_uart_init_work+0x140/0x140 [ 784.637027] ? tty_vhangup+0x30/0x30 [ 784.640757] ? mark_held_locks+0x100/0x100 [ 784.645013] ? perf_trace_lock_acquire+0x380/0x580 [ 784.649959] ? __fget+0x340/0x540 [ 784.653426] ? ___might_sleep+0x163/0x280 [ 784.657587] ? __might_sleep+0x95/0x190 [ 784.661577] ? tty_vhangup+0x30/0x30 [ 784.665307] do_vfs_ioctl+0xd5f/0x1380 [ 784.669209] ? selinux_file_ioctl+0x46f/0x5e0 [ 784.673717] ? selinux_file_ioctl+0x125/0x5e0 [ 784.678226] ? ioctl_preallocate+0x210/0x210 [ 784.682649] ? selinux_file_mprotect+0x620/0x620 [ 784.687430] ? iterate_fd+0x360/0x360 [ 784.691246] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 784.696796] ? fput+0x128/0x1a0 [ 784.700098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.705648] ? security_file_ioctl+0x8d/0xc0 [ 784.710081] ksys_ioctl+0xab/0xd0 [ 784.713548] __x64_sys_ioctl+0x73/0xb0 [ 784.717455] do_syscall_64+0xfd/0x620 [ 784.721291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.726501] RIP: 0033:0x459829 [ 784.729714] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:12:22 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r3 = fcntl$getown(r2, 0x9) getpgid(r3) read(0xffffffffffffffff, &(0x7f0000000200)=""/168, 0xa8) r4 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r4, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r2, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r4, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r2, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:22 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x0) [ 784.748715] RSP: 002b:00007f9d624eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 784.756455] RAX: ffffffffffffffda RBX: 00007f9d624eac90 RCX: 0000000000459829 [ 784.763750] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 784.771038] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 784.778332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d624eb6d4 [ 784.785663] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:12:22 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x40049409, 0x0) 01:12:22 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x0) [ 784.980912] Bluetooth: hci1: Frame reassembly failed (-84) 01:12:22 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r3 = fcntl$getown(r2, 0x9) getpgid(r3) read(0xffffffffffffffff, &(0x7f0000000200)=""/168, 0xa8) r4 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r4, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r2, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r4, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r2, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:23 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x0) [ 786.018775] Bluetooth: hci0: command 0x1003 tx timeout [ 786.024448] Bluetooth: hci0: sending frame failed (-49) [ 786.498838] Bluetooth: hci2: command 0x1003 tx timeout [ 786.504543] Bluetooth: hci2: sending frame failed (-49) [ 786.898763] Bluetooth: hci3: command 0x1003 tx timeout [ 786.904422] Bluetooth: hci3: sending frame failed (-49) [ 787.058673] Bluetooth: hci1: command 0x1003 tx timeout [ 787.064151] Bluetooth: hci1: sending frame failed (-49) [ 788.098703] Bluetooth: hci0: command 0x1001 tx timeout [ 788.104128] Bluetooth: hci0: sending frame failed (-49) [ 788.578808] Bluetooth: hci2: command 0x1001 tx timeout [ 788.584357] Bluetooth: hci2: sending frame failed (-49) [ 788.978703] Bluetooth: hci3: command 0x1001 tx timeout [ 788.984106] Bluetooth: hci3: sending frame failed (-49) [ 789.138660] Bluetooth: hci1: command 0x1001 tx timeout [ 789.144058] Bluetooth: hci1: sending frame failed (-49) [ 790.188683] Bluetooth: hci0: command 0x1009 tx timeout [ 790.658854] Bluetooth: hci2: command 0x1009 tx timeout [ 791.058657] Bluetooth: hci3: command 0x1009 tx timeout [ 791.218647] Bluetooth: hci1: command 0x1009 tx timeout 01:12:32 executing program 0 (fault-call:3 fault-nth:47): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:12:32 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, 0x0, 0x0) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:32 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x0) 01:12:32 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5412, 0x0) [ 794.830557] FAULT_INJECTION: forcing a failure. [ 794.830557] name failslab, interval 1, probability 0, space 0, times 0 [ 794.861457] CPU: 1 PID: 11493 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 794.868525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.877920] Call Trace: [ 794.880544] dump_stack+0x172/0x1f0 [ 794.884199] should_fail.cold+0xa/0x1b [ 794.888112] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 794.893239] ? lock_downgrade+0x810/0x810 [ 794.897413] ? ___might_sleep+0x163/0x280 [ 794.901591] __should_failslab+0x121/0x190 [ 794.905845] should_failslab+0x9/0x14 [ 794.909657] kmem_cache_alloc+0x2ae/0x700 [ 794.913832] ? perf_trace_lock+0x510/0x510 [ 794.918090] __kernfs_new_node+0xef/0x680 [ 794.922262] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 794.927031] ? lock_acquire+0x16f/0x3f0 [ 794.931023] ? kernfs_activate+0x192/0x1f0 [ 794.935267] ? find_held_lock+0x35/0x130 [ 794.939351] ? kernfs_activate+0x192/0x1f0 [ 794.943614] kernfs_new_node+0x99/0x130 [ 794.947608] __kernfs_create_file+0x51/0x340 [ 794.952042] sysfs_add_file_mode_ns+0x222/0x560 [ 794.956736] internal_create_group+0x383/0xc30 [ 794.961350] ? remove_files.isra.0+0x190/0x190 [ 794.965993] ? kernfs_put+0x3c2/0x5d0 [ 794.969816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.975368] ? kernfs_create_link+0x1d2/0x250 [ 794.979887] sysfs_create_groups+0x9b/0x141 [ 794.984224] device_add+0x87e/0x1760 [ 794.987965] ? get_device_parent.isra.0+0x570/0x570 [ 794.993011] rfkill_register+0x1bf/0xb50 [ 794.997101] hci_register_dev+0x385/0x880 [ 795.001270] hci_uart_tty_ioctl+0x761/0xaf0 [ 795.005607] tty_ioctl+0x8b5/0x1510 [ 795.009246] ? hci_uart_init_work+0x140/0x140 [ 795.013753] ? tty_vhangup+0x30/0x30 [ 795.017482] ? mark_held_locks+0x100/0x100 [ 795.021738] ? debug_smp_processor_id+0x1c/0x20 [ 795.026423] ? __fget+0x340/0x540 [ 795.029896] ? ___might_sleep+0x163/0x280 [ 795.034059] ? __might_sleep+0x95/0x190 [ 795.038050] ? tty_vhangup+0x30/0x30 [ 795.041782] do_vfs_ioctl+0xd5f/0x1380 [ 795.045689] ? selinux_file_ioctl+0x46f/0x5e0 [ 795.050198] ? selinux_file_ioctl+0x125/0x5e0 [ 795.055055] ? ioctl_preallocate+0x210/0x210 [ 795.059475] ? selinux_file_mprotect+0x620/0x620 [ 795.064254] ? iterate_fd+0x360/0x360 [ 795.068078] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 795.073629] ? fput+0x128/0x1a0 [ 795.076932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.082480] ? security_file_ioctl+0x8d/0xc0 [ 795.086908] ksys_ioctl+0xab/0xd0 [ 795.090378] __x64_sys_ioctl+0x73/0xb0 [ 795.094284] do_syscall_64+0xfd/0x620 [ 795.098107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 795.103303] RIP: 0033:0x459829 [ 795.106517] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 795.125432] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 795.133161] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 795.140441] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 795.147718] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 795.154996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 795.162277] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 795.172297] Bluetooth: hci2: Frame reassembly failed (-84) 01:12:33 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:12:33 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x0) 01:12:33 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, 0x0, 0x0) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:33 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x40086602, 0x0) [ 795.507066] Bluetooth: hci1: Frame reassembly failed (-84) [ 795.516306] Bluetooth: hci1: Frame reassembly failed (-84) [ 795.540093] Bluetooth: hci3: Frame reassembly failed (-84) 01:12:33 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x0) 01:12:33 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, 0x0, 0x0) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:33 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x0) 01:12:33 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(0x0, 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 796.828642] Bluetooth: hci0: command 0x1003 tx timeout [ 796.834111] Bluetooth: hci0: sending frame failed (-49) [ 797.218641] Bluetooth: hci2: command 0x1003 tx timeout [ 797.224064] Bluetooth: hci2: sending frame failed (-49) [ 797.538666] Bluetooth: hci1: command 0x1003 tx timeout [ 797.545716] Bluetooth: hci1: sending frame failed (-49) [ 797.618645] Bluetooth: hci3: command 0x1003 tx timeout [ 797.624093] Bluetooth: hci3: sending frame failed (-49) [ 798.898675] Bluetooth: hci0: command 0x1001 tx timeout [ 798.904080] Bluetooth: hci0: sending frame failed (-49) [ 799.298649] Bluetooth: hci2: command 0x1001 tx timeout [ 799.304055] Bluetooth: hci2: sending frame failed (-49) [ 799.618618] Bluetooth: hci1: command 0x1001 tx timeout [ 799.624062] Bluetooth: hci1: sending frame failed (-49) [ 799.698623] Bluetooth: hci3: command 0x1001 tx timeout [ 799.704037] Bluetooth: hci3: sending frame failed (-49) [ 800.978640] Bluetooth: hci0: command 0x1009 tx timeout [ 801.378709] Bluetooth: hci2: command 0x1009 tx timeout [ 801.698655] Bluetooth: hci1: command 0x1009 tx timeout [ 801.778758] Bluetooth: hci3: command 0x1009 tx timeout 01:12:43 executing program 0 (fault-call:3 fault-nth:48): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:12:43 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x0) 01:12:43 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(0x0, 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:43 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5413, 0x0) 01:12:43 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x2, 0x0) 01:12:43 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x40087602, 0x0) [ 805.755029] FAULT_INJECTION: forcing a failure. [ 805.755029] name failslab, interval 1, probability 0, space 0, times 0 [ 805.770067] CPU: 0 PID: 11531 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 805.777103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.786459] Call Trace: [ 805.789067] dump_stack+0x172/0x1f0 [ 805.792721] should_fail.cold+0xa/0x1b [ 805.796627] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 805.801744] ? lock_downgrade+0x810/0x810 [ 805.805904] ? ___might_sleep+0x163/0x280 [ 805.810066] __should_failslab+0x121/0x190 [ 805.814314] should_failslab+0x9/0x14 [ 805.818122] __kmalloc_track_caller+0x2de/0x750 [ 805.822812] ? __lock_acquire+0x6eb/0x48f0 [ 805.827060] ? kstrdup_const+0x66/0x80 [ 805.830959] kstrdup+0x3a/0x70 [ 805.834164] kstrdup_const+0x66/0x80 [ 805.837900] __kernfs_new_node+0xb0/0x680 [ 805.842055] ? mark_held_locks+0x100/0x100 [ 805.846301] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 805.851067] ? wait_for_completion+0x440/0x440 [ 805.855660] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 805.861125] ? find_held_lock+0x35/0x130 [ 805.865201] ? sysfs_do_create_link_sd.isra.0+0x82/0x130 [ 805.870669] ? kernfs_activate+0x192/0x1f0 [ 805.874918] kernfs_new_node+0x99/0x130 [ 805.878907] kernfs_create_link+0xdd/0x250 [ 805.883159] sysfs_do_create_link_sd.isra.0+0x90/0x130 [ 805.888451] sysfs_create_link+0x65/0xc0 [ 805.892524] device_add+0x7ce/0x1760 [ 805.896258] ? get_device_parent.isra.0+0x570/0x570 [ 805.901301] rfkill_register+0x1bf/0xb50 [ 805.905381] hci_register_dev+0x385/0x880 [ 805.909548] hci_uart_tty_ioctl+0x761/0xaf0 [ 805.913886] tty_ioctl+0x8b5/0x1510 [ 805.917520] ? hci_uart_init_work+0x140/0x140 [ 805.922025] ? tty_vhangup+0x30/0x30 [ 805.925747] ? mark_held_locks+0x100/0x100 [ 805.929994] ? proc_cwd_link+0x1d0/0x1d0 [ 805.934068] ? __fget+0x340/0x540 [ 805.937529] ? ___might_sleep+0x163/0x280 [ 805.941690] ? __might_sleep+0x95/0x190 [ 805.945674] ? tty_vhangup+0x30/0x30 [ 805.949402] do_vfs_ioctl+0xd5f/0x1380 [ 805.953299] ? selinux_file_ioctl+0x46f/0x5e0 [ 805.957805] ? selinux_file_ioctl+0x125/0x5e0 [ 805.962312] ? ioctl_preallocate+0x210/0x210 [ 805.966734] ? selinux_file_mprotect+0x620/0x620 [ 805.971513] ? iterate_fd+0x360/0x360 [ 805.975327] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 805.980873] ? fput+0x128/0x1a0 [ 805.984184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.989736] ? security_file_ioctl+0x8d/0xc0 [ 805.994160] ksys_ioctl+0xab/0xd0 [ 805.997636] __x64_sys_ioctl+0x73/0xb0 [ 806.001538] do_syscall_64+0xfd/0x620 [ 806.005355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.010552] RIP: 0033:0x459829 [ 806.013754] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 806.032669] RSP: 002b:00007fd01d6e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 806.040402] RAX: ffffffffffffffda RBX: 00007fd01d6e3c90 RCX: 0000000000459829 [ 806.047680] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 01:12:43 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4b47, 0x0) 01:12:43 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x0) [ 806.054958] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 806.062242] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d6e46d4 [ 806.069524] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 806.084553] Bluetooth: hci2: Frame reassembly failed (-84) [ 806.084787] Bluetooth: hci1: Frame reassembly failed (-84) 01:12:44 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(0x0, 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:44 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x0) 01:12:44 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4b49, 0x0) 01:12:44 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x0, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 807.698642] Bluetooth: hci0: command 0x1003 tx timeout [ 807.704064] Bluetooth: hci0: sending frame failed (-49) [ 808.108649] Bluetooth: hci1: command 0x1003 tx timeout [ 808.114057] Bluetooth: hci1: sending frame failed (-49) [ 808.119842] Bluetooth: hci2: command 0x1003 tx timeout [ 808.125190] Bluetooth: hci2: sending frame failed (-49) [ 809.788646] Bluetooth: hci0: command 0x1001 tx timeout [ 809.794062] Bluetooth: hci0: sending frame failed (-49) [ 810.178659] Bluetooth: hci2: command 0x1001 tx timeout [ 810.184301] Bluetooth: hci2: sending frame failed (-49) [ 810.190062] Bluetooth: hci1: command 0x1001 tx timeout [ 810.195420] Bluetooth: hci1: sending frame failed (-49) [ 811.858673] Bluetooth: hci0: command 0x1009 tx timeout [ 812.258655] Bluetooth: hci1: command 0x1009 tx timeout [ 812.264054] Bluetooth: hci2: command 0x1009 tx timeout 01:12:54 executing program 0 (fault-call:3 fault-nth:49): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:12:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x0) 01:12:54 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x0) 01:12:54 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x0, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5414, 0x0) 01:12:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x4020940d, 0x0) [ 816.600509] Bluetooth: hci0: Frame reassembly failed (-84) [ 816.643586] FAULT_INJECTION: forcing a failure. [ 816.643586] name failslab, interval 1, probability 0, space 0, times 0 [ 816.657565] Bluetooth: hci1: Frame reassembly failed (-84) [ 816.668435] CPU: 1 PID: 11564 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 816.675474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.684835] Call Trace: [ 816.684862] dump_stack+0x172/0x1f0 [ 816.684889] should_fail.cold+0xa/0x1b [ 816.684914] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 816.684936] ? lock_downgrade+0x810/0x810 [ 816.684957] ? ___might_sleep+0x163/0x280 [ 816.684990] __should_failslab+0x121/0x190 [ 816.708462] should_failslab+0x9/0x14 [ 816.708480] kmem_cache_alloc+0x2ae/0x700 [ 816.708501] ? lock_downgrade+0x810/0x810 [ 816.708527] __kernfs_new_node+0xef/0x680 [ 816.708551] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 816.733759] ? wait_for_completion+0x440/0x440 [ 816.738366] ? mutex_unlock+0xd/0x10 01:12:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x0) 01:12:54 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x0) [ 816.738385] ? kernfs_activate+0x192/0x1f0 [ 816.738409] kernfs_new_node+0x99/0x130 [ 816.738432] __kernfs_create_file+0x51/0x340 [ 816.738451] sysfs_add_file_mode_ns+0x222/0x560 [ 816.759435] internal_create_group+0x383/0xc30 [ 816.764052] ? remove_files.isra.0+0x190/0x190 [ 816.768647] ? kernfs_put+0x3c2/0x5d0 [ 816.772492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.772511] ? kernfs_create_link+0x1d2/0x250 [ 816.772536] sysfs_create_groups+0x9b/0x141 [ 816.772559] device_add+0x87e/0x1760 [ 816.772584] ? get_device_parent.isra.0+0x570/0x570 [ 816.772612] rfkill_register+0x1bf/0xb50 [ 816.799743] hci_register_dev+0x385/0x880 [ 816.803924] hci_uart_tty_ioctl+0x761/0xaf0 [ 816.808261] tty_ioctl+0x8b5/0x1510 [ 816.811903] ? hci_uart_init_work+0x140/0x140 [ 816.816416] ? tty_vhangup+0x30/0x30 [ 816.820151] ? mark_held_locks+0x100/0x100 [ 816.824408] ? perf_trace_lock_acquire+0x380/0x580 [ 816.829361] ? __fget+0x340/0x540 [ 816.832835] ? ___might_sleep+0x163/0x280 [ 816.837001] ? __might_sleep+0x95/0x190 [ 816.840994] ? tty_vhangup+0x30/0x30 [ 816.844726] do_vfs_ioctl+0xd5f/0x1380 [ 816.848632] ? selinux_file_ioctl+0x46f/0x5e0 [ 816.853140] ? selinux_file_ioctl+0x125/0x5e0 [ 816.857648] ? ioctl_preallocate+0x210/0x210 [ 816.862082] ? selinux_file_mprotect+0x620/0x620 [ 816.866860] ? iterate_fd+0x360/0x360 [ 816.870674] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 816.876227] ? fput+0x128/0x1a0 [ 816.879536] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.885091] ? security_file_ioctl+0x8d/0xc0 [ 816.889512] ksys_ioctl+0xab/0xd0 01:12:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x0) [ 816.892979] __x64_sys_ioctl+0x73/0xb0 [ 816.896890] do_syscall_64+0xfd/0x620 [ 816.900721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.905924] RIP: 0033:0x459829 [ 816.909132] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 816.928052] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 816.928070] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 816.928079] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 816.928088] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 816.928097] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 816.928106] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 816.974494] Bluetooth: hci2: Frame reassembly failed (-84) 01:12:54 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x0) 01:12:54 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x0, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:12:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x0) [ 818.658656] Bluetooth: hci1: command 0x1003 tx timeout [ 818.664018] Bluetooth: hci0: command 0x1003 tx timeout [ 818.664063] Bluetooth: hci1: sending frame failed (-49) [ 818.678675] Bluetooth: hci0: sending frame failed (-49) [ 818.988645] Bluetooth: hci2: command 0x1003 tx timeout [ 818.994052] Bluetooth: hci2: sending frame failed (-49) [ 820.738839] Bluetooth: hci0: command 0x1001 tx timeout [ 820.744235] Bluetooth: hci0: sending frame failed (-49) [ 820.750136] Bluetooth: hci1: command 0x1001 tx timeout [ 820.755516] Bluetooth: hci1: sending frame failed (-49) [ 821.058685] Bluetooth: hci2: command 0x1001 tx timeout [ 821.064090] Bluetooth: hci2: sending frame failed (-49) [ 822.818850] Bluetooth: hci1: command 0x1009 tx timeout [ 822.824290] Bluetooth: hci0: command 0x1009 tx timeout [ 823.138658] Bluetooth: hci2: command 0x1009 tx timeout 01:13:05 executing program 0 (fault-call:3 fault-nth:50): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:13:05 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(0xffffffffffffffff, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:05 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x40087602, 0x0) 01:13:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x0) 01:13:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5415, 0x0) 01:13:05 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x80045432, 0x0) [ 827.454764] Bluetooth: hci0: Frame reassembly failed (-84) 01:13:05 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x0) [ 827.540779] FAULT_INJECTION: forcing a failure. [ 827.540779] name failslab, interval 1, probability 0, space 0, times 0 [ 827.596264] CPU: 1 PID: 11597 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 827.603332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.612698] Call Trace: [ 827.615315] dump_stack+0x172/0x1f0 [ 827.618967] should_fail.cold+0xa/0x1b [ 827.622871] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 827.627986] ? lock_downgrade+0x810/0x810 [ 827.632148] ? ___might_sleep+0x163/0x280 [ 827.636321] __should_failslab+0x121/0x190 [ 827.640573] should_failslab+0x9/0x14 01:13:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x0) [ 827.644385] kmem_cache_alloc+0x2ae/0x700 [ 827.648549] ? lock_downgrade+0x810/0x810 [ 827.652724] __kernfs_new_node+0xef/0x680 [ 827.656988] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 827.661781] ? wait_for_completion+0x440/0x440 [ 827.666379] ? mutex_unlock+0xd/0x10 [ 827.670116] ? kernfs_activate+0x192/0x1f0 [ 827.674372] kernfs_new_node+0x99/0x130 [ 827.678373] __kernfs_create_file+0x51/0x340 [ 827.682805] sysfs_add_file_mode_ns+0x222/0x560 [ 827.687498] internal_create_group+0x383/0xc30 [ 827.692107] ? remove_files.isra.0+0x190/0x190 [ 827.696707] ? kernfs_put+0x3c2/0x5d0 [ 827.700527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.706077] ? kernfs_create_link+0x1d2/0x250 [ 827.710607] sysfs_create_groups+0x9b/0x141 [ 827.714950] device_add+0x87e/0x1760 [ 827.718693] ? get_device_parent.isra.0+0x570/0x570 [ 827.723742] rfkill_register+0x1bf/0xb50 [ 827.727829] hci_register_dev+0x385/0x880 [ 827.732010] hci_uart_tty_ioctl+0x761/0xaf0 [ 827.736352] tty_ioctl+0x8b5/0x1510 [ 827.739996] ? hci_uart_init_work+0x140/0x140 [ 827.744510] ? tty_vhangup+0x30/0x30 [ 827.748240] ? mark_held_locks+0x100/0x100 [ 827.752494] ? debug_smp_processor_id+0x1c/0x20 [ 827.757183] ? __fget+0x340/0x540 [ 827.760651] ? ___might_sleep+0x163/0x280 [ 827.764822] ? __might_sleep+0x95/0x190 [ 827.768817] ? tty_vhangup+0x30/0x30 [ 827.772545] do_vfs_ioctl+0xd5f/0x1380 [ 827.776448] ? selinux_file_ioctl+0x46f/0x5e0 [ 827.780960] ? selinux_file_ioctl+0x125/0x5e0 [ 827.785476] ? ioctl_preallocate+0x210/0x210 [ 827.789895] ? selinux_file_mprotect+0x620/0x620 [ 827.794676] ? iterate_fd+0x360/0x360 [ 827.798498] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 827.804042] ? fput+0x128/0x1a0 [ 827.807348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 827.812895] ? security_file_ioctl+0x8d/0xc0 [ 827.817353] ksys_ioctl+0xab/0xd0 [ 827.820826] __x64_sys_ioctl+0x73/0xb0 [ 827.824731] do_syscall_64+0xfd/0x620 [ 827.828553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.833752] RIP: 0033:0x459829 [ 827.836957] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 827.855871] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 827.863613] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 827.870890] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 827.878167] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 827.885446] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 827.892727] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 827.911646] Bluetooth: hci2: Frame reassembly failed (-84) 01:13:05 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(0xffffffffffffffff, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x0) 01:13:05 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x0) 01:13:06 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(0xffffffffffffffff, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 829.468761] Bluetooth: hci0: command 0x1003 tx timeout [ 829.474139] Bluetooth: hci0: sending frame failed (-49) [ 829.538710] Bluetooth: hci1: command 0x1003 tx timeout [ 829.544281] Bluetooth: hci1: sending frame failed (-49) [ 829.938670] Bluetooth: hci2: command 0x1003 tx timeout [ 829.944258] Bluetooth: hci2: sending frame failed (-49) [ 831.538649] Bluetooth: hci0: command 0x1001 tx timeout [ 831.544056] Bluetooth: hci0: sending frame failed (-49) [ 831.618621] Bluetooth: hci1: command 0x1001 tx timeout [ 831.624029] Bluetooth: hci1: sending frame failed (-49) [ 832.018625] Bluetooth: hci2: command 0x1001 tx timeout [ 832.024038] Bluetooth: hci2: sending frame failed (-49) [ 833.618878] Bluetooth: hci0: command 0x1009 tx timeout [ 833.698738] Bluetooth: hci1: command 0x1009 tx timeout [ 834.098718] Bluetooth: hci2: command 0x1009 tx timeout 01:13:16 executing program 0 (fault-call:3 fault-nth:51): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:13:16 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x0) 01:13:16 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x0) 01:13:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:16 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x80045440, 0x0) 01:13:16 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5416, 0x0) 01:13:16 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x0) 01:13:16 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x0) [ 838.342166] Bluetooth: hci0: Frame reassembly failed (-84) [ 838.354005] Bluetooth: hci1: Frame reassembly failed (-84) [ 838.372745] FAULT_INJECTION: forcing a failure. [ 838.372745] name failslab, interval 1, probability 0, space 0, times 0 [ 838.425227] CPU: 1 PID: 11630 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 838.432302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 838.441690] Call Trace: [ 838.444323] dump_stack+0x172/0x1f0 [ 838.448010] should_fail.cold+0xa/0x1b [ 838.451936] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 838.457076] ? lock_downgrade+0x810/0x810 [ 838.461397] ? ___might_sleep+0x163/0x280 [ 838.465586] __should_failslab+0x121/0x190 [ 838.469857] should_failslab+0x9/0x14 [ 838.473690] kmem_cache_alloc+0x2ae/0x700 [ 838.477872] ? lock_downgrade+0x810/0x810 [ 838.482053] __kernfs_new_node+0xef/0x680 [ 838.486252] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 838.491032] ? wait_for_completion+0x440/0x440 [ 838.495655] ? mutex_unlock+0xd/0x10 [ 838.499405] ? kernfs_activate+0x192/0x1f0 [ 838.503695] kernfs_new_node+0x99/0x130 [ 838.507721] __kernfs_create_file+0x51/0x340 [ 838.512168] sysfs_add_file_mode_ns+0x222/0x560 [ 838.516876] internal_create_group+0x383/0xc30 [ 838.521499] ? remove_files.isra.0+0x190/0x190 [ 838.526107] ? kernfs_put+0x3c2/0x5d0 [ 838.529941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.535514] ? kernfs_create_link+0x1d2/0x250 [ 838.540049] sysfs_create_groups+0x9b/0x141 [ 838.544408] device_add+0x87e/0x1760 [ 838.548178] ? get_device_parent.isra.0+0x570/0x570 [ 838.553234] rfkill_register+0x1bf/0xb50 [ 838.557338] hci_register_dev+0x385/0x880 [ 838.561523] hci_uart_tty_ioctl+0x761/0xaf0 [ 838.565874] tty_ioctl+0x8b5/0x1510 [ 838.569533] ? hci_uart_init_work+0x140/0x140 [ 838.574062] ? tty_vhangup+0x30/0x30 [ 838.577802] ? mark_held_locks+0x100/0x100 [ 838.582092] ? debug_smp_processor_id+0x1c/0x20 [ 838.586888] ? __fget+0x340/0x540 [ 838.590385] ? ___might_sleep+0x163/0x280 [ 838.594563] ? __might_sleep+0x95/0x190 [ 838.598601] ? tty_vhangup+0x30/0x30 [ 838.602349] do_vfs_ioctl+0xd5f/0x1380 [ 838.606265] ? selinux_file_ioctl+0x46f/0x5e0 [ 838.610782] ? selinux_file_ioctl+0x125/0x5e0 [ 838.615308] ? ioctl_preallocate+0x210/0x210 [ 838.619746] ? selinux_file_mprotect+0x620/0x620 [ 838.624539] ? iterate_fd+0x360/0x360 [ 838.628508] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 838.634074] ? fput+0x128/0x1a0 [ 838.637392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 838.642959] ? security_file_ioctl+0x8d/0xc0 [ 838.647404] ksys_ioctl+0xab/0xd0 [ 838.650885] __x64_sys_ioctl+0x73/0xb0 [ 838.654803] do_syscall_64+0xfd/0x620 [ 838.658638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 838.663850] RIP: 0033:0x459829 [ 838.667102] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 838.686033] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 838.693777] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 838.701199] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 838.708491] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 838.715785] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 01:13:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 838.723120] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:13:16 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x0) 01:13:16 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x0) [ 838.866236] Bluetooth: hci2: Frame reassembly failed (-84) [ 838.879686] Bluetooth: hci2: Frame reassembly failed (-84) 01:13:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 840.418826] Bluetooth: hci1: command 0x1003 tx timeout [ 840.424372] Bluetooth: hci0: command 0x1003 tx timeout [ 840.424412] Bluetooth: hci1: sending frame failed (-49) [ 840.435901] Bluetooth: hci0: sending frame failed (-49) [ 840.898675] Bluetooth: hci2: command 0x1003 tx timeout [ 840.904260] Bluetooth: hci2: sending frame failed (-49) [ 842.498715] Bluetooth: hci0: command 0x1001 tx timeout [ 842.504267] Bluetooth: hci0: sending frame failed (-49) [ 842.509950] Bluetooth: hci1: command 0x1001 tx timeout [ 842.515312] Bluetooth: hci1: sending frame failed (-49) [ 842.978682] Bluetooth: hci2: command 0x1001 tx timeout [ 842.984104] Bluetooth: hci2: sending frame failed (-49) [ 844.578685] Bluetooth: hci1: command 0x1009 tx timeout [ 844.584082] Bluetooth: hci0: command 0x1009 tx timeout [ 845.058679] Bluetooth: hci2: command 0x1009 tx timeout 01:13:26 executing program 0 (fault-call:3 fault-nth:52): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:13:26 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x0) 01:13:26 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x80086601, 0x0) 01:13:26 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5418, 0x0) 01:13:26 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x0) 01:13:27 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x0) [ 849.203950] Bluetooth: hci0: Frame reassembly failed (-84) [ 849.220701] Bluetooth: hci1: Frame reassembly failed (-84) [ 849.227014] Bluetooth: hci1: Frame reassembly failed (-84) 01:13:27 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x0) [ 849.283458] FAULT_INJECTION: forcing a failure. [ 849.283458] name failslab, interval 1, probability 0, space 0, times 0 [ 849.353609] CPU: 1 PID: 11660 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 849.360707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.370075] Call Trace: [ 849.372694] dump_stack+0x172/0x1f0 [ 849.376350] should_fail.cold+0xa/0x1b [ 849.380260] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 849.385380] ? lock_downgrade+0x810/0x810 [ 849.389541] ? ___might_sleep+0x163/0x280 [ 849.393714] __should_failslab+0x121/0x190 [ 849.397976] should_failslab+0x9/0x14 [ 849.401793] kmem_cache_alloc+0x2ae/0x700 [ 849.405961] ? lock_downgrade+0x810/0x810 [ 849.410134] __kernfs_new_node+0xef/0x680 [ 849.414305] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 849.419083] ? wait_for_completion+0x440/0x440 [ 849.423699] ? mutex_unlock+0xd/0x10 [ 849.427429] ? kernfs_activate+0x192/0x1f0 [ 849.431692] kernfs_new_node+0x99/0x130 [ 849.435700] __kernfs_create_file+0x51/0x340 [ 849.440130] sysfs_add_file_mode_ns+0x222/0x560 [ 849.444827] internal_create_group+0x383/0xc30 [ 849.449436] ? remove_files.isra.0+0x190/0x190 [ 849.454036] ? kernfs_put+0x3c2/0x5d0 [ 849.457858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.463415] ? kernfs_create_link+0x1d2/0x250 [ 849.467939] sysfs_create_groups+0x9b/0x141 [ 849.472281] device_add+0x87e/0x1760 [ 849.476022] ? get_device_parent.isra.0+0x570/0x570 [ 849.481071] rfkill_register+0x1bf/0xb50 [ 849.485160] hci_register_dev+0x385/0x880 [ 849.489338] hci_uart_tty_ioctl+0x761/0xaf0 [ 849.493678] tty_ioctl+0x8b5/0x1510 [ 849.497330] ? hci_uart_init_work+0x140/0x140 [ 849.501845] ? tty_vhangup+0x30/0x30 [ 849.505571] ? mark_held_locks+0x100/0x100 [ 849.509826] ? debug_smp_processor_id+0x1c/0x20 [ 849.514514] ? __fget+0x340/0x540 [ 849.517991] ? ___might_sleep+0x163/0x280 [ 849.522160] ? __might_sleep+0x95/0x190 [ 849.526150] ? tty_vhangup+0x30/0x30 [ 849.529881] do_vfs_ioctl+0xd5f/0x1380 [ 849.533786] ? selinux_file_ioctl+0x46f/0x5e0 [ 849.538300] ? selinux_file_ioctl+0x125/0x5e0 [ 849.542814] ? ioctl_preallocate+0x210/0x210 [ 849.547236] ? selinux_file_mprotect+0x620/0x620 [ 849.552016] ? iterate_fd+0x360/0x360 [ 849.555835] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 849.561388] ? fput+0x128/0x1a0 [ 849.564702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.570255] ? security_file_ioctl+0x8d/0xc0 [ 849.574689] ksys_ioctl+0xab/0xd0 [ 849.578163] __x64_sys_ioctl+0x73/0xb0 [ 849.582073] do_syscall_64+0xfd/0x620 [ 849.585896] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 849.591098] RIP: 0033:0x459829 [ 849.594314] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 849.613228] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 849.620960] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 849.628238] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 849.635522] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 849.642798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 01:13:27 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x0) 01:13:27 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x0) [ 849.650086] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 01:13:27 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 849.684482] Bluetooth: hci2: Frame reassembly failed (-84) 01:13:27 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x0) [ 851.228794] Bluetooth: hci0: command 0x1003 tx timeout [ 851.234193] Bluetooth: hci0: sending frame failed (-49) [ 851.298647] Bluetooth: hci1: command 0x1003 tx timeout [ 851.304049] Bluetooth: hci1: sending frame failed (-49) [ 851.708668] Bluetooth: hci2: command 0x1003 tx timeout [ 851.714055] Bluetooth: hci2: sending frame failed (-49) [ 853.298779] Bluetooth: hci0: command 0x1001 tx timeout [ 853.304173] Bluetooth: hci0: sending frame failed (-49) [ 853.388685] Bluetooth: hci1: command 0x1001 tx timeout [ 853.394086] Bluetooth: hci1: sending frame failed (-49) [ 853.778655] Bluetooth: hci2: command 0x1001 tx timeout [ 853.784049] Bluetooth: hci2: sending frame failed (-49) [ 855.388815] Bluetooth: hci0: command 0x1009 tx timeout [ 855.468651] Bluetooth: hci1: command 0x1009 tx timeout [ 855.858651] Bluetooth: hci2: command 0x1009 tx timeout 01:13:37 executing program 0 (fault-call:3 fault-nth:53): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:13:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x0) 01:13:37 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:37 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80086601, 0x0) 01:13:37 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x541b, 0x0) 01:13:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x80087601, 0x0) 01:13:37 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x80087601, 0x0) [ 860.120109] Bluetooth: hci1: Frame reassembly failed (-84) 01:13:37 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x0) [ 860.183525] FAULT_INJECTION: forcing a failure. [ 860.183525] name failslab, interval 1, probability 0, space 0, times 0 [ 860.210124] CPU: 1 PID: 11699 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 860.217170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 860.226534] Call Trace: [ 860.229142] dump_stack+0x172/0x1f0 [ 860.232793] should_fail.cold+0xa/0x1b [ 860.236710] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 860.241828] ? lock_downgrade+0x810/0x810 [ 860.245996] ? ___might_sleep+0x163/0x280 [ 860.250167] __should_failslab+0x121/0x190 [ 860.254422] should_failslab+0x9/0x14 [ 860.258242] kmem_cache_alloc+0x2ae/0x700 [ 860.262407] ? lock_downgrade+0x810/0x810 [ 860.266580] __kernfs_new_node+0xef/0x680 [ 860.270749] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 860.275523] ? wait_for_completion+0x440/0x440 [ 860.280137] ? mutex_unlock+0xd/0x10 [ 860.283874] ? kernfs_activate+0x192/0x1f0 [ 860.288130] kernfs_new_node+0x99/0x130 [ 860.292130] __kernfs_create_file+0x51/0x340 [ 860.296561] sysfs_add_file_mode_ns+0x222/0x560 [ 860.301253] internal_create_group+0x383/0xc30 [ 860.305859] ? remove_files.isra.0+0x190/0x190 [ 860.310454] ? kernfs_put+0x3c2/0x5d0 [ 860.314277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 860.319833] ? kernfs_create_link+0x1d2/0x250 [ 860.324357] sysfs_create_groups+0x9b/0x141 [ 860.328705] device_add+0x87e/0x1760 [ 860.332443] ? get_device_parent.isra.0+0x570/0x570 [ 860.337486] rfkill_register+0x1bf/0xb50 [ 860.341572] hci_register_dev+0x385/0x880 [ 860.345743] hci_uart_tty_ioctl+0x761/0xaf0 [ 860.350113] tty_ioctl+0x8b5/0x1510 [ 860.353755] ? hci_uart_init_work+0x140/0x140 [ 860.358267] ? tty_vhangup+0x30/0x30 [ 860.361998] ? mark_held_locks+0x100/0x100 [ 860.366252] ? perf_trace_lock_acquire+0x380/0x580 [ 860.371198] ? __fget+0x340/0x540 [ 860.374672] ? ___might_sleep+0x163/0x280 [ 860.378852] ? __might_sleep+0x95/0x190 [ 860.382844] ? tty_vhangup+0x30/0x30 [ 860.386578] do_vfs_ioctl+0xd5f/0x1380 [ 860.390481] ? selinux_file_ioctl+0x46f/0x5e0 [ 860.394989] ? selinux_file_ioctl+0x125/0x5e0 [ 860.399531] ? ioctl_preallocate+0x210/0x210 [ 860.403954] ? selinux_file_mprotect+0x620/0x620 [ 860.408735] ? iterate_fd+0x360/0x360 [ 860.412555] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 860.418106] ? fput+0x128/0x1a0 [ 860.421408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 860.426959] ? security_file_ioctl+0x8d/0xc0 [ 860.431388] ksys_ioctl+0xab/0xd0 [ 860.434866] __x64_sys_ioctl+0x73/0xb0 [ 860.438773] do_syscall_64+0xfd/0x620 [ 860.442594] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 860.447796] RIP: 0033:0x459829 [ 860.451000] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 860.469916] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 860.477648] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 860.484933] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 860.492236] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 860.499515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 860.506793] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 860.542932] Bluetooth: hci2: Frame reassembly failed (-84) 01:13:38 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x0) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x0) 01:13:38 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x541f, 0x0) 01:13:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x0) [ 862.178702] Bluetooth: hci1: command 0x1003 tx timeout [ 862.184107] Bluetooth: hci1: sending frame failed (-49) [ 862.189575] Bluetooth: hci0: command 0x1003 tx timeout [ 862.195242] Bluetooth: hci0: sending frame failed (-49) [ 862.578874] Bluetooth: hci2: command 0x1003 tx timeout [ 862.584494] Bluetooth: hci2: sending frame failed (-49) [ 864.258693] Bluetooth: hci0: command 0x1001 tx timeout [ 864.264098] Bluetooth: hci0: sending frame failed (-49) [ 864.269928] Bluetooth: hci1: command 0x1001 tx timeout [ 864.275289] Bluetooth: hci1: sending frame failed (-49) [ 864.658776] Bluetooth: hci2: command 0x1001 tx timeout [ 864.664206] Bluetooth: hci2: sending frame failed (-49) [ 866.338695] Bluetooth: hci1: command 0x1009 tx timeout [ 866.344054] Bluetooth: hci0: command 0x1009 tx timeout [ 866.738660] Bluetooth: hci2: command 0x1009 tx timeout 01:13:48 executing program 0 (fault-call:3 fault-nth:54): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:13:48 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x0) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:48 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x0) 01:13:48 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x0) 01:13:48 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x541d, 0x0) 01:13:48 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0xc0045878, 0x0) 01:13:48 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x0) 01:13:48 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x0) [ 870.997042] Bluetooth: hci1: Frame reassembly failed (-84) [ 871.003389] Bluetooth: hci1: Frame reassembly failed (-84) [ 871.030297] FAULT_INJECTION: forcing a failure. [ 871.030297] name failslab, interval 1, probability 0, space 0, times 0 [ 871.074980] CPU: 0 PID: 11732 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 871.082125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.091488] Call Trace: [ 871.094091] dump_stack+0x172/0x1f0 [ 871.097746] should_fail.cold+0xa/0x1b [ 871.101653] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 871.106770] ? lock_downgrade+0x810/0x810 [ 871.110941] ? ___might_sleep+0x163/0x280 [ 871.115111] __should_failslab+0x121/0x190 [ 871.119361] should_failslab+0x9/0x14 [ 871.123169] kmem_cache_alloc+0x2ae/0x700 [ 871.127334] ? lock_downgrade+0x810/0x810 [ 871.131508] __kernfs_new_node+0xef/0x680 [ 871.135677] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 871.140446] ? wait_for_completion+0x440/0x440 [ 871.145056] ? mutex_unlock+0xd/0x10 [ 871.148783] ? kernfs_activate+0x192/0x1f0 [ 871.153039] kernfs_new_node+0x99/0x130 [ 871.157032] __kernfs_create_file+0x51/0x340 [ 871.161458] sysfs_add_file_mode_ns+0x222/0x560 [ 871.166151] internal_create_group+0x383/0xc30 [ 871.170769] ? remove_files.isra.0+0x190/0x190 [ 871.175358] ? kernfs_put+0x3c2/0x5d0 [ 871.179176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 871.184977] ? kernfs_create_link+0x1d2/0x250 [ 871.189504] sysfs_create_groups+0x9b/0x141 [ 871.193846] device_add+0x87e/0x1760 [ 871.197585] ? get_device_parent.isra.0+0x570/0x570 [ 871.202634] rfkill_register+0x1bf/0xb50 [ 871.206718] hci_register_dev+0x385/0x880 [ 871.210893] hci_uart_tty_ioctl+0x761/0xaf0 [ 871.215236] tty_ioctl+0x8b5/0x1510 [ 871.218877] ? hci_uart_init_work+0x140/0x140 [ 871.223386] ? tty_vhangup+0x30/0x30 [ 871.227117] ? mark_held_locks+0x100/0x100 [ 871.231372] ? perf_trace_lock_acquire+0x380/0x580 [ 871.236320] ? __fget+0x340/0x540 [ 871.239788] ? ___might_sleep+0x163/0x280 [ 871.243951] ? __might_sleep+0x95/0x190 [ 871.247940] ? tty_vhangup+0x30/0x30 [ 871.251668] do_vfs_ioctl+0xd5f/0x1380 [ 871.255567] ? selinux_file_ioctl+0x46f/0x5e0 [ 871.260072] ? selinux_file_ioctl+0x125/0x5e0 [ 871.264579] ? ioctl_preallocate+0x210/0x210 [ 871.269000] ? selinux_file_mprotect+0x620/0x620 [ 871.273783] ? iterate_fd+0x360/0x360 [ 871.277603] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 871.283149] ? fput+0x128/0x1a0 [ 871.286457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 871.292004] ? security_file_ioctl+0x8d/0xc0 [ 871.296441] ksys_ioctl+0xab/0xd0 [ 871.299928] __x64_sys_ioctl+0x73/0xb0 [ 871.303833] do_syscall_64+0xfd/0x620 [ 871.307653] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 871.312848] RIP: 0033:0x459829 [ 871.316048] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 871.334958] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 871.342685] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 871.349960] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 871.357236] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 871.364516] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 871.371795] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 871.400336] Bluetooth: hci2: Frame reassembly failed (-84) [ 871.406153] Bluetooth: hci2: Frame reassembly failed (-84) 01:13:49 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x0) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x0) 01:13:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 01:13:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x0) [ 872.978796] Bluetooth: hci0: command 0x1003 tx timeout [ 872.984215] Bluetooth: hci0: sending frame failed (-49) [ 873.058702] Bluetooth: hci1: command 0x1003 tx timeout [ 873.064101] Bluetooth: hci1: sending frame failed (-49) [ 873.458645] Bluetooth: hci2: command 0x1003 tx timeout [ 873.464220] Bluetooth: hci2: sending frame failed (-49) [ 875.058918] Bluetooth: hci0: command 0x1001 tx timeout [ 875.064313] Bluetooth: hci0: sending frame failed (-49) [ 875.138724] Bluetooth: hci1: command 0x1001 tx timeout [ 875.144130] Bluetooth: hci1: sending frame failed (-49) [ 875.538697] Bluetooth: hci2: command 0x1001 tx timeout [ 875.544106] Bluetooth: hci2: sending frame failed (-49) [ 877.138807] Bluetooth: hci0: command 0x1009 tx timeout [ 877.218702] Bluetooth: hci1: command 0x1009 tx timeout [ 877.618664] Bluetooth: hci2: command 0x1009 tx timeout 01:13:59 executing program 0 (fault-call:3 fault-nth:55): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:13:59 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:13:59 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 01:13:59 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x0) 01:13:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0xc0045878, 0x0) 01:13:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x541f, 0x0) 01:13:59 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x0) [ 881.879833] Bluetooth: hci0: Frame reassembly failed (-84) [ 881.896642] Bluetooth: hci1: Frame reassembly failed (-84) [ 881.934941] FAULT_INJECTION: forcing a failure. [ 881.934941] name failslab, interval 1, probability 0, space 0, times 0 [ 881.948377] CPU: 0 PID: 11763 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 881.955438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 881.964816] Call Trace: [ 881.967442] dump_stack+0x172/0x1f0 [ 881.971112] should_fail.cold+0xa/0x1b [ 881.975033] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 881.980167] ? lock_downgrade+0x810/0x810 [ 881.984355] ? ___might_sleep+0x163/0x280 [ 881.988545] __should_failslab+0x121/0x190 [ 881.992811] should_failslab+0x9/0x14 [ 881.996642] kmem_cache_alloc+0x2ae/0x700 [ 882.000822] ? lock_downgrade+0x810/0x810 [ 882.005021] __kernfs_new_node+0xef/0x680 [ 882.009217] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 882.014007] ? wait_for_completion+0x440/0x440 [ 882.018635] ? mutex_unlock+0xd/0x10 [ 882.022378] ? kernfs_activate+0x192/0x1f0 [ 882.026650] kernfs_new_node+0x99/0x130 [ 882.030664] __kernfs_create_file+0x51/0x340 [ 882.035111] sysfs_add_file_mode_ns+0x222/0x560 [ 882.039824] internal_create_group+0x383/0xc30 [ 882.044456] ? remove_files.isra.0+0x190/0x190 [ 882.049068] ? kernfs_put+0x3c2/0x5d0 [ 882.052904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 882.058470] ? kernfs_create_link+0x1d2/0x250 [ 882.063009] sysfs_create_groups+0x9b/0x141 [ 882.067368] device_add+0x87e/0x1760 [ 882.071124] ? get_device_parent.isra.0+0x570/0x570 [ 882.076690] rfkill_register+0x1bf/0xb50 [ 882.080792] hci_register_dev+0x385/0x880 [ 882.084985] hci_uart_tty_ioctl+0x761/0xaf0 [ 882.089344] tty_ioctl+0x8b5/0x1510 [ 882.092996] ? hci_uart_init_work+0x140/0x140 [ 882.097521] ? tty_vhangup+0x30/0x30 [ 882.101260] ? mark_held_locks+0x100/0x100 [ 882.105517] ? perf_trace_lock_acquire+0x380/0x580 [ 882.110469] ? __fget+0x340/0x540 [ 882.113944] ? ___might_sleep+0x163/0x280 [ 882.118109] ? __might_sleep+0x95/0x190 [ 882.122096] ? tty_vhangup+0x30/0x30 [ 882.125825] do_vfs_ioctl+0xd5f/0x1380 [ 882.129728] ? selinux_file_ioctl+0x46f/0x5e0 [ 882.134230] ? selinux_file_ioctl+0x125/0x5e0 [ 882.138749] ? ioctl_preallocate+0x210/0x210 [ 882.143166] ? selinux_file_mprotect+0x620/0x620 [ 882.147956] ? iterate_fd+0x360/0x360 [ 882.151772] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 882.157316] ? fput+0x128/0x1a0 [ 882.160624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 882.166170] ? security_file_ioctl+0x8d/0xc0 [ 882.170600] ksys_ioctl+0xab/0xd0 [ 882.174071] __x64_sys_ioctl+0x73/0xb0 [ 882.177977] do_syscall_64+0xfd/0x620 [ 882.181799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 882.186998] RIP: 0033:0x459829 [ 882.190215] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 882.209131] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 882.216876] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 882.224155] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 01:14:00 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 882.231435] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 882.238716] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 882.245990] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 882.285900] Bluetooth: hci2: sending frame failed (-49) 01:14:00 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 882.348707] Bluetooth: hci3: Frame reassembly failed (-84) 01:14:00 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x0) 01:14:00 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x0) 01:14:00 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) [ 883.948753] Bluetooth: hci1: command 0x1003 tx timeout [ 883.954323] Bluetooth: hci0: command 0x1003 tx timeout [ 883.954366] Bluetooth: hci1: sending frame failed (-49) [ 883.966002] Bluetooth: hci0: sending frame failed (-49) [ 884.338709] Bluetooth: hci2: command 0x1003 tx timeout [ 884.344157] Bluetooth: hci2: sending frame failed (-49) [ 884.418808] Bluetooth: hci3: command 0x1003 tx timeout [ 884.424473] Bluetooth: hci3: sending frame failed (-49) [ 886.018741] Bluetooth: hci0: command 0x1001 tx timeout [ 886.024159] Bluetooth: hci0: sending frame failed (-49) [ 886.029828] Bluetooth: hci1: command 0x1001 tx timeout [ 886.035194] Bluetooth: hci1: sending frame failed (-49) [ 886.418730] Bluetooth: hci2: command 0x1001 tx timeout [ 886.424136] Bluetooth: hci2: sending frame failed (-49) [ 886.498801] Bluetooth: hci3: command 0x1001 tx timeout [ 886.504199] Bluetooth: hci3: sending frame failed (-49) [ 888.098675] Bluetooth: hci1: command 0x1009 tx timeout [ 888.104111] Bluetooth: hci0: command 0x1009 tx timeout [ 888.498649] Bluetooth: hci2: command 0x1009 tx timeout [ 888.578810] Bluetooth: hci3: command 0x1009 tx timeout 01:14:10 executing program 0 (fault-call:3 fault-nth:56): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:14:10 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x0) 01:14:10 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:14:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5421, 0x0) 01:14:10 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0xc0189436, 0x0) 01:14:10 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) [ 892.770980] Bluetooth: hci1: Frame reassembly failed (-84) [ 892.782024] FAULT_INJECTION: forcing a failure. [ 892.782024] name failslab, interval 1, probability 0, space 0, times 0 01:14:10 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x0) [ 892.842163] CPU: 1 PID: 11794 Comm: syz-executor.0 Not tainted 4.19.60 #33 [ 892.849223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 892.858590] Call Trace: [ 892.861197] dump_stack+0x172/0x1f0 [ 892.864855] should_fail.cold+0xa/0x1b [ 892.868770] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 892.873897] ? lock_downgrade+0x810/0x810 [ 892.878059] ? ___might_sleep+0x163/0x280 [ 892.882235] __should_failslab+0x121/0x190 [ 892.886490] should_failslab+0x9/0x14 [ 892.890305] kmem_cache_alloc+0x2ae/0x700 [ 892.894473] ? lock_downgrade+0x810/0x810 [ 892.898649] __kernfs_new_node+0xef/0x680 [ 892.902830] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 892.907601] ? wait_for_completion+0x440/0x440 [ 892.912204] ? mutex_unlock+0xd/0x10 [ 892.915938] ? kernfs_activate+0x192/0x1f0 [ 892.920192] kernfs_new_node+0x99/0x130 [ 892.924188] __kernfs_create_file+0x51/0x340 [ 892.928611] sysfs_add_file_mode_ns+0x222/0x560 [ 892.933313] internal_create_group+0x383/0xc30 [ 892.937922] ? remove_files.isra.0+0x190/0x190 [ 892.942517] ? kernfs_put+0x3c2/0x5d0 [ 892.946333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 892.951881] ? kernfs_create_link+0x1d2/0x250 [ 892.956403] sysfs_create_groups+0x9b/0x141 [ 892.960746] device_add+0x87e/0x1760 [ 892.964486] ? get_device_parent.isra.0+0x570/0x570 [ 892.969529] rfkill_register+0x1bf/0xb50 [ 892.973614] hci_register_dev+0x385/0x880 [ 892.977781] hci_uart_tty_ioctl+0x761/0xaf0 [ 892.982117] tty_ioctl+0x8b5/0x1510 [ 892.985765] ? hci_uart_init_work+0x140/0x140 [ 892.990269] ? tty_vhangup+0x30/0x30 [ 892.990287] ? mark_held_locks+0x100/0x100 [ 892.990309] ? debug_smp_processor_id+0x1c/0x20 [ 892.990331] ? __fget+0x340/0x540 [ 892.990348] ? ___might_sleep+0x163/0x280 [ 892.990367] ? __might_sleep+0x95/0x190 [ 892.990384] ? tty_vhangup+0x30/0x30 [ 892.990402] do_vfs_ioctl+0xd5f/0x1380 [ 892.998351] ? selinux_file_ioctl+0x46f/0x5e0 [ 893.026659] ? selinux_file_ioctl+0x125/0x5e0 [ 893.031184] ? ioctl_preallocate+0x210/0x210 [ 893.035601] ? selinux_file_mprotect+0x620/0x620 01:14:10 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6) [ 893.040378] ? iterate_fd+0x360/0x360 [ 893.044190] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 893.049738] ? fput+0x128/0x1a0 [ 893.053037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 893.058585] ? security_file_ioctl+0x8d/0xc0 [ 893.063024] ksys_ioctl+0xab/0xd0 [ 893.066495] __x64_sys_ioctl+0x73/0xb0 [ 893.070400] do_syscall_64+0xfd/0x620 [ 893.074221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 893.079422] RIP: 0033:0x459829 [ 893.082621] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 893.101794] RSP: 002b:00007fd01d704c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 893.109523] RAX: ffffffffffffffda RBX: 00007fd01d704c90 RCX: 0000000000459829 [ 893.116806] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000004 [ 893.124087] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 893.131370] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd01d7056d4 [ 893.138647] R13: 00000000004c250e R14: 00000000004d57d0 R15: 0000000000000005 [ 893.155314] Bluetooth: hci2: Frame reassembly failed (-84) 01:14:10 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:14:10 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x0) 01:14:11 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) 01:14:11 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x0) [ 894.818652] Bluetooth: hci1: command 0x1003 tx timeout [ 894.824015] Bluetooth: hci0: command 0x1003 tx timeout [ 894.824082] Bluetooth: hci1: sending frame failed (-49) [ 894.839646] Bluetooth: hci0: sending frame failed (-49) [ 895.228764] Bluetooth: hci2: command 0x1003 tx timeout [ 895.234333] Bluetooth: hci2: sending frame failed (-49) [ 896.898857] Bluetooth: hci0: command 0x1001 tx timeout [ 896.904261] Bluetooth: hci0: sending frame failed (-49) [ 896.910123] Bluetooth: hci1: command 0x1001 tx timeout [ 896.915493] Bluetooth: hci1: sending frame failed (-49) [ 897.298709] Bluetooth: hci2: command 0x1001 tx timeout [ 897.304115] Bluetooth: hci2: sending frame failed (-49) [ 898.978825] Bluetooth: hci1: command 0x1009 tx timeout [ 898.984280] Bluetooth: hci0: command 0x1009 tx timeout [ 899.378715] Bluetooth: hci2: command 0x1009 tx timeout 01:14:21 executing program 0 (fault-call:3 fault-nth:57): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 01:14:21 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x40, 0x4) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020f00010200000047b5a97faceb0190"], 0x10}}, 0x20) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f00000002c0), 0x44f) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x30a, 0x0, 0x0, 0x7}, 0x10) unshare(0x40401fc) r4 = fcntl$getown(r3, 0x9) getpgid(r4) read(r2, &(0x7f0000000200)=""/168, 0xa8) r5 = mq_open(&(0x7f0000000300)='\x04\x00\x00\x00\x92\r\x00\x00\x10\x00.\x16\xe8\xc2p\x12v\xc5\x92\xbf\xbd\xca\x19\x1bw|E\xb7m\xd2', 0x6eb3ebbbcc0884f2, 0x0, 0x0) mq_notify(r5, &(0x7f00000001c0)) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x4000) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f00000110c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="5999a6b614571632d507000000000000001695050012bab9c99004e2c31e8600e9f3b87c9c33ac22b2126c89ea765ee78b9e9f9bdd2c4c9a5e87c578e59ca86efae691473f00000000000000076feba99f7abcacd88f2f13a8ee8cd936ac05da753f8d4b75e6c88312370000000000000000010000355b7a20e0aa4c3acdd0eae6ca7134d56fb82693b1c9a1ea45c0f5636080dfddd27b0ff704f24ffdb8ac1f1170daaa20d693b8cf903f9a03552249000000001a000000000000000036857ec96fb6a645d85c1f737499f3435ce2e38eec85929f22f94d65b5eb0b44d0e416902b6f57bdda155104e3d3256db4d98d73b24079b431e3df9360bb3a443d711df811dbc388f64f292904e421f5e72a4cdd6dfae1e4bb1caabb7488f4f6e1d191ce82efaf84aecd2136349ca015128f1bbd1a20240688f1e1e3f7e832c3630beec402d345a23235f952339c1ff8d2fa4c900b93c6231fcca3b542e55a7312ce59b2914f6de08e2534b03f4ab7cfa2774f7e89d3df26bfc34d065ca64fc7afb8d93f9cefe43b1884700658af8deee46d000000000078e5b64a9f9b8a14234353d9e8868d5703c33f55cfffd3c22ddc56171b6335951aa573a38e879154c305336334b2456d18db2bb78863279d83c1911a8e9b1cd3c48759f243aa3e00d221f786359b944ff1eedcf7cae86a5004fe2fe1e498dcb4e357612c3447955b240b65d4553437f7c1d5c8"], 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)}, &(0x7f0000002a80)=0xc) syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x0) sendmsg$kcm(r1, 0x0, 0x20000004) mq_notify(r5, &(0x7f0000002940)={0x0, 0x3f, 0x1, @thr={&(0x7f0000002800)="af66bfe98e95b8cc6a3dced16eb4f5f7e6490cfed992463a3a03faeae42fd6c34280bb44a5e1e56ec8fa0c59ad9a3baa971b39a11fd6c410d7b51bec30ca0523dbebed287de315c9ffb166a5aba7ade4d4df4f26cdeeda59bd7da10798a29832f9de04b603b3c1421976ca57f56ac67df7d67bf9e5da6560ed2ee1132032", 0x0}}) setsockopt$inet_udp_encap(r3, 0x11, 0x64, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 01:14:21 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) 01:14:21 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x0) 01:14:21 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0xc020660b, 0x0) 01:14:21 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5423, 0x0) [ 903.651418] WARNING: CPU: 1 PID: 9141 at drivers/tty/tty_ioctl.c:319 tty_set_termios+0x7a5/0x8d0 [ 903.660575] Kernel panic - not syncing: panic_on_warn set ... [ 903.660575] [ 903.667948] CPU: 1 PID: 9141 Comm: kworker/u5:3 Not tainted 4.19.60 #33 [ 903.674701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 903.684088] Workqueue: hci2 hci_power_on [ 903.688155] Call Trace: [ 903.690747] dump_stack+0x172/0x1f0 [ 903.694385] panic+0x263/0x507 [ 903.697585] ? __warn_printk+0xf3/0xf3 [ 903.701484] ? tty_set_termios+0x7a5/0x8d0 [ 903.705722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.711266] ? __warn.cold+0x5/0x4a [ 903.714893] ? __warn+0xe8/0x1d0 [ 903.718264] ? tty_set_termios+0x7a5/0x8d0 [ 903.722501] __warn.cold+0x20/0x4a [ 903.726049] ? tty_set_termios+0x7a5/0x8d0 [ 903.730294] report_bug+0x263/0x2b0 [ 903.733935] do_error_trap+0x204/0x360 [ 903.737826] ? math_error+0x340/0x340 [ 903.741631] ? update_curr+0x3c4/0x8a0 [ 903.745528] ? error_entry+0x76/0xd0 [ 903.749251] ? trace_hardirqs_off_caller+0x65/0x220 [ 903.754278] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 903.759135] do_invalid_op+0x1b/0x20 [ 903.762852] invalid_op+0x14/0x20 [ 903.766335] RIP: 0010:tty_set_termios+0x7a5/0x8d0 [ 903.771181] Code: 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 a3 00 00 00 45 89 a7 d0 03 00 00 e9 49 fe ff ff e8 9b 5d 05 fe <0f> 0b e9 3e f9 ff ff e8 af ce 3b fe e9 d6 fa ff ff e8 a5 ce 3b fe [ 903.790091] RSP: 0018:ffff88805aabf990 EFLAGS: 00010293 [ 903.795479] RAX: ffff88805a966640 RBX: ffff88805aabfa50 RCX: ffffffff8365b4fd [ 903.802756] RDX: 0000000000000000 RSI: ffffffff8365bbc5 RDI: 0000000000000005 [ 903.810031] RBP: ffff88805aabfa78 R08: ffff88805a966640 R09: fffffbfff15dd849 [ 903.817302] R10: fffffbfff15dd848 R11: 0000000000000003 R12: ffff88805aabfab8 [ 903.824574] R13: 0000000000010004 R14: 1ffff1100b557f51 R15: ffff888058b06e00 [ 903.831870] ? tty_set_termios+0xdd/0x8d0 [ 903.836023] ? tty_set_termios+0x7a5/0x8d0 [ 903.840274] ? tty_wait_until_sent+0x580/0x580 [ 903.844864] ? __mutex_lock+0x3cd/0x1300 [ 903.848930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 903.854474] ? tty_termios_encode_baud_rate+0x3ca/0x4e0 [ 903.859853] hci_uart_set_baudrate+0x157/0x1c0 [ 903.864441] ? hci_uart_set_speeds+0x90/0x90 [ 903.868865] ? debug_object_deactivate+0x1e4/0x360 [ 903.873801] ? find_held_lock+0x35/0x130 [ 903.877872] hci_uart_setup+0xa2/0x490 [ 903.881769] ? hci_uart_set_baudrate+0x1c0/0x1c0 [ 903.886530] hci_dev_do_open+0x674/0x14a0 [ 903.890693] ? hci_rx_work+0xaa0/0xaa0 [ 903.894585] ? kasan_check_read+0x11/0x20 [ 903.898746] ? perf_trace_lock+0x510/0x510 [ 903.902987] ? process_one_work+0x890/0x1750 [ 903.907404] hci_power_on+0x10d/0x580 [ 903.911213] ? hci_error_reset+0xf0/0xf0 [ 903.915281] ? __lock_is_held+0xb6/0x140 [ 903.919364] process_one_work+0x989/0x1750 [ 903.923616] ? pwq_dec_nr_in_flight+0x320/0x320 [ 903.928287] ? lock_acquire+0x16f/0x3f0 [ 903.932271] ? kasan_check_write+0x14/0x20 [ 903.936511] ? do_raw_spin_lock+0xc8/0x240 [ 903.940761] worker_thread+0x98/0xe40 [ 903.944565] ? trace_hardirqs_on+0x67/0x220 [ 903.948926] kthread+0x354/0x420 [ 903.952297] ? process_one_work+0x1750/0x1750 [ 903.956796] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 903.962342] ret_from_fork+0x24/0x30 [ 903.967176] Kernel Offset: disabled [ 903.970914] Rebooting in 86400 seconds..