0x0, 0x0, 0x0, 0x0) [ 1601.903394][T21576] Bluetooth: hci7: command 0xfc11 tx timeout [ 1601.903756][ T150] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1602.303347][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1602.303468][ T2955] Bluetooth: hci8: command 0xfc11 tx timeout 15:36:30 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r1, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r1}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, r1, 0x3, {0x0, 0x0, 0x4}}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1d, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000070000000000fdffffffff7f9500000000000000"], &(0x7f0000000400)='syzkaller\x00', 0x2, 0x19, &(0x7f0000000440)=""/25, 0x40f00, 0x2, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x2, 0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x4, 0xf, 0x2, 0x1}, 0x10}, 0x78) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000240)=0x1) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r2 = syz_open_dev$sg(&(0x7f0000000200), 0x10000, 0x101100) fcntl$getown(r2, 0x9) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/173, 0xad}, {&(0x7f0000000180)=""/33, 0x21}], 0x2, 0x1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000340)={0x1, 0x4, 0xffff, 0xffff, 0xc, "d51b808b84000800"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000380)=0x11) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r3 = open_tree(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x8000) r4 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x6, 0x2) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000300)={0x40, r4}, 0x0) [ 1602.390626][ T2955] Bluetooth: hci9: command 0xfc11 tx timeout [ 1602.396848][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1602.436544][ T8903] Bluetooth: hci7: sending frame failed (-49) [ 1602.863212][T13853] Bluetooth: hci11: command 0xfc11 tx timeout [ 1602.863401][ T6550] Bluetooth: hci11: Entering manufacturer mode failed (-110) 15:36:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x10) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1603.983386][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 1603.983397][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1604.463342][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1604.463384][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) 15:36:33 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xc) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2) close_range(r0, r1, 0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x400448dd, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x80040, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000000)) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f0000000180)={[0x20, 0x22ac, 0x3, 0x8001, 0xa0d, 0x9, 0x74e9bb0b, 0x7f, 0x3, 0x4, 0x7, 0x2, 0x400, 0x7, 0x6, 0x807, 0x1, 0x2, 0x100, 0x6, 0x200, 0x2, 0x9, 0x1, 0x6, 0x10000, 0x95, 0x200, 0x8, 0xffffffff, 0x6, 0x3, 0x2, 0x0, 0xc2, 0x5, 0xffffffff, 0x5, 0xffff, 0x6, 0x35, 0x9, 0xd5, 0x7ff, 0x2, 0x6, 0xb0, 0x0, 0x2, 0x3, 0x1, 0x1, 0xfffffeff, 0x1ff, 0x127, 0xfff, 0x2, 0x200, 0x20, 0x0, 0x2, 0x200, 0x0, 0x83, 0x4, 0x6, 0x7, 0x3, 0xfffffe00, 0x4, 0x9, 0x5, 0x1, 0xfff, 0x8, 0x3, 0x8000, 0x4ac8, 0x40, 0x1, 0x4, 0x0, 0x0, 0x2, 0x5, 0x0, 0x9000, 0x13c7, 0x9, 0x9, 0x4e, 0xffffffff, 0x7, 0x1, 0xffff, 0xa5, 0x4, 0x1, 0x3, 0xfffffff9, 0x7f, 0x5, 0x101, 0x7, 0x7f, 0x9, 0x9, 0x2, 0x401, 0x9, 0x113, 0x3, 0xfffffc01, 0x7, 0x6, 0xe90, 0x1, 0x4, 0xffff0000, 0x2, 0x3b, 0xdb, 0x3ff, 0x3, 0x9, 0x9, 0x8, 0x400, 0x7, 0x7f, 0x8, 0x0, 0x6, 0x4a5, 0x8, 0x7ff, 0x9, 0x3ff, 0x587cf634, 0x1, 0x80, 0x1, 0x7fff, 0x27, 0x9, 0x3, 0x7ff, 0x3a80, 0x1ff, 0x3, 0x0, 0x80000001, 0x5, 0x4e, 0x800, 0xfffeffff, 0xa42, 0x1000, 0x200, 0x4, 0xffffe5ba, 0x7, 0xff, 0x10000, 0xfff, 0x3, 0x1000, 0x7, 0x8000, 0x8, 0x7, 0x300, 0x2, 0x3f, 0x5e, 0x2, 0x3, 0x6, 0x3, 0x1f, 0x6, 0xdd0, 0x7, 0x3, 0x5, 0x7f, 0x5, 0x7, 0xd7, 0x8fd, 0x7fff, 0x1, 0x4, 0x0, 0x4, 0x4, 0x4, 0x8, 0x101, 0x2, 0x80000000, 0x2, 0x3, 0x400, 0x6, 0x7f, 0x9, 0x7, 0xfff, 0x6, 0x1, 0x7, 0x0, 0x0, 0x9, 0x9, 0x1, 0xffff44ff, 0x7, 0x0, 0x401, 0x10000, 0x1, 0x909, 0x5, 0x6, 0x7e, 0x6, 0xffffff80, 0x4, 0x20, 0x2, 0x0, 0xce, 0x7, 0x40, 0x5, 0x10001, 0x9a, 0x200, 0x9, 0x2, 0x6, 0x2, 0x4, 0x9, 0x7ff, 0x5, 0x5, 0x1, 0x8, 0x20, 0x4, 0x6, 0x1ff, 0x2, 0x1000, 0x6, 0x2, 0x7, 0x2, 0xfff, 0x400, 0x175, 0x4, 0x81, 0x7, 0x8, 0x2, 0x7, 0x2, 0x7, 0x59, 0xd24, 0x5, 0x296, 0x1, 0x8, 0x1, 0x8, 0x1, 0xe8, 0x3ff, 0x2, 0x4, 0xffff, 0x8, 0x87, 0x8, 0x401, 0x600000, 0x6, 0x4cf, 0x5, 0x6, 0x0, 0x7fffffff, 0x6, 0x80000000, 0x1, 0x39f, 0x7, 0x8001, 0xfffff392, 0x1, 0x8, 0x7, 0x4065, 0x10000, 0x8221, 0x1, 0x9, 0x2487, 0x0, 0x5, 0x8a, 0xfffffff8, 0x3, 0xe5a, 0x3, 0x23e21900, 0x9, 0x3, 0xffffffff, 0xd219, 0x7, 0x3f4, 0x200, 0x2, 0x8, 0xffffffff, 0x4, 0x9, 0x5, 0x14ab, 0x0, 0x4, 0x7, 0x5, 0x8, 0x4eec1e4a, 0x4, 0x3, 0x27, 0x2, 0x1000, 0x0, 0x28a, 0x88f1, 0x20, 0x65b, 0x2, 0x6, 0x4, 0xffff, 0x3, 0x8, 0xcbff, 0x80000000, 0x1, 0x1f, 0xfffffc00, 0x9, 0x40, 0x2, 0xfffffe01, 0x78, 0x6, 0x78, 0x101, 0x5, 0x5, 0x4, 0x6, 0x0, 0xffffffff, 0x6, 0x7, 0x9, 0x5, 0x5, 0x10000, 0x7, 0x3, 0x2, 0x7f, 0x17d8a185, 0x2, 0x8, 0xcd2, 0x4, 0x7, 0x481, 0x0, 0x5, 0x2, 0x7ff, 0x7, 0x7fff, 0xfffffffb, 0x81, 0x3, 0x7, 0x7, 0x3, 0x2, 0x10000, 0x4, 0x80, 0xff, 0xff, 0x5, 0x9, 0x0, 0xd9c3, 0x81, 0x0, 0x3, 0x101, 0x81, 0x2, 0xa80, 0x0, 0x7fffffff, 0x8, 0x5, 0x0, 0x100, 0x5, 0x4, 0x7, 0x8, 0x40, 0x9, 0x7fff, 0x1, 0x4, 0x6, 0x6, 0x4, 0xee, 0x100, 0x5, 0x7, 0x62, 0x6892ceff, 0x800, 0x0, 0x7, 0x9, 0x3, 0x1, 0x80, 0x3ff, 0x101, 0x8, 0x690f, 0xe0ac, 0xffff, 0x14, 0x2, 0x0, 0xfffffff9, 0x8, 0x6, 0xf99, 0x4, 0xf7, 0x6, 0x872d, 0x5, 0x8, 0x5, 0xffff, 0xffff0000, 0x401, 0x7, 0x0, 0x8, 0x2, 0x6, 0x9, 0x6, 0x9, 0x3, 0xa3, 0x7327, 0x28d424ff, 0x0, 0xff, 0x6, 0x80, 0x400, 0x5, 0xfffffffd, 0x5, 0x8b91, 0x20, 0x4bd, 0x3, 0xfffffffa, 0x20, 0x800, 0x8, 0x910, 0x1, 0x4, 0x20, 0xfffffffc, 0x7fc, 0x704, 0x47f, 0x6, 0x101, 0x3, 0x401, 0x57, 0x4, 0x7, 0x0, 0xfff, 0x400, 0x3, 0x5, 0x2, 0x800, 0x1ff, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, 0x8cd, 0xffffffc1, 0x1, 0x2, 0x2, 0x101, 0x5, 0x1ff, 0x6, 0xb6, 0x7fffffff, 0x7fff, 0x6fb8bf3f, 0x2, 0xd104, 0x5, 0x6, 0x5, 0x8, 0x8, 0x7, 0x7fff, 0x7, 0xff, 0x8, 0xdab1, 0x72, 0xc93, 0x59c, 0xfffffffb, 0x0, 0x10000, 0x80000001, 0x6, 0x5, 0x8, 0x200, 0x7, 0x2, 0x5e9f, 0x3, 0x8, 0x5, 0x9, 0x5, 0x59, 0x5, 0x101, 0xffff, 0x3f, 0x101, 0x4, 0x8, 0x1, 0x10001, 0x3, 0x1, 0x6, 0x5, 0xfffffff8, 0xd9, 0xffffffc0, 0x1, 0x200, 0x41c0b07b, 0x6, 0x3ff, 0xfffffffb, 0x2a4, 0x632, 0x3f, 0x7ff, 0x81, 0x7ff, 0x2, 0x9, 0xee, 0x2, 0x2451, 0x7fff, 0x100, 0x7ff, 0xa7, 0x101, 0x7fffffff, 0x1, 0x800, 0x0, 0xcb03, 0x10000, 0x1000, 0x4, 0xfff, 0x9, 0xfff, 0x9d94, 0x7, 0x95b, 0x3, 0x0, 0xbd, 0x9, 0x7, 0x9, 0x7ff, 0x40, 0x46, 0x5, 0x43c, 0x8, 0x4, 0x3, 0x5, 0x23, 0x81, 0x81, 0x81, 0x1, 0x8, 0x3, 0x61f, 0xfffffff8, 0x2, 0x4, 0x8, 0x1f, 0xfffffbe4, 0xffff, 0x6, 0xd44, 0x3, 0x1, 0x7, 0x3f, 0xfff, 0xdd0, 0x7fff, 0x8, 0x5, 0x1, 0x80000000, 0x5, 0x0, 0x4, 0x5, 0x3, 0x10000, 0x8001, 0x8332, 0x9, 0x347, 0x7ff, 0x100, 0x8, 0x5, 0x7, 0x8001, 0x5, 0x40, 0x40, 0x5, 0x6, 0x9, 0xfffff801, 0x20, 0x4, 0x1, 0x0, 0x4, 0xc3f9, 0x40, 0x1, 0x7, 0x8, 0x7ff, 0x4, 0x400, 0xfd, 0x1ff, 0x3f, 0xca6, 0x81, 0x10001, 0x9, 0x1, 0x7, 0x1, 0x7, 0x2, 0x6, 0x8, 0x80000000, 0x7, 0x6, 0x9, 0x7, 0x5, 0x8000, 0x5, 0x780d, 0xffff, 0xae41, 0x5, 0x8, 0xffffffff, 0x10001, 0xd512e8e8, 0x3, 0x8001, 0x19c, 0xfff, 0x800, 0x8, 0xc3f, 0x3ff, 0x101, 0x0, 0x8, 0x2, 0x401, 0x0, 0x8, 0x2, 0x38, 0x3, 0x9, 0x4, 0x8, 0x3, 0x6, 0x219, 0x5, 0x5, 0x80000000, 0x20, 0x2, 0x6e9, 0x800, 0x400, 0x3, 0x8, 0x5, 0x80, 0x2, 0xf4d, 0x76, 0x7, 0xb5d2, 0x3, 0x7, 0xfffffff8, 0x8, 0xfffffd4c, 0x9, 0x4, 0x0, 0x7, 0x10001, 0x1b6000, 0x7fff, 0x4, 0x8, 0xe62a, 0x67, 0x0, 0x6, 0x7, 0x0, 0x40, 0x1000, 0xfff, 0xeaa, 0xeb, 0x1000, 0x2, 0x3, 0x1f, 0x8001, 0x7, 0xffff, 0x10000, 0x8c9e, 0x9, 0x2, 0xfffff801, 0x8000, 0x0, 0x800, 0x4d5b, 0x8, 0x81, 0x8, 0x1, 0x8, 0x1f, 0x3, 0xfffffffe, 0x9, 0x3, 0x20, 0x7, 0x3, 0x3, 0x9, 0x1, 0x5, 0x0, 0x2, 0x280, 0x1, 0x8, 0x6, 0x5, 0x4, 0x81, 0xffffffff, 0x6d6c, 0x3, 0x80, 0xffff, 0x7, 0x7, 0xfff, 0xffffffff, 0x42f, 0x8639, 0x6, 0x3, 0x1ff, 0x2, 0x2, 0xff, 0x8, 0x258b, 0x4, 0x2, 0x800, 0x8783, 0x7, 0x2, 0x4, 0xc2e9, 0x9, 0x3, 0x3, 0x0, 0x5, 0xffffffff, 0x2, 0xfffffffb, 0xc0, 0x10001, 0x9, 0xfffffc00, 0x10040000, 0x5, 0xac83, 0x1, 0xca4c, 0x0, 0x100, 0xa90, 0x1, 0x6, 0x101, 0xfffff233, 0x1f, 0x17a2a76d, 0x6, 0xad45, 0x1, 0x2, 0x6, 0x1, 0x1ff, 0x0, 0x3f, 0x316, 0x4, 0x7, 0x80000000, 0x3, 0x2, 0x0, 0x80000001, 0x40, 0x15e76524, 0x5, 0x4, 0x8000, 0x9, 0x2, 0x0, 0x8, 0x80000001, 0x6, 0x23, 0x3, 0x7, 0x0, 0x9, 0x1b96, 0x5, 0x0, 0x1, 0x3b3, 0x38000, 0x5, 0x8, 0x5, 0x8, 0x902, 0x8, 0x7ff, 0x1f, 0x100, 0x8001, 0xbc8, 0x0, 0x101, 0x3, 0x6, 0x1, 0x3, 0x1ff, 0xfff, 0xfff, 0xcb61, 0xaee, 0xe1, 0xffff, 0x6, 0x8, 0x7f, 0x4, 0x7f, 0x1ff, 0xaa, 0x9, 0x1, 0x101, 0x9f3, 0x4, 0x5, 0x0, 0x7fffffff, 0x5, 0x8, 0x200, 0x5, 0x6, 0x6, 0x1, 0x7fffffff, 0x8, 0x1, 0x0, 0x2, 0x7c8, 0x9, 0x7, 0x6, 0x20, 0x7, 0x3, 0x401, 0x8, 0x6, 0x3, 0x0, 0x4, 0x81, 0x6, 0x1b900000, 0x1, 0x1, 0x226e, 0x9, 0x0, 0x5, 0x7, 0x80000001, 0x1, 0x5, 0x50, 0x400, 0xbdf, 0x1, 0x7fffffff, 0x6, 0x3]}) ioctl$VT_RELDISP(r0, 0x5605) 15:36:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x480, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1605.805081][ T9935] Bluetooth: hci7: sending frame failed (-49) 15:36:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x11) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:36:34 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0xc8a02, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x13) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x8001}}, './file0\x00'}) r2 = dup(r0) close_range(r1, r2, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) r3 = epoll_create(0x400) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xa) read(r3, &(0x7f0000000180)=""/241, 0xf1) 15:36:34 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) [ 1606.054086][ T9935] Bluetooth: hci8: sending frame failed (-49) 15:36:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x96, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x7a, 0x7f, 0x3f, 0xb0, 0x45e, 0x440, 0xaafb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x84, 0x1, 0x5, 0x1, 0x0, 0xc0, [{{0x9, 0x4, 0x3b, 0x98, 0x3, 0xb2, 0x13, 0x3a, 0xd8, [@cdc_ecm={{0x8, 0x24, 0x6, 0x0, 0x0, "ffe569"}, {0x5, 0x24, 0x0, 0x101}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x401, 0x8, 0x8}, [@ncm={0x6, 0x24, 0x1a, 0x6, 0x10}, @country_functional={0x8, 0x24, 0x7, 0x80, 0x200, [0x5]}, @mbim_extended={0x8, 0x24, 0x1c, 0x7, 0x3c, 0x8000}, @mdlm={0x15, 0x24, 0x12, 0x7}, @dmm={0x7, 0x24, 0x14, 0x3, 0x5}, @acm={0x4, 0x24, 0x2, 0xe}]}], [{{0x9, 0x5, 0xe, 0x8, 0x10, 0x4, 0x80, 0xff}}, {{0x9, 0x5, 0xa, 0xc, 0x20, 0x7f, 0x22, 0x4}}, {{0x9, 0x5, 0xb, 0x3, 0x787, 0x40, 0xf8, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x30, 0x6}]}}]}}]}}]}}, &(0x7f0000000740)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x0, 0x5, 0x92, 0x32, 0x20, 0xe0}, 0x2e, &(0x7f00000001c0)={0x5, 0xf, 0x2e, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x9, 0x7f, 0x64, 0x15b1}, @wireless={0xb, 0x10, 0x1, 0x4, 0xd, 0x7, 0x6, 0x7ff, 0x20}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "b98e8ea4e058f55af6b1d1fbbbf62556"}]}, 0x9, [{0x8e, &(0x7f0000000200)=@string={0x8e, 0x3, "3a246676e0abeb230ea2d06ed0e0333a5337f65e37b41992097bfae049d05eadaeeb3b9d684ee003bff70bdf7eb3cb9f678e85941912a981939c74742529403c41bc5fe34fa8021636e14abf81c7e1530df456647878f7b9a69d2aaeb9eb822834bbafcafb1fd39288c1dc1cb64745bad52a58dcec7726425326d0935ce4345c52fe4af0e33caaae180d5320"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2001}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x458}}, {0x19, &(0x7f0000000340)=@string={0x19, 0x3, "1eb9881a63e5201dad22c9e5467a2abc59240a98da9143"}}, {0x43, &(0x7f0000000380)=@string={0x43, 0x3, "05f8cbe2586f26c9950dda980d93b2cb5984fddf250e24b8f51ed005d4ac0c88f831a4de2c98ec7052ead74b053f6dfc442b87f65da22f2392cc01864acea718a5"}}, {0xe9, &(0x7f0000000400)=@string={0xe9, 0x3, "571048ae1c1d67c4f66882b21b30231b92c7819cdf1df9d3107ae7416298fad63b2e35f1e46d5962ef247307a23080b94cbec57d935ba727f1a52cb988076f29d13d7a86549b0ea00f3de771d4a4fdf530b22133f21605cb04f46ea656b649df3451d30906b1888a856130adc4db2193224b557e054e00437ab01c8e454144e8683f538ad964f59e2a11f3b957aa4cde3f42c3fac6ffb59606b0baa0c3cc42cf1ca5c27671036615d28537774a25595ab4fbed656099140ccfa48223dd0d0f992998b3ed0ad494f8dbc99120246ad568f5136b1b7be0ddeeb9858489d1d05d58688aab1d7f0dde"}}, {0xd8, &(0x7f0000000500)=@string={0xd8, 0x3, "3304732cc82712d7fc5cc4e7a21e649685c697c3f319cf1a1e104bf1e2a375f65b5b1429a62d595f9ba53fa7f0eae81fd9130f34b20762a23eed2cbe75fe04b5b0c238d69fe62752a49da2733afe179941496a4fd0310e58a96bf74b3d435ebb472ce8c71e2b332b584f5604c565fc5ddd542dd730551998139d0229d9a6c5dd7736ea83336b473140bacb1b94005b11f79439ce420d87f3e7532e030271bcfb0df90de350f6c4e7a4ec0e7631c68568de80eb8820fca1a6496e01cbcce8fa7a218bad95dc11fb26eee9fb1fbb6fafe63036a8828f6f"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x437}}, {0xe3, &(0x7f0000000640)=@string={0xe3, 0x3, "2553ca6e53f18fd981fbd74c0299257d099e31baf45d5cfeb88b8b07c7d9a5fc1d03c0b81c9ff9aaab76ea11fc91327252bdfb462c0d33f5aa7e8dcce9988f53dfeaa25cceab13e2ff7b068be79b41d8b4cb3bf33b3a33f8a839f1734a6fe6feff2234eda82533a7129938466e2fa894dc5b2447f1d0ff9eaadc106f7e299e909eec997263fd0fdef3399e63e2042b055acc3fd867da4f49bf134c6c4818188e006fbf9eb1f1f8b60d7113a3c1e72775710d25b2685d2b9f991cbb3f0707fe42784e868d088b1a4e8f7b20a92e2b44037d22de20cb7d1983b38c1eb41837590cdb"}}]}) syz_usb_control_io$hid(r1, &(0x7f0000000900)={0x24, &(0x7f0000000800)={0x20, 0x22, 0x20, {0x20, 0x10, "e7b01a01d776738081eb1d74c152cacacee4eeb10661c3e757b120c6e01d"}}, &(0x7f0000000840)={0x0, 0x3, 0x7, @string={0x7, 0x3, "caf4ce1f25"}}, &(0x7f0000000880)={0x0, 0x22, 0xe, {[@global=@item_012={0x1, 0x1, 0x2, '#'}, @global=@item_012={0x0, 0x1, 0xa}, @global=@item_4={0x3, 0x1, 0xb, "c0486f49"}, @main=@item_4={0x3, 0x0, 0x8, "b74e314e"}, @local=@item_012={0x0, 0x2, 0xa}]}}, &(0x7f00000008c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0x20, 0x1, {0x22, 0x9ca}}}}, &(0x7f0000000c00)={0x2c, &(0x7f0000000940)={0x0, 0x14, 0xd9, "c5a440866c5f3166c163ac0709234c5ac8cd5b62917f2ed415af642762dfb3417d1c2029e41c41d9d85f861984726d31c775f5886604375567f22c9e3521c600542fe6e2cbe711a77797e9ae48ac0cd9bb01c9420c56b957a14947acc71fb79b60348545dab96407ea7271eb45410a53f6d568d9b85283b17615ad39b3a77054da4332c07813ad861805871bef9e4d2ee25bbca3910780dcfd1509fa200cd855d7d6043565c55913ac2dc0ed005fb2cea983b7024551eb6da79971ba5208da142438925d801b79363c89291fd4ca3162a081faf8307bb81f2f"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000a80)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000000ac0)={0x20, 0x1, 0xc8, "e69cf02de6672b9f9437e34e44596a4286c94aded7b4adbb556e9e609eb9519dd05eb91c10a75f92704fb6707e5cc29834b569034f4f598dbe78daef5d68c663688e4fcabfae5e55601b9c307004dd1ab114515577aea764bf1e2e7ad94ea63b65f14ed322caec33fb42801b115541500b7444d28f9edcd959aba5527cd5e3f531e833463982b5ab3f28bfe43d9b6832efcd3d2b1da8e4a340947c25259a9cc905161cf85259624c9051a3d31cd494ad8e779541a106aa5a82f4d95ed10f87db3f8d5781ad146470"}, &(0x7f0000000bc0)={0x20, 0x3, 0x1, 0x7}}) 15:36:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCL_GETSHIFTSTATE(r2, 0x541c, &(0x7f0000000080)={0x6, 0x5}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1606.732928][ T2955] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1606.897914][ T158] Bluetooth: hci11: Frame reassembly failed (-84) [ 1606.923038][ T2955] usb 1-1: device descriptor read/64, error 18 [ 1606.953804][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 1606.960305][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.022954][T13141] Bluetooth: hci6: command 0xfc11 tx timeout [ 1607.032913][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:36:35 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000080)=0x1) pwrite64(r0, &(0x7f00000000c0)="79e4f9cd8ba4af9f", 0x8, 0xc70e) r2 = syz_usb_connect(0x4, 0x8f4, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x0, 0x15, 0x8b, 0xff, 0xeb1a, 0x2881, 0xa76b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8e2, 0x2, 0x80, 0x9, 0x50, 0x1, [{{0x9, 0x4, 0x3b, 0x5a, 0xf, 0x70, 0xc6, 0xe8, 0x7f, [], [{{0x9, 0x5, 0x3, 0x0, 0x8, 0x6, 0x5, 0x5, [@generic={0x23, 0x6, "69b89c4b3fb4e34dd0d6b3c952128fb45135d9ecf62484eeda7d5b83b504103d14"}]}}, {{0x9, 0x5, 0xd, 0x10, 0x10, 0x7, 0x0, 0x1f, [@generic={0xb3, 0x22, "129a0b9287c4936fc1ffc9d887a11cd985c6e03097c4a432a998d6d3a3f00c0bd897ada89b82c67d0d220a0b353df0e16806a3a3c828cc7568f8b12cd285835b489710177908f9fb222f62abbeeb99cce4b455dc104cd07bb3d6348242bca13b0ddbeae20882114188ca3dc6ece3a3ebee4246f7348972c450b6d8f5dc9927d0a3d570ad93136262a935a382e4ad28e15c7f7fe525b3a4d9aff5126cb2cbb75df426ce09db887516defd62f271118bcf17"}, @uac_iso={0x7, 0x25, 0x1, 0xc3, 0x56, 0xc2}]}}, {{0x9, 0x5, 0xb, 0x0, 0x8, 0x4, 0xd6, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x3f, 0x1994}, @generic={0xb1, 0x21, "482c80e2e42a7dba90d47f67ceccba0b15fbe1f3554948088e21b2435accbd0d26fdb4b6ee57c3b149f1113702d9941358cb17514ffd8054d70395bbd225a1987cdf82145c75821448eba66f40f2d13b1bd3352c9d73a31e05a3fc6e550d59b98c94eae97e98b012146b0e881a6be1c74339cdca9ad2c2673ed6703e0c014fea1bdd524d1c59557acce88e27cb44d5e52bd4bb378a3c071866043a4b602bbe801daade03e2fb90b9516dd451d9d365"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x6, 0xc8, 0x6, [@generic={0xf5, 0x22, "e417d627ccfbc192516ae0dab9458127183eb6386b28006e6e46a708cc6ad02a4ab4b96614a320824fb49805811d969549190d052029e69065cf73285fd7e1d217bd1673df14c259e5294f700f2539f5936128163b28e71609c9b8540b2f1c5e7d6b7bd8cb888aa9cf25ed0c290de51e82f2361c9de99da04d59e934073dde4bece4169eedcdb286a0d8b7766dc46c0b004163af2ade3ba916f18f1f379ab6f5f5b4d5a0f37c72b22ce394ad3dac327ef66d5746c2866e8056860a49e53d0db4f8db45ee47b19de303db90a661deaaf0b9cdf8a95474df242e69aed0c2a5741bcacede34a43faf1b490d5dd797892210f19e00"}]}}, {{0x9, 0x5, 0x7, 0x2, 0x200, 0x0, 0x5, 0xe0, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x7, 0xa000}, @generic={0xf3, 0x6, "77fba2b7b4597561d7bbdc66a82702b5d9e86c19b352124e55ffea6df680c99deeafa7b094359b493da2e84ee3e3f1762a04398f01d716c8ce698dba837e52b32af44526facc0de2216d3fb4ed84559e61e1485f7db55d78ba4923a632618820c376699ea7726c3581535be3cc714fb8c2544949f2d1dc219575d4ffb61dec51a54db9661e9205b4748bc1f6ed7954fe827b77c12e4a574140a6f81e862868526a2a7aef8ddaed21ded6d517ac79960b48635cebfd4c50e3353287233a65ad8ff3b47ae0f2a0b2c7ca872bd4a0116454bde2b4053fb90e9cba6c8de21517e2d5d514cbdc622de727113acc91c22d9415a8"}]}}, {{0x9, 0x5, 0x2, 0xc, 0x3ff, 0x29, 0x8, 0x20}}, {{0x9, 0x5, 0xc, 0x10, 0x3ff, 0x3, 0x7, 0x8, [@generic={0xd7, 0xe, "d7853715109587ee4f7dfddeadac3a9dec9031d50545350b1aebe77bef4e80a79beede8abc4b0609425b37818cdd7dbc35c61aaba3cbf3f2aa444b247d5f841bb8f22a5e2e280ae6394ace11c89132a61cae849a79cd1ffa5e728075b2935f18e7f78f99902d26c406b33e4e4019dc5b8c73c1b68d4b8570e5a20b89c70c15db87fafa26c1a75bd51ca284a7891bd46f1265f4ad1cd8114d44e24a2a3afbc8c5278ff34176d6c7532497cdb05aba2314cacb2becca72f2a1d884cf75382c03be72e33beb682b6fb674eb67f4bddfe7e05ff81f0311"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0x3}]}}, {{0x9, 0x5, 0xc, 0x10, 0x20, 0x7f, 0x2, 0xcb}}, {{0x9, 0x5, 0x80, 0x0, 0x20, 0x7, 0x5, 0x2}}, {{0x9, 0x5, 0xc, 0x8, 0x0, 0x7, 0x3, 0x3f, [@generic={0x49, 0x30, "6802fa86aee568d54985b37f379be3875cb819b2a75d99643f1337c35e3f893e1bc34f67527599c054c8d43048bc91a141b340c28eafe4ca2aa7ede78c49900ec71d9a5abdd429"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x40}]}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x87, 0x99}}, {{0x9, 0x5, 0xc, 0x10, 0x200, 0x3f, 0x8d, 0x1f}}, {{0x9, 0x5, 0x8, 0x8, 0x225df1b242969c61, 0x7c, 0x8, 0x32, [@generic={0x90, 0xb, "e71292395592e4b4d7c932a6134c33402474acd8823d9227df5c5aae57543c6cf08b4c5b9c1b07a52e0e08ed59b4c581de1780daaa2ef3b7d838501c6ab6cb29a2b295d13ea9293790aeaeb109489f1cebc502af13fff73e05f7aea90f201a9d6d4ea0a0f6db9642edbf72614bcfba14210984726d61813c431755d7e4ab6f2bfdff47ccd10a1c4bb6846ba3c210"}]}}, {{0x9, 0x5, 0xd, 0x10, 0x20, 0x6c, 0x8, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x5, 0x4}, @generic={0x102, 0x7b6a9f866cb15df9, "dd02627c432184f7602f4c89e8d12bb7aab0397712004e9bced76a6a78adbfca0f29fdaa2092ff9cd89b22eaff15f260664c6a5ae579aa5f34a1a5662008146f6b67f296d040f00dbec459053411da615aed04ccf119f6881fa94fe4624d6ea487e5be433a0d4f73407eb0350edacbd59385c71bd72718f78139aab04cc0a39b891120750cdc29d14cf9af74110db3fd431fa402ed628f1267b8c479a31b5b3310f704722df0c72892b16dcbf3babd5335d94fc521600f1bc850cf75bd336235d5d0e5b8e8ced4993823b0cb17730215fb7dd89785a83679adb3f19774b53d63fa7ff4ecf3b91e41e094509e8ef761d1080b7c2e80d808a46b71d1d43a9d702d"}]}}, {{0x9, 0x5, 0x80, 0x20da78137b4fa187, 0x8, 0x40, 0x7f, 0x20, [@generic={0x90, 0x23, "6af54f2eb29f6faf081ed2aa844419f0517ca574504add502252b5af7aece1e04b949fa496c597d6b70b4f87a706e9920ec23b458fe032c38dbc237d2192c10c4b2f4de001a7b50d865d963edde238cfbd193081452515dd4425a41936441a43c620068e2dee7bb1d4fccd959aeeae23b85f8ce8c9a3f167d50c524b153a96d036db649dfce1ae83136c51b2c981"}]}}]}}, {{0x9, 0x4, 0xba, 0x5, 0x8, 0x20, 0x2e, 0xde, 0x0, [@generic={0xe, 0x9, "aa20ec271a0d0d2102229e9a"}], [{{0x9, 0x5, 0x3, 0x8, 0x200, 0x20, 0x8d, 0x80}}, {{0x9, 0x5, 0xf, 0x10, 0x8, 0x6, 0xdd, 0xfa, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0xe05f}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x1, 0x2d50}]}}, {{0x9, 0x5, 0xc, 0x0, 0x20, 0x40, 0x41, 0x80}}, {{0x9, 0x5, 0xc, 0x10, 0x400, 0xff, 0x4, 0x1}}, {{0x9, 0x5, 0x4, 0x3, 0x40, 0x67, 0x1f, 0x40}}, {{0x9, 0x5, 0xf, 0x10, 0x200, 0x6, 0x1, 0x0, [@generic={0x28, 0xb, "19f56db2c8530da332e555e74a5eb96338cda7c9a4901d6ac388b02b2e822dde4c70e6f8ea5f"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x20, 0xd, 0x1}}, {{0x9, 0x5, 0x8, 0x10, 0x10, 0xfd, 0x40, 0x7, [@generic={0xd9, 0xf, "54be989da8ba36e8502b9ca895fd8caedb80c58cadc9f9cd8f182dadffb4a58d179c4ee407defa7eb057ae2ba87b469656ab2ba216a74aaceacd262f0c50077988343ec2094d66d87912444d64aa3590dea55bdede9d459b2e988532e34c65fc707ae3092e8cfaeacdd08d1055537a7488a8cedf5ff97673c0efe385111eec2e1815f1684e3ba4bf1d0b2f2457f4a22d6793077857fad625180de4c766c16f9f780c93fe108e6ff8e9b286e24a9832b9102a7a8c6394fd7e7c93c8cf33bd0ce5745cadf8c41c1c8c70294685d3296e802594ecac96c254"}]}}]}}]}}]}}, &(0x7f0000000c00)={0xa, &(0x7f0000000a80)={0xa, 0x6, 0x201, 0x81, 0x20, 0x2, 0x20, 0x4}, 0x8a, &(0x7f0000000ac0)={0x5, 0xf, 0x8a, 0x3, [@wireless={0xb, 0x10, 0x1, 0x4, 0x90, 0xb6, 0x1, 0xffff, 0x8}, @wireless={0xb, 0x10, 0x1, 0xc, 0x29, 0x80, 0x2, 0x4, 0x3f}, @generic={0x6f, 0x10, 0x1, "d67766311e8ceb7d348bfaaae00f91f93fd953412aa398e62628a3ceb97a7d918ee9206c173c8bf9576754fde5ba9895a3f13079fbf767a109e0657b486eaf3b0ada5a3badd56a05b5fbc27e8df482e164af909bb5e06bed0954938912e2d0b8343ad9fa15f575a1cd620050"}]}, 0x2, [{0x4, &(0x7f0000000b80)=@lang_id={0x4, 0x3, 0x405}}, {0x4, &(0x7f0000000bc0)=@lang_id={0x4, 0x3, 0x423}}]}) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000d40)={0x14, &(0x7f0000000c40)={0x20, 0xc, 0x91, {0x91, 0x21, "4b37b053c1a1f38ddb51e048d328a91ed67989931ec29c8a6519aee5420ce209cb5caace284fe90c83cd36d45e684e7307a316db21450f4515de137a662f47de8aad054818f79db2d850b86b1933f65a408c4ae6dbf5afe3f16a000999ea080cb759e68ee759c01cbce0a3efa78ac6472c524e01e4882deaed2e86a4750f5dd8a5cab084fe3c9b0314fa18597b9561"}}, &(0x7f0000000d00)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001000)={0x44, &(0x7f0000000d80)={0x20, 0x1, 0x83, "3ed5544c4a0011d33cba8b361361e876c77d96604eec3420cae2b339c761d0e0b34d2dca267dff8ee066b938d8f270989e3a2ea6cbf2f1f35c48b8be28b0ca39bd9665e8dd8d565861031a38f48b693591b0e7116ee2f9187fbdf6737b3b59c524287e929fe9fb3407d4f2c6c0c720e6241d41020ca650cbce35f29e69c0d93185af8c"}, &(0x7f0000000e40)={0x0, 0xa, 0x1, 0xfd}, &(0x7f0000000e80)={0x0, 0x8, 0x1, 0xab}, &(0x7f0000000ec0)={0x20, 0x80, 0x1c, {0xffff, 0xfffe, 0x80000001, 0x6, 0x80, 0xf669, 0x7, 0x9, 0x400, 0x4, 0x6, 0x4}}, &(0x7f0000000f00)={0x20, 0x85, 0x4, 0x1b}, &(0x7f0000000f40)={0x20, 0x83, 0x2}, &(0x7f0000000f80)={0x20, 0x87, 0x2, 0xa4c}, &(0x7f0000000fc0)={0x20, 0x89, 0x2, 0x1}}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0) 15:36:35 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000100)={0xa10000, 0x40, 0x7fff, r2, 0x0, &(0x7f00000000c0)={0x980918, 0x3, '\x00', @p_u8=&(0x7f0000000080)=0x5}}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1607.212856][ T2955] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1607.442859][ T2955] usb 1-1: device descriptor read/64, error 18 [ 1607.563776][ T2955] usb usb1-port1: attempt power cycle [ 1607.823055][ T6548] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1607.832347][ T1053] Bluetooth: hci7: command tx timeout [ 1607.972747][ T2955] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1608.062868][ T1053] Bluetooth: hci8: command 0x1003 tx timeout [ 1608.069008][ T6548] Bluetooth: hci8: sending frame failed (-49) [ 1608.075677][ T2955] usb 1-1: Invalid ep0 maxpacket: 176 [ 1608.232965][ T2955] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1608.362813][ T2955] usb 1-1: Invalid ep0 maxpacket: 176 [ 1608.368590][ T2955] usb usb1-port1: unable to enumerate USB device [ 1608.462904][ T6550] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1608.462947][T13853] Bluetooth: hci10: command 0xfc11 tx timeout [ 1608.476937][ T2955] Bluetooth: hci9: command 0xfc11 tx timeout [ 1608.477069][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1608.942685][ T8478] Bluetooth: hci11: command 0x1003 tx timeout [ 1608.949199][ T9935] Bluetooth: hci11: sending frame failed (-49) 15:36:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TCFLSH(r0, 0x540b, 0x1) ioctl$TCFLSH(r0, 0x540b, 0x1) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1609.262891][T11206] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1609.267273][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1609.272185][ T8478] Bluetooth: hci6: command 0xfc11 tx timeout [ 1609.280181][ T2955] Bluetooth: hci12: command tx timeout 15:36:37 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1610.142669][ T8408] Bluetooth: hci8: command 0x1001 tx timeout [ 1610.150027][ T6550] Bluetooth: hci8: sending frame failed (-49) [ 1610.382774][ T8408] Bluetooth: hci7: command 0xfc11 tx timeout [ 1610.382894][ T6548] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:36:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x400454ca, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) write(r0, &(0x7f0000000180)="e2b9ddc4d78e7cb8ce7ef95980db4eb4bdbf0b7ac4376066549a944c46cf6e2f90b7df2e1ce5ddb6c86d105603f5ec459110c31a519f4939d5054797d8c5c46fa42398e50fb55deb30cdaf89e362c197f16261651f635a1ee541816f31757f85c09ce5aecdcc07789c09b036f26ae3dc63a58aa4c7014f24060f610f9f9c2accd6e1e79bcff68f87b47a5ed1a77ed5aee38618399f4a3f6577de21373ee36fb8fac3d625a90789d25cd1a93d796a4802bc9ec25a1a14fe86627a25f7add6a54acff51805ee55c6aa12c561fdb4b34f019b0c8c8ddcc935e37937a56128dd8422710508f0a3", 0xe5) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1611.032611][ T8478] Bluetooth: hci11: command 0x1001 tx timeout [ 1611.040126][ T6550] Bluetooth: hci11: sending frame failed (-49) [ 1611.182617][ T1053] Bluetooth: hci9: command 0xfc11 tx timeout [ 1611.192864][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1611.502517][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1611.902468][ T8408] Bluetooth: hci10: command 0xfc11 tx timeout [ 1611.902756][T11206] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:36:40 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180), 0x4400, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x14) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDGETLED(r2, 0x4b31, &(0x7f0000000100)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:40 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000080)={0xcc, 0x4, 0x1, 0x7f, 0x18, "23d2431a39fdf7c987bdb0ace0b7e7b61e9b1e"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x40) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1612.005191][ T148] Bluetooth: hci9: Frame reassembly failed (-84) [ 1612.222425][ T1053] Bluetooth: hci8: command 0x1009 tx timeout [ 1612.542647][ T6548] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1612.542828][T23375] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1612.551961][ T1053] Bluetooth: hci12: command 0xfc11 tx timeout 15:36:40 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000080)=0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1613.102435][ T8408] Bluetooth: hci11: command 0x1009 tx timeout [ 1613.742372][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1614.062507][T11206] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1614.071564][T21576] Bluetooth: hci9: command tx timeout [ 1614.702391][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1614.711396][ T2955] Bluetooth: hci7: command tx timeout [ 1615.102310][ T6548] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1615.105358][T18048] Bluetooth: hci10: command 0xfc11 tx timeout [ 1615.182247][ T2955] Bluetooth: hci12: command 0xfc11 tx timeout [ 1615.182342][ T9935] Bluetooth: hci12: Entering manufacturer mode failed (-110) [ 1616.622340][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1616.632494][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:36:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x385240, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x1, 0x0) dup3(r1, r2, 0x0) syz_open_pts(r1, 0x200000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:36:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) fcntl$dupfd(r1, 0x406, r0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0x1, 0x0, 0x0, 0x4, 0x0, 0x329, 0x100, 0x5, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x7f, 0x2, @perf_bp={&(0x7f0000000000), 0x1}, 0xa0, 0x7ff, 0x8, 0x8, 0x0, 0x0, 0x437, 0x0, 0x3, 0x0, 0x1769}, 0x0, 0x3, 0xffffffffffffffff, 0xc) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x18) syz_usb_connect(0x0, 0xfffffffffffffded, 0x0, 0x0) 15:36:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x408000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x10) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000400)={0x2c, &(0x7f0000000240)={0x0, 0x0, 0x2c, {0x2c, 0x0, "a05402ce66f1494c614c519bfa6be2188744b24752012efdcad37f71915910344824f3a6759c5f8a3311"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000180)={0x24, 0x0, &(0x7f0000000c00)={0x0, 0x3, 0x4, @lang_id={0x4}}, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0xa, "60774ccc"}]}}, &(0x7f0000000c80)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x8}}}, &(0x7f0000000100)={0x2c, &(0x7f0000000d40)=ANY=[@ANYBLOB="60d17c85ba2f"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000012c0)={0x2c, &(0x7f0000001180)={0x20, 0x4, 0x2f, {0x2f, 0xe, "ae41520f36a769c474cd36e32edd9d613fe44ebf0cf11d2e332389d07e23225114aa428836b330efa3cbd966a1"}}, &(0x7f00000011c0)={0x0, 0x3, 0x4, @string={0x4, 0x3, "0f07"}}, &(0x7f0000001200)={0x0, 0xf, 0xf, {0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xd, 0x80, 0x81, 0xff}]}}, &(0x7f0000001240)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x1, 0x5, 0xff, "72047c1c", "fb11bd11"}}, &(0x7f0000001280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x4, 0x25, 0xda, 0x1f, 0x401, 0x7}}}, &(0x7f0000001700)={0x84, &(0x7f0000001300)={0x20, 0x1f, 0x34, "04cfcd3de0ff23b0baae8621237eccf535633b44b5dc079be83147fb23e30d2d4ef1875c7368e2b8fab0b096e2f38eab3edb493d"}, &(0x7f0000001340)={0x0, 0xa, 0x1, 0x81}, &(0x7f0000001380)={0x0, 0x8, 0x1, 0x74}, &(0x7f00000013c0)={0x20, 0x0, 0x4, {0x1, 0x62a49b41e5d7ec3c}}, &(0x7f0000001400)={0x20, 0x0, 0x4, {0x10, 0x8}}, &(0x7f0000001440)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000001480)={0x40, 0x9, 0x1, 0x81}, &(0x7f00000014c0)={0x40, 0xb, 0x2, 'C<'}, &(0x7f0000001500)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000001540)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000001580)={0x40, 0x17, 0x6}, &(0x7f00000015c0)={0x40, 0x19, 0x2, "c00c"}, &(0x7f0000001600)={0x40, 0x1a, 0x2, 0x9}, &(0x7f0000001640)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000001680)={0x40, 0x1e, 0x1, 0x7}, &(0x7f00000016c0)={0x40, 0x21, 0x1, 0x2}}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x8) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) write(r3, &(0x7f0000000180)="387ab01d01bc05c318a4e0138e7b51a4044f7b6d82ee99c254d8824e7537d4d1d779151ef1affdd4d24d847c3bbb577944543664a6795d303a42e07069547dafcf1b44f9c32ccb8cd6fd200abb36cc16f30bb0f650b7e7d577fc3512e2bbb9e35c6622bfdc741ba0d15213f29ee94262d26076668c26e6a994dca79849763ededae21a5ef612d877d30976d431fc7039bea138be73d729c0fffe8001651d03b01988f641f008688f38daa07614b335ed8ad9d3f37facd5f62956d62ca3bae2cee620e130c163dacb37e6f0c9ba2a12f7decc76b3606a26d8839edd093f73e459f7597e8715355fc1686c2e3bc7460c97ac8e09b99e9efe19e8b22067351aa60175ff5c0ce8da43e61e17142ad7afc50b820797202ce41884102054e1f8bc43e906ccd270b28f33315d91cea50b254918cfe1f91e646019528c7b9b59e31c0ac51fa96bbb7f50d0b5b18ed9785cd37fe4b7c0d41d15d0c43e4c18e26570ee16d518ab01162b66d3de92c68815ffa3dc905cc2c8aa703395f592575c6386ce5b8f9342e7d6823ade1909194dceaadbe1c9db9463857e22e1c88bfad794d8cae37b6a59446e1310513f2616c0f06d7c9e03678e53bf97863b81242409d4c53b818c0942b868c5134a4da141ef1301eac431978cd9d083b64900b432ca4f36037d6ea6c1bed095f58bd531b70675c94773ad00146e5a267cd81628e41b2ed4f1c84026872d767460876141d2481a4150604b2582147110c2c57167e11053ee885de39dd121ff89be17bb9a02784d97829a087a48fb97eff40ee35e26f9d317e68f371d84d4b3ccd7f0c46b58c780758dffd29a322e60945a8c8a314a2dd7e412feb85f68ded5da1a94dde32d2b70e0c1921a2593188404c42827b71414fd4dd375b40a72e1b95a6d08674217d4981fdd479fe4caa78e4fe06b195ce989b622288bb1e4208e26b149aeb7c6ac0592cba4e0d6861b4f9426fbe6c83b5b29a3ac265ffa6a8a4e3034b2260dd43717a7bd079e53ed80a9448eabbdde2a49d939893fc89f13b2ead0e35b2d1d092a07fb4ca63c3c0fdf7f32a7beb68bd4b1b86b92cdf78c36f7555f638f0c10f1c85a2fe20ade521af97bad224a57b1b718feecd5241e466b06b3d6d5ea8dfd5857abcb7d00803baf13858269af969a59780cb8c07cdb9261f9d010cc4fb5764f8d62c019247d3cc5273d7252cbf0d8768bbffd9a1c8e74d2f73f163bd841aaa245740587a91e80c0f6890bbaf29fa5fd380f242d24ab99e7f804cb1438f686b885ba1f2296ec45950391461973c094e2dd70b7b529a367484f8526df20951da83662e68aa10c4271b93da3f77688fbd0a8117581e17af88188317bfbf9d9798ec371284789b7bcbd3235be64c9a8b964309b9d7518973296d5572b7f6dc4c6f7781884146b08a433773869f3c424b917e0bedfc52f21a696534d9343f9fddda194a225e830d05f1b89b6ece59e113135fb9c1f6b6497e895d36240c16d98f9f2a72bffd69a56b6d245d7368c1feb412f22a7e1cefb6e26fd6ee31a78f584c7525fedd5ff332adca6d053f78da566de5b6abb36b2e265a3c4f39db2d3da2d32aabfa6014dfa68b4f7e6694fd90149a88cb398628ee58cbc52e2f612c9d1ad3aa87685a6a6c82c26e2e38ff4bf221b54adb258d206b2cd09ca69b75e1d09372becaa5ee645b4fc3e9a77b01a806cabc667d60e47f9895a6cab4f8e17be8c536b28fc19f13714fca08c9a0c36402421918ea3c0befbbc3dc22e9eeb8f2c6c31ead139c9ba7bbdb87bfc3d64a60ceb8720b0812f3aaca01cedc4c19eeab2a17cea651c738a84a606a7c2e5e8748e29c13838ca384f4c482b3aea69baeb9e0cabe5684da25a2709b784693f18f0ec7e4cc243cbe0b43f9f396969bd16bb92b93cf46c371df4880a387e057ca08bd92f8059790bcb80a3f7bf60d3fb2fb68799b557a7b59a9e4190357f9d3fa1c0fd2a8be44aa8ab7b256c41d4bbaabc3e3a67fea100377e16630e203ccfd8645fc25f6c07b3b42e4522825a8e1fb2f45c4375996ae10f7372f683ee933107dc09290de2adb7aca7f903d428ce36d98eecf2c1174d0cdbdc95f0170a1a62355b490a5d3151a337204616e3ade3989166216e36aada1648c3e354e702d2c5bfe40502ec0114c841f17ee41e2401cb826343c7a10830561368b9dcb9e38da6026495603b9c4c927792f46cfe9f872ff461e36e67a250fcaaf27fd80404e86c1f281eb547c5101603ea1872bf3c4e5ac06b985eb045443a5b50f51f47436ce1a1260980b67254d42b16e324a9b1ced2530fe385d60c22ee1c30b3b17356daea8ae8145598caeb5244d50502d879cb53ff80622e95247d8b75a882157c23141993e1485e25a82ec4a8194c11d2341daab3f3dc554727be66a18a2e794d5e015e73aa8102a953f4d59d4625545b26b387cebab0e457408c6d5dadf5f36b881fb59f2968ed3b6aa300a53d6a7b7dd35dfc5947241ab898d9c828dec60e42098fc628852643898b578c6f1ac99622f1cc3c7c1d020f3917edbe27283633e05dbe787c9ce4b072686f06655a614336258edd35192322b4a6c548ac69ca08689f2b223c2aa2078ff930f3bd68ee3c15c6328758ae548ae6329649dfbe66d52b3b388bbe677783e5d1f5c66996fd953c35072d7f8bd9aafca1d87047b59a892a5173b4bac89d0c460f45ec266b7dfbddae4044a4758720007d3338f59efd0fba5de20a6cf06ce17a5867496c2ae7214fe68dd2304e74029a191465e29ca15749503a9a4a3fcc0bd6a0a1c931212d2539ad31fd8d2a311bb800faaa6f3c87b68adac4f2288fb7da6f3b8a3519d9d362353f43ca71de63cfecdd6bdb7fbba1789bbaa33561b80a8487bf4b8df76e014968d02842bb84c89bddf46d6600e1104c85b522d418864710f2e7cf9a65202b0a5caf939807688fa5c7c0744be3fa4b794d5088c3387e248053064afd68f27fadb64c38bd885d98d8b1690f78b6a1bdd63ee88cf26c5eb1408bfafad83a5ea285fa2c06bbef012e198b1528092e2372b678cadb099215ec1447493450033c219929b28167159e3605af960befdea5448200c51a606cc22bcee6119337230d11bc4b08b7a375044e1d27be93c399624a2f64bbc72ff839ce2a75eeee407cc5c04b0817228eaa2dc4a218f88ebefae5d3a17c1498bce5a27fc9e6a3533f80743f6030552ec3738bbd4cffecc700dd9bee4f854a59d6abba3c89781aa113f4cbcc73adb96457283d0e51ab4526ec1825e74ea86a2e9bec3c8672efd2c90bac25366b73383df18ec86a9e507e542c485a1497927c6433c16f55ca106ac119894e76c94cab4de10b5c98dd192dce73db2f00c2b645136042afa1216309f67f938037dfc70a2409106e6eea5879b92101719283e2b9a58358d3b2a181fb1c8d638f67a9dc07a71023b537a1bb0d92e0b9cd448a3954d4be92b7a5c5ffe08ac958cde15a48334c730fc14d11007d5a73f689e33cf78394750aed8834ee1d85fd5997f786646ce946bad2e4cbcc4d5f36f5174feb9c7cccdd56483a0bb25de4b42a78e1b04fbd583d316cc380461adb48dd7d83f9bd12609ab4df6d38a56735342ac5bc3d35131c8a251fbcd7a28d8083b0962316c3e854af97f449e4f24d0f580e454a21fcda67bcc61d583f73ea7c394734dcc046372b668045a3dadadbb36d051bbc49d6d646d611253f41a87b4640d52ac71183f0e0ae9a15e0209d64bbc5e1dc796992de88cee50b4a7f15d16ff761a3ccbd95eadf3d90587e60d227131e422c7bee337651acebe7787962f6460088af09b5fa65cbe08f48368ba7050afbd2387afad771125d1b2a90572f0f59416a15a31f42d425b9d2c002d90cfb5695d2990fde68fe3f8377390614491726b320cc4d705040757b5ba7e72c14009d637217b1789d1ee4e17b8c4eeaa2be4dc35a6efae1766a1dc5ff5d3aaa91da52ff56ef3acf0274b5d69f02fd94f7382acf9674f420f9fc4215c3f34a31c591cdfd4971e12c2ee676fedd5b9761dc800b0a3de1e6c63594964c5f45e73ee2c629fdae86940c1674fb9ef23e92a3c6a2db9109f46b429330adf2904eaeb75c498f3b0ba29d74cbe74709eca8678c65c351d3eac92b21d3c17a750b6c7d3951dfdc1c1c970e40f5d2db6d06faf7cfdf27545c7956c30e6a97a9131c41b288e42310d04efe7855604746d63d27264fb87678e52bd3fb3140ead1540cbd4cf461268eecc1a2f46b2a67de362740ab5a52c51d5706641cf2970d81975629da880f66a58a4388752a78f85099319248a239a7e15730b7a1ebcd72dc779921524dca2c87a5903bc84314c3dd2c864d6e3a27eb4e4889392b325396eac0c32736ecb27c3583668efb588ce243fde7a8bf177f24c7c214995c7ea9fac3cd47186749bfc03535821e9236838dd1c8b822c52e58be0e077a3280521e760faf7e5f76370afcd60556c532a155afbad2114d255144dccd3fd12fb8615d1f97defd358d59da751c5f1935eb27fb3a7e409363abf024ce182451f858547720395cb3aad4d2aa93955977359f9ae5b06eba385b835a042a63e5fa1510fb4640f6e1ec1e47c3b4743c5ac2a43d8d10c9b9b660573c62c5d01def8f8e5f8a5509a56e8fa6a17d8266e45f8382524f68e9ba6d7ecfa23c7e56662d394c3d708f43d8dfe2681df0a743a2b390abb1785cdfcff8a12979825c246df2ba345b0a183a7cb0ec89267b367d8120e198179430921a61f9ca3b8003d8305650b4fe4b98025e9ea4ced5d4171d883ad9c612f99c8ddc3f5a950209070c848fa47d0009a0a153d125f2cc5608abbd65f6b50182c6d44caeb27bf46d7034cb6c7a4ae62b9e98c47ec65c7feae212da16b0b25be747d41e743a959769dae680594100fc20bc9287dd867aa28db74dcbc6aae5046ec973bf2b9a464e9b7485249e4ee37833cb92a2fe09e613dfa493656f87988adbe38d4ae28a54abad8705472724eec6104f8a3ec523de918e41a1ed3a879ece555c3077ac69867580a4d6c25db54790bde711fdd7ae3058875f8f26b52cb2a29db8d61a160708b8d6662029cd878bdcf2632e34dcb5ed1ddaa9ea112f94af9f8572f670a4f097e4794153d58884fd8aafa2b229718bd3524be7a96373dec6de7644e99c9031ed700e7bf875b8f17bb1df6b78057560ace2cd358eb114cb6cc014cc7ecdd91e942df44256f3469e21e75419b09510d5e968a6eaa5b831fb75a3730ee195ac278673fe0faad4eeb00d3004e20ba1658ca1de562a101b0278d43680ad8e5a3f004ca9fb4cc65446f82b3823e4d8233d8a117d58974a8b7b638084cde38565b44b2e3758bc71d2379e40f9e7fb7b6c481817ad8523a365615c0f15c14bcecbd128ceceb55c5ac53e33dff34575958c2a573d581f1339303a9355e2756e55cc3533318b5cb2c37521ca3caee8deaeb706344fcb6c4aa27bec71c419ecbb1de59534f250e2abc7daa0bdf439f48f1864ff4a921566e025b3590ad74df3995d20a8402d10d1a14ed69dc01b366eba1dc97ef84fdd18521dac0564a3f30dbf3b70a69fda2f3ff2a3816c482677d94e492eba63450f6472c477d4dfb6b618e633128eda116a6c7f1afc09e6fac13c756d80397afc5a8b1c97e4aeb4c206cc92be4afbfa8fabe562ae9fc08078ddd621015f7f32cda3b1a6092b4bfbfaadfef83187d6b97f7eee8d62b705c649ac2265a7042c11ca191a6a968883eaf92841bb1aefa7ddaf80886ba3fda6615930d253d2ac524cca5b860327217024374dbcb935c0", 0x1000) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f0000000100)={0x3487, 0x8, 0x8001}) 15:36:45 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x4004550a, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:45 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x1b) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1617.262176][ T8408] Bluetooth: hci7: command 0xfc11 tx timeout [ 1617.272085][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:36:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xd) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1617.392304][ T158] Bluetooth: hci6: Frame reassembly failed (-84) [ 1617.415721][T11654] Bluetooth: hci7: Frame reassembly failed (-84) [ 1617.433464][T11654] Bluetooth: hci7: Frame reassembly failed (-84) 15:36:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pkey_mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0xffffffffffffffff) io_uring_setup(0x0, &(0x7f0000000000)) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0xffffffffffffffff) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000000)=0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:36:45 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x400140, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x50009401, &(0x7f0000000180)={{}, "9fa21a62aa4349c80c704179d46d697fe28ebb12840806b8d34d1f3a6a79220279fbbbe32fa6a06191774955f2d4a162d3440c845720dc9bee3b4148d406f87340b5d7a6c1a6d845a9fd064b46b0a58a52a3c1aed6f9a02c391cd8b0dbfb3aff06b265eb695d5f50cb761e7db7c3bc802f98890d2a628990b0fb28af4f50c0671309d352bbe8f50c36293fdcedfcaeac78af81c36f3adde708d2b806d30b68840c314f58fab8143b0ce44514a2a06ece9be48de28bd66f0c701c829fab38cd61a43dacf0daaaa86e574376501171f3cfb179a1b9db4f8c8a009b34a186a190980b2900edae9d5e1b6a7fde333cef7246aa8db05a08185fdcfa4ce9b2686aafb51d971e20ddb909af9637fce2bbb064d881f9cd2a6aa71e10dcfd3d96ff3c8b787e30133367e1c9fc4a590de60bf56a07548b3bc38f06a858f9858bd52f3b1116b09925c7cfbe81ca15ca8f2439f53ba383be29e219c523f5d80772015d04c28a639cf31b2dd99d290acd54ba00e3a55aa169f8b008ad9140029d6175f902d3e4055dda905526530e11e99a3b40f156d62c0e1cfeb748bc4bcd0b2d0faa2bdcadd029692f4a915e5cb4fe071b4218c0458ca81980a0f6dcf8493933379cfe14d6b054df3d9322b9629b1b5b5ee9e879657a84d85d2f5e11c7a6e2722c4fb306e680263f328ade1e164b935ee9ddf7363ea4dabee896d2ea57247ec1bd01ac8a71541e0dcf59397f5a131f668504443100b59f32ffa1bffd451a8b8a3514703e88732ac7c2f00408de1dafab8860644806361acf7bea1987d40c47b2ce7bb43eb8d360d547314dd2c11f211d7762c207948a8eefa91d4e6515fb1e209fa6b332db469e20d326628d2f651980476ec684a4181fae7824339170762a08be3422e51e565d4d2856a90f23b74cf253499a64a62911e132b132c1414a52326f413965978c03b5dda5908e6549d35774bf4fb52f5191d73f29eabd98798daee3177c17c6f8f29483deff46a76f67b7eafa587f446f3a61099f1db2695ec3caaaafaa508d6e4ed69345256b47f0e6be6029fe5f7f9501e9af6d67c627e9039932f5467c4370f333b9a0ab0ef73c6993645e6f7a2656e10099a5c846ef7796bf12bed2a5d53e62900ca9492e548890dc9ba7073fef0115e3a3127d8e087a5251322af0fd542f37077e184835f153ea7aefbdedfbe94684badd60902acd0d08d486e11177252ba8aecd6326fdfc4cf801dc4f0a8cb4d414c88a7a44736a2da3b08084fa3f03d52c521559ed2fdcca841014b49e2939aa9120dc2eff0108a84222218e5bb114404ed8b1f133fcd70cd9776b647ddde856b6e6cea3c985666cbbd5b47982d919cb45ad0419c614c865ce48aec6bcd6b930f0a29c306f3f4945d0ddb0eccd3c84a14acbb630f22bc453f8ff0b9c06817c9b8b4d8edb017038531ef5688c05ac2fa8fe313340ccc47a25f01fdb4ab68b08eb8a74d3af7ca357306fa02f6372462b7a361f94bb5f2be10bd3f5a9fa37381f5a16bfbf6bba11d537fbbc2b4eaeedc01541486d813193da9cd83c2e2a602fa12eed1f9e5003a0597015a87c9b485f4f0854531417dfeb3eed738ed9ca13122dc55da8508c606b1787d72e154c8e9200df9cd7b88f8323901ad92b10e4cd00761da5a73d2ee0c13c237c528bc9f357fd9a7fd9512a00c0202ac6ba84e396ef3ba22ff7f6005648f8f62d781d1f9758248677890d3131f9eb80ed03437bfd26f2397abdd238ab378bf26d8d7cd1abdb2c177e18f9463f92f7953823274b50746595837c7ce8f134751685674045029d0e805169f21f6967b90caa93b5b84235fdc1803e5a1efe643d08d3d33658627c83fa7f0d52d3f52412bfe7599b88e2b6b565dc3fbeb16ec989a4d57ea4534bc4a76d30a905e4d60202bbf65ce629ae2d83c1fff1b5d547587cdd360b3174a6a49f9561a6c0495ffaddc3037907ec166fb53108eef9dc5dcf63d4ad854cab70e8508f556a529abbb5f4a86372d51c8c7d9415c23fe9351d8c9de36c0c5500e1212fad2523c08564d215279e6b1079c4dd9d81545d3ae255cecd29ff4c9b955bbc1be451fc5b1cfd5395f1f70ac827ab4c2d384f010452a49c268e306d873dba01fc1f8b8f17bf6787010f0382421bfae586be385a46f847483a3ab759b282fc65b5b46e346dafe5c9404f8df1ccbe22ebf4c4661f0dbca4d0d475e15e0d37925b01426f85582133c7c90b50829af32e1bad749d1c3ec1133f69e39c984669c56658ff31936fb0dc321c82a4e11baad4c76032babf8506550f5521b05fe8ecd5ded682f233318299c27d6dfc1256e700af8f2a0935563dedb62b4c6433dc7a3242eaeb509da958083eda36c9568083e39043664e14d50cac90ecf0658ec1840a4c93d65d2fc11ac9f728761f9a36b62f83501dcdc374c426be422ad01a0758d814e5f2d5697419ce93bb40b7d817aea88881798ca289bc8715da6c200c5657baab2bc90f0891877535b6ffba4052543e301ea2c7c8bef780a3ab7e618f4b3572f77f0598898547b8687200f43b3d48713808e4ac6434c4f7debf6ec8aa11631646726b4e73513eb59051c17825d90a5e84947bff41bd0358beb93798cd5346cf5b332b8c96627e540ad4a106c3e397de2bfcdc7bad7b61e45249a2e9e5261d48e247b19caddeef6e0f1bffb565172a21d2a056c04d5130e6d6cb5141336ab96483aa0f375c084c62007513a6ffbbbe31e7a8c62b0f4e182291e3b0b56eaacb488afe741054f8ac0fae4be34c4bb870b18e0e93c71305087246d55e81510fdd5ace19b1c48e0dd3be038145a3d7061ec78d45eee0ce46d1e9316768c603838797f918d6e3df3c44717bbd3edef628e3d44fc1ed08f83dae141319220b104134756dde44c6884e22ca96cb49ea71080f121079d463d26cda158691714d8fd199058d1d5ae1078032178dd0b67891d2bdaf437fc16d52c5f6dadb1f822fff63940c5aa4200b1601248a5acdbcbadae84e2b551a6b86d38faac68e458cfbb945e0fc93df6a11e95c612a25a2d694b6a349083ca7aed1aa6983c04284fd5ec29da986231410db186e85f7b0e21cd3db2698d411f7472b761d1c8bcbe311abec69802589e6d9599bc02a4b3e138792d0187e93a9bdb833965a4ebb64d0fc4235378d4e871000c6f9959ecbf0b3d270d8380f8ceaf923e71acbfb8aea50e57880513960b179968b8a274e0fc46831be47876718da6067ebb9ebe8d55e6b23cda07a332f68261f1dca1207a63c8938bd42c770b7c68bac083b4c75e00cc09b64f2cae024f8024e3dd7ec3a6dd1c64949643e7a218606aafc6ac30848f2f9f0c2cfe88d69da0d8fc9feda3b2b91dbd9c38154a1c52bfd6be9c90e82c836d82f4c05105a46ab5ab2f50b1b4712388f39c83902b71804788ccf45ad543fea946a81a519ba907ba7f52222e81e131204fd2238cdfb2e1b9e1451981cc643b1e87ae92722f5f4083d84de8ef47127606dead48f8347ac21666286d5fda47d94e1fd6cb8ed6061db5b5a661286c95dd76485625a60595fefded04d18297c759641f505db919d9336f9317ff0662dfbfffdf6e5343e82200878a5a6d9a249dff2751d9f6812d0f1164e70bbe366fb972041b86e85102bc13efbed3222d2854d7c9b0b89cd1f223fd1774f3a160e0b79625264726b10916d6ae6e21d83a9d56cd5398d4ccdecd5733a5cea8939af35840630d7e6ebb2bddd2ac7168707adef4e44b4e7ea04b5ca0ea36fc3f337ecd8189380c3a15415236bbf7fbd8561e631cea4a9dcc99ad20744355f5a945078c4e110a00dfc5462c8fe0f3d1448e818c3fa329433fd85ccd956d23ba92b53bda621116ea255d1754d4a0e73c3586d39ba006ced69a31a6f7fdb8b8c774be33628ca1f6b75b30f02f69c09892c04d095470ce2d4c247ff03e77c74ffb9e9bc9d212d57b215d12c7366af8a7e25a79d0cf2f9df11a9e24fb5640c07e2d1406604ed88f37a07edb7e7a579afcf820716322160671d84eda5125fb3d13ec1e7c8c09e75014e0ce3c2ddac0c38f45f69051198f5c948cbe4c4a47143e701716d45d2b99ad407f8d4d43504b0d3a147a474228494f029fe78601fe2250349e5e09a0e542bd87d7129b2756d90994f77fe40adcde5d92ee4b56b34391b6d0ebd95719c530294edf3410714f48d4bdf5bc45759c0b6da0063dce4e2cba30b9e061323234455d50c58b551279104533d257339d586ddf940baa8662cbbf8a5c168cf73b54bf390a5b5a2a5d1878454185cbdf83876125f8aed1accc9927244feab4fedefa95910dff7fa14fb31021b8851520582e0d215d29c3cf321686eec0f5cb49b0f335267c9e53866966186726968a63d0b828269f1e6c0db184980d40935948edf8ff9c4ed7fde4eff724f91a28cda11453634b6f654e7756070e30669734fd0330d98f3c02d002347c57abb8ca74b0f8eb1ab0ff2a661e7a4271afe445c2b0a70baa5d5a89783888ce12021f17c07b3205cd0c7e3073f49d4b43e08e9898d0d4c262f373ea150c5fda2a301502b413e4708293b223ac12edd882eea366895748dddc7e7b2e74f8fa1bff66b21260ec012728909bcf75d6b1c36357317315c5f12ed1a5dbce20ebe89977b786347cab5a483f09c6d6f4f75ac16bde4aeacac35bc1a86b36c86417d95c8a2af59479368b1e9dcee44dd7cc7ee51043ec4b3a410aca3f140b8286eb1416c77e1af67caed560f9f3fd06c00a7e672ed13e9b54cdd65d5a1eddea4f5c2d2b5520a010d052ad5eb71cd87347fe2357be64e4b8c487732728de7ccc8805bdb0ffb622b10115cc22ceca99ca27cb58753cc5c8dcd0d4ffd16a52516e05e488d1ed6e9804c735d2cd021c35a963d96e840b35fe3d845c851955d1fd3c7ca1cf5e1ed3367528f9ea642f077032265f5374189a473bd7013f7e1dd3033f60ef6328d5bcf32daddb8f921cef0e52a476e72c7c3405001c11d153e4a067be6a9d2d8acd084eb16710a2cf7c74942724e42f7a5058936f8b96609a618dd90ae7664693a629d3f730406f673f58716486b244938d340b66c6ab7ac06bfe847f92fa459f2a5416337ed7a978a9d32fa608e9a6d3a11394a7eda7f3949a045f57311d12f6ac7056fa6ad845478352cdaf971bf5444f951b650fbf5d42ffc51c482497a1437966ea09e92cb5704885f8308bca1c34afb0abfdfac208f1594b58fd40813170ec636c5340a18d27f80960cd7bc76920ef3df1f15da52ed25950e4339e53c0837d255ecbde98bff864c5473ba3d2a8dd9e756a7b723c3ab3f35b0a50346acbab1fd164cbfcdffc5a3f0d0d694ddb21d4d8ca02c5ee54e729ef7778869b3d45092e9b4bd58b5e179e5052e0ebb2f7e8716b4b90e7823bd305c2f05ea92374be49ba655b57837006f32e23a1751dc54ed97259805d5e891e3bd5aa86e66d80ce33fa3f567c42d7d2935107bdfa4644bda8e66bc73c097ff67b2e75a15081e1732e8b3758014337f0329e60db445e8bee8ec4e75b21cdc6a9eda2ba1b21c760787f6f452984ab8acdeb01e402e414a37cc18755b2245af3f6f49454087f2bafd0e3b2cab7189cc03302f5565218f7cee860421b0eb111270ee736c5e3b02998f2ce418f4ed2540b03e5ff31d43c21b1ab8ef861ee235341cfd8c6e191cf3161839883b1267b813e6f098e8d15222b9ce00860e8ae3590fca166bc907b035dd6bd1f3370dec9fbc121e9462510dc6009c1403f2cc8d03210677d604d8f5d8d7255f744a1c0c9e17caff20d33327"}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$RTC_WIE_ON(r1, 0x700f) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) ioctl$BTRFS_IOC_BALANCE(r3, 0x5000940c, 0x0) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:46 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x40049409, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:46 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000040), 0x1, 0xa801) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x11) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1617.951234][ T1209] Bluetooth: hci9: Frame reassembly failed (-84) 15:36:46 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x491800, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0x204080, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:47 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x44102, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x46103) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1619.422122][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1619.422503][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1619.432110][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1619.583083][T13141] Bluetooth: hci8: command 0x1003 tx timeout [ 1619.599009][ T9935] Bluetooth: hci8: sending frame failed (-49) 15:36:47 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xc) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1619.716143][ T9503] Bluetooth: hci6: sending frame failed (-49) [ 1619.979387][ T1209] Bluetooth: hci7: Frame reassembly failed (-84) [ 1619.986376][ T150] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1620.061975][T13141] Bluetooth: hci10: command 0xfc11 tx timeout [ 1620.068288][ T6548] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1620.536260][T11654] Bluetooth: hci9: Frame reassembly failed (-84) [ 1620.602080][T11654] Bluetooth: hci10: Frame reassembly failed (-84) [ 1621.661801][T13853] Bluetooth: hci8: command 0x1001 tx timeout [ 1621.668563][ T8903] Bluetooth: hci8: sending frame failed (-49) [ 1621.741664][T13853] Bluetooth: hci6: command 0xfc11 tx timeout [ 1621.741755][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1621.981936][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1621.990084][T13141] Bluetooth: hci7: command tx timeout 15:36:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x6, 0x0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000040ac05438240000000000109022400010000002009040000fd0301000009210000200122010009058103"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000400)={0x2c, &(0x7f0000000240)={0x0, 0x0, 0x2c, {0x2c, 0x0, "a05402ce66f1494c614c519bfa6be2188744b24752012efdcad37f71915910344824f3a6759c5f8a3311"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000180)={0x24, 0x0, &(0x7f0000000c00)={0x0, 0x3, 0x4, @lang_id={0x4}}, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0xa, "60774ccc"}]}}, &(0x7f0000000c80)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x8}}}, &(0x7f0000000100)={0x2c, &(0x7f0000000d40)=ANY=[@ANYBLOB="60d17c85ba2f"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, &(0x7f0000000300)={0x2c, &(0x7f0000000180)={0x40, 0x7, 0xf4, {0xf4, 0x31, "9c025defa0fb5c16066837619de4a81920c4b655bb3349696428783663a14103a03f1613fcbbd7f8b3a6fbaa3a3cdce52e167387373d6db7ac488a7e448324a5f97293fc73b4558969d1735143d4f22043fb179d562a7fbab639672eff02adef0890c360a03acfc67cd87b60fb5b332bba815b2df251de45fa993f9d6ceae013ec7b324f98c35ba24e38bbd80594027f23ddc9a240774099b3b71f3e1289cbf6e535979e89f7bd2507d49ec7be95b15cc4287aeb6c7d9cf5915d0427dfa8300d7fae5abd97e3de8473712667b49554eeee8a966a48d75746b29326e8f1cfa73e4fc1a28b5ca7a0b2c1be5fc70517dd6efcfb"}}, &(0x7f0000000080)={0x0, 0x3, 0x67, @string={0x67, 0x3, "bdb515f33186cf42a173aaec378648db6a23e6be78072c698d78a67989dc256dc6a9f92636a28ce175d2d1d7530d4e92eda9f1fe11e54fd94f3f2efc75d0d2ffd406ef0cdff26d4531aa991f4e224a748e4e9e6c3db38ee0f60d7add92e2eee11cc28127be"}}, &(0x7f0000000100)={0x0, 0xf, 0x13, {0x5, 0xf, 0x13, 0x2, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x8, 0x62, 0x5, 0x40, 0x0, 0x9}]}}, &(0x7f0000000280)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x1e2, 0x67, 0x5, "8811705a", "5da5e02b"}}, &(0x7f00000002c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x47, 0x8, 0x7f, 0x4a, 0x1, 0x7, 0x1}}}, &(0x7f0000000800)={0x84, &(0x7f0000000340)={0x0, 0x1, 0xca, "71dae37163ecc0c11c5c1923b4b19563303ea87fc27059e05dc64866d670dc01b2248c45b2c9d8227d131076aacdcbdc9485bbc1ed66a7722d5a3499ba30dee06a82fc82713ae5f12670c88efb37c81c655fa272ea7b1c6ef50994fc682e78feb6977df96b6a7d8d3e05e884fae2c5a39e9dc31d265f8026efa3be29da1687205c0178d859c93759b270f3c1caeb55fb53fa9f0a0949097ea989bd4aed74309fe95def110659bcdb9e69186976ae8f7b22418ce214229c5688fc4f261cd511f7727ebcb08caa90e8b43f"}, &(0x7f0000000440)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x6}, &(0x7f00000004c0)={0x20, 0x0, 0x4}, &(0x7f0000000500)={0x20, 0x0, 0x8, {0x0, 0x1, [0xf00f]}}, &(0x7f0000000540)={0x40, 0x7, 0x2, 0x3}, &(0x7f0000000580)={0x40, 0x9, 0x1, 0x92}, &(0x7f00000005c0)={0x40, 0xb, 0x2, "ecd8"}, &(0x7f0000000600)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000000640)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000680)={0x40, 0x17, 0x6}, &(0x7f00000006c0)={0x40, 0x19, 0x2, "9f0c"}, &(0x7f0000000700)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000000740)={0x40, 0x1c, 0x1, 0x8}, &(0x7f0000000780)={0x40, 0x1e, 0x1, 0x6}, &(0x7f00000007c0)={0x40, 0x21, 0x1, 0x7f}}) 15:36:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x282000, 0x0) [ 1622.085189][ T1206] Bluetooth: hci6: Frame reassembly failed (-84) [ 1622.100622][T11654] Bluetooth: hci7: Frame reassembly failed (-84) [ 1622.401728][ T2955] usb 3-1: new high-speed USB device number 8 using dummy_hcd 15:36:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_pts(r0, 0x2c8100) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x6) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) ioctl$TIOCL_UNBLANKSCREEN(r2, 0x541c, &(0x7f00000001c0)) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r5, 0x3, 0x0) ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000100)={0x9, 0xffffff00, 0x3, 0x5, 0x1a, "7767b7324b5a8c370431d26d8577c96dfdaca7"}) dup3(r4, r5, 0x0) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$BLKIOMIN(r4, 0x1278, &(0x7f0000000180)) [ 1622.541899][ T6548] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1622.621885][ T8408] Bluetooth: hci10: command 0xfc11 tx timeout [ 1622.628274][ T150] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1622.654200][ T148] Bluetooth: hci9: Frame reassembly failed (-84) 15:36:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x40085503, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1622.771873][ T2955] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1622.783333][ T2955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1622.796463][ T2955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1622.808017][ T2955] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1622.822780][ T2955] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice= 0.40 [ 1622.835272][ T2955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1622.860073][ T2955] usb 3-1: config 0 descriptor?? [ 1623.353891][ T2955] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 1623.374602][ T2955] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8243] on usb-dummy_hcd.2-1/input0 [ 1623.741828][T13141] Bluetooth: hci8: command 0x1009 tx timeout [ 1624.141553][ T2955] Bluetooth: hci7: command 0xfc11 tx timeout [ 1624.147764][ T2955] Bluetooth: hci6: command 0xfc11 tx timeout [ 1624.151703][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1624.154186][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:36:52 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x40, 0x80, 0x1, [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x7, 0x1, 0x3, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x7, 0x20, 0x2}}}}}]}}]}}, &(0x7f0000000440)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x6, 0x8, 0x1, 0xff, 0x40}, 0x3b, &(0x7f0000000100)={0x5, 0xf, 0x3b, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3a, "6701a9bbc04c127090a70c4b01d85b47"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x50, 0x6, 0x0, 0x9f, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x7, 0x66, 0x7}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x8, 0x0, 0x1}]}, 0x5, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x2809}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x41d}}, {0xee, &(0x7f0000000240)=@string={0xee, 0x3, "affc9cc3b05f72a4ddb17fdd24603c2da92c748bacc5ebe9b95793c8374d4f36106c0b37b3cb673e6a3ade25cb0177333adc242dac5c1cdc03385fd968981e8aa9341c957868db7459319c63d9a07ad9d59954fc1c9303f031f1a9b820308f17e29266c65d5fb88c6986ba1f357655b916f9918a5d7fe4b0f2fdd974a7054c783e1ea414677f16d4d869f403bb92c45c5b685d091f8d039c66bf106c0b4fc1f4d78db4edbd4099178fa0bd811bd0dd4cac6f6ba7762f75725c92314a3cb6d067aced64d232c25b635bdfc2e4a5421c72f78f4e5471b741b1019011663ccede2131015d6e89afed66efd4cbfa"}}, {0xf2, &(0x7f0000000340)=@string={0xf2, 0x3, "7fc2cac5dfd828c049b8365c826135284e3274ebc6c1a705fb63bbc5c032836bbe68396b8ecf21afd4b89ad65d82df27207d7ef9748f03fb95f0ded220ed1f5c2ebc576511a89c4845680bc9197a2b56677c21f9fbc6061704c31c1a7865e126d87b9c5f1333ca8d005d718c08050bc79787edc6581776a245c387db1864c68cc55b44d3e0574729132fe63662440a2497c9f354347def9fb3ff3c117a1b5fca5322d14c51556390b32ec3ace7216740910c36e4863b434be9412bebc45f7ef2bfd1a851d7b2cafbf614c34b015ee201d3bc5c96572241313a60ab27427f49d322cc40c0578c82a2d12483bfd6ff4d9c"}}]}) syz_usb_control_io(r1, &(0x7f00000008c0)={0x2c, &(0x7f00000004c0)={0x60, 0x9, 0x7c, {0x7c, 0x10, "a0a5e723563c67a5c0206573fe99c9d362cd067d1c66dd425a0e5f1c69293efb68517e362a1f06cd42872f80badae9999ca82761f62a6c6cf8eeb96a1713039f525bae202408351a246ab861b15eedd9b5dc5cc60d741fc92177cb72e8fb46de494d1ba714ddc29b2bfcd1b8107b0cdd82d2c836af373b2334b2"}}, &(0x7f0000000580)={0x0, 0x3, 0xfb, @string={0xfb, 0x3, "0dfad52b4f753398fd0e0f3a1fc1810738fbe7ad967fe649c4754f70108027fe8d67d42f04c594e6e89a3927c6af952c17076326c1f601958d28c9e8766c35f5a1615b7bdb421058862e080a631c50b6164a3aa0ba74dc925e19db7b07143f0aae07b173bbbe68773734bfd72b64eb97d4e01583325ab5fac52d50f0c7200b286e451ce77db8dc66c6cbe90a799ad5300431708333d0c5a80f1bef96d7d091cb1310199d6e290acbaf751c6ac37749ec23a1aa6ef12dba6d5b3ffac8e0814aec50d66b874993f787daf5a7db1f59ecdefea8445117a5a4caffdf0443e021fb162435373d92ee5ca693b5e7387277e35e02a309809e13d346fb"}}, &(0x7f00000006c0)={0x0, 0xf, 0x140, {0x5, 0xf, 0x140, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x20, 0x3f, 0x54, 0x7, 0x40}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xf, 0x1, 0xa1, 0xe18c}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "7ac04168086c9c590e5f528c2f809c4c"}, @generic={0x70, 0x10, 0x1, "4e596aa7c83f46c081cdd385118a488386153abb181a5a80c837eb73ebc130aab38b33120a4d535a097c667078ae0e18a39bd47490eaf44f33cf6535a48204a57212d8090af1763a5398e7414bd70b70cda9ec66486d6fe277a9bb8deac8304869b414f88384b9765f4dd6fa6c"}, @generic={0xa2, 0x10, 0x2, "037fa39067a8540d498a1f4577427aeacf78f23cb45af8cc9f01a11503a29bb5dfc653223faabd1aa18983353985ce527fd150db414bd2ca3cada8d61359c8400511708e3be652e0bd135a1b80693555e09eef5edb704d0bb084e288e2fe726e633368c3874eefed393a7f19667d6d608c74706c471869c4b2bd3505c3b12c50bef351a8ca357401057aac942e20d394677b84f943fe9128d01ad5235fda91"}]}}, &(0x7f0000000840)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x1, 0x81, 0x0, "0978eafa", "6807acae"}}, &(0x7f0000000880)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x8, 0x70, 0x4, 0xea, 0x9, 0x4, 0x4}}}, &(0x7f0000000d40)={0x84, &(0x7f0000000900)={0x40, 0x6, 0x69, "b36032d11955d14be6c2e235f026c4386efc1c657ab51c48d345fedf9190aadd65c37c141d0bd87beb88d88071c2136d652b75e0834b16bacfbba2563dd724d44359a5325484f56c46a73fae55c2a5e18a1de09d179dfba2654b7a15d62cf1caccf39f656c1bfb5ae2"}, &(0x7f0000000980)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000009c0)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000000a00)={0x20, 0x0, 0x4, {0x3, 0x2}}, &(0x7f0000000a40)={0x20, 0x0, 0x4, {0x160, 0x1}}, &(0x7f0000000a80)={0x40, 0x7, 0x2, 0x7fff}, &(0x7f0000000ac0)={0x40, 0x9, 0x1, 0x5c}, &(0x7f0000000b00)={0x40, 0xb, 0x2, "9a87"}, &(0x7f0000000b40)={0x40, 0xf, 0x2, 0x3a8}, &(0x7f0000000b80)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000bc0)={0x40, 0x17, 0x6}, &(0x7f0000000c00)={0x40, 0x19, 0x2, "27d9"}, &(0x7f0000000c40)={0x40, 0x1a, 0x2, 0x8001}, &(0x7f0000000c80)={0x40, 0x1c, 0x1, 0xc0}, &(0x7f0000000cc0)={0x40, 0x1e, 0x1, 0xfc}, &(0x7f0000000d00)={0x40, 0x21, 0x1, 0x1f}}) [ 1624.301563][T18048] Bluetooth: hci11: command 0xfc11 tx timeout [ 1624.303264][ T8903] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1624.711525][ T150] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1624.781575][ T2955] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1624.781698][T18048] Bluetooth: hci10: command 0xfc11 tx timeout [ 1624.795432][ T6548] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1625.071382][ T2955] usb 4-1: Using ep0 maxpacket: 32 [ 1625.278182][T21576] usb 3-1: USB disconnect, device number 8 [ 1625.311707][ T2955] usb 4-1: config 1 interface 0 altsetting 6 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1625.355884][ T2955] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1625.551562][ T2955] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1625.560703][ T2955] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1625.569989][ T2955] usb 4-1: Product: Н [ 1625.576257][ T2955] usb 4-1: SerialNumber: ﲯ쎜徰ꑲ뇝怤ⴼⲩ譴얬垹좓䴷㙏氐㜋쮳㹧㩪◞Nj㍷ⴤ岬㠃顨訞㒩锜桸瓛ㅙ掜ꃙ駕ﱔ錜뢩〠ត鋢왦彝貸虩Ὰ瘵륕烙誑罝냤ﷲ瓙֧硌Ḿᒤ罧퐖様ϴ銻峄桛ढ़负鰃뽦氐伋跗䂽យꂏ膽퀛䳝澬ꝫ⽶牵鉜䨱똼某퉤숲捛䊥爜迷呎띱녁送昑츼⇞ı湝꾉曭퓯頋 [ 1625.631915][T27078] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 1626.461396][T13141] Bluetooth: hci6: command 0xfc11 tx timeout [ 1626.473460][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1626.528517][ T2955] usb 4-1: USB disconnect, device number 5 [ 1627.261396][T13141] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1627.421372][ T6548] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1627.421579][ T8408] Bluetooth: hci7: command 0xfc11 tx timeout [ 1627.501313][T13141] usb 4-1: Using ep0 maxpacket: 32 [ 1627.701258][T13141] usb 4-1: config 1 interface 0 altsetting 6 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1627.715761][T13141] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1627.931252][T13141] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1627.940349][T13141] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1627.979466][T13141] usb 4-1: can't set config #1, error -71 [ 1627.989840][T13141] usb 4-1: USB disconnect, device number 6 15:36:56 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000001e40)={{r2}, {@val, @actul_num={@void, 0x0, 0x6d}}}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:36:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000080)={0x1, 0x1, 0x15, 0x9, 0x11c, &(0x7f0000000180)}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x285c3, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f0000000080)="608ee38084af3a3fd00ebf84e7f7f43e8294ca84cafff22ee4f286ca46dbe06ddbe3b75cafad8ec73a2c5b65845ea60897ce9e956cbcc8bed0a5c67c0bd04933c69cdf5a727e7feb6c6f762c459583436149cf6a6bf8bc") ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:56 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x2) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:56 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x40086602, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:56 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$BTRFS_IOC_QUOTA_CTL(r1, 0xc0109428, &(0x7f00000000c0)={0x3, 0x4}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1628.176712][ T8903] Bluetooth: hci7: sending frame failed (-49) [ 1628.306984][T11654] Bluetooth: hci10: Frame reassembly failed (-84) [ 1628.331864][ T1209] Bluetooth: hci9: Frame reassembly failed (-84) 15:36:56 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x4008941a, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1630.221047][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1630.232732][ T6548] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1630.301035][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1630.301123][ T2955] Bluetooth: hci8: command 0xfc11 tx timeout [ 1630.381164][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1630.389126][T13853] Bluetooth: hci9: command tx timeout [ 1630.399484][ T2955] Bluetooth: hci10: command 0x1003 tx timeout [ 1630.415222][ T9935] Bluetooth: hci10: sending frame failed (-49) 15:36:58 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x6) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:36:58 executing program 2: setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000080)=@gcm_256={{0x304}, "25dd812cbe975f06", "2202654a602c7bbae035a567430f2472f447a2fa04aee2aa31855185136f95f5", "b8dc4caf", "d6faac40a6d4cf9a"}, 0x38) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1630.862563][ T6548] Bluetooth: hci7: sending frame failed (-49) [ 1630.941103][T13853] Bluetooth: hci11: command 0xfc11 tx timeout [ 1630.947444][ T9503] Bluetooth: hci11: Entering manufacturer mode failed (-110) 15:36:59 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x25, 0x2, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x14) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000180)={0x24, 0x0, &(0x7f0000000c00)={0x0, 0x3, 0x4, @lang_id={0x4}}, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0xa, 'w\"U!'}]}}, &(0x7f0000000c80)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x8}}}, &(0x7f0000000100)={0x2c, &(0x7f0000000d40)=ANY=[@ANYBLOB="60d17c85ba2f"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000440)={0x2c, &(0x7f0000000240)={0x0, 0x0, 0x67, {0x67, 0x21, "ec22b3412e503f20d39b5d83cb378b00cc6645cb3b7f9f95a034ca5cb69360433b9ec5dc10f986c830d28687d8ac0fad2dbb848e79ae8497f5f436f97e27fb30a7e34907d95df99cb442833f8224827cb7bfa952107d98d5f77539d23628fcc798fab9b87b"}}, &(0x7f0000000340)={0x0, 0x3, 0x67, @string={0x67, 0x3, "8af774b376b0f03a05f8036228363274a9862a501b274b0c381d1249250b3ba68e5a037a8a89d15ef87a46fd00334f47c1ee6a6b5abd2bae620e5857864191d767810d846d654c90cf9d3f51c5bd29b30da8e84d4ad5d01bc9cd1f701f1e26de77a9fd7890"}}, &(0x7f00000002c0)={0x0, 0xf, 0xf, {0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0xf, 0x0, 0x7, 0x1}]}}, &(0x7f00000003c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x4, 0x9, 0x0, "d577f39c", "43dca06e"}}, &(0x7f0000000400)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x9, 0x1, 0x5, 0x7, 0x1b, 0x6, 0x8d95}}}, &(0x7f0000000900)={0x84, &(0x7f00000004c0)={0x0, 0x5, 0x71, "4fec97a8f5ce9595b6fe1961bea6dca3baae55fd7e9532c5cff4bf6c7787fa6715382595764a46af134ea993dced3bd659da3e38e979f4bea3083e1588da4f5b7283f6bf5fdce2026ddc1c23fb7147f133f38e94ba9d45d5db075063973fb7833faeea30b8e097de5d6801e7ec53c28752"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x3, 0x2}}, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x800, 0x1}}, &(0x7f0000000640)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000680)={0x40, 0x9, 0x1}, &(0x7f00000006c0)={0x40, 0xb, 0x2, "ff0d"}, &(0x7f0000000700)={0x40, 0xf, 0x2, 0x7}, &(0x7f0000000740)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}}, &(0x7f0000000780)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, &(0x7f00000007c0)={0x40, 0x19, 0x2, "7c8f"}, &(0x7f0000000800)={0x40, 0x1a, 0x2, 0xa5}, &(0x7f0000000840)={0x40, 0x1c, 0x1, 0x5b}, &(0x7f0000000880)={0x40, 0x1e, 0x1, 0x3}, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0xff}}) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5}, 0x18) sendfile(r2, r1, 0x0, 0x80005) bind$can_j1939(r2, &(0x7f0000000140)={0x1d, r5, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000000}, 0xc080) [ 1631.054483][ T6548] Bluetooth: hci8: sending frame failed (-49) 15:36:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x11) r1 = syz_open_dev$vcsn(&(0x7f0000000080), 0x59f, 0x800) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x17) syz_usb_connect(0x3, 0x0, 0x0, 0x0) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket(0x18, 0x0, 0x0) close(r3) r4 = socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) sendfile(r1, r0, &(0x7f0000000200), 0xac) bind$can_j1939(r4, &(0x7f0000000480)={0x1d, r6, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r3, &(0x7f0000000000)={0x1d, r6}, 0x18) sendfile(r3, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(r3, &(0x7f0000000140)={0x1d, r6, 0x3, {0x0, 0x0, 0x4}}, 0x18) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000180)={@ipv4={'\x00', '\xff\xff', @multicast2}, @rand_addr=' \x01\x00', @local, 0x9, 0x0, 0x9, 0x80, 0x6, 0x10200, r6}) ioctl$VT_DISALLOCATE(r2, 0x5608) 15:37:00 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r0, 0x3, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) dup3(r0, r1, 0x0) fchmodat(r0, &(0x7f0000000080)='./file0\x00', 0x4) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000100), 0x80080, 0x0) ioctl$TCXONC(r4, 0x540a, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f00000001c0)={0x5, 0x1f, 0x8, 0x0, 0x0, [{{r1}, 0x1}, {{r1}, 0x3}, {{}, 0x9}, {{r2}, 0x8}, {{r4}, 0x9}, {{}, 0x9}, {{}, 0x7}, {{}, 0x9}]}) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r5, 0x3, 0x0) dup3(r3, r5, 0x0) ioctl$KDADDIO(r3, 0x400455c8, 0x2) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1632.460803][ T2955] Bluetooth: hci10: command 0x1001 tx timeout [ 1632.467837][T11206] Bluetooth: hci10: sending frame failed (-49) [ 1632.860743][T13853] Bluetooth: hci6: command 0xfc11 tx timeout [ 1632.860790][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1632.941124][ T8903] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1632.950371][T18048] Bluetooth: hci7: command tx timeout [ 1633.100929][T18048] Bluetooth: hci8: command 0xfc11 tx timeout [ 1633.107161][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1633.500800][ T8408] Bluetooth: hci9: command 0xfc11 tx timeout [ 1633.513357][ T6548] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1634.540731][ T2955] Bluetooth: hci10: command 0x1009 tx timeout 15:37:07 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r4 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) r5 = gettid() tkill(r5, 0x40) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000280)={{0x8, 0x3, 0x5, 0x4, '\x00', 0x20}, 0x6, 0x3, 0x1, r5, 0x7, 0x7, 'syz0\x00', &(0x7f0000000200)=[')\x00', '/dev/snd/controlC#\x00', '\\\x00', '/dev/dlm-monitor\x00', '\xd7[.)-/V$}(-\x00', '\\-+!-^\xce[\'\'\x00', '/dev/dlm-monitor\x00'], 0x50, '\x00', [0x5, 0x3, 0x400, 0xfffc]}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) poll(&(0x7f0000000180)=[{r1}, {r0, 0x8042}, {r0, 0x1}, {r0, 0x10001}, {r2, 0x8128}, {r3, 0x60}, {r0, 0x40}, {r4, 0x460}, {r0, 0x120}], 0x9, 0x2) r6 = syz_open_dev$mouse(&(0x7f0000000000), 0x80000000, 0x200200) ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000000080)) 15:37:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$VT_SETMODE(r2, 0x5602, &(0x7f0000000080)={0x0, 0x80, 0xff, 0x4, 0x7fff}) syz_io_uring_setup(0x5d46, &(0x7f00000000c0)={0x0, 0x727c, 0x4, 0x2, 0xed}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0)=0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) r5 = syz_io_uring_setup(0x3ede, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)) io_uring_setup(0x25ce, &(0x7f00000006c0)={0x0, 0x0, 0x1, 0x3, 0xee, 0x0, r5}) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4, 0x110, r5, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000780)=@IORING_OP_WRITE={0x17, 0x2, 0x4000, @fd_index=0x6, 0x2, &(0x7f0000000180)="4dd24a66d9b8a0f9ead0c3b6ca5246efcbdf97f47b08b4bf30b1fa2c4964fb09f4d304279f7ece0b559fb6ef7f9729744cf630115a3a7dd5c8f5c2335e9c85bc1b954546dd225229ef72c2afaca10ca285baa73d7fe5678de34d2ccbb489ed5a079187d29b3b97da93189914290ad7c3df54cd01e13d3267bc65fa53950d8423db7d13afdf2d3e2e04462e4884f9d95bcca0", 0x92, 0x10, 0x0, {0x0, r7}}, 0x7f) syz_io_uring_submit(0x0, r3, &(0x7f00000008c0)=@IORING_OP_SENDMSG={0x9, 0x1, 0x0, r4, 0x0, &(0x7f0000000880)={&(0x7f0000000200)=@nfc_llcp={0x27, 0x0, 0x0, 0x5, 0x6, 0x3f, "77127076f984cd248324fe47d2d55c11b84f41be1266a611f9f57257be22fbf72664a7c7bfc177a9950c892e739172ca97a4c0dbf50373609a712fc22a94fc", 0x19}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000280)="3b9d7ab86a60ac7ab0aaa1adb3e8ea3bd539eaed99133866d5856b2297704fde92c6819ad2e9c7f14a00d32f649583034f23eb4dd31341dd6597d21c4d9e55c8b85b7907c6df4cbe84770d1934ffa822d7527a808270bfdd22f021441cde30d427d049db51f10fa2a96cc0d627e45d515d31f214d75ad8bfd602623b4788ded8c3f91d3e5ac8166a552efd4bfccffd918ffbd44f9534972fa6ee7042fba680a1afc28323ca37de5074b88426bdd9aadb70da6d9bed847a1b431740b6794accec3ea5f9cd789f99cc4d0c7af4f1e608e402a79e5148ec5092473c5f6e319745642226039f0ae31a5f4010cfdf166afd991c", 0xf1}, {&(0x7f0000000380)="863fe6f4a07d6a47bd126f0f323edfcb5d6e12669c67bd095b1cca9830a8933e10283c428b0cb858e49b376eb60bc592ebda28b46d5bddb248aa9e88cbdcba26a6bb89e463cd041e46adda6ab73d573a4ceb09078489e56edb2a649d7bc73b4f11ebcfd703fe54ae043fd5210c5cb843399019458d128744df700bb6eb4b230da7902af0b3cd5a7fbf5dd62fa8c3299373b4bf58d6f7efed8f551d12230d78b8bba2c0b27c728f3e", 0xa8}, {&(0x7f0000000440)="1f95f3a48741a2a80f09070b44264e4cba926c0dcfc7a5438462575681582220e1eb0fdabc3ac5fd73a7f5d3616bf13c4ee59371e476fdab78def515fb5156bfbe685f5e0490e6a010097a2d9f028fde8e7e544096720d5b0778be21e43dec72fece7089698a9795aa7af60f3e46d25beaa6d9ee57decde50ceb6a8b402e5a649d6e8cb94b8e51e74fa8321eb24d57f3f591b2", 0x93}, {&(0x7f0000000500)="93a2e875e50473bfd1d811193ea651cb66977fe8d72e9f90756f05ffb396ab7ef3ee9dfd529ce050bb1ba03af580a5afbe667f82a5ab0897ef7aaa5bf74a515672f7efcbf8351fb52f4f9d7c6de5f6f76f8274f187fdbf14436026539410fda7b49125f0a8133c8ce51ed56e9d153f980760442a898bc43de7016a72107426f70080cb002b4c28235623738adb475ec1d647ecf0232e7d65b5737e12dd24b1171385d47509301aea49ca004803d1ccad8c6800a7dc4112cb4ee84eba3caff439271546ff7abc294582308e5101780bce505ecfc0fde5debee7c8e2d93b0c76ee05b3d9c1baac898812be9a8f9fa667f677993218655e7d", 0xf7}, {&(0x7f0000000600)="66440cde0237dfe32f8c08a14f4992bb151c95510ccf11f2e2f844c41adebc6bf4000de62d91b25a37fc521eecb20084a243df7ff31991598a04ba5cf7fc", 0x3e}, {&(0x7f0000000640)="49ce3490ceec00f28c3bfe8fa4ce5e30b52089362c7f26654aa9ab7dc954b81a7a37948bb18153e642f5a6446cefae1764aace5de9b0bc16aed617ef67f1839a9caaec262a68df64427f38", 0x4b}, {&(0x7f00000006c0)="080dc72a53adb711450edd876f2c992f0c0e", 0x12}], 0x7, &(0x7f0000000780)=[{0xf0, 0x10f, 0x1, "3ce41c413c719765d76c5bcb65f7c070075ced0dc0bc8c6e6d3fe472371b7ff05e6e7d425ec4f097e1371f4e0bbfe377923cc2fa5ed13fb011d5c127167e3d01dec8b3f2b3f8463cec785ace941c187ac561a42d01841c65a1ef78272e61b0d3e6f5a6c5a3106ee8d7f0eda9b9a7a3df2821396a5d2cc41a2b186ba01929010750bb39658a7670c4275cd42d0c9064be0eea2b7b31365ec1fe9e44f58ffa8b5260b8c3d80219c3e1b63ba924aaed4ce697c3efe2b80c80c9cf679c4a4f1c6a4fa166d258208960f148003bbd719537b9dcf4adcbfa554d50d74db9"}], 0xf0}, 0x0, 0x20004000, 0x0, {0x0, r7}}, 0x9) syz_io_uring_submit(0x0, r3, &(0x7f0000000900)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index=0x3, 0x7, 0x0, 0xf, 0x8, 0xbf0cfae8e3d73c23, {0x0, r7}}, 0x8) 15:37:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x626000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x15) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x10000, 0x3, 0x100000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) dup3(r2, r3, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x60802, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r4, 0x400c330d, &(0x7f00000001c0)={0x1, 0x100}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/stat\x00', 0x0, 0x0) 15:37:07 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/drm', 0x200002, 0x106) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) write(r0, &(0x7f00000000c0)="f9d1bf989a39ac1cb64089f9fff6be3cc270ceb75315526f518f10936f54fc28c3ab6f3af88646d3ca280fe5f1f4bdd8b51e4c6191624dd5d66b12e7934d9d7273c86a3278779e3ac4f89f0b302ece2242af2a6eb5a5b3ec3e344cf696a245685024d8cbe3900ecfb60d1a63", 0x6c) r4 = dup(r0) ioctl$TIOCGPTPEER(r4, 0x5441, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:07 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x40095505, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:07 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x7fff}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000240)={r0, 0x8}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xc) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000280), 0x80000000, 0x800) r4 = gettid() tkill(r4, 0x40) fcntl$setownex(r3, 0xf, &(0x7f00000002c0)={0x2, r4}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000040)) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r5, 0x3, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r6, 0x3, 0x0) dup3(r5, r6, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x15) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1639.118638][T20859] Bluetooth: hci7: Frame reassembly failed (-84) [ 1639.202343][ T1209] Bluetooth: hci8: Frame reassembly failed (-84) 15:37:07 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:07 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x1470c2, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x151000, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/psched\x00') ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:08 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_open_pts(r0, 0x200080) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x1a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000580)=0x15) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r3) r4 = perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r3, 0x84009422, &(0x7f0000001d80)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000000c0)={r5, 0x1f, 0x3}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000940)={{}, 0x0, 0x0, @inherit={0x78, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000060000000000000065000000000000000900000000000000200000000000000005000000000000000008000000000000070000000000000000000000010000007c00000000000000fd820000000000000600000000000000bbaf00000000000007002000000000000800000000000000"]}, @devid=r5}) ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000000180)={r5, 0x4, 0x4, 0x1}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000002180)=@nat={'nat\x00', 0x1b, 0x5, 0x660, 0x0, 0x4a0, 0xffffffff, 0x100, 0x4a0, 0x590, 0x590, 0xffffffff, 0x590, 0x590, 0x5, &(0x7f00000005c0), {[{{@ipv6={@empty, @private0={0xfc, 0x0, '\x00', 0x1}, [0x0, 0x0, 0xffffff00, 0xffffffff], [0xffffff00, 0xff000000, 0xffffffff, 0xffffff00], 'macvtap0\x00', 'ipvlan0\x00', {0xff}, {}, 0x2f, 0xac, 0x1, 0x20}, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@icmp6={{0x28}, {0xe, "d8c6", 0x1}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x1000, 0x8, 0x2, 0x1}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0xc}, @empty, [0xffffffff, 0xffffffff, 0xff0000ff, 0xff000000], [0xffffffff, 0xff, 0xff000000, 0xffffffff], 'ipvlan0\x00', 'hsr0\x00', {0xff}, {}, 0x6c, 0x1, 0x6, 0x42}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@mh={{0x28}, {"711e"}}, @common=@frag={{0x30}, {[0x6, 0x3e57], 0xe1e, 0xe, 0x2}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x6, @ipv4=@local, @ipv4=@multicast2, @gre_key=0x800, @gre_key=0x100}}}, {{@ipv6={@private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xff000000, 0x0, 0xff000000, 0xffffffff], [0xff, 0xffffffff, 0xff000000], 'rose0\x00', 'syzkaller0\x00', {}, {0xff}, 0x4, 0x20, 0x0, 0x2}, 0x0, 0x210, 0x258, 0x0, {}, [@common=@rt={{0x138}, {0x6, [], 0x31, 0x8, 0x2, [@mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x3b}, @private0={0xfc, 0x0, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, @dev={0xfe, 0x80, '\x00', 0x3b}, @empty], 0x5}}, @common=@unspec=@realm={{0x30}, {0x5, 0x7, 0x1}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x10, @ipv4=@loopback, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e20, @icmp_id=0x64}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x7, @ipv4=@rand_addr=0x64010101, @ipv4=@rand_addr=0x64010102, @port=0x4e20, @gre_key}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6c0) 15:37:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x10) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xa) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1640.869537][ T1209] Bluetooth: hci11: Frame reassembly failed (-84) [ 1641.100221][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 1641.110696][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1641.180210][T21576] Bluetooth: hci7: command 0xfc11 tx timeout [ 1641.180274][ T6548] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1641.260628][T21576] Bluetooth: hci8: command 0x1003 tx timeout [ 1641.268542][ T6548] Bluetooth: hci8: sending frame failed (-49) [ 1641.740200][ T8408] Bluetooth: hci9: command 0xfc11 tx timeout [ 1641.746434][ T8903] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1641.980244][ T9935] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1641.980875][T13853] Bluetooth: hci10: command 0xfc11 tx timeout [ 1642.950098][T13853] Bluetooth: hci11: command 0xfc11 tx timeout [ 1642.956393][T11206] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1643.340254][ T8408] Bluetooth: hci8: command 0x1001 tx timeout [ 1643.349438][T11206] Bluetooth: hci8: sending frame failed (-49) [ 1643.740040][ T6548] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1643.748997][ T8408] Bluetooth: hci6: command tx timeout [ 1645.430017][T18048] Bluetooth: hci8: command 0x1009 tx timeout 15:37:17 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x12) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x228900, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) fstatfs(0xffffffffffffffff, &(0x7f0000000180)=""/177) close(r1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x804) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f00000000c0)=0x2) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000100)={0x3, 0x6, 0xffffffff, 0x2, 0x15, "3ab57ba57b9d96b0fffef7fff67d289cf8ed52"}) 15:37:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = syz_usb_connect(0x0, 0x0, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000340)={0x2c, &(0x7f0000000080)={0x0, 0x24, 0x7d, {0x7d, 0x11, "aade197597975182bda24b9883abfe259bc869e4acc14ae5722b883e286a9a460c82c340ec0977f8f3eb31667a1fa9b0227fda28ffebb9136bdee1ae67aa8d08b8ce33a679491599ceeaf954b4619b16a3b1e55473c71ccf7494d81454255456bfd67d0304a08215b0eadc3fbc61eeeeaf4a8d8c1539f7beb4b3c0"}}, &(0x7f0000000180)={0x0, 0x3, 0xc6, @string={0xc6, 0x3, "a58b90daa4bf9d7638e3847c38608a1a0cad0b0b712dc7605fda7e538298bedb0952e652a096dc016a1c3334a151f0a69a7cef17535d128225f7b03701e3866bfe9ca081156c067c4075186744b9790671750650ae0db7d2777b61a455672c29cb0b851687065420675846da359de2a2a1dc121fc3a4a5cbbe85bb4e0a2da37d905c883e233e0baeaad7b59ea541cbbbd9c5ab4fae4701aa7b28bc86d5f6c917bc7b288c2d3645e0317cfc0375204e0e497a76085d3cd11c74c5aa9923bfc71620d6b4f5"}}, &(0x7f0000000280)={0x0, 0xf, 0x33, {0x5, 0xf, 0x33, 0x1, [@generic={0x2e, 0x10, 0x2, "8e0246ec0349a962a7de3248a0d47e28b05c3bef02705179d3aa03ca715f022af7581c438340a9203d6d9e"}]}}, &(0x7f00000002c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1f, 0x80, 0x2, 0xaa, "3e5045b4", "7692b520"}}, &(0x7f0000000300)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xc1, 0x60, 0x81, 0x1, 0x3, 0x1, 0x7}}}, &(0x7f0000000740)={0x84, &(0x7f0000000380)={0x40, 0x5, 0x2e, "c2ed5ab6549f856cbc2e0ada63a035e4183f249d1c414cec95f1604e501b08f9aecbe52163842914227610148c78"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x40}, &(0x7f0000000400)={0x0, 0x8, 0x1}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x1, 0x1}}, 0xfffffffffffffffc, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x52c6}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x5}, &(0x7f0000000500)={0x40, 0xb, 0x2, "d17f"}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x1f}, &(0x7f0000000580)={0x40, 0x13, 0x6, @broadcast}, &(0x7f00000005c0)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, &(0x7f0000000600)={0x40, 0x19, 0x2, "e528"}, &(0x7f0000000640)={0x40, 0x1a, 0x2, 0x5}, &(0x7f0000000680)={0x40, 0x1c, 0x1, 0x1}, &(0x7f00000006c0)={0x40, 0x1e, 0x1, 0x3f}, &(0x7f0000000700)={0x40, 0x21, 0x1, 0x20}}) 15:37:17 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x13) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x12041, 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000180)="100174b4c3b974fe7c08efad28964f8e8abe59bd52bcaf6d85f06555599930ae5a4d1cc8df366c9b68711e18f924e3486daef246aa5fdd3ddeacbfe567d279d1d090ba980383b1db93dde5af26c077847621f290d390e2f24db28ed12aa01921bd430a731e7d950c25650f5b15f12bdb36f40f83ea473cf0751c300567d12ff962b84d31c461544206c4ec81afaa224c9021379a9e9851d06a7dd12644e1f4b4284bebc5e2e9552f041ee1bd14f6d58d24e6d23b583093bf0e517a204bc29f3f8585d413095a5ff5f9b6f7d75cf93cf1a4", 0xd1}, {&(0x7f0000000280)="1b7cdcf2339185acb480a623a431a4ae7d33d47575ccf0fe6aaaeb2a1ded2b23645b8097750f339a87c0858c3e1c1437c8a498c841c7478aef83e8196eecd2c76a716e72f1d767ec8919d2bd04eaa0e5067ef1258c523ca4f164fa8e301a9e662a2c429edfd2b72e35d59c8eab154266b673cfba6588c664d94a86c89cd62c6932db17055e58845cbb49d4158aa4fec44ed0a2cb519d8648582b9f405a217ee592bc6809f09ef6d4408fa420e21677d0d2033d24b3c9c654785c0d1f82cd", 0xbe}, {&(0x7f00000000c0)="2977dd092c498f8f74eb5901f26188f99b7309948edca5cd4badf6c5176cca99e3eb85d818e53669b4b7242f500710d4fd6276ec97ed0e7b22b9d8dc699f139da05c7c700777f28e4413248d", 0x4c}], 0x3, 0x1, 0x6) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:17 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x40186366, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:17 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xa) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(0xffffffffffffffff, 0x460f, &(0x7f0000000100)={0x22, 0x1}) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000080)={0x3ff, 0x3ed, 0xfffffffb, 0x4, 0x10, "4ec88465fc83bc7062faa71ecd3468c147cbb5"}) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f0000000000)) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KDGKBSENT(r3, 0x4b48, &(0x7f0000000180)={0x6, "9f05b9bf6632a5bf23dde2d8623defc3780d66d4c9c565b404f4c6fb1f7db8ae8e6e000919d107aeb350641adf6771b664027348dc00dfe9b9ef76272eb37ed6a4eae560489bc3d2a5c9fc35b697ca7f4c1797c86daee2e822f5d16bb6a3a223d98f45deb376fff6f70b470db6855f003af361db23bc149e2d74caa4a1524d1949fd877b95f829a301037bd8f8cfd2d204fc04a322edd01b9f5af8c2bd63891fad2879f63af07f773859e438758ba6d4e931abcfc0e8948c578e91ac48388bfef76ace0cd73bf4c9756779ea0f94c3398e356176ada90876a7f06640b5cd6aadbf5b7bcbff57251fb5dff0255cc1b8f1b56a03b8041f4e98fb6006d3a82232a68d8938a8c5b4cae5fb19aa0be031f5ca355ecbcd046ac57933e61cb2b5e358ea4df3c7cf08b69965933f4144a20bda208336dfc38b6178b547b6c788de64cc9b4cde334e5e48d369f3948a5240e9091ae0ead27f6d6429cba0cb630409e7187fa43e5ca665ea2aa8211939d3c6b53d9445822d3f563fa2420f710641811eae365f5d4d0c87840ab8ed0685537df2bfbf76294757fdca21f20d4fb5aeb304eea60641db89770729a833e219e27b334180509012b738215548abc68360d23fc8d5bd9c0c9e7114a09a27aefe40c1435e3b303d255b226dd3871a5c2f017729fa3fbc127b3538610f840da29cdcf983ee1f3684cba1189fb09caf02b7185ba8b668"}) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r4, 0x400c330d, &(0x7f00000000c0)={0x20, 0x9}) [ 1649.945445][T11654] Bluetooth: hci7: Frame reassembly failed (-84) [ 1649.990397][T27301] Bluetooth: hci8: Frame reassembly failed (-84) 15:37:18 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x40e200, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:37:18 executing program 3: ioctl$SNDCTL_DSP_SETDUPLEX(0xffffffffffffffff, 0x5016, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000100000002007f79", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) sendfile(r0, r2, &(0x7f00000000c0)=0x616, 0x2) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) syz_usb_connect(0x0, 0x0, 0x0, 0x0) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000), 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x2280, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000002400), 0x252000, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000002440)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000002480), 0x10) sendmsg$unix(0xffffffffffffffff, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002380)=[{&(0x7f0000000180)="183e4ba65bfa729325125d5ed974f157ad8d5da0d18ff093b327409ef5ab35508083e573ee59d7e2b0e10389acc6726e208083b15b88688eb1f0496f57f4dda436864b92364f98e7d0fc673135795fe5aed8c3edf680eea06b70a7340485e2cf14224d2946c2772c473ef2d26cba55a9ab637f8b4cc4bc2b394470c7021c0a2dc4dd501f70da3d74ea43f8d7515970743f6be2a74b783db75ffaf4744e96617492ddb85e080d91f1962fdb4f4c7b0f44748483097825a5b0f8a9faab5c9d643f4f37bbb06f6ea5997b388ffda70c9ed67df6b62bae18ea6ed2ee4b53a04bc3686fba", 0xe2}, {&(0x7f0000000000)="16670ac813332860b81145410134fb3b444a1bbf084abce77b2e7df1b25a6cb1beab18d3b3", 0x25}, {&(0x7f0000000280)="78a213c40e36ede04dada7cf6d8f82d0c0b4ef8c2580e2a6731d3a622c41981171a79134a14f72a33cb9588b255a9d1bcc016748970f2f65122cb3292bfe4c3d65a1ef907e80892ce7fd8917dc5b7311f849b4f5b01891531f4c5d5d4e16e97e217b1ce8ba521b3c4dd152399a15466c54c23fc2d9e9523c47c70193da996258185f8b53c6656b3a659db8dccfee4082904600a57d5af902c1e6f90620f36118bd1ca8f119de557a730ff110c6987f9fd3d0a6a14dbc4f295357cd23883ebed6dc2f072b0f39479086a9abde44a5da817ac9c4295483e9157cb76a3dc24d40d41a50a8b09e6a5f016d3b272a93089232c38f8050a5abbf", 0xf7}, {&(0x7f0000000380)="0ad48a8120a66fe5268a8144c81262dae0707cc8b0703d2f59cbb12654f57bae3956350293f13cc0d604ae0ed4e9ed4536f93d6b68ed66ca862a29c9411a9271efd811262a31ff8a99048ac2f640f553344812dae68e2b47b92edc24db849f7a229c753b35e70350f6415251ea2043b3ff859eed0b94b472fba0ce2e4175133082333c23c20ddfc3e3bf458a45daa5d678f2dd49f15735bc95119e589cbbd34d6db5440123bae175f4d9696a5079f1625169ad54f7e6fa8d31cb3f422417f1a0572f0299043af47c7b0920d80813e57e9112934f40dbe009f3e47b2fa922cefb94eed61cf734f1ef082f0bfbcf625233166531379cd6358fe38668fc726c925fd15706e2550d41070404d3af23e4a930d5b4ce36debe0aaf345d4632b437b7fb5618ff7970bd0f13ac5082dcd46ddfea8027a288a2deb4a5309031b733ea50f70d4a2d65cb20ffac0c875f24058564ae30f723cd0ea65f7d7b4c5ff674b4eb0d26e79c6bd25f303f0bc764ca0429324649902bf70cf59bf2dc1cc234f85d3e7e152bc636fe7c3c45a69cf041d27d2e6bbba78eda3e8e0f460b7bcf75f0570758ffa3f1298656f9254d1492288583b85c654a11b7121c03966aa5f1fbbe70c54fbfa08097d319621776ec1d5b7e72e944daf145490559fc343e55f3721450dbe7126babf6a8583a6c5cb94ae66a0fc087d764dc179e877bf295868905fe91494c3a3758924f59f3dd80fc64be76e67b836f98ef858128dde8a851c123d8763c77535ef28d0dbaed12da44968ec33ae163d99abedafbea87d33d01d46cf250244a274275e25cbd2f5d55cefa90b8a1267822a052bf978fb07ffcb1321e2984636e82bb7943737e8b8608fd912809d68fcc7da3b04ddc108e8a0bbdeeb8bf80d76b9d7f92bfe949b571f78b2a961ee5a2757853972e246547c270cf66315b65ee1d44ccceb90b3e18a94b953dc5b5e5aa3ba1117ed7b7b29eb25329396dac24fddaf9da86469f166cfad7bdf7db1b0223c5d45d8d8b2c888b5eb7441b5fd092a26b7817150856e41cdff384e0384db92653d9efb49d4ede14d07efb12e6a13d5c2d3c1c6500d180fd70cbfff1da7ff0f39ab6e78b50794ae724a8c03f89d66886d3b37132f4c076a559f2c929c937bef5cd89e6ae3269edc4e0f7567440b091357551b0b7b60fecda8f0349fda3cf45843bb0587a11b9924c13e4becb6cfd4b00f8cf2883a8cdd997b484d0615503d2b5392351f257017e2ec0e34e2f455fc1d1e5e47d1d200bec233ada8e9ac2269f6a57923f08359e9eeee50229425e816fddafbfa5b8634f23115349cff46bb7bf131f15679add5f6bbc94f5aa8cb17aa1f3d1233e7c5136e8f1a97ab7f33d96de6b476b25d2923b3b0948179af2ef395a8039f19b938b0868ce31fba885edddfefd5e1307f15496652b275bc3fad090541225f7cb193bf3470361e5102397695a9ac1784dd4781cd5166816bdfaaf4a443fb23a367f5f69dc615d10c61bbefbc0ad61c5f9ba374dbcaae4aee53b3e1a12a5073835dd568ba45a219a423ddf4f70190dd92ec8553e8adf6f158d4efb341892be7208ebc96bac70cd10497d425378cf6f91bfae04d0abc2400545f439cc3f49089715dfff11ef91090479ddf3804024ab80a357180b92bf613caffa8c134aea929a072264f2cdfb44b4fdbafbffa8e8ff50126550f2ffa30e057cee1df01b2e95da8eab0d5bebf1c49187d29687096d7074d38c5961c572fd676970b3be6e4a08c6fde4bbdbf1ad00d4413110d5dbcff88c88cab8f1502b3e0162d9e052cb1b422be2c0fd93af0e76bd9889b0b63a90b43676a3d0ee91fa578a1e7dd0bc6735949cfe93738e88d0ed250d9816b16e0a1410c8c2abe7f43a19a22b26eb509e2c2578da01101c6a9c9e688e1e89f840657ff6edd22b35a075d81cac28df1cac9e552a3e2e99d53bfbab6e0667ceeb27b348a6fe59651452d1188d4fd254abd94c82e1c3b46e7b7605b4092f0f2bf7c20dd3ef464848edd6cf885f79b98e84b5b5755c37596605e622c3ab3952cad297869aea1418dbf73fe1e0037f6ab74600a0b828d3ba332989b427df66d1f1f0a55451e7cce5ac8c8aabd413c1cc325759ee52ee91f4984585004d8b012b965229c6dc48ce338259cad7af2a16a0b380b28b8f9e45eb19db02a4740ef6cd919f65eb30aac5bf2069504304214a4a0352a90cb3f3b3c7d9b9e03b740e7e5c14af27aea0b96f90cfae97d1e78818fdd17031a7fbb0a354cb13b62635c1271903e94efc3f2d6a2f97764791f761635faede0b655d4a0f28c57339015ae840449239b76e17a3feb64b6feca4116869b6b2122bdaee7f255ec24176b0e1dfa80ece14583a117b9bfa012b255ab39a456e293d9dc94608cc9dd4ed47f769ca9c5809ff9dc38ea4248d97f1e4553750fa3487e36455f9a3d6de8387670cf12980c2bd30156f3277d7d88bdeebcaba6dd3a09e313aaeec67c6cbf79b1d93b04ef1b44c727b056ef645aa002a05e73cfc868d3ee13dbb60e46a332650550e8bace4129f5b68b2dba10495de197e11a9f0fc14beaccdfbc5bf55d31b0c5a14d58bf4e0d20cbf1a81877f0d299f2bdda2de7f311a83f930759d9e2b6cc15c98a529ba29d2ad402a34837a5c451b3ef427979b086cce05912722ee67c34784be4f90ea1416e96ec09cd3ede017566d908c79651000f96e4b0a15367244d33fd9ca1f017f67201d40eab642d046b77b8f530d05945f6c407eb3ec7dac176cc8c3c342b8cf6769a21cc033daf8d274631f1416f37b74b59ef3edcdd2be63d3ec8fc43eb7c820af97acfbf7fc3bf2d658809a41fcd56d967c9851f52b465301e3a0d3e97dfe97603f0d9d32b00fb9cd6ba6f229087f390227f161a64facafe64dc892754f505fd668d8a575fd452b653136120b179b599ffc20dbae5c37bf68cda6f110c2ee0464001fe392a4025fa5b72f28965826372bfb1208137b1852ae9f7968a30916844349d67844d0208436980bc2bcc96da98538cfc8796f943748bfb3021d652ca7d2ba363bede10fd1138b88e099daed66c0f521b3509bc79af792e29f0ad57abf28a80e047aa60621dca42762e21cd3f099c818f08e0b0de4fcdeb1517a27087dad6980ac1d1b14225efdc02526a166ad72cf0067d05c9f6b0b75bd07545a86b42c23b596ec831d2d4f77fdf72ef469db4c8a852c2055bf7c68873a60434fcae9c6d18d14ecf02d72795c973a1958a63b352a85156ad084fd00c5d5708e81117ed7c6b6958533e79d933c84188caad734c32b617b7c5381cc9272225f93ced4cc6f0f2e98b386e716ab328714c4b061203f12ed86aa5e9c9e7d38677e194ba499b3306a084ebd7c435795db75ee3048f7c1ffa9bae278f671da4524b8a7ce69c811381471cc0f4dadb65a69a4ff3124d975cd7ff590c0fd1b2b286014d47aacfa26da76a8335dc466c5d434c01e3cf0fdb8581eaca2a513c77d744a511c0bee8030c4fd9b6aea502823f00549ed8293d7823e91a29a85df5ca71d4d500f3bb84f1c336cd455b173f6d89c02366d645b8023772dcbcd5ec8f16d29411df9ad5c8af88c743c6ef19c77f8f8da4865d7ae372a458579919907993a3d1fdaf2e8bf10de51ebb8ef63a2f8601fd9eb640af6c61ccab483684396bb8a2301c3d055ca87cb70275878b7465825130c635b683b6b48076024c4f9dae9f94b067191c348c15f4cb01f37b9176a09232b90869884a7c0a5911058fa6c6290202850c53e901e5f99a41fb827a35ca2105830cf432709c53214c3cd04ceb57a5d4b7967ed3688d995b1129a9220a2d25b51f76cfbb2d8f638e389244cb073053e3cd7c935c034468fd1627dc32a4a608937061a8ab474b9ff8d760bff2298e8d7f323ae1a2a6591b8797e84a956f2e730fde62bfda178453de7bc701d4b6a88bb3b0d0ce8248328317ca872d380a596948b2439cc9df653107d03477bd69855a94a556f6e545ca0abf1a295a6bb6697fb62467b599632e0deb9bc148fcfae6e1e262d45eabe22ead160a0078671e632881b2fb73a301711509c47ae3733afdf607350b32652023cd61c4d15f16c534591861fc938ff7dece4621bf0bbb7172fde94b91298175b6e773a17434098009e1539b4fa9c725449c015217239f435cfc570ebfea40f9719f4cac74ab51a79e80272102ac80d759bc61c5b7036309ddb3ada6b421194650960413246a18f0708e1b42a08122c8233f049b3da743404908541ded58453c6accd71598558acd9f2517bf255d2f3a03311ad0a3e81c5821b4844d260d8f8c753bbe61b1a3484113ebc7b5a49fce5dddc47de1f4d859bfd19e0e5a82f284ccdba50ace8ee98a4f9895bf237d80346d79b314d8c2874026383e44c728134a9b2654cb30f6e8885a84a71559492a16ae29a189d2dffcf77de0f74a514dc14c528a4868d0b394bae2ba7baa8d927625d7d47c24fade61d8ba790646b78088949ddcfd79d527f93b4173708caf9c3085f332522faa35adafb2324a0d8090ac5233dc570198dd8b9911a48db29cb543a0f579e79188ec1249e14c5ee7403d373896dc24ce6531588a03ac106ca6004c7b8550a9b709a2cb3031f283031796999308c1bd80f01db7ed0d715e8b51121fd8d18f8c0903e5d540e27373ecbe2e08c5bcd36e424489c5f2497dd6c40b0cd13b0eeff36440b67caa889507b94458f0a312c6cada95be277d0fc8651e60033e49c05cd47c7b7e710308cd07d7fa1510268d89014b0d2357e67ea9380cb776f22aceef04c09232cb9f20d63867f617cb625931416c00f017f740e739b98dee07a0a19392189d5860fe303d5f10f18477cbefd283864e554a28323a2f2abe7d29ebb2abc8994b2e24e4123355e350fe3822b490586c3012accc12dab3fcf90443adc348e61b8c8c50b68717bbc2cddf1a63d4c2dbbc72d802d77e3a54b0e3d3cd2f076512567d60fcca0cf1856c0dcf91b2226cc45b2b4dac5b4a23461e52b16dced7a4d31f9823bd0b39f9d85d3b4b53194a60cc288daf378cef72aa94ef5aaee02f7935240947ecdfcffd2b8d783c16278ba4e41688badf6d2b16a04a59c57bc8c641db66184d0177c6081c830bc8586aa48d33fa14c1093ea23de4c6fd57445a39ce93e1fee53fb018233d7532c5068e9ffa9d6672458b0cb31cadee0c85e629301daf2350d959d7c8eee5944c7062d48c469e50a776d2b096c5fc729e71c8e53592f76c48d5957050707ee652c1b7b5021776f98023a67f68c958af2c8b14e64c561a2b4c2d1a2aad0a25153aca4096380ba1c6df2137337102b2395533f4f23840e7d69ad4a0bd4084811c416c786b0c04def78e769c3e3d7d8e24f84e5594e4849c7e90d8fd5e9d8430c6beff1391ab2eb66bed13bccebfc7bc75128efc4883220255149ff928c93e59ead2168345bc5437aa5551d1f07be069c18db4a7ab78355bfdb953fb115fae29c7e0f358848a73c2cb73c02a1ef914837d952b9139fa309647effa11fbb2161a92f5061cf12d9810d86bb4e7893dfef7387203f0156e936eee2cfee003a1bac5e2470d28f8effaf844e1884659903e0d55a77aca233160c319df1889eb8dae9de697bea8566e36edf48fa0cc1419887d266d54fc869406e8092c5bc2c75591214ec6f7ed6e178db21b1b64246b01d6c3a2f3427ae229ca244f1f402f7770c013a3cddcffd4d4cbd7362bd50ce2e77fbf3f896b482b06c49e2a15a35abe719350ef2330710a254ce0cc913d950039418129caf2acd6ea914a42f83", 0x1000}, {&(0x7f0000000080)="66b9a8a443ce2c10b6eee752d177777532dff3dbeaf459aaadeaab51b521bdef1f15c67912f66ca184c90874b65bf3534a5bc8c894ec220395d935aff3", 0x3d}, {&(0x7f00000000c0)="8c171ceb8f834dbaab65913f71776f16e5cbaf9fda3e63c7a62cc1a204884a776597c6f64983b8bba52b9f7a8fc5c0b1a51f52fb7b2c5ef3acb611091e3000c5", 0x40}, {&(0x7f0000001380)="91dffe56eb0655ad7ead8572c1962759b3ddc08e2150218dce9cf60d437570daffb63d39c71317d6a5ea75875e4038f3dc4ad112d8bc6b112f4753bfd49f77b00236616f738c82acbb5f1f0c63d7d42b22586b23577cc28200bc1555d536666020141105a327dbe2e4dbc22b387ca428d6a3826cd504f683cf9ab68421a5e56cbf41b88d4d29c5819743f715b469894efbe392f2b11f3357959ddc4c7fbd43a309a370a419f89c6392bb790595c702654a5e6b45b4ea4bb215038b44cc9756c6b7b9cd06d5effc9707ebbff8b3bc536944da530b80dad0b6db3f030302fb8378d1070e99290a20d216c02390097e01b0a240c33b3b10650734b940dabb93419e613004740630d86d4e0cbf1f920d52a5634af29dfaf56bd3ac1fcc4094234056a914add268a25ea7491c1589ec32e8f8fb3eb89423fe01faa593eaafa30a9e5c63afda60128741b92ab3acedc2b474d128aed994867fbd1f9d44fdd7e64db53da70cddd206c65c0b7d0c7e57ee5d09cc356fdc7b4612a86ea7a10838844a909097547963e4b126a83911e166a28de015a0e6f0db2aef6db775993a6f22b6a3c62bcbe1e03f6e929614e56c0bc37bb13c3abe25201163da3dbdc767601fcbd5f598516f0e9a83f715c6ef548fd9e4a9f376e2863cafe9942c1be48ffd5e6c64f8ac130764c26ec2238853b67935e2ef5f62c661b94613b57287387e12b01e447bc299ad64bf0519d9bd90ad9424165c0a324d53070adf6688615bc200aca92a3d34e698ac486087aa45248ee32660d3df30e8787479946301acd2678cee84f9de417ff7733a4e9d7b8a6a549c55c35c99d78f0ecd0cc8984ad85ab471088ec506b02605c59bdc2d3bcd23b7bf6e0da7691b679aff2328532ba8731ac1cc5e38088373a9a48e5de84d581d286678bc3e6ddb6967522050c355ef8dd0b505193ee24c01566367ac9b291695a59e46f6e1c51f97ee395d02f09253293a414129dbd1504cc3c947ed46bf197ff29fddc3f3ab991abd45139106c6b07c747535bf5069342f70d466756b2b6f13fa4466e8bb60db3f05b883f6c557c1649f36377986f902d36a7ab2e377482d003d13dab2838fda2ede624f0bb72fdd48d5792b7bdd13c3005428f707776d73215376bdff126e1888f21887191763ea492791dfa9d9a5e73f81a17e99667ac2d062710bf0349b1e05ba32849f55d235cb450f309661becadc0415fee536e6569779467f5a332851a3c3ffba06afd95b99644ce3ae64517ec83a02a181d09d47bdfc07f4b45733473b07cca290588de043cccc701718a11db5c979d9610aed099b7a926a7aeb66912596dce325cc396e146d8cecfb3489d2fd69f5ffb90d6e9fd280299f4af611412dc809dbf05bed6021b777ea6e548b00137ea2f6393940d791e3160315d5f04f250a9ac4d42de1c4a9821cfa0aafe62bbd1f4526168dda3d2d6f63b1e8b5c0b828f37cde8d20340f94605ddfafa81ce1493d79e547207e1e31d8ae5ed56f54f64a3c04128b339352021eb2e221f7bf811fedb486493d9fb6a0c35d73ce093c6b48f8c8b5340bedb240e3128f4f6bf734cc6a79379d791262e25f6a268ca0930c1ee40ef4646d9742199825f0a998680fe9500c5f42b1f5fde97c8aacb68e9439f63db39705837c6faf4aea8bee9298b33eaf411b400be2f734e0218fcdb1f0312b83d64272abe247be0d832130809b8d96eb31b81061995c25d4db99936450f06cfc8c1e52e5b6e1b9944c88d7537a84ebd25667c43db40a8987303428dc2ff568659ef3ba8f29cda847e83041f821f2a588724760fd44766a48c813dcd0ce7e19f67d4717a8e103786fb18d8dba060d7bf23b69244c39b402333e20d35b41379f8e500aec0dd1fa93a70d6dae3fa483661fa27a7eb6a3a64c46859a9e82d3ff87d771ab4ca1fe0356d6fad7f9c80b0fd6c3aaab2c7c39edf054bdc513df4526132eba85efcc565b375b8be604a064936147db166cd2e0b8958f55250318b0f10101d72676a59b3f257a5c34855b75d3bb98bb4dfd80454dd22055dabf89b19e6d7133e1701240ad3d4410b8f08b7bcc364081bb7859027ac1048dde5558d13f5196a53868eabc33c071b78afde5e2182b6f9e0eeef02c73dec08801df0b9ab68cb774e6bf511ef7d755f8474dcaf9e4bee23ffffda799c5473bb1631ba8894788826b9713996c58e3f634c34865a2cce70ff537548648b384a10efb839efb33d585cd2bc412ad5b6c791dac745e5c54b542858a432ce562dda9aa22429f8ec98d00e376a75f7b4d286841904984ad911eccfe873826de2c73b988e28cba80340252a237cc618bcd4e4d336d6e2fc08f638c1401a66eeb8733e6ba61555896afd0655966490024e3d74872771dc299d0dfb6882163155b3c0283ed2a3dc1c6bdcc844ef059ea338630e5b0a546b7be7d08e6a9d05a8375230da76a9c59849899b04535e529109b1b12e7f53676bd68bb8f5ef6e8e95ee8a5b04b1e6e18921ed956df06a4926b60dcbec84c779478bed865cdd2b4f2a24952d7f9e4c5f83dfc25679524b1abdfef57d3cb5ce2e3b7362032ba3b7cf9acf6912dbf90c82898560fc8742d481c0b670247d129e64ffe23e7062cec9268791d36e29cae4688a453c5ba54353f196df98da9c6d9ec1a6492345100474474ebd6e595f07c1d601802c7879c131630192a569b2446159d93c8fb263ebbc78406158e018c6e06c9af66601eb396000e77687e2f405469a0f9dbfdce72dfd81ceda6702a5de210f9f1c120a85061d4c36219b112fc5be7f249d19d8076307b6c92d823daedaac3848cddd1abc26c989cb0dfac7f998d6e3dbe17f9e08b5ba2b709c831ab680cf84f27af69bd67846c8d859d0d1f0c7fa4c98d66da72112d0425d7b832fc13a30b0045162b4a98ae43c733508797e8b2d551730a3265e9519d0aae5ab05c60a9b13bb5f687b6d8f2a366b5dfb703e44a8ead0bb1827e67831c38487e45c2d0d208f1e9b4af9e7a13ace38670f58cdae3fb10828812a7f95432e7b33241c95b29f595a4ab1bb7bd985bdee044badbcab4c48303e4ead77cd3689c78ccaef8aa20cab499c79d81f46980d9316181081f38e36526041ca2a33eda2df4d94627d96397082fc369fdb2e98637973acfd96bed2c95a782e0eda7d799faa18f8d6b9bdfe7a1737dd4ef23aefddcf86026710e5b18f3451b405ec0c412078838129339fbe3c6d46de75e3af2a5a2dceda0791edf2abae8f78e1f4688e882e8c1a0910d36bc66904b325fc00286ef585ee817acb8e9c2bfc31f12f36909c73c565e2e01850c59e90dbb779bce7aada6c96d9851971f6fa37085e5adc0dc014e5b900222526220cce40761850c158798253c0e0f476780afc2197d712f054f2dd948ef70a0db380ca7f0a8cbaaff12d70a050d253d0daccbc4ddd5f2399108d472717a6c92dd5cd912ad5f04c5ef73047a1380219070c8d780cdca6e86d2f9f768441eb665c187b9ebbf70d7e358472782820d01c57efb9b64156945f65e720e7dcfbf55894e44986f0a7c00bd08b225f82bb2b2b07c7b696fa312abea3203f28661b2e01424c85aa539f4f5c0d28970066753e7a29bdca2d13b5a3e130e92494d17fd5c2fd91b7b09a0df801a4b4b9c9ad49decf52906372dcca98f3c6e18c77c38d6c2703d759f916fe27e8c05baa6e9d5f7bc6fc2ca71e3ee46d23d868375d775d5a449e6471f0c2eec6a1a4d619f5c7b9c82c61cf087a757188f8931ed3fcb2150b21a47ac97db0cb22cb4f7399fb47030a146f14f433e0cd9f968b5ad6d886666b6d778c3a2527bb5c895a047e88c7656c4fa3fe80d5c9114e220fd38f24a3de3532a81597d871e48dd1a69596aedf41e01b1754310cb92b8c40aca0b7a694bde37f65a23a6b61bd202a1d43eb7c8599974190c51298346864f695a807fd3f0d5d37d65154207f0977b2bc46465748f81eac3794bcd7647dd32cfedc763b62e41b77eabcba00bceed44c54ba6cc182683eb88c4819e5cf647b71a15edda29066f7cd4969d830b1def588c196779eded4631db638291e0ef2fa691938df3b97c0ef29f3696375942293878e06271165193b5cf04ce3fae2c7475529c36233fed88d33f2cac3bb906181b1578894b28e3ce099cdd0770b6eeff1b357c338ffde372b5ada0db5dfeb6a8a873155c77da20b8fdd6461c3328372975a497eea2788f98a8261b0ccd14be1721f8a8965d2f594c2abaab311c97049078e3699733b3dc65beddea82ea01745e63c41da2158076701c45a326e8848c0d0c93a9a9b12842c52c5176e664d6e24b4c3edd5efb9254126543463d9510d15e1d4e25bbcca99245e6ac4b32368ce71fc08a171549e6c42f073679462fb57514e4a23859239cd87c0c39cd5df0a8d8f705bfcd3ae605dbb820f94f000c271dc8d98b900ceedb9fcd5b56a4be28cad4e5f0781a03945a0c63b18e7cd86773b3803c470a29af8913adc28fea7fd8df8dad8fc19e39d0f7ddda7dfd4564da07639654892e400584fea63f46127d98e0986c8b21ef221c65f59fe2787711be4c4589e52ef78b34ecafc501e31d66286215a243c306374a1d14115fc516a2b3242d4da152e5e7627f7f0b677267420d294930456f1c094ba4e37dabb02d2dc1f7db6dc619728a2a7ce62c4794084578643a55a3acdb9135287f06c06b3a8342f5ebc56c4977cfa93876a73ce79dc3c4b458ae7987a78fa8c0c894f75cef5cfec944ab2a8b95927e94c4fc26625920fd4a8877b6b8e1ef227c364c96198bf6e0372f28615f404c0ed7dbaf35850f9208fcbf99f49deff6807d5c8a91d5a1713470a807b5de407dbac29cc4e15c591ce43661f84687edd741d60cff35871089dcce2744c7a5ae7963d7675aaf149ac96ff7f7bb226ef1a72df3ca3081a2c9a35d880f3efe1fafe3db9873e83f180eaf6a00757e01c69168a18580659405b25c1455d68af5e0f9297738a6e8518c72525cb93c48621adb310f454d89a84579d7f8fb296466c1a2ab072e16992b4b8b8a2b779f83e0dc75ea654a34e3028eb13c6eb08db0fa3b9b7d0ac4c1282ddb770898000d0cbd14e0d4ff0285a162e819b95ac944d091e31eda4285258771e1deda5d7227a870472dab12f405e041c98841a48958940b5f6192186441629e0c00efccc2827b663ebe3bdf63e941f27bc2a5a2d95bdce71959bc9f13c34336dd08d8fe1b8f6891cdf389637ef2a3fa5ba289d15a4b459a7ee111731953193802e50131b4c62c0494e0957e3e8f8753ff15a6f08dc0d046b37adf83cdc126872660f26e326d00b71922433de8fb2477bcf176231e81b2c50bef41f1b53243f47f858a3ba102654c9319ca21541324e596f04d5abf4f91d2915ae1b50eeb8cd0bac212b89168b48556e3be10fccef812a35c4ad6700085b2d868a9d7150f36c71ff4d99e8352d0730072e59a1ed620ed447e2b2cc54dae5ea3fc42537e0ded13c92a26e2a3fa893faeec697e2602d1379e0f9fd139e0edc1e2d25828f8204d75490f00a5dedefb41e6f196bb976b01cdd99042e5b788efc5dd0e6774550a26288f3e8759fb88d4648fa9027c67a8ba9f263907a143c7b9f4275f711e287b1806537b9fd359d201fe7b6d038da966e933c4f8c53860dc278c44e1ee6c5aeec40c63911da3af27b46e36a9fb5ddf5852fb28989562163922def796dc05daacdd81d0d8d6ad8516c73ab3e33117feb468cb0408615963e6ca0bfa0c7ca188aec2387f5f6044517b72ffc43988d4803e6d2f995e209ac8", 0x1000}], 0x7, &(0x7f00000024c0)=[@rights={{0x28, 0x1, 0x1, [r0, r0, r1, 0xffffffffffffffff, r2, r3]}}, @rights={{0x34, 0x1, 0x1, [r4, r5, r6, r7, r0, r8, r0, r0, r0]}}], 0x60, 0x4000000}, 0x48800) [ 1651.274608][T27301] Bluetooth: hci11: Frame reassembly failed (-84) [ 1651.979751][ T6548] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1651.989313][ T2955] Bluetooth: hci6: command 0xfc11 tx timeout [ 1651.989333][T21576] Bluetooth: hci7: command tx timeout [ 1651.989465][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1652.059752][T11206] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1652.060020][ T1053] Bluetooth: hci8: command 0xfc11 tx timeout [ 1652.309539][T18048] Bluetooth: hci9: command 0x1003 tx timeout [ 1652.316188][T11206] Bluetooth: hci9: sending frame failed (-49) 15:37:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) syncfs(r1) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x46b082, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1652.628968][ T158] Bluetooth: hci7: Frame reassembly failed (-84) [ 1652.699479][T13141] Bluetooth: hci10: command 0xfc11 tx timeout [ 1652.709649][ T8903] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:37:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x40100, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x10002, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000040)=0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000480)={"966babf8fa931306d3c37a969f132746", 0x0, r2, {}, {0x7f, 0x4}, 0x2, [0x5, 0x205, 0x10000000, 0x7, 0x0, 0x2, 0x0, 0xffff, 0x2, 0xfffffffffffffffb, 0x100000000001, 0xfffffffffffffffe, 0x0, 0x18000, 0x4a, 0xffff]}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f0000000180)={{r0}, r2, 0x2c, @unused=[0x8001, 0x42c2783d, 0x5, 0x100000000], @subvolid}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000800)=0x11) r1 = syz_usb_connect(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x19, 0x4, &(0x7f0000000840)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffc1, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000880)='GPL\x00', 0xc9, 0xa0, &(0x7f00000008c0)=""/160, 0x41100, 0x9a051bb36f9f3290, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x1, 0x1}, 0x8, 0x10, &(0x7f00000009c0)={0x3, 0x2, 0x6, 0x1}, 0x10, 0xffffffffffffffff}, 0x78) syz_usb_control_io(r1, &(0x7f0000000280)={0x2c, &(0x7f0000000080)={0x0, 0x4, 0xa8, {0xa8, 0xf, "2a14a68f9cd939b9b695c48a18a2a8a458a3e1f289e07e390ffb9f167678d58b8c03d5228377dd28c4ac1890dbb76c9871cb3764f44f123b2d82c299222679864b78cb277a26892ece315d467a61de9f59cabe81f84f2ddd47a71ff70d4602e99788ec47e57f015ede6e67efffb6f9f5511b3b2cb9eeffe1da99c97d27111336b2e7b63063f8d02cd0ef55b7e451a2ca562721d84b4cf0253d3861836474199724a02438e0f3"}}, &(0x7f0000000180)=ANY=[@ANYBLOB="00030500000004034704"], &(0x7f00000001c0)={0x0, 0xf, 0x1d, {0x5, 0xf, 0x1d, 0x3, [@wireless={0xb, 0x10, 0x1, 0xc, 0x42, 0x8, 0xdb, 0x1, 0xd9}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x5, 0x5, 0x6}, @ptm_cap={0x3}]}}, &(0x7f0000000200)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x18, 0x89, 0xf8, "c7c0a4a2", "37449a57"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x8, 0x0, 0x3, 0x5, 0x46, 0x0, 0x8}}}, &(0x7f0000000740)={0x84, &(0x7f00000002c0)={0x20, 0xf, 0x90, "5afd9f958e47fd8aeee2c02eae1a6aa14291d7871b08a7dc1edb564480707c810e389056443241dd75640c95e781244e4f31eb9c806d33e7c7bbf9d92995ad81c4722038b0087b64b12858842003384162a64dc3e795c087b44f6d62a6416357ddd8861a81e63f15d2857ec1237aba6f42eb99898b7303160a3602fde1e7db1fa03576b32b71bfff8ee0554320edc543"}, &(0x7f0000000380)={0x0, 0xa, 0x1}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000440)={0x20, 0x0, 0x8, {0x10, 0x7e, [0x0]}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x7}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x40}, &(0x7f0000000500)={0x40, 0xb, 0x2, "e85f"}, &(0x7f0000000540)={0x40, 0xf, 0x2, 0x1}, &(0x7f0000000580)={0x40, 0x13, 0x6, @local}, &(0x7f00000005c0)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000600)={0x40, 0x19, 0x2, "5c1d"}, &(0x7f0000000640)={0x40, 0x1a, 0x2, 0x7f}, &(0x7f0000000680)={0x40, 0x1c, 0x1, 0x7f}, &(0x7f00000006c0)={0x40, 0x1e, 0x1}, &(0x7f0000000700)={0x40, 0x21, 0x1, 0x80}}) [ 1653.293774][ T6548] Bluetooth: hci8: sending frame failed (-49) [ 1653.339412][ T2955] Bluetooth: hci11: command 0xfc11 tx timeout [ 1653.349130][ T150] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1653.913708][ T6548] Bluetooth: hci10: sending frame failed (-49) 15:37:22 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000180)) ioctl$KDADDIO(r1, 0x400455c8, 0x5) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x9, 0x12, r2, 0x10000000) syz_io_uring_submit(0x0, r3, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x1, 0x2000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12}, 0x4) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0) shutdown(0xffffffffffffffff, 0x1) [ 1654.379138][T13853] Bluetooth: hci9: command 0x1001 tx timeout [ 1654.385249][ T6548] Bluetooth: hci9: sending frame failed (-49) 15:37:22 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1654.571527][T27301] Bluetooth: hci11: Frame reassembly failed (-84) [ 1654.629183][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1654.699302][ T2955] Bluetooth: hci7: command 0xfc11 tx timeout [ 1654.709234][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:37:22 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x401c5820, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000080)={0x2, {0x2, 0x7, 0xe767, 0x20, 0xdea}}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1655.240528][ T148] Bluetooth: hci7: Frame reassembly failed (-84) [ 1655.338995][T13141] Bluetooth: hci8: command 0xfc11 tx timeout [ 1655.339238][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1655.989211][ T150] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1655.998613][ T2955] Bluetooth: hci10: command tx timeout [ 1656.458955][ T2955] Bluetooth: hci9: command 0x1009 tx timeout [ 1656.618938][ T2955] Bluetooth: hci11: command 0xfc11 tx timeout [ 1656.625465][ T6548] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1656.859037][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1657.258790][ T2955] Bluetooth: hci7: command 0xfc11 tx timeout [ 1657.269734][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1657.415204][ T9503] Bluetooth: hci6: sending frame failed (-49) [ 1657.898939][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1657.899072][T13141] Bluetooth: hci8: command 0xfc11 tx timeout [ 1659.428063][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:37:28 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x1d}, 0x10) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000180)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f0000000380)={"712758c6d065f50c6de4037252b6eec3", 0x0, r2, {0x3, 0xbd}, {0x5, 0x7}, 0x2, [0x3, 0x1, 0x8, 0xfff, 0x1, 0x1, 0xfff, 0x9, 0x85c, 0x7454, 0x7f, 0x40, 0x5, 0x4, 0x9bedd85, 0x80000001]}) 15:37:28 executing program 3: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000002080)='ns/mnt\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'caif0\x00', 0x0}) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x38, 0x0, 0x8, 0x70bd2a, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x1}, @GTPA_LINK={0x8, 0x1, r1}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x1e}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8044}, 0x80080) r2 = fork() fcntl$lock(r0, 0x25, &(0x7f0000002100)={0x0, 0x0, 0x0, 0x0, r2}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x501000, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x4080, 0x0) ioctl$FIONREAD(r4, 0x541b, &(0x7f0000000240)) syz_usb_connect(0x1, 0xfffffe8b, 0x0, 0x0) 15:37:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x5, 0x0, 0x0, 0x0) 15:37:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:28 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) getpeername(r0, &(0x7f00000000c0)=@x25, &(0x7f0000000180)=0x80) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5}, 0x18) bind$can_j1939(r2, &(0x7f0000000140)={0x1d, r5, 0x3, {0x0, 0x0, 0x4}}, 0x18) setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f0000000280)={@l2={0x1f, 0xcab, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x3, 0x2}, {&(0x7f00000001c0)=""/119, 0x77}, &(0x7f0000000240), 0x10}, 0xa0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) syz_open_pts(r1, 0x10000) syz_usb_connect(0x5, 0xfffffff4, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xb) 15:37:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x4020940d, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1660.808594][T27301] Bluetooth: hci6: Frame reassembly failed (-84) [ 1660.859464][ T148] Bluetooth: hci8: Frame reassembly failed (-84) [ 1660.881758][T11654] Bluetooth: hci9: Frame reassembly failed (-84) [ 1660.890335][T11654] Bluetooth: hci9: Frame reassembly failed (-84) [ 1661.028450][T27301] Bluetooth: hci10: Frame reassembly failed (-84) [ 1661.035134][T27301] Bluetooth: hci10: Frame reassembly failed (-84) 15:37:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xe) lseek(r0, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x16) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1661.431045][T27301] Bluetooth: hci11: Frame reassembly failed (-84) [ 1662.858580][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1662.858593][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1662.868040][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1662.942896][ T8528] Bluetooth: hci9: command 0xfc11 tx timeout [ 1662.948807][ T9503] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1663.098576][ T8408] Bluetooth: hci10: command 0x1003 tx timeout [ 1663.108476][ T9503] Bluetooth: hci10: sending frame failed (-49) [ 1663.413041][ T148] Bluetooth: hci6: Frame reassembly failed (-84) 15:37:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1b) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = inotify_init() r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) ioctl$PIO_UNIMAPCLR(r3, 0x4b68, &(0x7f00000000c0)={0x0, 0x2, 0x1ff}) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, 0x80010, r1, 0x128f3000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1663.498510][ T150] Bluetooth: hci11: Entering manufacturer mode failed (-110) 15:37:31 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="e9af2da0bfbb3f8d5d8f8fe6913cc12297f31bea8726f11a178cb6b175af0bcf8e9c4361771ee21a719c3359974eac22081f8c8bd3c084f464da9fd2ea336b52d3d3463bf03eff8765f646684a8768da5a9f632b4de348bcf393d248fedb00874bfa3e22d3d6a50053d71f848a64549c515cf1812f9b82bcd537d128e185a9c2c6d1cfd5066b5aee4355e0e55f3a0c443c6e0c59a685a1f89d1aa197cd25838abd91b70a1cb14a18af34b1a52c68b3edab307a319a69abdd4c8274056a9df3f8b063d60ed2f6bdc480758e647281550e5be6110ec77c445deb1c5c6881670a18a07cbd64ffde2817c9aace72d75831ff435704d53667df", 0xf7}, {&(0x7f0000000080)="796201bf740a317e0b6bc48cd649f3a6fa07786ff9152b8b2382e348e8ddf0d0cac72b8fdac331441d252bb3124de53feb5d75b7e9583128410e1d4561740f3654126f7d8d6e49124eb42c77cac2e246627e75945fc6ae9b6612cf152155e8a11511f68b21c23bff779f758e4c", 0x6d}], 0x2, 0x0, 0x80000001, 0x14) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x14) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = memfd_secret(0x37e05908eb83cdd0) ioctl$KDADDIO(r1, 0x400455c8, 0x4) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000080)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x18000, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f00000000c0)) [ 1664.025473][ T148] Bluetooth: hci8: Frame reassembly failed (-84) 15:37:32 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x8) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x149004, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$KDSETLED(r0, 0x4b32, 0xbda) [ 1665.178216][T13853] Bluetooth: hci10: command 0x1001 tx timeout [ 1665.184607][T23375] Bluetooth: hci10: sending frame failed (-49) [ 1665.418276][T13853] Bluetooth: hci6: command 0xfc11 tx timeout [ 1665.418648][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1665.658198][ T150] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1666.058269][ T2955] Bluetooth: hci8: command 0xfc11 tx timeout [ 1666.058293][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1666.298150][T11206] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1667.178065][ T2955] Bluetooth: hci11: command 0xfc11 tx timeout [ 1667.178171][ T8903] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1667.258399][ T2955] Bluetooth: hci10: command 0x1009 tx timeout [ 1668.378781][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.385114][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 15:37:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00') ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000080)=0x10000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDDELIO(r0, 0x4b35, 0x74f) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:37:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000100), 0x7, 0x137001) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, &(0x7f0000000080)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f00000001c0)={0x3, 0x5, 0x5, 0x8000, 0x8001}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x15) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x40405514, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:39 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:39 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) pwritev(r1, &(0x7f0000002480)=[{&(0x7f0000000080)="69efad1b3841c7fd1227f41938b1575e74283c629c921eb0f535f595ae96ab663be91489414580e727045f9f4d8338067fb14cd3be00b47749abc02eef7075f0385da397483d91ccdd568b477776801322b022b5d7dc94680e6f3f3ef6e783bdf64be316374b79b4ed03b08b677dfb18041aff6cd5fc1849b2555902469331c60402f1bc6bb901609ca24d3bc20705044ed3fb4064ee304cf659", 0x9a}, {&(0x7f0000002180)="5e8c63ebaffe94e5a9203de07923772d009c3b332212427ba2093b1b7b9768330ecbe68583a812a4afc76f0b2e57e8bf621eb0aec23ba2d82b4c2f984c477c0da9eb181178f33fbe69e0db5a4714b0b1082ddbd0ea73cb2c4272d935900117acf3374ad487df665124224daa8db7afa7a0fd70adba11cc1696df22cc624500ce8f768646972ee7e5bd1bfdeb4b99c946e958", 0x92}, {&(0x7f0000002240)="1126b7691a1f77e79df5622812dab087bae3d83c6ee0ab56f03cbd4e282e59b1777503ce1d2ad281508788e565ae8aec739338636201331df1a34a134675c3c3210f86b99f2973d6920d5b9f98d32554a55e4f2ca708c44d2de07500f32b0e6f3fa4845867599c558248c34b99ba5bc3f25b4e4eb11497658719b3989c9b1ae3a364ffaa8090789dc62ff717c5913f0e99931b5cfdb6d22b9ee13cd139c31453e70e45fc895d0b683e8bb25cf41e402c6345985023bae679ca89b4d2ce11e8e6f50e499e4a588d1df5edb817c59778c143", 0xd1}, {&(0x7f0000002340)="7c623b7dc9f15beed09bca952b1439a6eb073aad33b25049b859111fdb90d257f54be85f7b98fcf58442ae0575b731dfd7d3161809988a390e2d0f4621169dc511221c320d5a21baab3a55b4cceb304bf5c1734223d2a535e9921e06cdb0b6cbcc2f52c69a8939e043d9d6c64f0f265713573728b39f39f57a825ed84c635506a0c72dd275df9093a617847127645f03a4f1b3847b1c51eaf02b88b10787e1152544af279cfabe445fbb6b7e79c938e2b6c084d6a37d00365692e7fdf9daaf785f6e94", 0xc3}, {&(0x7f0000002440)="adf22fc9ac3f7a6e9033a5b00b2b2de5756d973dc6061052c8475d260058a40093b86042f23c6cc833c99d1913", 0x2d}], 0x5, 0x3ff, 0x7f) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000000180)={0x79d8b2a4, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x0, "2edcc070157062"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000001180)={r2, 0x0, "6820cf6ccddef4157e28dde5931eb7ab00de101b6190e568b1d18c012592ab9810317ba360a421a5418f839e81606cc964601a60cc10c66a00547b28a39a3683a470aae7a2d52f2df692102e42cf6ee51c6ebf1b7673c374a14f1adb2770248f75f519a81c3ec4b87158f500e7e58dcd89cbfa9c03d5b6d9c944cbb5d443551d2e41933e316f99aa6badc393ca391433d166636121980faa80befbab7124af98c22c756b6e1324d090ebd645dcc03ce0c2e8fdfc8dc51040b6af30f49684997e8e68ab11d343e10659d16560a0f2a2cf98717ad111d466ba90ab7aa2e8b447cfd0f86a26975423c3a4a4112b9a0baf269a4e38a1b1740fb4116fa12272fee6ad", "b2ab094fbf8a1389ec2f219f2d9786b5404c46b6ed20d76dcd488f7879da33e8b0cf3366acba52010c771786d7a13f048446ff5b08cf9e2aafbf568079af74ae2e03c8a911f06e2785eb2f4c758295564d46c0cccab7a5d088744621a1b14dd321d08737cf3cb593e480722b7bbc04fdb934932849eda9440d8d61ed1552e01a911ce88d2b9150fd334b3411c62fea3f5f74128557010db362dec10e2cb272e9959ce0c7e620c7c84e8e2ff1aea07fb9c80d93d50b5fcfe9a1f4eb48b92021f8236d33e7bde11bbe2902e549a720e460887bfec8b4412090d72833ca2dcbe72d875024ac789a7167e1e83ab9c506d612df2d08b11fd520f69607636bf256b1f13ecb85bafcad5941f715439121f4bc0eb552ce6ca19da787dc23089d2f04f028707d24c078c5cac8426e92b4efba3a68d6988ad150769cb4c7906f92033eef103fbe692f856f5d28737252855c3a20891e91f97e86d02133bdf07972b4965202242c3ad64bf3948a63a62cf22280c26835b1b5efe8a0c9b7b9772c0b3cac37a75d5d55386ad87147c56dfa2a52756d40e6a1e2528d7f0c79a0cd81b8b537dad2e234a43f7ce9123bf6324da72b9b718d5f08605569363ba2efbfb2bf67a3ba28d607d14c466454d0d08781b8d1841abdfbf9230cb002acd0926c570378e9b32292f714a8346204b35a103d679b942e484e205fcf2d37961dd80698d37bf27b4180f252d8420aac65d35644442ddb53ad7f03dcc570acdd4ed87caec21f89a0cee1f833d4c672030828cec6d735a07ec23945e3df50233f6cb0f7b56284e82461ff2bbc4d76f587c84ed33f962d527690c1b4ce1e40f510809a725900c8ae56d33428e0b8089a5a0e63de8fa7093b4c924f6ae328f7236062d2f31fa5cc56697237681862aa3aa2d62ed1fe04ad7bb1bbee5db95d07090321061ced73dac6249c44af4bf443fca79264d019f73a4b8e2819a2016ef721b99aaf3c53ef59786f935ee64030921fca202362ea2d7b6ba1745c6a301b3af0a8615d3274970bb29fabd9e3864e9e0100df1bc77e1e3363281396a47d6baa411667921c1f6a190d7dc4e52fe846f0f4ffe5ac08f74674fbac444f14c75d3812f34e5abe9ffd644ed3771bb2ea99a78b6a0650bec555e304ea284adfc1e816e702db315c98f4a31dce06135df25c79c28a2155ebb17b685afa038f08dddb2396ec1dcfb23e32eddf43b55c466ecbcb9a370895de037af584bc0c2502958156b02236316b7bbeabfa63bd0f732b5beec1eba3d065a70f6007be3f0bc23a69d847ef6a669e6301429c8cf17a588d3ecd6532769459a14aaefb4f432d3d2dd1c565306582dd42ce8d8d4eb25454794d618bab1d41dc2f766f1be1a44513d628d15cd68497506d27dab213ffd2b2a39af4ab376ecf585dc60c78f2864dbc3614ceaa7aa1ad9d7f34550d350b483ae4f955bc7d0c99e0c44b058b9bdccc4685527d2b97efa45ec75fea2e23834b20600ec28ce2c4d5dc7771827f0cce703ebf9b9c545cfd73a8c13d3e97277c205e88f64a1b9b5deb6ec33488d2651d26732c1f930fe06227edbe2c6de49c7af6e1e11fe5cffcbf7414f66c0e408dc3b8380cdf77a8e80f8443a0230496539d0459d75bf45ab84a05f843b15f29bc9d02f3527b7f2d2e9c9b85c72cf78568be6bc70fb05f5f0f3e3da6349153b92c4da54976cd34dde6cde9ed5a69f904ce846b0df6356c1f73934312844b0ad91f9d1d387c7070c2ed7e116081fbccd88e190d5e7580637332055596541aa38b6e015c8b10aba4f7cd3e8abdcc388d3115363598b07910763dde71c695ba7fe3354fae4aa9db1a0e562d49edd01dc4741ef9c30d761771474bbb518f8c42ca8ba280ed7c3c9afe6aee40f74a738223212be5b2f68d5d9d9c3478c4f1c6f5a067aabd219dca333860822e7a0bd8dd4106964b4c0eb91c1392f48c6b1f3333281928eb8fbe3f1931d91e577e13115bbae2b7a876a3d2b46be1af38cd4a988327efbe9d7dc642ee42f635e9a79dece6ce2e30cffaf44fcc3e094f83874c003087f289f7c748a232474b7ddff17cd82270976e8994141441686be67babec674feeb510f487008f4ce58e56a5febfd12f466d962f1048936a325c65bee4b96fe1028b189adb47c74dc752dd99a3b89897b72f7de959e9cadd10d66e61972c077a33dd744374626a76de40dbbfbcb3952347cd968aa327970b66c62c980978643f39a619640d9935487448cbe30bbfb667f5de8a75329017304636d8bd98541080fb16a878a2e80a5c08173ee11644261c02d672f3f805961ff0b56c1c0f3e56de68dde26391d2603648ab8299eb327e1d614b9d740cefcc01a6149ef333f58594dac6b127e7353f6e08c8de22e18f88d71b4e6bdefc06bc8d09de5420576ad174b8344b56432713e3dc1e6c767146786e14246d7fd8a8678802440bf2f3e7e8e763fd5b27c1a0f48be9507a6abe4c106ce54153154e5f5c83a69ed95b9d41703159030b992263c4139860f80044abe566676b4a8361eaf726add6911b3fd84aec51e37c2232cfb7febbf6a3574ef195007e0261df506a98d69552d31fd141ff9ffd676bb3c3209808ce54453df88a733018c8bf26c2821999bba64d217a60d959f363dfe700423cbb271374637a658c9eb1104ddd1153621bd245f6afa8abffa5003825203da2e1b12e47e2b50adf5c1a5386d7a57008ead27e9366d328777549a904cb8af0498acb6b9455953da778a9b606ac631e7493dc0b3c40a314a884293fc60c8d7cc739f4ed8c0cce2b3047137b4f7f9865fc442776d0abd795a479a1883d10fc3d17c29961209b89060543a3c91ba6d1cb93545f6c988948b557d0375ba4dfd0dc914d9f7adb8780f989273e5f89d3058d7230021ce7e4804c45db6d59f06311cb031d3e722bb5829717faba84c06d103747111f6aa1724f44b64183b68ff7e9dfe0b77e64ecf7d2dea270450d93967cfb568aca64331229f6676c76bc30629b6d89d0e1ec993ff1da12f89188704c39d0ca1f4c9295750c8f82dfc07b2553c13f7bc9415cae05b3633dce467396c3c948d5ae47775bdfec2e6e1e95c06cebe43ea6505e1b4a777292dfdf6b273379fe1b0879d0014451eee94e2773bf5e7e4f4c29d09cf4491d56e73ac487ffb2b9059312e72aaa5aa91b0d820fb0f15db2116bc6338dd2f86a960a14c2dbed25b11deb091968ad0014cf7f8b991d6a7a438d070a025d274bbb6ad73d2feb86c783dbd7981e577dcefcdfebcbfee073abe0162da0550c21895e55c7c5b3f091c66f3cb9328c1f837d1da96a7ffe5eb8dfe72eb12bd2fb70e50c309b542227c509a546483c635e1c3d4894134fd3ca49182cb8dfbf69232b5d3456d4dcced3e206b3c38665b07eb77db57fca24ff497505937f0988c9da4336ecc3fe25835dc3dc04a42cd8515f9330cdd7f462ddcbadde4a86e9e0de7c9cbc99d776a19f375d8092ad67583f0c04696bf1d26c38d2ce071a7a4057c4a0e476a7cc5376edd8840c3b90a2ae44a3e2ebf8c602e7e0c5bf25d3f7a874c315718c10b4fa699d6236c80322195599b12039cb930e805d6be0b9b0a26676d484fc03955276f734502416de61029ae70e9968eecf125b666eb19354ffa2118d0be4899d281032df792ff244461272c7cbddcc61f4fa41673b2da2c2ac547cccee3f1e0623aead23c8795eb0b3c2068a3f94f92dc1886b8c7dcba4da81d796dbde39a4bd421e3b8e33541c1eba2b10c2860a10dd819cb04927c445187ec7a3a422aa6d004c96c5de8309e216cac61aa8337cb685317a40a939edbbc6e485e356b64b8a02ab7a65a8ea5f445a45dd74ab43b0afe5903fe3185c67c01c003738392ca5445b4504cbfdc1431b41eb445fa456365982374e323768fed8ce7b0b6cefa051e79e5b03d02d535c83ee1bcc56bc3b7150793e2219fe5dce22ad41c86ab3b5fc98ab5d72edeb859f59b7ccabdf47d6c94ef17fa19d6bf3afa3662a8ad237dc57b7bed609d7e266216a99e712893b37668ea4aaaa1fe2d1d7e104af0d46ff9ac347626b08bc1c5461dfbfadb66de47aee53ee86af48cb8d42bcecb8bdc463b28b4f6304feb75713444e80b11af5ed58ac3684a90e1d1b01df35324c5b801ce3106965a4464fa1dbee3381d1b153c327a0c7166acc95239762f110c7f59916181988e721859c676e4393010e20e94173f3941f15fa4e2ff1038cfd3a054797d7a0e406ba6c0eb7fa621a83a266e7b7f1a95bc32569031472c7d69b4b740e3ae88c231d815cd190fa45027dfa535ccb83d01ebe92bee19cdb32a609d8fcabd258f70a28f0e0c2505cde60cf159a0876b81e67897ecaabc0ba8db9d3f7246f802b4c711b44f58e76f000ea3309d9cf7619c7507dc1bde99da28bf462415cd59facc477429f134781199ada041e04a7f720d38fda71eb6628fc0d118225248bf1e17d83a5647de398efa4201dee52a5d2fc1a7a1f7660642608a6994e23c2a801d2e1495e94dbed974bf4237b45bf234cf9af715d5fe5ad8bcf7db0e0d54d7d410246a7ebc517ef5d9cf613a4d2ce80d9aa1246496f8c121a32131d15d8a4fcc77b17b1d63e518981840e2246284ac8cea2e77d65a26bb6367c407a984b460a0a615fa9a85aea48861e54dea062661c42b69e125497c1050b7eb50be702dda913170ed3ca38f867ccfc208dece74ca8ee8208dd9b67d3f91eb71dfa61064dd3341cfc79ac8d49c76d03d5cea41857c9c5b685cfa869772cf674c8ce663e75c970c70066ac8192eb3df9257a102e97181110fc3db664b812a54f3b471ccd88b85cf4b87fed4d5fd6ecc756c4de2d056b61bb306f024602e9d747920a4aa8c18a812ab4d950284e42ca48733f8160acfde0686086f309b3bebe6f2df8d3898bbebd104012dc661c0202ecae3c5e974232f72f56342d9a0de27da058e3cb6297313264f9754b4827e3255f8193cf2fce925474b29b5ae45c6d8a60b9406ea2a967abde0b4d22acf10d9224afc24c499e0931aa28761475f00de0e91065a596fb7c355b3e8533d93429744e11b61908ec1f1d06ac2de9c5862859cf881dc8f12ee37f8e670e9808758bf481d2a09dc7ee05c5de78c09f16905e3a34da7119192691b152d9a250053b07273c7746c8b99b414c40e6bff86b622ec7709f2f520cda6a71091b252d9627096f84b00b5db6d5ff707a5b42feb7f81f9079812abc029c8596ad2c4bb3f8d578d9d732c513247737a3487a319a0e12ebe5563cd580dd364caaa4dfa225075135d858493116d83083de919f1b84c8cc45ff0ffe31628222341375b3fc98aa7da5d121c076d11e076a2e4dde18ecabad4eeccbf8d0b691d7cf6436be103036d2f4b87e8435852dc5f6605b4f68ac08597ddc0fd490979a"}) 15:37:39 executing program 1: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r0, 0x3, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000080)=ANY=[@ANYBLOB="350800000100000018000000", @ANYRES32=r3, @ANYBLOB='@\x00\x00\x00\x00\x00\x00\x00./file0\x00']) r4 = open_tree(r2, &(0x7f0000000100)='./file0\x00', 0x0) ioctl$TCSETS(r4, 0x5402, &(0x7f00000000c0)={0x109, 0x5, 0x5, 0x0, 0x14, "c9ff516b6bb6da5114faa258610fc96187584b"}) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1671.740808][T27301] Bluetooth: hci7: Frame reassembly failed (-84) 15:37:40 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TCFLSH(r0, 0x540b, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1672.687222][T11654] Bluetooth: hci10: Frame reassembly failed (-84) [ 1673.737645][ T6548] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1673.817692][ T8903] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1673.817768][ T2955] Bluetooth: hci7: command 0xfc11 tx timeout [ 1673.818029][T11206] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1673.830969][T18048] Bluetooth: hci9: command 0x1003 tx timeout [ 1673.954893][T11206] Bluetooth: hci9: sending frame failed (-49) [ 1674.420397][T11654] Bluetooth: hci6: Frame reassembly failed (-84) 15:37:42 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f0000000080)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000180)) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f00000000c0)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x8) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1674.697472][ T1053] Bluetooth: hci10: command 0xfc11 tx timeout [ 1674.708486][ T150] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1674.728492][T11654] Bluetooth: hci7: Frame reassembly failed (-84) 15:37:42 executing program 2: ioctl$TCGETS(0xffffffffffffffff, 0x5401, &(0x7f00000000c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1b) [ 1675.977323][ T2955] Bluetooth: hci9: command 0x1001 tx timeout [ 1675.985347][T23375] Bluetooth: hci9: sending frame failed (-49) [ 1676.457557][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:37:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x4080aea1, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1676.554498][T11654] Bluetooth: hci6: Frame reassembly failed (-84) [ 1676.777375][ T1053] Bluetooth: hci8: command 0xfc11 tx timeout [ 1676.783516][ T8903] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1676.787371][ T150] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1676.937422][ T2955] Bluetooth: hci10: command 0xfc11 tx timeout [ 1676.943751][ T6548] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:37:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x7) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000200)="a04e2bf1ca72a2a6964c30d3e34696ed989197c76818af668a7105ad34cd4255fea2d0f2fa88920862546ffe03cc702618afcbc7d808a26e569f3f5500a0cde34f48a3c1396b791949dc00270a56ff40f7c600af24df24f2e9a8de12b12c9ae3eadd757aed9147ab1956080d80934fa2d244263685cd45c5551e519dc99a383c69fd390ba2e56898a6ad06aa94aa2fa1f97b83a0684b2d729a950a961161a5bc251b5eca1ec5152bb6d268a5528ec9246bd7379c712fceb6a9a70f561baeed9fd3d79c8c9e9e616e9fc5c2d595a45d67303d19c2c570eda304f27afaebc3a215ed8cbdabb10dae6c08f6effbad", 0xed}], 0x81) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) sendfile(r1, r1, 0x0, 0x8000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000001c0)=0xc) [ 1677.337407][ T2955] Bluetooth: hci11: command 0xfc11 tx timeout [ 1677.343685][ T9503] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1678.057310][ T2955] Bluetooth: hci9: command 0x1009 tx timeout [ 1678.617242][T13141] Bluetooth: hci6: command 0xfc11 tx timeout [ 1678.628228][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1679.163131][ T9503] Bluetooth: hci6: sending frame failed (-49) [ 1681.177188][T13853] Bluetooth: hci6: command 0xfc11 tx timeout [ 1681.179787][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:37:49 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TCFLSH(r0, 0x540b, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x3) 15:37:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) lseek(r1, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r1, r4, 0x0) ioctl$TCFLSH(r4, 0x540b, 0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) fcntl$notify(r0, 0x402, 0x8) ioctl$TCXONC(r0, 0x540a, 0x2) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x6, 0x0, 0x0, 0x0) 15:37:49 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x2, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ppoll(&(0x7f0000000080)=[{r1, 0x111}, {0xffffffffffffffff, 0x1000}, {r0, 0x805c}, {r2, 0x100}, {r3, 0x80}], 0x5, &(0x7f00000000c0), &(0x7f0000000100)={[0x8001]}, 0x8) 15:37:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x4080aebf, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1681.931375][T11206] Bluetooth: hci6: sending frame failed (-49) [ 1681.945831][ T148] Bluetooth: hci7: Frame reassembly failed (-84) [ 1682.011293][ T1209] Bluetooth: hci8: Frame reassembly failed (-84) [ 1682.024660][T20859] Bluetooth: hci9: Frame reassembly failed (-84) [ 1682.027531][ T1209] Bluetooth: hci8: Frame reassembly failed (-84) [ 1683.976713][T13853] Bluetooth: hci7: command 0xfc11 tx timeout [ 1683.986917][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1683.996430][T13141] Bluetooth: hci6: command 0xfc11 tx timeout [ 1684.002725][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1684.056912][ T150] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1684.066780][ T6548] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1684.066890][T13853] Bluetooth: hci9: command 0xfc11 tx timeout [ 1684.080697][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) 15:37:52 executing program 4: ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000561c0)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x0, "6f0af48b22e3cd"}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)={0x0, ""/256, 0x0, 0x0}) r5 = perf_event_open(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r5, 0xd000943d, &(0x7f00000561c0)={0x0, [{}, {}, {}, {r2, r4}, {r2}, {}, {r2}, {}, {}, {r2}, {r3}, {}, {}, {0x0, r4}, {}, {}, {}, {0x0, r4}, {r3}, {}, {}, {}, {r2}, {}, {r3, r4}, {}, {0x0, r4}, {}, {r2}, {}, {0x0, r4}, {}, {0x0, r4}, {}, {0x0, r4}, {0x0, r4}, {}, {r3}, {r2}, {r3}, {}, {r2}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {0x0, r4}, {}, {}, {r3, r4}, {}, {}, {}, {0x0, r1}, {}, {r2}, {r3}, {0x0, r4}, {0x0, r4}, {0x0, r4}, {}, {r3}, {r2}, {}, {r2}, {}, {}, {r3}, {0x0, r4}, {r3, r4}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {r3}, {r2}, {0x0, r4}, {}, {}, {r3}, {0x0, r4}, {r3, r4}, {}, {}, {0x0, r4}, {}, {r3}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {r3}, {}, {r2}, {}, {}, {r3}, {r3}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {0x0, r4}, {r3}, {0x0, r4}, {r3, r4}, {r2}, {}, {0x0, r4}, {r2}, {}, {r2}, {}, {}, {}, {}, {0x0, r0}, {r3, r4}, {0x0, r4}, {r3, r4}, {r2}, {}, {}, {0x0, r4}, {}, {0x0, r4}, {r2, r4}, {0x0, r4}, {r3}, {0x0, r4}, {}, {}, {}, {}, {}, {}, {r2, r4}, {}, {}, {}, {}, {}, {0x0, r4}, {r3}, {}, {r2, r4}, {r3}, {0x0, r4}, {0x0, r4}, {0x0, r4}, {}, {0x0, r4}, {0x0, r4}, {}, {r3}, {0x0, r4}, {}, {r3, r4}, {r3}, {}, {}, {}, {0x0, r4}, {}, {}, {0x0, r4}, {r2}, {r3}, {r3}, {}, {}, {0x0, r4}, {r2, r4}, {}, {r2}, {r3, r4}, {}, {r2}, {}, {}, {0x0, r4}, {}, {r3}, {0x0, r4}, {r2}, {0x0, r4}, {}, {}, {}, {r3, r4}, {r2}, {}, {}, {}, {0x0, r4}, {}, {r2}, {}, {0x0, r4}, {0x0, r4}, {}, {}, {}, {}, {r3}, {r2, r4}, {}, {0x0, r4}, {}, {r3}, {r3}, {0x0, r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {0x0, r4}, {}, {}, {0x0, r4}, {0x0, r4}, {r2, r4}], 0x0, "6f0af48b22e3cd"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000051480)={0x1f, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x31, "9a8f72e3e6d7ee"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000052480)={0x3f, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {0x0, r6}], 0x1f, "61a89e7aa831ef"}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x90303, 0x81) ioctl$TIOCPKT(r8, 0x5420, &(0x7f0000000080)=0xe4d5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r10, &(0x7f0000006380)={0x2020}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) splice(r9, 0x0, r11, 0x0, 0x39000, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r12, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r8, 0x400455c8, 0x0) [ 1684.549004][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:37:52 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) lseek(0xffffffffffffffff, 0x3, 0x1) dup3(r1, r2, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$UI_SET_PROPBIT(r3, 0x4004556e, 0x18) r5 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) fcntl$dupfd(r0, 0x406, r5) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x20) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1684.626076][ T6548] Bluetooth: hci7: sending frame failed (-49) 15:37:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/netfs', 0x10003, 0x18a) ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f00000000c0)) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 1684.687356][ T6548] Bluetooth: hci8: sending frame failed (-49) 15:37:52 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xb) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000840)={{0x12, 0x1, 0x0, 0x85, 0x37, 0x4, 0x8, 0x61d, 0xc020, 0x715, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa3, 0xd9, 0x12}}]}}]}}, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000000c0)) syz_usb_control_io(r1, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000380)={0x0, 0x0, 0x3, "23048b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1685.136672][ T1053] usb 1-1: new high-speed USB device number 15 using dummy_hcd 15:37:53 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 1685.332090][ T1209] Bluetooth: hci10: Frame reassembly failed (-84) [ 1685.426715][ T1053] usb 1-1: Using ep0 maxpacket: 8 [ 1685.566713][ T1053] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice= 7.15 [ 1685.576249][ T1053] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1685.594850][ T1053] usb 1-1: config 0 descriptor?? [ 1685.638256][ T1053] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 1686.297244][ T1053] ssu100: probe of 1-1:0.0 failed with error -71 [ 1686.313126][ T1053] usb 1-1: USB disconnect, device number 15 [ 1686.616596][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1686.626622][ T1053] Bluetooth: hci6: command tx timeout 15:37:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x41015500, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1686.707066][ T1053] Bluetooth: hci8: command 0xfc11 tx timeout [ 1686.713264][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1686.716733][ T150] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1686.723007][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout 15:37:54 executing program 1: arch_prctl$ARCH_GET_CPUID(0x1011) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) [ 1686.946746][ T6548] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1687.116529][ T2955] usb 1-1: new high-speed USB device number 16 using dummy_hcd 15:37:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100), 0x24180, 0x0) ioctl$KDADDIO(r1, 0x4b34, 0x5) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.kill\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xb) [ 1687.312546][ T148] Bluetooth: hci7: Frame reassembly failed (-84) [ 1687.346863][ T8408] Bluetooth: hci10: command 0xfc11 tx timeout [ 1687.353267][T11206] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:37:55 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x80045432, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1687.386499][ T2955] usb 1-1: Using ep0 maxpacket: 8 [ 1687.465523][ T148] Bluetooth: hci9: Frame reassembly failed (-84) [ 1687.516662][ T2955] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice= 7.15 [ 1687.536965][ T2955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 15:37:55 executing program 2: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4}, 0x18) sendfile(r1, r0, 0x0, 0x80005) bind$can_j1939(r1, &(0x7f0000000140)={0x1d, r4, 0x3, {0x0, 0x0, 0x4}}, 0x18) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha512\x00'}, 0x58) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r5, 0x400455c8, 0x9) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1687.578031][ T2955] usb 1-1: config 0 descriptor?? [ 1687.628102][ T2955] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected 15:37:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffff7ffffffffff, 0xffffffffffffffff, 0x1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000200)=0x1, 0x4) setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000040)={0x0, 0x2710}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)='vcan0\x00', 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x6d) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000100)={0x0, 0x81, 0x1210}, 0x14) write$binfmt_misc(r2, &(0x7f0000000300)=ANY=[], 0xff01) splice(r1, 0x0, r3, 0x0, 0x10003, 0xa) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000104e5edfffff7ffffffff000000", @ANYBLOB="01006200"/17], 0x3c}}, 0x0) close(0xffffffffffffffff) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x3e0000, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}}, 0x0, 0x0, 0x20, 0x0, "2caaeebf38e0da598491c8fa5858ff17450d1d30700526705a1895a3a8da3d02dff34f3629250b99f828f737c856beed89e550ff6adb466e0e3600d7efa0e07c2b17af9ff49ef8c4c3745c8bfa46f5e1"}, 0xd8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x9) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000080)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1687.856669][ T2955] ssu100: probe of 1-1:0.0 failed with error -71 [ 1687.884266][ T2955] usb 1-1: USB disconnect, device number 16 [ 1688.014068][T28294] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1688.038987][ T1209] Bluetooth: hci11: Frame reassembly failed (-84) [ 1688.046475][ T1209] Bluetooth: hci11: Frame reassembly failed (-84) [ 1688.927895][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b35dc00: rx timeout, send abort [ 1688.936420][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1688.936791][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807b35dc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1688.958490][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807b35d000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1689.336399][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 1689.336532][ T6548] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:37:57 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = gettid() perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x7, 0x1, 0x9, 0x4, 0x0, 0x1, 0x204, 0x5, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x4}, 0x10000, 0x400, 0x7, 0x4, 0x1, 0x3, 0x5, 0x0, 0x3ff, 0x0, 0x6}, r1, 0xa, 0xffffffffffffffff, 0x1) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:37:57 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1689.496675][ T1053] Bluetooth: hci8: command 0xfc11 tx timeout [ 1689.502937][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1689.506431][T18049] Bluetooth: hci9: command 0xfc11 tx timeout [ 1689.510963][T11206] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1689.816494][ T9503] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1689.816544][ T2955] Bluetooth: hci10: command 0xfc11 tx timeout 15:37:58 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x24) ioctl$TIOCSRS485(r1, 0x542f, &(0x7f00000000c0)={0x60000, 0x817, 0x40}) [ 1689.932631][ T148] Bluetooth: hci8: Frame reassembly failed (-84) [ 1690.056491][ T8903] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1690.065974][ T2955] Bluetooth: hci11: command tx timeout [ 1690.253310][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807b35f800: rx timeout, send abort [ 1690.261913][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807b35f800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1690.276338][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807b35e800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1690.622880][T20859] Bluetooth: hci10: Frame reassembly failed (-84) 15:37:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x18001, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1690.911431][ T158] Bluetooth: hci11: Frame reassembly failed (-84) [ 1691.746355][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1691.755770][T13261] Bluetooth: hci6: command tx timeout [ 1691.763835][T13261] Bluetooth: hci7: command 0x1003 tx timeout [ 1691.777593][ T9935] Bluetooth: hci7: sending frame failed (-49) [ 1691.986196][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1692.136167][T13261] Bluetooth: hci9: command 0xfc11 tx timeout [ 1692.136180][ T8903] Bluetooth: hci9: Entering manufacturer mode failed (-110) 15:38:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x80045440, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:00 executing program 3: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0x131040, 0x0) write$UHID_DESTROY(r0, &(0x7f00000000c0), 0x4) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1692.571192][ T1209] Bluetooth: hci9: Frame reassembly failed (-84) 15:38:00 executing program 0: r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) close_range(r0, r1, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000080)=0xffffffffffffffff, 0x4) sendfile(r2, r3, &(0x7f00000000c0)=0x800, 0x800000000000) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000500)={0x4, 0x0, [{0x5000, 0xcc, &(0x7f00000001c0)=""/204}, {0x1000, 0x4, &(0x7f00000002c0)=""/4}, {0x100000, 0xe6, &(0x7f0000000300)=""/230}, {0x4000, 0x29, &(0x7f0000000400)=""/41}]}) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r4, 0x400455c8, 0x9) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1692.706453][ T6548] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1692.936168][ T150] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1692.936282][ T1053] Bluetooth: hci11: command 0xfc11 tx timeout 15:38:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_io_uring_complete(0x0) perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x8, 0x7f, 0x5, 0x2, 0x0, 0x1, 0x20080, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94, 0x1, @perf_bp={&(0x7f0000000200), 0x5}, 0x10, 0x800, 0x2, 0x9, 0x3f, 0x100, 0xa49, 0x0, 0x7, 0x0, 0x8}, 0x0, 0x9, r1, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000002c0), 0x250200, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000100)) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x80400, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000240)=0xe) lseek(r4, 0x3, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(0xffffffffffffffff, 0x3, 0x0) dup3(r4, r5, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000080)) [ 1693.553854][ T148] Bluetooth: hci11: Frame reassembly failed (-84) [ 1693.563293][ T148] Bluetooth: hci11: Frame reassembly failed (-84) [ 1693.816257][T18049] Bluetooth: hci7: command 0x1001 tx timeout [ 1693.823294][T23375] Bluetooth: hci7: sending frame failed (-49) [ 1694.296161][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:38:02 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@initdev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in=@initdev}}, &(0x7f00000000c0)=0xe8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=@ipv6_deladdr={0x28, 0x15, 0x100, 0x70bd25, 0x25dfdbfc, {0xa, 0x1f, 0x86, 0xff, r1}, [@IFA_FLAGS={0x8, 0x8, 0x21}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c0d5}, 0x20001090) ioctl$KDDELIO(r0, 0x4b35, 0x4) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1694.376104][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1694.486037][ T8903] Bluetooth: hci6: sending frame failed (-49) [ 1694.615936][ T1053] Bluetooth: hci9: command 0xfc11 tx timeout [ 1694.616008][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) 15:38:02 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x80049370, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1694.856097][ T2955] Bluetooth: hci10: command 0xfc11 tx timeout [ 1694.866232][ T6548] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:38:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xb) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xc2, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x8001, 0x0) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r2}, 0x8) ioctl$KDADDIO(r3, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x2, 0x0, 0x0, 0x0) [ 1695.443090][ T158] Bluetooth: hci9: Frame reassembly failed (-84) [ 1695.575904][ T150] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1695.575940][ T2955] Bluetooth: hci11: command 0xfc11 tx timeout 15:38:03 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x1, 0x5, 0x9, 0x42, 0x0, 0x1, 0x50010, 0xa, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x10258, 0x4611, 0x9, 0x8, 0xffffffffffffffff, 0x4, 0x6, 0x0, 0x7, 0x0, 0x7fff}, 0x0, 0x3, 0xffffffffffffffff, 0x8) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f0000000080)) r1 = dup2(r0, r0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x1b) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1695.895934][ T2955] Bluetooth: hci7: command 0x1009 tx timeout [ 1696.110742][ T148] Bluetooth: hci11: Frame reassembly failed (-84) [ 1696.535943][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1697.025925][ T6548] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1697.495783][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1697.825788][ T150] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1697.826047][T13853] Bluetooth: hci10: command 0xfc11 tx timeout [ 1698.135806][ T1053] Bluetooth: hci11: command 0xfc11 tx timeout [ 1698.145713][ T8903] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1699.575624][T18049] Bluetooth: hci6: command 0xfc11 tx timeout [ 1699.581848][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:38:07 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0x40405514, &(0x7f0000001180)={{0x4a, 0x0, 0x3, 0x2, 'syz0\x00'}, 0xffffffff, 0x0, 0x4, 0x0, 0x0, 0x4003, 'syz1\x00', 0x0, 0x0, '\x00', [0x1]}) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f0000000180)={{r1}, "d962d35e57a1ba431262660767d894264f8394f89dc24bbe0790826128cfa901685c84d5f16ce1ea6e455af86b92bbde905291a3b5fbf86dfb1f249b5de134783449c5aa6ac051ef3bd2ed3b0635e8b03ebbd1fa927433a92ffc5c49c109f0e5cb07541cff97135e073ca22c6117664232247c94d4d57229420d80815341ae3c3635a9baf4b5d22d076ce6fb3da9916bd1f5ba05c16e74b1b2a87df0b244f26856d9d043132e59c07ad13dc7ef450aed216efed6e0e160044ebba02f89dc819064b05f4d5486e9229beb3e5fdfba040b492de937ccc13ae7e984bb991cd9464602e3657b0f42138242426762dd3ad85158f2a0688b7859880e70cc16fe50fb441cc5faeb5b3bc697935b6c3ce9a271f1c4d7e154e6c24fdb2cc786bbbf2072a62c13cd08eba073d67a0cd62c6f7c88159d715acf2bad3bfc224c1f84c3af25a9bbc99b823485632078bfd1952bc064d94370f3963c00e780bbcd366d7109676c83432bc176a2e383b4172bfc2f3943301980c4d70522792bca5aa16c6e038b29767d15443f3a064d8d281945a77695ff72c6cf87138b7fb929e3909bf1573a7744a62f9adab652df22a448a2feadf5acde15ac7b16b9d0803279d84b607a683397c4f489cb25f9a2eeb8161b6751a48dfdc6bff4c6e51b5e0faabe57a796b7698d7bd53f69acf268fdb74a29f87fd954de31efd5f867574cb00398e4ec914488638e49dafb9ecbdc1f51bb1335a98c05ff757910a9037f1e6d2e70708768dfd782a2078ba466a9b4443262e23052fe12ccd9e898026109ff6d3bb93c275aec977a4b28ce9caba9dcef311a3afc69b6698cc4960280b63aa93dcce3ee08f2453e3c16ce4b37f644f9e321d49e45062fb7f0173bc883c160eb13367954ccd83bab8d9e55b544e70ce87125530dfe2ae11b7b0821ca4038a7026cb1c47727dbefc94838713947647bba8b161e96d0da08793315a1c20e0d6081db7fed0aacef93c0b33231ac132918d8bcd4a63a62c6bd9b581359c95f3d4f3bb06e3a695d168ddbc2a781b4aa991223caf6a6fc013902885f478196aede5da5107aa8fd6debe7302eaf7403045228d11eedcb872af77e65f661652abb5ba31998c08044f0b639f0b65ec3ce9793261b0aab8e502b8b7328046bdad44cdf4d923900cb7fbb769800f53155f7da15e44c41d59d9677ffab44891bb4b347f533b74cbb48198bf8aed22f86b0f13e474ece05a909cd917ae309161e6bb50d86d270c069dd94beb8ac5bcbbe202668f797dbf8ea63e8d054edd91de76e81637fe32e3490a916bc23d39de5178a5550a45820c23d47f0378cb5323a3ccead3a2ee53688c28390a037478bbc5ed71765f2911499067c1c43ef20ac41770a36ce8d55e2335d41143deeef34196d579903658adc64cab4e1dff21500a2912e943f29523b065b9198533cb1462f8fe15b4d00bd8049581da6aa6297c645da2b8bbdd5d25a4bf6392b02922b152aebeb304fb5fe92d1aedce795954337b775538ab3b2f135c6c80235e7e3f501a3d9aa44803f474a4a8329c4fe95cb7731e5064e5f31629550daba8928bb880fd3d3f5af5212d2530807cf7dc217fdad47a99759f5be66bbfc761a9135705166ac1ea90f1bb63b16a2234b0de6bdcb7835b356228872f60516b1278a43bdeb682445b60a2c0c5bd25f4ecba580738d60617b1a0a0c8a4e95eda62c4fe37dcaf249088706a47e27c8585d60c996cfef37a2f8265bd9c6dda54b125b48f57f9aad4b972d4f1ddb75c708866a403f1f0a6b3c3a3898d1ab68f68e2942dbbdcfbc5d3813cb75f8bae4de5225f261735bb6e45cd151f069ae8198ff3763ca963d234af876873eb5d5ad8e2ff1309cf1bf2e832983b54a6d9ef0af000c1739fd237006df3829fd23c5d5bc2b6cc5046fe96c544824705822dde458c5f28097afe6c5f926a6e90ba0880380831b61e481a7217e7138fdb10bf62c6a14884cbf33fc08b40c0b772eed1bd970668ac6461da99956d187f2f6ee684974176ea207847fbdc0aa8bab30386dbe38dbb4489e89ee027584d8f9fd0060c3a88da767569e2e45bde7116c58525a59533ff673bec9c787e110b4bd958d76eee83235f11f82422bbaf6c31f8f5270a2d58faefa2b9ce358b895b91890ce0109a958b19c276313bcef82c690883c29cb2a34d6197a677201f69907c105a4ddf16da0d6b59299bae6724333e8b7e2fbc21b9f7b53a6bab6ea64c203ad55cc0bb7e0ec71066e8ae1f348f0801cb9b0f77b5579b5edf72c122412970dcc69277601dc17bc05194020309be42a80be59df5d2db1e3992bf947ac0ad45132a6e073e34f77bc476477acbc4b6a5d684d660988fe18f070e2547733bf295f952ae1df509f3969c0ad2912aa3c307ccb733536b393f84133a09c4ff7efa6b0d90a629a020e12953e705a11fed5497a874b10d2b4ccaf5d252a6e9bdc8d667f6b6217b81555c95a87a92f1b2d33ffbac4d84cc88d910b7e42d8dc4dbb606d4ce5a8014876b987b6383de8884c7dfd4bc3459d2ad469f824571d9af1731d6a9dd19d138abfb8d16125fdf732654bff210d6584cca649ca019f4b6188f2896b698fc17dc0a00d2dfac34926556435fbf052cb3041d2bf6657b1458d954c2f822919ed6419ee097ebb91aac7e9705c266383c5240b5453010a1e7874f6058c6c351aea6cdb785d6414ad2f691c92a5815b90e77b8d021340a7583923a630e5ce20a8d6eb57b9880a302a6d05c57d12f7535cb8f0b79b7c0cfe6d30979667f361a0d5ee511a8e798678d8e28661491e958fbc7a92661b852a747abf177b906f0e462c93413d3cc955fc1c59267650e898ddad587df0287ce08fa1a453c871febbf2b0b241953da500ae85c658990e65eb197c1e15bf80516dcf54c22ceafed056f649c3a661d26111607bf54ce0ae5b2fd7f523f76ddefeae4520efc47e1475ffbcb69adc73b4d87fbc20228e8c43e84d8af9e132209630bc2826602c7f0df9ee148121cd3aeb2b71037f15584984cff613b15516304423e09835f91dc9e00a64e76928a31578f529b69cb8325b6948c055edfce62ef618d8b8bb68e5538154a82fb15df2326eee844715e31a17ee2066ead959ce66ad323ef82857802ad81520c4bd842ff194b3391117ae50c7314b1de25e2eceae48405c1fa4d129326c1d70c7359ced75b5924172d8f16cd4c6fbcd7793939cc93b55b9c5de71d05a3679472e088f37ce9061e5a13dcbb7fd05a17b8765e6e9f52936e6334f21164f88b416c523dfb917ce92e7ac40aed42ac0474ade425a955a2d82bf378be991286d15da9a390cdc0dc2a75936ee4f0af1b2132fc39502636905c056c194fc6f49edb1343233fa2aa9d91de6f4660fe978fc0b45b2591e4ca1a4e34fc9211906cc67ef6cc7b0c5e0d5e8158505952d2c8214df2b714dedf4495f43f6c902fe4124e5d4b24f176bbd863c23129c01e2bd49897c45fbfae19ec5f2d446358ca3786747714a80d83d72bd702ceecfa2ef40f186fe79a48ae190834595bd57898ca556539e8137cdcb09460cad540a4f0deebcd7ed7901afb029ef89f63a9aabfc989cba951b754d7fea56524685e433e4374e6d2ecda4e7f846d34a9c5f53d1d4611ef067425075b601786eb0aebe16d5825f6e1e43d23fb645d49df907616b572a659ace8e76718497d223827fdb90b160e11006f288f3b6fd048aa337fada41187bf06e05e076d798a10f056edb88ed967eaed8cab15148baaafa46ed3bb792fae74953018e75ff7f1f03b644cabe6df9b52897c662eba832bed4975aa5f55aac40f8149ce20c2a60a822deff17eb908b840d335fab31498b53b6f84b39fd2e61ca437890c61cc71c89f064d8c54ae5edfd363d84fcd6ef6db6e050c424c9c0b821fbeae6e2cc2df708786f4c5a10bbe80e9e14f46e34b3faff5fe465107234616f10801c2a5ea1e397de0d3d507ec61386bd2180f4ce1ce69888913eae3bb40e0f648df28a2816eada8784ae7701229b936a0d49a17f436549b8cbcf53904008ee7cdee5786e2c2cfb67df6bdf53d72cf161674621090e4dd328dd485d4d610b965b5834fb172b858e666f4474c5923f1d1d6cf56bc760cdc2d7f538bdfd9e3c1f32c49eed900a60893de2f22dea8cbdba2e933144e90b5aada2c2edcfb3509567cb0231006fc7b6f5662ecd49f5ff4b5f5328d832e57094656979a094135bd97835416592a55bf264709dedb148e6a75ed5882aeae56868c16d3f2dfadf51b254eda30535c1b6c556cc66565a52f543cc01275c34d0c076564c6f384f5851e0cee350640bd9f13a3623718167f22f7eeaec567b160cfc67d66c2442caf3f62d5bf707a1583240d957c47760e19d7ca5950ede317c6bb899307044dc3703a678ef32eb45166c888a71f60dd51e607efce0dcf5df9529981cb5f1a27916dbeb73e6867cdc94a1f464a019aec17b4184af79c428fc1bf45efed02bc6c2164926b030845fbc6a22c8d83b7286b44f9380feab3e7596dda4d5defd8244435e8514f15889bd0aa3c881de7e2f219d7d811331a66dbd8b25b76dcc40999d28a88b0d7b3ccd59084e0a7d11a36bd8552981aad98751fff2b6db6006edab5dd9a54442cdf0b1d717a0ea65886b77b109eb67d906daebb405f0def47599ee270b4bb4fe353be09d09685e316999354c8624dfe3d6ed0143fc95556445f12f6fab7e9553fac2627c1d98de2886573a45ea8dafe0f464987c037747a0f7baa8889c2aa1559ea180f4c0fdaa63c1129fbd9eecf3ecb51704265a7aca6688e9565c1d4853c1ee0d61f8203e360d2ffac22ef2f7ddef7230070671abb0878ced31585cfd2f50941406b7b32431de398654d93dc438e5b91b3dce003bae8812900642d9448f9c6f7a8924ee040ad1d146dced249736b10552bfcfdf14b11554065b777eebde8ca98dfea2b9a3503cfb32afdd12ed3aca2a98a9c2c5d0aed740e998a49652c8beca0c4cefed83c03be944cf9e8ac33102fdfc84e31b01ac44122a2d6581bd3cfd40d1dd1db475b794eadbc7bc70014b005e8863b8d0efd9f297d212d5e09a80b95b0b2f67d6a2f148c9b58e1d21f3643db1d04b8c67020047eaf397673fc9de6235e1089db2c42e0cf7c420ffe3ee1fe5229fc8dc2891be21b90d82d80cf73ed4ba99676832336c049dac5bd8c31078d2abda63dc0f2c3b9ee39c1f05f9e6ee0b4b6937a85fa4ec89df50659239f97ad5e5a2f238341fdccb0faacb3011416ab0d5eb0683e56cc439f9089edc613ac38c7d4b7069b9189c2686c2e856040083aa988ccf9c64800816b66eb41df3c0708e056eb6fabdad024f0d26f972f35b14ebfaaff8652de7998713b3704cf329d2c6690882e2cc92599f386b8913fc0fd8235a86b98e86e3828ac3424bcbe202d06ea3ae8f69426ce283d48379f064fb0ec73d2be26c07da6deb9502ab67fe62455a41ad0b221eb102f736741367c26535322d63a7622c516889b262a5a153a7a2e53d21960e8e90b9a3a6e5eb2c4a97ed5420033cd24587c227baef5908fdecda14c2bbdc64fd8898b1f5cc1b0756596372940e578074ee55c1f51ee20a92a9c7e36fe4e63a20a745e34387d901bcdb4f18766597b336de829edeae67691d052d20c8d91261feafd34c235064bc25b5fbb199de4490a8f025cc2149f1db4ee1f0f5da9f93404714089503e7c6101b231004a30c25691fef8c3bd5610036372b40ce06387df9a1db6fab1819f6499183c64141f32c70e7d7632ae61559ad"}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 15:38:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket(0xa, 0x4, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000080000012000900010076657468dc7e79803a54c8f9e6fb9b2da551f1a3c88a5c55efdf2f17a5d9f27ebb8a2a7b31e1314984d6c2c16668b2b9f37405304f91013e1fe3ed795bd1d41b3cf83c5c8e08f7a2adde190b28f5d1f14219884eb989fddf71c9ec6258fd931b4287ca335acb17f39063fd985ff3ed30e4e4ce4e34a939237dc205a7dd36b4a44f98dceac8e9f0670ef4e58561e8ca8a70cf45a9c7b39589bb0b48ae4950a569d6c1e3862760b92fc1a68e8587ce1fc2738d9375889640cf8010252abe36e85185ee60bddf526ec8525c764db409799659152fa60b07eb8b80227a5384"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="4400000024000b0f001000000000005d12b6703b", @ANYRES32=r4, @ANYBLOB="00000000ffffffff0000000009000100677265640000000014000200100003000a"], 0x44}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000002400)=@newqdisc={0x6c, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_PARMS={0x38}]}}]}, 0x6c}}, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r6, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r6}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, r6, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$nl_route(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xc00}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_getaddr={0x50, 0x16, 0x800, 0x70bd2d, 0x25dfdbfc, {0x2, 0x18, 0x2, 0xc8, r6}, [@IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_LOCAL={0x8, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0xb8, 0x27, 0x6, 0x8001}}, @IFA_LABEL={0x14, 0x3, 'tunl0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x6088}, 0xc804) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_io_uring_complete(0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x6) ioctl$KDMKTONE(r1, 0x4b30, 0x4) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:07 executing program 2: write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000180)={'syz0\x00', {0x40, 0x4, 0x3}, 0x53, [0x8001, 0x9, 0x0, 0x8, 0x7, 0x0, 0xff, 0x9422, 0x0, 0x800, 0x75d, 0x4, 0x5, 0x7e8c, 0x101, 0xe979, 0x1f, 0xffff0575, 0x8, 0x80000001, 0x0, 0x4, 0x5fa9, 0xffff, 0x8, 0x5de2, 0x9, 0x2, 0x0, 0x2, 0x0, 0x6, 0xcf, 0x4, 0x2, 0x50c, 0x4, 0xe0, 0x625, 0x3ff, 0x3, 0x3, 0x3, 0x20, 0x9, 0x7, 0x6, 0x2, 0xffff, 0x4, 0x5, 0x3ff, 0x3, 0xab9, 0x6, 0x800, 0x6, 0x6, 0x81, 0x2, 0x4, 0x3, 0x7, 0xdf], [0x6, 0x1, 0xfd9, 0x3, 0x6, 0x100, 0x200, 0x400, 0x938, 0x4, 0xdc9, 0x0, 0x3, 0x6, 0x40, 0x7ff, 0xe20, 0x8000, 0x260d, 0x7fffffff, 0x400, 0x29e, 0x7f, 0x6, 0xd5e, 0xfff, 0x3f, 0x3ff, 0x9, 0x2, 0x7f, 0x2, 0x8000, 0x1f, 0x1, 0x7fffffff, 0x4, 0x7, 0x80000000, 0x9, 0x22e8, 0x63f8, 0xfffff801, 0x4bf1, 0x3f, 0x1, 0x7, 0x8, 0x1f, 0x3, 0x1000, 0x4, 0x4, 0x4, 0x8, 0x3, 0x401, 0xab1, 0x3, 0x3612, 0x2, 0x9, 0x594, 0x6], [0x9, 0x1, 0x7fff, 0x5, 0x3ff, 0x7, 0x8, 0x4, 0x0, 0x3ff, 0x4d1, 0x8, 0x7a15, 0x0, 0x80, 0x3, 0x7, 0x1, 0x9, 0x3, 0xef47, 0x9, 0xd6d4, 0x7, 0x81, 0x2, 0x5, 0x0, 0x2, 0xf959, 0x0, 0x1000, 0x56c00000, 0x3, 0x3, 0x5, 0x2, 0x9, 0x6, 0xff, 0x2, 0x7, 0x8, 0x40, 0x6, 0x65, 0xfffffe01, 0xd1d, 0x3ff, 0x3f, 0x9, 0x601, 0x2, 0x3, 0x80000001, 0x596, 0x7, 0x40, 0x2c, 0x4c5, 0x8000, 0x15, 0x8, 0x6], [0x0, 0x80000001, 0x4, 0x800, 0x6, 0x80, 0x1, 0x0, 0x283, 0x9, 0x46ac108, 0x3ff, 0x14c, 0x5, 0x19227ce7, 0x0, 0x7f, 0x1297c00, 0x2, 0x6, 0x401, 0x100, 0x0, 0xffffffff, 0x8001, 0x3, 0x10000, 0x7ff, 0x1ff, 0x100, 0x7, 0x5, 0x7fffffff, 0xeb, 0x6, 0xfffffffc, 0x3, 0x0, 0xdec6, 0x1, 0x0, 0xda7, 0x7, 0x4, 0xfffffff8, 0xfff, 0x1, 0x100, 0x9, 0x200, 0x4, 0x1, 0x0, 0x3f, 0x8001, 0x6, 0x2, 0x0, 0x3d5, 0x6, 0xff, 0x0, 0xefa9]}, 0x45c) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCGETD(r1, 0x5424, &(0x7f00000000c0)) 15:38:07 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4}, 0x18) sendfile(r1, r0, 0x0, 0x80005) bind$can_j1939(r1, &(0x7f0000000140)={0x1d, r4, 0x3, {0x0, 0x0, 0x4}}, 0x18) accept4$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14, 0x0) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000002c0)={'ip6_vti0\x00', 0x0, 0x4, 0x9, 0xff, 0xffffffff, 0x8, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7, 0x40, 0x4, 0x5}}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000100), 0xc, &(0x7f0000000500)={&(0x7f0000000380)={0x164, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x846d9dbad0ca0243}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x40}, 0x800) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r7, 0x400455c8, 0x9) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000180)=ANY=[@ANYBLOB="010008000156000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="00000000000000002e2f66696c653000c7523df36a4debbe359aa5ef384496c4c93ab42b876b288a3630bc1dd0246ee9d0507ba2b01d14e130ad623fcdb643f7ea74c8adc1e80d74009d77bf7865ce09c8fab4861a8a989cffa0e50fb221d0a93fb926b0918591b1d922a1e09f103e0cb6"]) ioctl$TCSETSF(r8, 0x5404, &(0x7f00000000c0)={0x1, 0x80000000, 0x0, 0x7, 0x3, "6f68a03133ce5b94bd8c8c1f62a907a85db2c1"}) 15:38:07 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x80085502, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1699.861366][ T1209] Bluetooth: hci7: Frame reassembly failed (-84) [ 1699.880620][T20859] Bluetooth: hci8: Frame reassembly failed (-84) [ 1699.931372][ T1209] Bluetooth: hci9: Frame reassembly failed (-84) [ 1699.974430][T28506] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1700.002348][ T148] Bluetooth: hci10: Frame reassembly failed (-84) 15:38:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffff7ffffffffff, 0xffffffffffffffff, 0x1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000200)=0x1, 0x4) setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000040)={0x0, 0x2710}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)='vcan0\x00', 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x6d) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000100)={0x0, 0x81, 0x1210}, 0x14) write$binfmt_misc(r2, &(0x7f0000000300)=ANY=[], 0xff01) splice(r1, 0x0, r3, 0x0, 0x10003, 0xa) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000104e5edfffff7ffffffff000000", @ANYBLOB="01006200"/17], 0x3c}}, 0x0) close(0xffffffffffffffff) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x3e0000, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}}, 0x0, 0x0, 0x20, 0x0, "2caaeebf38e0da598491c8fa5858ff17450d1d30700526705a1895a3a8da3d02dff34f3629250b99f828f737c856beed89e550ff6adb466e0e3600d7efa0e07c2b17af9ff49ef8c4c3745c8bfa46f5e1"}, 0xd8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x9) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000080)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1700.551589][T28506] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1700.684924][T28517] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1700.734381][ T148] Bluetooth: hci11: Frame reassembly failed (-84) [ 1700.744765][ T148] Bluetooth: hci11: Frame reassembly failed (-84) [ 1701.146087][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807bdb3400: rx timeout, send abort [ 1701.154799][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807bdb3400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1701.169330][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807bdb0000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1701.895393][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1701.904530][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1701.905428][T13853] Bluetooth: hci6: command tx timeout [ 1701.917726][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1701.999421][T18049] Bluetooth: hci9: command 0x1003 tx timeout [ 1702.005711][ T9935] Bluetooth: hci9: sending frame failed (-49) [ 1702.065381][ T8903] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1702.074661][T13853] Bluetooth: hci10: command tx timeout [ 1702.449778][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807bdb0400: rx timeout, send abort [ 1702.458562][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807bdb0400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1702.473200][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807bdb2000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. 15:38:10 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x4, 0x0, 0x0, 0x0) [ 1702.775339][T13141] Bluetooth: hci11: command 0xfc11 tx timeout [ 1702.781612][ T9503] Bluetooth: hci11: Entering manufacturer mode failed (-110) 15:38:11 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x6, 0x0, 0x0, 0x0) 15:38:11 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) r1 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x1a8, &(0x7f00000002c0)={[{0xc9, 0x4e00, "75840d2a5592636b00ece1f5f735cecd6303958e1077424bbb57f631cd3a72028a04928679fc6108e040b6e3df21d267ad8c2108abd9101604ed5dfb9495d23c1e758b68608fef2d81029ce774bc889a7c97d59e34c8889ff2c6cdc67f2de695959c9b8f8411978deac5ceb65b1eeba4df09c0bc50c7531d5ee1ac331f017b7acf5bd2b7b40f5fc804077811f111c26dc17d1f34017a672ac494655631760ebd7b208155d0d46e60607584dbfebfd1daf30d75d48a6c5962e50cc9d33f4698e685faf59c7f6094d70c"}, {0xd2, 0x4e00, "72815cb77906e1b3573b0bbdb1b41cc6e0afdf42ca4b117a635c9e24181916099651531e4c9ae9c564ece3714d745d318edd94810ff6c7bdfb62b41141b90e0fcf06c3a92d9aa843cce4904a65f3f54e9c2e0fcfb954e019b7be979584ebbd25df0ce1617aed09e34a3ee68379131a1ebb804b3987da89fed8ed31aa7da561c3714aa0fb74082d5ed3aca32bc48023850aa797631f58ac4c2ffc04dba2ecc775b27d8e634b9c256e9bfec62c79533719bc357cd5f8876005868c39b63b9404748716599d83f54b3cbde75a35eb4af1ddd855"}]}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) epoll_create1(0x0) perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0x1, 0x9, 0x1, 0x3f, 0x0, 0x6, 0xe1002, 0xc, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xfffffffa, 0x1, @perf_bp={&(0x7f0000000100)}, 0x20, 0x0, 0xdc, 0x4, 0x1, 0x9, 0x9, 0x0, 0x9, 0x0, 0xff}, 0xffffffffffffffff, 0x5, r2, 0x8) lseek(r2, 0x4, 0x2) r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) fcntl$lock(r3, 0x22, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x551}) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r2, r4, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x8) [ 1703.176367][T11206] Bluetooth: hci8: sending frame failed (-49) 15:38:11 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4}, 0x18) sendfile(r1, r0, 0x0, 0x80005) bind$can_j1939(r1, &(0x7f0000000140)={0x1d, r4, 0x3, {0x0, 0x0, 0x4}}, 0x18) accept4$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14, 0x0) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000002c0)={'ip6_vti0\x00', 0x0, 0x4, 0x9, 0xff, 0xffffffff, 0x8, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7, 0x40, 0x4, 0x5}}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000100), 0xc, &(0x7f0000000500)={&(0x7f0000000380)={0x164, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x846d9dbad0ca0243}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x40}, 0x800) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r7, 0x400455c8, 0x9) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000180)=ANY=[@ANYBLOB="010008000156000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="00000000000000002e2f66696c653000c7523df36a4debbe359aa5ef384496c4c93ab42b876b288a3630bc1dd0246ee9d0507ba2b01d14e130ad623fcdb643f7ea74c8adc1e80d74009d77bf7865ce09c8fab4861a8a989cffa0e50fb221d0a93fb926b0918591b1d922a1e09f103e0cb6"]) ioctl$TCSETSF(r8, 0x5404, &(0x7f00000000c0)={0x1, 0x80000000, 0x0, 0x7, 0x3, "6f68a03133ce5b94bd8c8c1f62a907a85db2c1"}) [ 1703.545197][ T2955] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 1704.055349][T18049] Bluetooth: hci9: command 0x1001 tx timeout [ 1704.061691][T23375] Bluetooth: hci9: sending frame failed (-49) [ 1704.069034][ T2955] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1704.082208][ T2955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1704.093961][ T2955] usb 3-1: Product: syz [ 1704.101401][ T2955] usb 3-1: Manufacturer: syz [ 1704.109338][ T2955] usb 3-1: SerialNumber: syz [ 1704.166769][ T2955] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested 15:38:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x80086301, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1704.465288][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1704.535452][ T8408] Bluetooth: hci7: command 0xfc11 tx timeout [ 1704.546263][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1704.619943][ C1] vcan0: j1939_tp_rxtimer: 0xffff888024974000: rx timeout, send abort [ 1704.635351][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888024974000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1704.649854][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888024977c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1704.835247][ T2955] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1705.255080][ T1053] Bluetooth: hci10: command 0xfc11 tx timeout [ 1705.261660][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1705.265431][T11206] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1705.317788][T13261] usb 3-1: USB disconnect, device number 9 [ 1705.495178][ T150] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1705.895101][ T2955] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1705.907367][ T2955] ath9k_htc: Failed to initialize the device [ 1705.915521][T13261] usb 3-1: ath9k_htc: USB layer deinitialized [ 1705.953616][ C1] vcan0: j1939_tp_rxtimer: 0xffff88801b8f4800: rx timeout, send abort [ 1705.961995][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88801b8f4800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1705.976400][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807ce2b000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1706.135037][ T1053] Bluetooth: hci9: command 0x1009 tx timeout [ 1706.615021][ T2955] Bluetooth: hci6: command 0xfc11 tx timeout [ 1706.615153][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1707.814811][T18048] Bluetooth: hci7: command 0xfc11 tx timeout [ 1707.827095][ T150] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:38:18 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) syz_open_pts(r0, 0x10c000) 15:38:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x77359400}, 0x1, 0x1, 0x1}, 0x8) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) lseek(r3, 0x2, 0x5) lseek(r2, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r2, r4, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:18 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffff7ffffffffff, 0xffffffffffffffff, 0x1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000000200)=0x1, 0x4) setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000040)={0x0, 0x2710}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)='vcan0\x00', 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x6d) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000100)={0x0, 0x81, 0x1210}, 0x14) write$binfmt_misc(r2, &(0x7f0000000300)=ANY=[], 0xff01) splice(r1, 0x0, r3, 0x0, 0x10003, 0xa) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000104e5edfffff7ffffffff000000", @ANYBLOB="01006200"/17], 0x3c}}, 0x0) close(0xffffffffffffffff) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x3e0000, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}}, 0x0, 0x0, 0x20, 0x0, "2caaeebf38e0da598491c8fa5858ff17450d1d30700526705a1895a3a8da3d02dff34f3629250b99f828f737c856beed89e550ff6adb466e0e3600d7efa0e07c2b17af9ff49ef8c4c3745c8bfa46f5e1"}, 0xd8) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x9) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000080)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:18 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x80086601, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:18 executing program 3: ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000840)={0x200, 0x7f, {0xffffffffffffffff}, {0xffffffffffffffff}, 0xfffffffffffffff9, 0x4}) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000880)={0x6, 0x8, {r0}, {0xee01}, 0x0, 0x1ff}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl$KDSKBENT(r1, 0x4b47, &(0x7f00000008c0)={0x4, 0x7, 0x1f}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x8) r2 = syz_usb_connect(0x0, 0x0, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000280)={0x2c, &(0x7f0000000080)={0x20, 0xa, 0x89, {0x89, 0x8, "8eb4713d87edd753ef2efe1d419631a790dddf2285addf135bb6c9a518b99ed65320a45cf192e0f74997ec3f7c9b1f20dea88eceb9723a6159d87fa8747058d2d1265d0806431228576c1061172a82e4e0303eef1894116c18290c8a488d7d6bc591c50dd440df67a3e98c8f81e751bd4b6aff12ad0bffeba8ab7caea047e9788e3c643ac9456b"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2c0a}}, &(0x7f00000001c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000200)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3, 0x80, 0x2, 0x6, "b0b19712", "59bfe123"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x9, 0x3, 0x9, 0x6d, 0x0, 0x101, 0x101}}}, &(0x7f0000000780)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="400cc50000006fec8307eaf79ff8be26a646af87af3f791e3ed81001b1da9f10797eb85769e57f8abdcf33fae55ed13bb47fd0a1d1dd75f753c05bd891f7159c940d39d6ccb6fea6ce0767c6dbfd545d21db10a58555b0c81d74ab3f2300c73ff1c6882760430b0d9cfbe721f3d90f19918cfcb8e5de0980e5091ee0ac54cede2f82c5b52139d6c1b5218e06a208efe77c4c57808f7c39528a4bbeaa669e74e03e8d259a82cbc8b418f53ad0ccb5e04837feae18c1693b278bf5a6488d5db7cc02ccc7af259cdc575ac9c2"], &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x81}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f0000000900)=ANY=[@ANYBLOB="e000c87dc7f928d471b6af5977fb4296731631"], &(0x7f00000004c0)={0x40, 0x7, 0x2, 0x3f}, &(0x7f0000000500)={0x40, 0x9, 0x1, 0x1}, &(0x7f0000000540)={0x40, 0xb, 0x2, "f5b2"}, &(0x7f0000000580)={0x40, 0xf, 0x2, 0x5}, &(0x7f00000005c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000000600)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000640)={0x40, 0x19, 0x2, '^7'}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0xfff}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x3f}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x6}}) syz_usb_control_io(r2, &(0x7f0000000b00)={0x2c, &(0x7f0000000940)={0x20, 0xc, 0xbe, {0xbe, 0x21, "42d11ce78fa1a74a4d6fd5b3c5147b25fab95bafed76f5c7fdb09c3a339b3589f2948e3126fa7917c936e981c9e890435bdd1dfd93e54ea9b863e7d7b56693e13085e1512f8c8ba19665031f8f95e054c9b04ce65728aebbda1816d665b63a1f59f6284187b09117e4f2ab772c9801ccb0762bd4a7a0ca16d70ab1c85cdb4e0c72ee41a6d2270b62c5e662d76a91adf5e21ad2df7ba486bc8b02c9f6c845d92a99e9909d1a345ef3daa04fc17d0f10380c92bae405424e7387020de4"}}, &(0x7f0000000480)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42f}}, &(0x7f0000000a40)={0x0, 0xf, 0x12, {0x5, 0xf, 0x12, 0x2, [@ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x40, 0x4, 0x40}]}}, &(0x7f0000000a80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x10, 0xff, 0x6, "1b734cf9", "be39ae90"}}, &(0x7f0000000ac0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x0, 0x3, 0xff, 0x0, 0x9, 0x2, 0x40}}}, &(0x7f0000001000)={0x84, &(0x7f0000000b40)={0x0, 0x17, 0xd8, "096c82a58533a848a5b03ef3d60d3fb1362e7b0f1974aa9c7d4793d247e2c7acabe0d158b99007f50e8cca8dbfb55f930e41475f45add11574ca307695a4c1f00d1014bb5d819e1c8b95081d8eccaa118af31d5fec3ef465e1de1eb4e114b3be38fb050b34b77066a3d0b3d4e7f0cf172322ed61f20f8ecfa100d130b5b360f9366c4e5d057a8c8c7e826920fb9c49b75473e8f0e0d969c60020ac10519c368be8463546f89d6e2f3e56061ff6958b0d25f26dbc39b55545ce23792304ca0729335266fc3a496ffcd341214a230d9e57f1b36bed3e934b59"}, &(0x7f0000000c40)={0x0, 0xa, 0x1}, &(0x7f0000000c80)={0x0, 0x8, 0x1, 0xe0}, &(0x7f0000000cc0)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000d00)={0x20, 0x0, 0x4, {0x160, 0x80}}, &(0x7f0000000d40)={0x40, 0x7, 0x2, 0x8}, &(0x7f0000000d80)={0x40, 0x9, 0x1, 0xff}, &(0x7f0000000dc0)={0x40, 0xb, 0x2, "dd2b"}, &(0x7f0000000e00)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000e40)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000000e80)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, &(0x7f0000000ec0)={0x40, 0x19, 0x2, "8e80"}, &(0x7f0000000f00)={0x40, 0x1a, 0x2}, &(0x7f0000000f40)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000f80)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000fc0)={0x40, 0x21, 0x1}}) [ 1710.091682][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) [ 1710.140627][ T1209] Bluetooth: hci7: Frame reassembly failed (-84) [ 1710.217755][ T1209] Bluetooth: hci9: Frame reassembly failed (-84) [ 1710.345609][T28649] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1710.473486][ T1209] Bluetooth: hci10: Frame reassembly failed (-84) 15:38:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(0xffffffffffffffff, 0x3, 0x2) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r5, 0x3, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r6, 0x3, 0x0) dup3(r5, r6, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x4019) ioctl$KDADDIO(r0, 0x400455c8, 0xff) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x16) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:19 executing program 2: prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000180)="f20d861dc4ee3521ab12877ebbcf2771ed6f591f3628b80620bd6351449348698d6196ed68733c8cc84c9c001ff48191716febb371859ed7825a7f245207b1efcdeffe98e3caed4329644169c1bf40e67ece572ac1a8d7771475670e70baa0416ac2606f097a5f2c106c0c764257e023d4d3f22fab7c43c73e4e15b098a9199fba65c865de1b4dfb61be5edc7019d28be4f68fc725635d9c6efa2ecf0d354027a7626c4ee4942cded25fde2859bc7138a32d5dced5e3048db71b4e301b8a2dd05b989e798f8c09f3c6c6cb98b986abb4", 0xd0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000080)={0x4, 0x7}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1712.134503][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1712.134706][ T6548] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1712.214668][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1712.214699][T13261] Bluetooth: hci8: command 0xfc11 tx timeout [ 1712.223127][T13261] Bluetooth: hci7: command 0xfc11 tx timeout [ 1712.230816][ T150] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1712.304599][T20417] Bluetooth: hci9: command 0x1003 tx timeout [ 1712.315989][ T8903] Bluetooth: hci9: sending frame failed (-49) [ 1712.534669][T13261] Bluetooth: hci10: command 0xfc11 tx timeout [ 1712.534729][ T9503] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:38:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1712.777389][ T150] Bluetooth: hci7: sending frame failed (-49) 15:38:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_open_pts(r0, 0x200080) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x1a) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000580)=0x15) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r3) r4 = perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r3, 0x84009422, &(0x7f0000001d80)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000000c0)={r5, 0x1f, 0x3}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000940)={{}, 0x0, 0x0, @inherit={0x78, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000060000000000000065000000000000000900000000000000200000000000000005000000000000000008000000000000070000000000000000000000010000007c00000000000000fd820000000000000600000000000000bbaf00000000000007002000000000000800000000000000"]}, @devid=r5}) ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000000180)={r5, 0x4, 0x4, 0x1}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000002180)=@nat={'nat\x00', 0x1b, 0x5, 0x660, 0x0, 0x4a0, 0xffffffff, 0x100, 0x4a0, 0x590, 0x590, 0xffffffff, 0x590, 0x590, 0x5, &(0x7f00000005c0), {[{{@ipv6={@empty, @private0={0xfc, 0x0, '\x00', 0x1}, [0x0, 0x0, 0xffffff00, 0xffffffff], [0xffffff00, 0xff000000, 0xffffffff, 0xffffff00], 'macvtap0\x00', 'ipvlan0\x00', {0xff}, {}, 0x2f, 0xac, 0x1, 0x20}, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@icmp6={{0x28}, {0xe, "d8c6", 0x1}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x1000, 0x8, 0x2, 0x1}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0xc}, @empty, [0xffffffff, 0xffffffff, 0xff0000ff, 0xff000000], [0xffffffff, 0xff, 0xff000000, 0xffffffff], 'ipvlan0\x00', 'hsr0\x00', {0xff}, {}, 0x6c, 0x1, 0x6, 0x42}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@mh={{0x28}, {"711e"}}, @common=@frag={{0x30}, {[0x6, 0x3e57], 0xe1e, 0xe, 0x2}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x6, @ipv4=@local, @ipv4=@multicast2, @gre_key=0x800, @gre_key=0x100}}}, {{@ipv6={@private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xff000000, 0x0, 0xff000000, 0xffffffff], [0xff, 0xffffffff, 0xff000000], 'rose0\x00', 'syzkaller0\x00', {}, {0xff}, 0x4, 0x20, 0x0, 0x2}, 0x0, 0x210, 0x258, 0x0, {}, [@common=@rt={{0x138}, {0x6, [], 0x31, 0x8, 0x2, [@mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x3b}, @private0={0xfc, 0x0, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, @dev={0xfe, 0x80, '\x00', 0x3b}, @empty], 0x5}}, @common=@unspec=@realm={{0x30}, {0x5, 0x7, 0x1}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x10, @ipv4=@loopback, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e20, @icmp_id=0x64}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x7, @ipv4=@rand_addr=0x64010101, @ipv4=@rand_addr=0x64010102, @port=0x4e20, @gre_key}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6c0) [ 1713.254447][T20417] Bluetooth: hci11: command 0xfc11 tx timeout [ 1713.254597][ T9935] Bluetooth: hci11: Entering manufacturer mode failed (-110) 15:38:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xc) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1714.374559][T13141] Bluetooth: hci9: command 0x1001 tx timeout [ 1714.383590][T23375] Bluetooth: hci9: sending frame failed (-49) [ 1714.694436][T13141] Bluetooth: hci6: command 0xfc11 tx timeout [ 1714.700702][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:38:22 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x40, 0x7fff, 0xdc, 0x8, 0xe, "d3c57f2024eac22f4e416cb64a243b1b95a114"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1714.783498][ T8903] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1714.801491][ T158] Bluetooth: hci6: Frame reassembly failed (-84) [ 1714.934303][ T150] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1714.934640][T18048] Bluetooth: hci8: command 0xfc11 tx timeout [ 1715.174301][T13141] Bluetooth: hci10: command 0xfc11 tx timeout [ 1715.174350][ T6548] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1715.894235][ T9935] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1715.894274][T13141] Bluetooth: hci11: command 0xfc11 tx timeout [ 1716.454399][T13141] Bluetooth: hci9: command 0x1009 tx timeout [ 1716.864438][T20417] Bluetooth: hci6: command 0xfc11 tx timeout [ 1716.870757][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1719.414173][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:38:28 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x19) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="00000400001000002e2f66696c653000"]) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f00000000c0)) 15:38:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x801c581f, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) pidfd_getfd(r1, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xc) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) syz_open_pts(r0, 0x304342) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1720.357481][T11654] Bluetooth: hci8: Frame reassembly failed (-84) [ 1720.380207][T27301] Bluetooth: hci9: Frame reassembly failed (-84) 15:38:28 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0xd5044efdf65d7b28, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0xb8000, 0x0) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000340)={r1, r1, 0xb}, 0x10) r4 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$AUTOFS_DEV_IOCTL_FAIL(r2, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0x18, r4, {0xffffffec, 0x8001}}, './file0\x00'}) lseek(r3, 0x3, 0x0) ioctl$F2FS_IOC_GET_PIN_FILE(r5, 0x8004f50e, &(0x7f00000002c0)) dup3(r1, r2, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0), 0x10082, 0x0) ioctl$VT_DISALLOCATE(r1, 0x5608) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDGKBDIACR(r2, 0x4b4a, &(0x7f00000001c0)=""/240) 15:38:28 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)=0x1) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$PIO_FONTX(r2, 0x4b6c, &(0x7f0000000080)={0xc0, 0x1f, &(0x7f0000000180)="022b9c9aea6f6c6bc0ddbd4d7414cfdd20f0efe5d26294b73b03c5f26480da3044f362fe3302c688bbf4238196f345c287a0bf28b1131c1f6cf3517587029ef2b0c6408a5134787cc3afe87e839b4e09f9dd889041f6c04bad12869043847c6090ef80a877e76284857dfc6925809bb684a1e5e296b4a34ef7a42fa0a2087088e75277801c6463ca18ef9f648964b40b07ca945505eebd32116e642cfe3c40975ae4dae2a38793cc1aac0ab2bc4b0863a2d5c04a3090cce2750c10a7e2f5edfaba8a5a6a925d58d40cc27e09e330486594cc0e3ef6bd2380639f1e005731d448edf0973def98092c46a330ffb4c0b61f94d52178caa032a98ad6ac4e934d9e6a0f0e51417f092a34b8cec1d9b3d4433d977d243e8291be419e18f2be9c0696ece5f375a23519e67a864d2d9a4f46ff8304a7e9930dd9df7302e75926b7cd993d4916b8b971aed080f984598f6be2fa84fb17d339121fb9c8b73ed2953a8014e21dd581aac9423195e66570349ad8f0c7005eb6ef4e713a275ad14dfea253def25f45eb4a4c30adc6b9d0f9d771a5be09808d4c493340a2d785ad3f682e737650227889b4bf2db6dc9bf820c76259021b6121ca0a35b5d40e1364d7efee6476e7259b0a8195c2f987993c7fe53b27ef4028f92cc221fe869e39839da2d36fd887bb4f506b3f273d726f57e14c945d895a6b732b54cc2625f857a969c909daff47c226b863e2abd2036a96a0dacc7709b2201584360a807741b4c60c9816e1aa1f2860f403d0d3e61f342774bcbc39f9f540a5fc59d3f06685be26f8ec4bbcbe94f4bef38f83e367b422a4e70f28d971ae946d95be1a43f0db814013f680dd96fdaf98b2bda87f8a79a5758c47aa095e35d30cba530c5dfa6d99ac58d5b5750834ba625deaf115faf61b7d52e4f1e81565921e6d9c5e694f19b90b4680da0f976fcfc0189d7dabbc65876d2cc2047c7d6f2eaa08cbab7f7963ee2288644bdfba930be1ca42f1973a5a8b10cdfd6f8a1afa880b7da0363811f12bc9dd21eeabb0d7929f79492785c99f8ed8e82607877be0524fa4565afc5a4ee0d384df88d5f4e43f4556cfdc5ff240a4625b2614113da11c8270e9f3ae8e47107a3d82d0b971c33c7b7f17936255830333d0f0c95f463eec369febc1f3534abe5327cced9081e7e5d8e2ecf2dc1dad28ee25acad01db52691536bd30b58df18acff27b5cc64481bce5af15c74577a8a94219c6cac31b2d7bd4d6344e67c028929834284d40f6432849afef6df2d880bac646a81bb4f90ddca4f66ac3d188fcde75a30ab18b255f7c4bd8df4b2fe9499e139bb263d4939386a2fa2abd377474a459036642185f9a44b054d10edd155fc95e57233d3ba6bbf1c1d119b32cbf942bd90e70504d7c7a3f7356cad0e3ffcbc225a04ec7adb43064dfe9ad89ca5c4e4dcd4116997dd89d"}) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$KDADDIO(r3, 0x400455c8, 0x45) 15:38:28 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000000)=0x4) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, &(0x7f0000000080)) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$KDGKBLED(r4, 0x4b64, &(0x7f0000000100)) dup3(r1, r2, 0x0) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f00000000c0)={0x2, 0x0, 0x4}) [ 1720.815563][ T148] Bluetooth: hci11: Frame reassembly failed (-84) [ 1722.373949][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1722.383363][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1722.391302][T13141] Bluetooth: hci7: command 0xfc11 tx timeout [ 1722.394816][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1722.397505][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1722.458012][ T150] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1722.466394][ T6548] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1722.853737][ T1053] Bluetooth: hci11: command 0x1003 tx timeout [ 1722.861186][ T6548] Bluetooth: hci11: sending frame failed (-49) [ 1722.964098][ T150] Bluetooth: hci7: sending frame failed (-49) 15:38:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000980), 0x129240, 0x0) ioctl$KDADDIO(r1, 0x4b34, 0x2) r2 = syz_usb_connect(0x0, 0x0, 0x0, 0x0) r3 = openat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000900)={0x400040, 0x0, 0x39}, 0x18) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000940)=0xd) syz_usb_control_io(r2, &(0x7f0000000300)={0x2c, &(0x7f0000000180)={0x20, 0x23, 0xd9, {0xd9, 0xd, "92da6d08a20c72229caef1f0cb54a5f879d7354d298ae3b07b470e56a516a1011a7e7e63384c6a8c8353fe3ba5db6d7f23c28a8c67ce615703339db7682ea35f2f110f7433d663d7493558181e7c2b9c50dba3354194347305c7d63b75407e1f8965cfbc201b1f9282420073362ef1e6a122426b2db9741c3095cd24bc47b46b866a33e76dafb59910d7f1ee90463990478924d085b8c29cfeb16f83c74fb7d82b5b0af011ca243c0a535da7479412cdb30b10319035861bcdb5f5d2d30bab014395425d42e56b8bce745f39c502907ac74dd1e388223a"}}, &(0x7f0000000080)={0x0, 0x3, 0x44, @string={0x44, 0x3, "c8e3f45b829303abf9a72114d97cb637d22dd604c370495e2b077808bedbb931c6b9e1c9e9506b1a22264ec3027fd0835c8f91a02d50a30d971a82a747d6a47188c9"}}, &(0x7f0000000840)=ANY=[@ANYBLOB="000f32000000050f32000420100a8705010000000f0200af00a9bdddff00303f00003fff0000c000ff0003100b03100b000000000000000000000081ed13c0df34f45753dc676a14fafe107a2e3dc692ccd96a5aa29dff52ee80a0981769e3824915a1e9237e429353015c1615a61700abff0002000000000000b0cc44d3019b5f81aeff24b5b145aa7ba84f6f6bfa43a9017695580495d4f15e11206a350c335f94f1f2d223941281493a4011a1df9695b8b01fbfb577f0d5c329e4"], &(0x7f0000000280)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x2, 0x2, 0x60, "8cdf6ad3", "edc99ac7"}}, &(0x7f00000002c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x3, 0x2, 0x0, 0x81, 0x40, 0x7fff}}}, &(0x7f0000000780)={0x84, &(0x7f0000000340)={0x20, 0x0, 0x52, "50729792106b19b8d3c0ac74dd8a4091659a6ccd7b21dfe9bbb0c67f28f86eea5cd2bcea27e7a4a475c4d82fd084c05e86d7bfcf2deec8c13f2e932aa0b837c10b69b24897f9ce26ee7b90d39239e09b6225"}, &(0x7f00000003c0)={0x0, 0xa, 0x1}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000000480)={0x20, 0x0, 0x8, {0x160, 0x0, [0xf00]}}, &(0x7f00000004c0)={0x40, 0x7, 0x2}, &(0x7f0000000500)={0x40, 0x9, 0x1, 0x1f}, &(0x7f0000000540)={0x40, 0xb, 0x2, "3a13"}, &(0x7f0000000580)={0x40, 0xf, 0x2, 0x6}, &(0x7f00000005c0)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, &(0x7f0000000600)={0x40, 0x17, 0x6, @local}, &(0x7f0000000640)={0x40, 0x19, 0x2, "e30e"}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0x1}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x52}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x1}}) 15:38:31 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x7) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x5, 0x0, 0x0, 0x0) 15:38:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) fcntl$dupfd(r2, 0x0, r0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080), 0x20c03, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x15) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1723.126665][ T1209] Bluetooth: hci8: Frame reassembly failed (-84) [ 1723.211696][ T9935] Bluetooth: hci9: sending frame failed (-49) 15:38:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x88800, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x5) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000200), 0x40500, 0x0) ioctl$TIOCMBIS(r3, 0x5416, &(0x7f0000000240)=0x40) lseek(r2, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) perf_event_open(&(0x7f0000000500)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x805, 0x0) write$uinput_user_dev(r5, &(0x7f0000000400)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0xffff, 0x0, 0x4}, 'syz1\x00', 0x1e}) close(r5) [ 1723.758880][ T158] Bluetooth: hci10: Frame reassembly failed (-84) [ 1723.782209][ T158] Bluetooth: hci10: Frame reassembly failed (-84) [ 1723.869515][T28980] input: syz1 as /devices/virtual/input/input9 [ 1724.933498][ T1053] Bluetooth: hci11: command 0x1001 tx timeout [ 1724.940768][T23375] Bluetooth: hci11: sending frame failed (-49) [ 1725.013642][ T6548] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1725.013746][ T8903] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1725.024763][T13853] Bluetooth: hci7: command 0xfc11 tx timeout 15:38:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1725.173568][ T150] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1725.182951][T13261] Bluetooth: hci8: command tx timeout [ 1725.263611][T13261] Bluetooth: hci9: command 0xfc11 tx timeout [ 1725.269832][T11206] Bluetooth: hci9: Entering manufacturer mode failed (-110) 15:38:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000080)={0x0, 0x172, 0x5, 0x3f, 0x6, "a2a58b76b4a472e8210a3f842c23c331059485"}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) fsetxattr$security_capability(r0, &(0x7f00000000c0), &(0x7f0000000100)=@v2={0x2000000, [{0x81, 0x81}, {0x98}]}, 0x14, 0x2) lseek(0xffffffffffffffff, 0x3, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) io_submit(0x0, 0x4, &(0x7f0000000500)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xfff, r1, &(0x7f0000000180)="1456ce484186077000d287c82e05d6c282", 0x11, 0x7, 0x0, 0x1, r1}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0xfff8, r1, &(0x7f0000000200)="d4ac159d1a03eec21dabf4c2178683fcf3fef6af2d5eb5b7fa2a650d50a606ec128ce9c6a6b213b80f0fa35fc3bd9a275ac331f20d335dfcadf712d6d1cacaaaabbf41d4191978d49024b9865a5a0169f0e6216d7313fd5b8a2c8a89d9b469b7227ce1fecef41248244b9dd74493f2b167dd484d9fbce4a039d0a2ebf3c2d2da72fa68b3ad6849fb8264f8bf41809e12246b29c4a4c990c618a6a62a32f0f1520541c15052426cfebc6b269bbeb4819f90d742bc301c1c8621f8a972ae02c2cfbca163e2bab0b4364cfb5aafbca549e50485bd37274efe0b5fc8c326bcc7badcf1ea3948ca38e261c4a280", 0xeb, 0x7fffffff, 0x0, 0x1}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x5, 0x2, r2, &(0x7f0000000380)="882d963c21e2cf7dfb252f58", 0xc, 0x3, 0x0, 0x2}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x8, r2, &(0x7f0000000400)="ad8b81a7975d56e4dcf65c516a5aa72d2feed0c9ec39e6d0d75df4b1d34e5ca1f38d6927511e275862ee93e3bdd4a133ddc262a911cb83be3bc44e421298af6bcf02d9a5b225403776125d5c6acf834881ff346efaf03cab18f4e42e8c04bee95f24e47b0bc02b615986aa4dde9653b94e515f5e3c475a3499d0dcd731c3d0ff6386805fab504d0bda900e4e8a5cca2958b6fc67989af9e7dbe91c111158b6bc5f4f3883e1d9", 0xa6, 0x217, 0x0, 0x3, r3}]) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1725.803691][ T148] Bluetooth: hci8: Frame reassembly failed (-84) [ 1725.813596][T13853] Bluetooth: hci10: command 0xfc11 tx timeout [ 1725.819956][ T9935] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:38:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, @out_args}, '\x00'}) ioctl$TCSETS(r1, 0x5402, &(0x7f00000000c0)={0x0, 0x4, 0x7, 0xffffbb57, 0x3, "b621968a2a623f55b50336b115c0e96f26e12e"}) [ 1725.855997][T28985] input: syz1 as /devices/virtual/input/input10 15:38:34 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x18) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0x7e02, 0x1, 0xa63, 0x4, 0x8, "1cc6a977280583719517e7907c2b7efecc131c"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1725.956821][T27301] Bluetooth: hci9: Frame reassembly failed (-84) [ 1726.112714][T23375] Bluetooth: hci10: sending frame failed (-49) [ 1727.013608][T13853] Bluetooth: hci11: command 0x1009 tx timeout [ 1727.173572][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1727.173753][T13853] Bluetooth: hci6: command 0xfc11 tx timeout [ 1727.263588][ T150] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1727.716378][ T148] Bluetooth: hci6: Frame reassembly failed (-84) 15:38:35 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r0, 0x3, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) dup3(r0, r1, 0x0) ioctl$SNDRV_PCM_IOCTL_DRAIN(r0, 0x4144, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1727.813349][T13853] Bluetooth: hci8: command 0xfc11 tx timeout [ 1727.819980][T11206] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1727.983400][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1727.983546][T13853] Bluetooth: hci9: command 0xfc11 tx timeout [ 1728.133829][ T6548] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:38:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 'syz1\x00', 0x0, 0x0, '\x00', [0x0, 0x0, 0x0, 0x4000]}) sendfile(r2, r0, &(0x7f00000001c0)=0x80, 0x8) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='task\x00') ioctl$INCFS_IOC_PERMIT_FILL(r1, 0x40046721, &(0x7f00000000c0)={r3}) preadv(r2, &(0x7f00000003c0)=[{&(0x7f0000000200)=""/65, 0x41}, {&(0x7f0000000280)=""/105, 0x69}, {&(0x7f0000000300)=""/159, 0x9f}], 0x3, 0x0, 0x5) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1728.573945][ T8903] Bluetooth: hci9: sending frame failed (-49) [ 1729.733448][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1729.746353][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1729.814144][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 1729.820474][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 [ 1729.893207][T28953] Bluetooth: hci7: command 0xfc11 tx timeout [ 1729.899757][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1730.373288][ T6548] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1730.373734][ T1053] Bluetooth: hci8: command 0xfc11 tx timeout [ 1730.613228][ T1053] Bluetooth: hci9: command 0xfc11 tx timeout [ 1730.619557][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1730.693284][ T8903] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:38:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = syz_open_pts(r0, 0x440) ioctl$TIOCGRS485(r1, 0x542e, &(0x7f0000000040)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x8) 15:38:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0xc0045878, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x4000, 0x0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000380)) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x12, 0x1, &(0x7f0000000080)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}], &(0x7f00000000c0)='GPL\x00', 0x6, 0xbc, &(0x7f0000000180)=""/188, 0x41100, 0x1, '\x00', r2, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x7, 0x5, 0x10000}, 0x10}, 0x78) 15:38:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000080)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:39 executing program 0: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r0, 0x3, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) dup3(r0, r1, 0x0) ioctl$SNDRV_PCM_IOCTL_DRAIN(r0, 0x4144, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:39 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x208000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x1b) ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000100)=0x6) [ 1731.237825][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) [ 1731.266775][ T1209] Bluetooth: hci7: Frame reassembly failed (-84) [ 1731.266817][T11654] Bluetooth: hci8: Frame reassembly failed (-84) 15:38:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) writev(r1, &(0x7f0000001400)=[{&(0x7f0000000180)="0badd8e14fbe1bbf1ea278082c000ef767997ff3e7c7d7ddaf68e93d6e00012c2baa146527d244070d977218ed8b711620e03d65f9a1c931499e9a376c3a865e67ccec9a0de2ae8636efeeb3fbc974590de4122f51aa9017c0668187d8029f22eff5912e43dffa56185d3d44266fd3380b8272315d90ce1db25785f70ceeee254393c0b152fa104fe661418b090f49937ee6abfc339094bdae4d2c48fad3f74c8173faf96d20768ca2e8eaa6e9fafcce0c8aef68317279f900f6582a88f88d7c056b60841ed2824a1fb573b95a07deaa77f3ab954afcd89e533acf58c27c75e9fa2c52dbb259e3bc41d4f69644ed45e6cf7b9f3216be5cfacb2b96078c153cb8cb74f6b2fecdefc3c9219e7882f2ed3136bd9481474a517cbc06535045932782931d5b0e6a4b1d6980f3f437e88f94d4670de4bcb0ee9ef6e222c7eebf21f56e489b22a41aa99a471b281e41dadc2cfb229ec58aac284c7585bd1c634cc957b926f088771bd7240fac9c0913f15a33bbf263d18072c2cf9e7a2eed56d063f09177bd71b9bced4858227106436bc9ac8e5ca8b0dbbab4645149785387a3a8b52a67b11006c765fa8ff6131664140b20b1ff747e289c1ec5e975cd24699d0d8a9ac0de7ee8a7c68a4e09ab87cbe57aec03e82594c1ef85522079c7a0f2b407ef154cc4fc018081f61c6a3ce2ad4a2a0fd39c7d277c7888a46cef882506e6af222ddc321b657c8e9d2ddf35f10443f85702cc4a5da11c3d23f438bd031c8634f3d9c40c8abed7fb591b8e1e82c51102bfa4a88ca970ac518efe0c7f5fca25b57852eb9d6f6e2bae3a7e8259c2e62003de0a2727167ba38d57556c95208ac8c9cd37a9fb801548c8e76b18fec648645ac1bf53a5e4703ef2b5d37895da7713f2875f6507c9f852b6cadd35ec47dbe2417a1072b5226b5b861e91f7bca8737ef228145b4942bebd693a9a40382b4e501701c20e7ae062b0577dbaf5779aef67b42e0fa791a2c1079775de47b2114bd87046961c330fdc7975e43da58fa293bad3a02f97a9d7e7bbffd43882ba53aa02fe9b6efcf7c12f91153ea56a9784dd80427690469776949def154655da2f0e01e37e2fb8cc9b4cd7f6879d2338607afcd1745c6e2dce7c739f8742a9ac765e2465de6acd6fa2d4bab09aad565e77454187ebb9d1fb685cca900dd0d20216a3b76b9c48ce8bd0862d88a906aa19614efc5cbbaa7e1eda1448925121770a0ea27db5fa03f53e7cc7609a44a4716b4e0bdc8bdd54ddaeb44fbb5c5c36c76ccdc306a8c7ee6c4ac47ae6f1adac00fddb07fdd7afc2ac94593d14f5cd3ab915fe834faaee4ab320d3efe609dec0575c9b7718a8d127b396f1fc39d5662957fe8b8c499b6f217378111583d635ef0c3509e2afc902be548eeccbc9c1ce06aeacd20e5d6662fdd84884919b1f511eb1d541f652b728021f0dfd88948ca435b980fc99e8a1f37604c5bf13b363d98a137943cc1b8c7d3e0d36b5421361449048aa0346f5e8d45d8203eebd01c6bf000a4a9e2b65137b2b2fc9702356b1cc04e9390bc170505a8736f878e0e56efcfc58f709fd53da98787ae9f04d15cab5883c9c1da447535f88f4dcbff6516b868ade7a2795d7708fbe107ffc53c2b9b5d3c3f430600d9b3085e1871f60a04a5a68b52736f2787ffbb28cdcb8f028216f2f05c3e3fb0adbe1d7eac20ffdca6c4b39cfdaa0c64c1ce2974533361cb7ce75f6be1da500d2da6824cd980730efefa9debf32769e7fd0fad5283d7064cb4db46bdc5411eb2329d9747377f94851e852c5c357205000857abd471a0641fad5ba9156dc24920e537a367cff6faee011479aad546f634d16b19b07a786c6aa2841203c25c41c3c622399711d122fb8f89eea20eb3ebd1a95186c0659eaaabdd5ff42ba5df4a02900827822f0f802389457369b6e168c03e7e1a01fad8d15cffab452d787060ae0d10950451536c8439c68d9c09d161a76bbb0cdb5c2583295d8ae303655d84bfbb6da5c2eb354b7035c670b313a3972e7f955018149e4e9f1ae1a2c6bcccbee5d14c7c93d5c63e578d12819496712e058c68660f5c4d7588f1b8dc243dd7c1d7b4720d8d5c2fa97b6fc72e6610c29818cb02f45d381e8c38c4c25704b8cf67c4746bf671fedb7575579fab468b75b0ec2d2ec8608cdb40e3d1f220cdbc1da70fbeed02ede1b0aed4bd89611eef2543d3bdf7b2ecd6efca883463b9e9938e0b9ffbc37241318bd0a9de0184e56450773e53f2077275ee9dcf086fe4d96f2f99b237c92f0b48aeb85c90ef4b017fc5446585103a18520798d8eddca10b79807ff2df75de665dec04078a885c8cb1a5321965d101787fb57492a882db184c4e30c024b1832d0a48059f955d9b87bd5803d5f76e109259fd6aa68d06151453dfca9c341818cf9f92ac958eeab732474c91ec9f68d41b22ea979b02e5a65b5660c5933b74f7b3cb4bb28c415a56c3c6a73548d0a063157d216bc516ccf35da926d371cbc3610ccf2e2880ee6b5db97827e6efb42f94b44d8dde079c5a9ff774cb366eaa4aad74918ca7f7a8959f2e67b87278dde8616611537c1bbc0cf542f93f22717a30348c7d49eec982d25fad10fd75f89f9926062837c8958514bf4a268312a9dbfb393ee21a63bc4434bc2a5b743fa209e39da0bbbcce55b83a04a8d3c8f629ad38880a1f4cf599ed577776427fc5415df92658eeca56b69b9c9c1ed8f379084baf782349a2a0f42c9724d9cc281fda11ab71f8cbb4e3e2ff89794166f75aa3ee1ef04fa1da20f3fc007fdbf5bc90091a4e2a039870efac40d4082fa2a7fa9f0d347d357e8f7ed1518071b02cc808214e485053e95e750017246dcc115b66e0a686734e4ac891a19b87801701404553071bdb75ab1dcd337281320a86270dc83c30c36a7a8bd55b2a2def2678a2c0b2c71049f9b2071599b084b9dd06398036fadb65cd85baceebd2ea7306159157ed746e9d7c9af982b38be9d7086c78c1ea64960b14d19dad2025206b4abfd76f4fd8945bc60a22fe45ae650278380273fe8f1cc17f515a817bef1958e3de279ca42150155ee9d9d53a0d97411af45e0fb114d04a67d4bf7424b81072007f4031ccfa4311fe01e761a964017083f965da579340b6caa7740184d23a9af906ab6cefb4282752573ab30ed09d1be95c65af7f8ee8a487ffac786a349d50b9d4e4c160701eaceceae32217542c98bdfe6d983cd2d1756a9beeee1a6da2bc1b1425315e5ec718cd4bb56f2ea7a09bd3e6dbec796b1fdb7b0847b34c1e29b379571813ad31104bf6551216e830c07945873e360c37cec41545648356f4174880743b7260e75df0e2eee18fd5b8d6481c3cf90313b0e57b5c9ac37a611ed9a35f2053687619f94a5892afa5497ab527e005e646198a8608fd52a22a96db3d836a20ba7b41d6e072d2d2dd764d88d46c522300a906d465dc82a8d893680c6d3462086a56af4a4ae6629fad44f949775aa88391fa0dc83371f4087593b5ee202bcbf83907e44b30f1627765d9c9bed6e36eb20cd51a184c22369f4cd4906648136e6911b70d68b531835246531406d0bc39bd4ded0d0fe831f68f8be74eae790664e61e37b9e854ca311f7fd1dd93e6e413127ec91f6d4f16caa76cb96b2f277c819076e4f6b7952373ebf7e3f4202649661141b710d1ae45ba85c3e36868b280a61d9f5f74449812ad63ca74aa8b51d359dbeb1c28e75aac4bbb70931b5d38ed596c724c1a3f8c5b167a67f6fcf250e429863e2b94a6dd63c4d4780acf6769db9082d6a91d29d48fcaf4684bdb1b950a8993b0e1762d4cbdf89d91b95927fbea81e37afe1d7561d2777c2b9c2f41d375a0daca54bb35555fc8004ccd7a29a4b21a8ff2d1d2a223f98c26f6bb321ae09863ce7c2796f11cb042bd08e1b8e317cab1864ea0f66a2d9b1c107476d237b76307bc68c2dbeda31d1642c67b1b2478d13b89ef1ae74011e633ddf1255b501f0d0fdac065dafa9f1f71a520f4a4183edfface8f5e8d3794916e055a7b8a083b10c8e73fe663ef6c1d13106462189170e01e4ae2b2273f7e8b20ada7eb479501707f03a5dc3255c9f2ae9c51d4e24d377ce77f1d396aeff017f8011a9f4abbf91cc42548fbb72a1b07636e2db41516b5ca3b41a9eb5cb4f2c3c8e6eb504b9fd0bf62ceb8d2e0dbedf9c52f87bf3fe254158ec51611c8d41e3f9cea1d67722f6008277af69eaf02e0ce6d3af69cbaf8e532960433406eb48fadf267a586482f4184c7f0c60c6c58ab115c3e419d867fae4ac91e49be0e8763ef831023466a9d4f79fdb22f55855c46b043f4b3dc734f7c196b7213180d16c405acc397cfb4827f2164cd73ecd31ac215eea961a7037b8beb0538d2a4a11bebf196d77eeab38afb9d91f7939966c969db30aad9fae1d21b9979daae4d5f2910ff6f69737868e95dba9d5c27efb21f61751aac94f699b09b76568d4b5fb4872ffb022e7e2f78c9315a8f56482c96aa06cabf54ba85be62387aad4b1a4fb34c5d8ee35b4221d43b601beb8cf8cabcfafabd498cda43c8fe1076cd022e3d2778ee9b5d9fa4223a91c5bdf169d13ef9238069eb0d8d28c4bb1cc964a9b700ce3b5df748d531e38f0bdd1ec8d42fd7f73c1844726a7274eda20ae207aea9d32640d87605b47a1cb91b8a37ee7a0fbfdb4b356c8d24d97c6e5687d15d68a04ccaf73ece3c6f80e32e56b51cf435c6ce4d62768c15f99101e9694499a1679f569ef7145e3ce564a3c1f413efa9716079a5bdcc3eae9fb937cddb45bd23d0a89a03946475ebb521bc2299352355e2ad7a2b0236373235e48e9ce1ca89348c770f2fd3f595431bd1f056b8bd9b4126f3165a539691a023231247a7a92c191eb4c5642b4b64c019d0448df982f161ed318e2f1f6960af47bd6ab3552b7e66ce3f2ffa3b861b6af17811e8ca7e9f7a72de5082e17b9d37bf64867f721ebd3d0ea33c2ef93b786b05acc7e4bdc7e0febd956e3ae932c1556689570a34d6185062cf7c8cea0fd12b5dcace04be516db0c0818aaf143aada59d63ba0f1d3108fcf49bc893f98ac2569a8c4babde6eaf4c54075f5fbbc59c09230c3bdc13895b2137762572dd0068f3bb7fd9213afe1c8a67640baf3a08608c7e82eb13703edd0de32f6ef119ad5f4ed1d613c51d45437f53362df64a54a86aaf8194fb9eb2a09568faba90ff17e2fac9f5a9011c033f46a8794a29f1e9e44eb4c2e56be293b2d423cb943246453d692f1dd69d43453b23bca81b8ecdf68c1faa04b216a9930cdc003a80a7401ed8da12c02654010fb8da8ebdf13f5ba0a0c80ff801c28440d51cc5d292d7b2ec8dbba5eeed5fa0ccae03753b39e625b3fadd158b6b3a1d38752c08fd48ba8878261ca7885d926a50c1a5492d7c7787a7596df5a183cc15352e7fdefda9038dbf984d49cfae5bc4cb3272ce3384ec145365dfd3c350f6b897d3490354d58aada30e713b168b37b922522f411f7d619b1182d376206d7b3c1cf5bb343a9a4c87b01e15069b3c06ada82d570da2faba26763a74185e447a5ceea2bc2fa0011525088107fb82bfeba0bbb6d66c37481d078b2ddc8bdbdf0255a5a496e60f08313e4026d9a36884d97fc23d34349d71520e84f3cd2256dbb1e300690bcc46abbff343e2313166275b5bcce8ef898a6582dd77510ebea15d082e9a3445419dddd534f0f3cca9f05eba802f81fc0fdc3ce67e449cb0deb82684f8dce5bcc83aaf65319a8404ad6a1954bd1e9a625d871c6813f9177dda123ba2bde8b79fd46917b7fda3125", 0x1000}, {&(0x7f0000000080)="a5e3aa4bf915e2f809a7f2ae747b1d03f107a71f831160a528e279cbe6b7c9bb80ece998680de719fbebd6f0864fa9220c01dd172b4febd9c67716c4ce09e34251bcca9cdc63ccee9be773555bb88c0aa4947a6a511e2d646e434f8dcd50053fa12d8fc2af6b37effbceac111b414276ec3750bdcee5c81a", 0x78}, {&(0x7f0000001180)="08ed95c650d19f072301c0ae1be4249aecca55c9e8bf5185cd02053939e8b0f5dc3d5a3462be8f7267fcc41ea4cf6049bbe91c2c661c60e0c6241ea342b54aac0721af457b2791b5dd0ecbe9bb7dfcf293fb88f8f6c314e32f3b5c7a41e832babbdbbceb55579ca23f09264d3c97d6bbdaa3e195f80b2f7b9faaa9cee2e6c76ecc33a3df0764cb276c3464dd5a86358ae6b1252e7da1e9f0fc17573e0f74386fcd68d269f2fefed18857d7c5fe078322269d3f6e7c5d53733b58f8e272c1826e38bbfed58248b20df76cbd26b35140edada428211f04a5", 0xd7}, {&(0x7f0000001280)="cc3e5c2676e1f729f7b372c7f147a29734577b25b479ac8a0a8515aa2baac353e4b8909ad6fe9324cda9f6f27e5c73b2e0dc9f34536a0440509b9d03926f62d7446953e35f257b3d340989529ad35a3ddd35e4db50139d1ec23f7b078c799e2af6c430f620e85a3aa2472b21281c4e2ce89224122efc8ad0df6d35a082ebff4c6ebb6ccf61ff602e3110458dc038b67384339061d082f78e012a", 0x9a}, {&(0x7f0000001340)="a333fbce90083ccb15deedb9440aadc8fd0997434f2710bd3c7eb71db9af894d6f6bc14e42bbaed545c6b0512b1a25a3e110bd151a0c7758813bda5455d2418bcc2d54db81bc51212c627073e003c82f3d1961316aa9f30014e5155c2290ae273e86f5b34ea1322b72125b05a1c603aff008c67cc448041824557247fba5796f11cbb3f8da7f5e", 0x87}, {}], 0x6) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x13) ioctl$KDADDIO(r0, 0x400455c8, 0x0) write$binfmt_misc(r1, &(0x7f0000001480)={'syz1', "85e2ceefb6f8cf9688c29db9a3164b18380d2393ed5acd2f4bc6a332043a57b48134c93eae1dcc0524796a41a4282adee0ed2401e0a8974f280961e6c0ffa231039b7d19336371e6eb33f5033477e937ea1f962f3ed5a7a5ecbffb89a091694ec9b6f719d096138d3bbcadbe1c4157acbf52c264e835e7ef9ff71a7260698587fffa1a1f616b8e8f22273a850571bcc55e2dfc98e0403f2b7d36aa0abfb8a069414ea947ee2e09d21c6c3856033f32145df7c6aaac6fe4cbd553a21819920dfbcf44066bec33"}, 0xca) 15:38:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x90000, 0x101) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000080)=0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$VT_DISALLOCATE(r0, 0x5608) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:38:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0xc0085504, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1733.253018][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1733.259279][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1733.333305][ T6548] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1733.333358][ T1053] Bluetooth: hci9: command 0xfc11 tx timeout [ 1733.333436][ T1053] Bluetooth: hci8: command 0xfc11 tx timeout [ 1733.342810][ T8903] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1733.349319][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 1733.353487][T11206] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1733.732910][T18048] Bluetooth: hci10: command 0x1003 tx timeout [ 1733.739884][T11206] Bluetooth: hci10: sending frame failed (-49) 15:38:41 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x441a82, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f00000001c0)={0x0, 0x0, 0x7, 0x0, '\x00', [{0x3ff, 0x1ff, 0xfffffffffffffffd, 0x5, 0x6, 0x5}, {0x7fffffff, 0x2, 0x50119de7, 0x6, 0x5, 0x3ff}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) ioctl$TIOCSISO7816(r4, 0xc0285443, &(0x7f0000000100)={0x1, 0x4, 0x2, 0x2, 0x5}) dup3(r2, r4, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0xc) syz_usb_connect(0x0, 0x0, 0x0, 0x0) splice(r4, &(0x7f0000000140)=0x81, r1, &(0x7f0000000180)=0x4, 0x8, 0xb) 15:38:42 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x208000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x1b) ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000100)=0x6) [ 1733.902944][ T150] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1733.912159][T13261] Bluetooth: hci11: command tx timeout 15:38:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080), 0x202000, 0x0) close_range(r1, r2, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000080)={0xcc, 0x20, &(0x7f0000000180)}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1734.007885][ T148] Bluetooth: hci6: Frame reassembly failed (-84) [ 1734.046539][ T1209] Bluetooth: hci7: Frame reassembly failed (-84) [ 1734.131722][ T148] Bluetooth: hci8: Frame reassembly failed (-84) 15:38:42 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0x3, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) dup3(0xffffffffffffffff, r1, 0x0) ioctl$VT_DISALLOCATE(r1, 0x5608) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) write$binfmt_misc(r2, &(0x7f0000000180)={'syz0', "3ec68f350446f62469d842fd77c6c505f3d7b9303e90663d587b86b604f3ed8d97ffb712e6afcb2f41a0dc77f4d7124d9427f7aee42e3727633b15930e0011bc84ab8cd56cad3edc59646007a9f939370713e8c923aa90a81103892712e7f8dbb2f0734d6219238387dce3584f92d92792476e62796e06ada7a5de336c7e2fb44567bc914a58a5ba1f7be9a2606886ff26608fe87fb5e7f454b6ce957b8825a064b6cb6bf1c4b25ddad5e3bf1727e371af66798d958a7a06bc60154d06eba3dfbf1b6275f62bd49567f7845bf50654a63b841bbf1d444a"}, 0xdb) r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) write(r3, &(0x7f0000000340)="2dd1f54c3f4863521f562a0f", 0xc) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000380)={r2, 0x8, 0x8000, 0x7}) openat$cgroup_procs(r4, &(0x7f00000003c0)='cgroup.threads\x00', 0x2, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x208500, 0x0) ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f00000002c0)={0x2, {0x2, 0x7, 0x1, 0x6, 0xf9, 0x4}}) [ 1735.812746][T18048] Bluetooth: hci10: command 0x1001 tx timeout [ 1735.820707][T23375] Bluetooth: hci10: sending frame failed (-49) [ 1736.052817][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1736.062011][T13261] Bluetooth: hci6: command 0xfc11 tx timeout [ 1736.062664][T28953] Bluetooth: hci7: command tx timeout [ 1736.068471][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1736.147253][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) 15:38:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0xc0189436, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1736.452774][ T9503] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1736.452828][T13261] Bluetooth: hci11: command 0xfc11 tx timeout [ 1736.453129][ T6548] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1736.473099][T28953] Bluetooth: hci9: command 0xfc11 tx timeout 15:38:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x80200, 0x0) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000180)=""/173) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000, 0x10010, r1, 0xa05c2000) [ 1736.590074][T27301] Bluetooth: hci6: Frame reassembly failed (-84) 15:38:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x1) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x4, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x0, '\x00', [0x0, 0xa3f]}) close(r1) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1736.691891][ T8903] Bluetooth: hci7: sending frame failed (-49) 15:38:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x4008f50a, &(0x7f0000000180)={0x8, 0x80000001}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/nfs_layout_flexfiles', 0x6a200, 0x5) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x7) syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000100)) [ 1736.815668][ T148] Bluetooth: hci8: Frame reassembly failed (-84) [ 1736.883763][T20859] Bluetooth: hci9: Frame reassembly failed (-84) 15:38:45 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x121802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$VT_RELDISP(r0, 0x5605) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1737.892491][T18048] Bluetooth: hci10: command 0x1009 tx timeout [ 1738.612417][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1738.622885][ T6548] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1738.692685][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1738.852537][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1738.852589][T13261] Bluetooth: hci8: command 0xfc11 tx timeout [ 1738.932841][ T150] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1739.092461][T13261] Bluetooth: hci11: command 0xfc11 tx timeout [ 1739.098768][T11206] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1739.156173][ T150] Bluetooth: hci6: sending frame failed (-49) [ 1741.172610][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:38:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xd6) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000000)) 15:38:50 executing program 0: socket$alg(0x26, 0x5, 0x0) syz_open_dev$swradio(&(0x7f0000000300), 0x0, 0x2) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x5, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) ioctl$FICLONE(r0, 0x40049409, r2) setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f00000000c0)=0xfffffffc, 0x4) bind$inet6(r1, &(0x7f000047b000)={0xa, 0x404e20, 0x0, @empty}, 0x1c) listen(r1, 0x400000001ffffffd) io_uring_enter(0xffffffffffffffff, 0x23b0, 0x0, 0x0, 0x0, 0x0) connect(0xffffffffffffffff, &(0x7f00000006c0)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x35}, 0x80) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = socket$inet6(0xa, 0x6, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x6, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000100001000000000074ad00000000000a20000000000a03800000000000000000010000000900010073797a300000000060000000090a010400000000000000000100000008000a40000000000900020073797a310000000009ff030073797a30000000000b00cf4000000021640011800b0001007470726f787900001400027a08000340f6cc000208003352014000000000fcffffffffffffff0000000000007d000000000a55a2733544c71f8c7504804964b79748d81d9ef6bfd11d2665254c8fcdf870978921a3fcb4329899fb7ac6c72770e480c28507f0471610345f2316ea6d92f5a14448826c569d4050d8c8b718584f754b53653a5580eca5897873c2eb140ea40a6b772214a2ed584ea5f4255688dfc95cb16c025773f0aed76a"], 0xa8}}, 0x0) dup3(r3, 0xffffffffffffffff, 0x80000) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000340)="db49df6e272936ecab14ca10e8d3b8d322d45a2d16d874722c5b0834efa8c0258978b00108882caa5ac0d7c2a13afade7f2b1ae048dcdef3379c400e7b58dc9b8cc5b7deb931f38556f9a02623d21f74bd8706bb095bee1bc839b4f20f4053a25babda58bba90531a4fee2695dc6fda36c3000b9f6135fbacff9dc72e16323ab3e83a57dc54a", 0x86, 0x801, 0x0, 0x0) r5 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg(r5, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0xe}}], 0x4000000000000d0, 0x0) 15:38:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000040)=0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000480)={"966babf8fa931306d3c37a969f132746", 0x0, r2, {}, {0x7f, 0x4}, 0x2, [0x5, 0x205, 0x10000000, 0x7, 0x0, 0x2, 0x0, 0xffff, 0x2, 0xfffffffffffffffb, 0x100000000001, 0xfffffffffffffffe, 0x0, 0x18000, 0x4a, 0xffff]}) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000180)={0x0, 0x8, 0x0, [0x6610d08f, 0xffffffff, 0x7ff, 0x8, 0x5], [0x10000, 0x8, 0x96, 0xfff, 0x80000000, 0x400, 0x7, 0x7, 0x81, 0x5, 0x100000000, 0xcd1, 0x0, 0xff, 0x6, 0x7, 0x4, 0x401, 0x800, 0x9, 0x0, 0x0, 0x6, 0xfffffffffffffff9, 0x40, 0xfffffffffffffffb, 0x5, 0x8, 0xffffffff00000001, 0x80000001, 0xfffffffffffffffe, 0x5, 0x7, 0x528d, 0x273a252a, 0x0, 0x6, 0x1, 0x348, 0x0, 0x6, 0x8, 0x10000, 0x7fffffff, 0x2d31d8f3, 0x5, 0x401, 0x9, 0x1, 0x9, 0x1, 0x7, 0x1, 0x4, 0xffffffff, 0x200000000, 0x1, 0x7ff, 0x9, 0x2, 0x9, 0x0, 0x1, 0x8, 0x6, 0x9, 0xef74, 0xffffffff, 0x7, 0x40, 0x2, 0x7, 0xff, 0x6, 0x3, 0x9, 0xf9, 0xb7c7, 0x5, 0x24, 0x8, 0x4, 0x1000, 0x0, 0x100000000, 0x6, 0xfffffffffffffff7, 0x9, 0x3, 0x101, 0x10000, 0x10000, 0x9, 0x7, 0x7339, 0x1, 0xf1, 0xff, 0x778, 0x6, 0x4cd, 0x8001, 0x401, 0x200, 0x4, 0xffff, 0x2, 0x4, 0x80, 0x98, 0x5, 0xb5, 0x7dd, 0x100000001, 0x2, 0x80, 0x80000000, 0x5b, 0x100, 0x6, 0x7]}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f00000005c0)={{r1}, r2, 0x6, @unused=[0xfffffffffffffff8, 0xfffffffffffffe00, 0x101, 0x9], @devid=r3}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x10080, 0x0) setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000100)='wg2\x00', 0x4) ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)={0x6, 0x20, 0x3, 0x4, 0x10, "47b6d3b097928c2d"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="2900000004000000000000000000000026000000000000008100000000000000010001dca49c6d7930f38c51634811ba00000000000000"], 0x29) ioctl$KDADDIO(r0, 0x400455c8, 0x9) msgget$private(0x0, 0x6) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:38:50 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) writev(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)="32c3399bcb4d4c7b2d149a37f29a9e35b13501b0abe294647b3506e9dc45f54ac0db6339eb8d9992a9c50a55c905b16efafda41d66a86bf5836dfe384d8f4f95efeb9ac1d8b7c2cadf3e1b09ef43d0d072e30a6cc4d3f62cae9f6165c53608233d3ba3206bdaf79c156e13d00aa482135ae937b1722b3d16295b70fea50fe4ef763ed95b51e8a48402f85b3df9bf26ca9dd54a554f6bd4c257aac0b8b36b609d95e4fdfdacd3882f042b1953ab", 0xad}, {&(0x7f0000000180)="814a918fff0f1bc82761a5e6feb2d4e4b4cbf6ac3d3be7669420cca36eabb725b0c3a6218ee8045bbab97a6c4ad3fdd6feef6f3d47bd0385099e41c7f99c6b05483d59d178a12bebf0bf945167945cac546d6a01cc5f3b580d29e4d9ce3fc1d855c34721b87bcd1a86d2", 0x6a}, {&(0x7f0000000200)="6ec930ada143371aeef0b249110c157b4a713fa20c10fc8f0ec447a3622e074947d5a90ffe9a84fa6c306add529c13ca7fc06a2a3602b0f3c2b81c7f72f6a3cb19868e227abffb4c3e017661964bb9d6d268bb942ee90e064f6e7a49395292a077a6b6415a83c20d776d96d248e53462f4f9ccfc3b9a18ada36d78ca843d6de4e4518ece2a67ee839bd44b6a6d1a23fd5c228f0c9dcca2040d538455f3c3f81856b5c60e6f0a59d49752fb5231308f8f2bb4b348dfbd34fb31df1ae8c494d55a1b3702bf30b5d4c21e5dce1ae4497273342546d1223dd8291b348d6e35263ac21718b265210abb9e4e5c28cd15fe68ae41c70ec5a40cc9cb9f", 0xf9}, {&(0x7f0000000300)="38dc070c58093fc612905cdf9b0c6d621b26c80d2921605f7f15c94e2fd9b1d0696938c009dd18f49b256e86b7636eeac3088af02742db5d0babbe3554df88e0bb5f1ed66e2cf32d63d2cefe403de6301aa9e83d694f37c3242b6bdde0a37dab678028ffcb1c2996f868d59c9fe11840548e1c9852e5a1b3e678e96a796cf103d18133c4b18ae9b897fc72cf6f6d4db6e58e2cb0b5b5c372d9972cc17ac783eaccd2e05a057f60caafbd387dfcaa68f368c3ce9d9b690fb046217c8412ae7c57c32fd69f741a2af1213a0e1ca0b5e21344028e9581e6d5d80a86054097e1b578db9cfdddd4d1bb2bcf20eaacb14b39b88888d172fb8199fdf6b00acaba16848973fcfc1a83257bdabb504904b3064aaff9dc4ab2c37eba026c331f44e3f6c627dd88709c0aff2050cfbc5c8651b5e24f113063d42b0e26554d6c9d0fb2a2542e7e146f1e4cd49649c80d781e70adedb2c4942d5d974682b675858a49cb5ac4b864e3a2570799fcd9065b4559ce92ec8eb87dfb72700abf35a6f5f7e360e6847a6e5bd7636efbf49f4d6a73559be44a43a0e44bb2841bb420bb47ef35888cecbfad8959463743d73e32d4e36ac3f0291a3585a8b2c2c0148eb3bec387ec77f4a245fb64454351ab6a33082ff4f2a880c53df792ca994017658b3ae7b28a187f6650b2e772e610b4ff3ff909a015e24b2293ff9959ff63dd58f77125f8ff36a12c7c80a12827c19009075085a11db669b5ba038b28cf366e5a98ef4c7be4ceee0f44ce3666eac53eeab841f63da2b211aa704ffca5c151d0438da7e678bbdf2417764cf27aedde744760080bec6cda70692ce6c3b0e65a993a5591d917d4ffda258fcca18666d70d9447d164255639bde0de2df0cc7868f97befcfa975327f6355f8f13e054f88ff5a5b157baf46cfd14882f84bffa64a59ff4b0c9fc73524c405a3bebbbadf774918f289452f736ebc066996c7c3956e07fb699db2c30d409c909a5d8574cfeb570cf6895a626804b748306194b62ae40491e21c73a961e3ac514670bc435482f9ae62fe0a571fd8cf65f47d639c27aa828d976bba846898cd18f573599ed8602d8d162fee22a2682909f04b1d3c923772d72a84d5974f990e2de590a20043f9279095a70cec30c6e13311d364b84cbf9d4870bd828d1e572bed476d2cd0767c7ca063785497c3f498aca048beeefc86db6bf86ad3c503f164e365290147d66235558a9f968c1e1fafd301d97f640520da7ac86616481c1c609a694fc9fbcb98b8c8384c56fb2a15cf74865bc66a1375de4dc6f9252e519bfd4f5cf11797d43d93210dc32a107522d6899ad11c5201612dbe9d7cd21189372721ea0cedce5d92470d56aff68156facf540e96d0f67f8e21fe01ee6cbb49ed7f25a408c502b21f8452fb56720e8dab274c369222405f09a2b4f6513392e30c987cef4dc39ae0fee8b5627bd57e7491b2029e9e261b5fedeee14bd9b7db99970a6f055591618d3da1a5df5a79c740d05f4b25775b3c405a5fb3ca7d599704b02c31e5f8464ac801bfdc417a5d97706a7abeece0c72c3354d57411897053ce6521152c4170e5af8d90e3bb7d0bf07c6da71fe6f152d07d44bdcd45d61a7a5a0c2ff4a238406929430b92bbbea3b9fa2dc7d0e965f48b4c9cdb46701fc412da4e2c46c079d6b34887bd3e55d1e59209c1042a3620a2fef26e77e9b3e6dbff0f4f4765553b5783290ef6749002a2284b4718064edad86636560d36ddff242900b950c7464c9b1f7e7fe87c137d9db38a1a35021eef086c4c0c1fcf5f9b1ea73251b0ca0bf14c01b8a821943d3b81a601a0130212b6115908e7f95252153fe3be11224d602312f507b7f9e56aa63c20df50df3bd1990cbb4692ce84c25203daabec22a5bbe1bbb0be3a09c1b1d5d5786fd41621af48956ef54b8e5647fcfec6303d826f32457fa08c61e1eba400ab13bcf86e11604a7e021c2164ba6891145a8a8a9a8caf89f195caa5d5527452c34b403c4040c806f08c28c78c7b4f3d4cc211251b0e3e16366b08c93c3fbec4b6880773facd8e7e67d23924f2b6a82897e9836ea56a543867786028c302894973f91ebf22493fd49f5da30389bfdba74abe45abe1815618d5a4ffee1e468234fa4e3ed02ed6230cb7af955dccaf7538acef4e886a92f33687dca9e02e2c938aac93c909db4b9b27444d63e667be11104d0ade28c1fd0e00846eeb50f45001499695de8d6531e43119928428b5fad4d761860d5f768344969bbfdbcae5cada35619086d2395838de221ab961efff13e467b9850850056f72e2756cdd00f1d21d7a7357e240200d5861df8d7b432dc55cdb45abc7677466f1ac0c3fbec74314e158542be9d5bf040bc532f02a589fcfcde9c7fb6d6d25390e51b98ee7a4cef5add5bc2c8be407ee05426abfdd3e4ec92f1885ed2888270efe641760c907ae33b31914562a8d8c5ba608e5bc1df509d9a3c3ce064db4c5817f3dc9a1ae96447d7f6044ec0c7ccbe74ba32241db348e654747d59d6b16ee50f9bfff37539b21815bcab5b053b3a1b295347a4b20cae1136f89bbe2116f3086f3ab6e5c5a5bf8c1b3399852f62f10d8e767bbc4f987d24f2572974f2e55ab7d805098116da5c978728beca0426194734c02e8cbfa9a4466f8dc94e2379d454a84e0dac3daf52c3b948a6859990a63bb80cceb5c662f5206110139847930a143204e68968661aed3017cbb958a02390d73adf29e0e43899618bc04414d8f91a0bfbb846cf9ec0975a446599c128e1c6ece7c46041d3eebcbf47305f9affa164d6ea5cfcba1c9e34f7443d47d5c3ae8718d018139c4846f3f480ea39ff1b73d154d3bd38a916f6a5b9cee040a468e7ccb720c66902d2ae682ca41716a071abbe11db6abec7e1bf3531cd04e489738a46db8ccf9232a09434a19454e2356bd07d91a0e94a30f23532b8669a87b055aae0526504e72e519369f0b717f4433788528ae8c67aae34009074a74b0677d0578b83430e6f5dd1d1b022461da740bd555cbfb29abc9f9262ece128ca69dbd82386d8ed243c12b99073d889f68911b97196440eeb73b51b6319b9ca6dfc7eaaa14d25db2d3914c8136853487891a0b0e46cfa93288bd84d81dbff7a842d67ba6c76fc3da74e55bf9ffeddc5dcc62ec17fe8f5143e924050e11094567cbe839cf086fae4d324b0fce8e3f2abaee9be5d0a1da1d99414000089951989d398d75b1bb48db7f2bfde3313f374564ea72786cc88a1c2b9a4e34fb209358866efc4e0f09c0248776892bcde4226ba2bd76d0bf47a3d2cf2dc32ad93df7632d9b78b1e219ade200cab19818fdf7ef556ff62fcadc2e42eff1fd082a97b500505e8bc0fe5fd0cbd1ce42de72a5514e1f111c7e6b56727734673a90ff9e76cdd9122d27ac88ebff7674cc93db3a9d58ce6eb80dee092b18fd2f9e1c235aba7720f15fc12b6f00ccfbb2b0c22306560e33f50e1c96289423f5c4403615f9a9102028cc7ca08293d292fd8258c83e169b8c8b7a73c0f04c4f9d9e4fdb8834947845b7656c50d37e5c3c9f50545815220b7fec4418da1328bd17e4b9acbda290bbe64f799e1ede148710384f838a9fb20d9cdf871c06527b0460ec25e9eda6e47e9e00fc0195da96066330b78c20c615075d801df7645c7866f45317530e1c59663f1f1ab0b930d4a45409f1489a18860607cc8d2feef766e9b58a5c2103749ae5f35fb684ab964e3aa9801f28eead61f771ba66a67ce07d8777be4d5ed2c5c2219c68a95423d90e3f70579244d44ab8bb1bfd68eb2e86a2f9931983f0e607c00600497413bcf32f7c676f14b752c3662cf66525d746531e8d33a596f0cc2b50cabf9b7213954e5dc50aeba15d51171e0bea9534a1d16b7ebc7e5bf7a9869751a2422948fdac2d7f1f935fcae8e2c6bd33e1d7d2fc85b5136c1378f10685f4b1c9ea46d6ef2dad71db90a9303ae342d61845015b87e4ee884610cdbc28a149965a50735a2de47615567846481ee9db83424a00ed13ff242bdaf08735c69d2a0c7cd245b9ed00d30bc6993f62e6e14d471354db04eb51934e6ee59409fae1ebb1234094413eeb37d3e514b26e8e603bb9fed066d7224d36b27ad5f7b51a488205e8656e0875b03d0504fe01e91a42f43064df1338689cc6acde6c34826b82cbaee55794ae4b05dc68a2c345b29cedddf61676f6793eefea361f6d65783f4f08c4b68a82262436171fef5b768408961e7970dcdb19de6908c5922c447ca1fcc8e5f81d18bde129bc6bf5314beed3e324ef1f11fb373706d8467c4e317bed439d3ede254098fd6c86810f1fc43b150ddc02e5bef9636c18c2d0669fd1df46348c53f741117dfc0a78c11a4493258567b7e522e6cbe71a1d31c6b3f5c721d1537d53c8f9b06d3ee77d81687a40dc8edbc0358c68175e9401289122aa52ec208872092e63cd7923c9651a5ea63517949993f94e03c7b14890673b33d23a9b5b3445b958ffcc676dfde33c16ab8d84d5e15d89626883666cd228a3f9581654f7379c5a6f84f9c4f299716b00e75e7c1d8408d2b5b2e4c49d426bc51d2d2066b51087c3ea752c7b24d53e25df9f8c8d66ecb0003671f128a204b39f97ada8d456cd594016d885303cb8784736eabf8850ebb48300f58604ec67ccb5ff0eb53cd5daa42bf068860ef32a3554adec63e9ceb1aac934434a17df518b13b5b5b5b508405da6c180310cf9ba7687da52412e315d52973e8d75b34f68893540763b3dac1db85a284c2fc893489d505a12bfb0049710b1359fccadf3f3faea94e16b4661828d8920d33e068b42720321cbdb8dd0625f8a4e2fbe555e1152ac2b2c635db9dd30ee4ac15df495bfa5bdb37a1a588436b7870459ede0669129bd2c9ee1532200eeda5ba822706640ddee3d39bbfc36457eafaf4b89e41585e7df5194f1585e09352c124af423afd41651dacf9caec7f0ca8693504d4fc85a87b9fad754a7d6e9f29966a57966d8df09b89d9897c3174bfdbe1f2a11edcc036457b46a6d2b0b1c999adb94a4d109c8cf6f7944c05229b3d0baa2e7e1c5fede6155c21264a238d7756054b7696e4ef7707a6f2b39be4c26bace839d9a1076018008b41ecee22af9424ab5564b56dc0bd37e678b640f20d10cd76c238466ce6b8f1a9e8c8dadf4a2d5eed67537c91979750a09581c80543d8472481936ab1f4d12d9a2f3ab21c15cb657cb5facbb60d6d26cf0be52e9c570c353d415a97812c78558b27b9cebab028a8080b4c62bc7e41391376c7a6f2fe2357b437206b7718fd100998f25db85a84eac127cc4acae7ba0468686ac85f2f203842fdafb3db3160f4a23146bf7e30caa228660b7ba4cac979e64885b2a8934725401e90be63801830310b4ed8efab3a66d4219ee03863d6f643e12e78aaf13ee4f4dbf584114748eed9c9aab7662b176ba30ce63069a3d0341f44e9fcb8ee9d7abd145e00b73019607281800908ba566d0a708cdd7c8ef49b6f273a71ecedf7d43403c5a37bda9c1d28c1cc73ae9c5fdfc40f232779104c03c0601755c5e9e6c0a31218d171ba48d2abfbf0e25c0b1e446f37926306596d5ec2be322dd7f14f3f4e44112fc23e90c12e22cfbff067dcbec9f04dd3dc1af17df6b712ca083bbb3bf204c61b91fc2cea772a2b3dbf1bc6c564e827992f9e492f3cc741cf53ee4339cdcd1d222bd0028cb73eae4656322e04d458dce91fc59d4c3c43e6df02e9b93ae7b73401e4c756ac43c46db7d2a780fcefd235a722616f0c03cccb023d4796355b9cbfd04896e1d", 0x1000}, {&(0x7f0000000000)="6b4593e53f019942e308152bc668bd394873662c370a0b7e1d2c6122f6fe1849f676b480823d504bacb8eb7dba34a0", 0x2f}, {&(0x7f0000001300)="db896386fbb9f69adb2d46fd21609eb23b687958d8e40d", 0x17}, {&(0x7f0000001340)="183b174d6ef1edba809fe421b73055f259824e6ba4ae33d4ffc1c29a8fdb0e8b1ffd55f87e5a4c7a8067e38d8a9c31e59e890bf9c64dd7c25fa84b2f97ef07f767739e473b1cd01355370f246aaba950cab66bf81f214359aa893558167b3294cdd8008f230719762eb46f852d99e00bbd35e67796de52f43cfffc898c32f9906d188ac5d3a9d62675b562ef05", 0x8d}, {&(0x7f0000001400)="b2873f602918f2b91b1463419e08035f06a131b6b50a6060f3524104dacc01f8168a5062a736cc232675d27d78ac7f29b5a346a6b55d3797696fdb957f961f2575e97d28302b7f104fbd6ac23969d8f8c05b86737380aa27d584265c31e4ba6f81cbe88d4ed6cb82f7a59fe9bc7dd74a92841009ea4ec629b7c618312622d88e7ab5", 0x82}, {&(0x7f00000014c0)="d1a36475b16e4728516d59334dd1ee3732980a80d007a2a603dda5934815568909ffb34b2770b065538c7b9c91fdb318942c55059fe4a6675598c9c9f48f668225e2cd109529419bfbb0698cd0b8e1547dbfaf64dbabc26f3120c0be8c980eb5e3b9fdbc222e96b5932fb5f8e819085515f246e920400f85b01b05a3504586c5da27a11215b9402cc79170611df96c01add4a5783b61c5fbbecbd1077944e592a7c7ccb742d5bb96d4b094ece2ff6d58e51a00bf0246a5a035aca8f5288d2b0b187f18e4", 0xc4}], 0x9) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:38:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0xc020660b, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1742.190577][ T148] Bluetooth: hci8: Frame reassembly failed (-84) 15:38:50 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) writev(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)="32c3399bcb4d4c7b2d149a37f29a9e35b13501b0abe294647b3506e9dc45f54ac0db6339eb8d9992a9c50a55c905b16efafda41d66a86bf5836dfe384d8f4f95efeb9ac1d8b7c2cadf3e1b09ef43d0d072e30a6cc4d3f62cae9f6165c53608233d3ba3206bdaf79c156e13d00aa482135ae937b1722b3d16295b70fea50fe4ef763ed95b51e8a48402f85b3df9bf26ca9dd54a554f6bd4c257aac0b8b36b609d95e4fdfdacd3882f042b1953ab", 0xad}, {&(0x7f0000000180)="814a918fff0f1bc82761a5e6feb2d4e4b4cbf6ac3d3be7669420cca36eabb725b0c3a6218ee8045bbab97a6c4ad3fdd6feef6f3d47bd0385099e41c7f99c6b05483d59d178a12bebf0bf945167945cac546d6a01cc5f3b580d29e4d9ce3fc1d855c34721b87bcd1a86d2", 0x6a}, {&(0x7f0000000200)="6ec930ada143371aeef0b249110c157b4a713fa20c10fc8f0ec447a3622e074947d5a90ffe9a84fa6c306add529c13ca7fc06a2a3602b0f3c2b81c7f72f6a3cb19868e227abffb4c3e017661964bb9d6d268bb942ee90e064f6e7a49395292a077a6b6415a83c20d776d96d248e53462f4f9ccfc3b9a18ada36d78ca843d6de4e4518ece2a67ee839bd44b6a6d1a23fd5c228f0c9dcca2040d538455f3c3f81856b5c60e6f0a59d49752fb5231308f8f2bb4b348dfbd34fb31df1ae8c494d55a1b3702bf30b5d4c21e5dce1ae4497273342546d1223dd8291b348d6e35263ac21718b265210abb9e4e5c28cd15fe68ae41c70ec5a40cc9cb9f", 0xf9}, {&(0x7f0000000300)="38dc070c58093fc612905cdf9b0c6d621b26c80d2921605f7f15c94e2fd9b1d0696938c009dd18f49b256e86b7636eeac3088af02742db5d0babbe3554df88e0bb5f1ed66e2cf32d63d2cefe403de6301aa9e83d694f37c3242b6bdde0a37dab678028ffcb1c2996f868d59c9fe11840548e1c9852e5a1b3e678e96a796cf103d18133c4b18ae9b897fc72cf6f6d4db6e58e2cb0b5b5c372d9972cc17ac783eaccd2e05a057f60caafbd387dfcaa68f368c3ce9d9b690fb046217c8412ae7c57c32fd69f741a2af1213a0e1ca0b5e21344028e9581e6d5d80a86054097e1b578db9cfdddd4d1bb2bcf20eaacb14b39b88888d172fb8199fdf6b00acaba16848973fcfc1a83257bdabb504904b3064aaff9dc4ab2c37eba026c331f44e3f6c627dd88709c0aff2050cfbc5c8651b5e24f113063d42b0e26554d6c9d0fb2a2542e7e146f1e4cd49649c80d781e70adedb2c4942d5d974682b675858a49cb5ac4b864e3a2570799fcd9065b4559ce92ec8eb87dfb72700abf35a6f5f7e360e6847a6e5bd7636efbf49f4d6a73559be44a43a0e44bb2841bb420bb47ef35888cecbfad8959463743d73e32d4e36ac3f0291a3585a8b2c2c0148eb3bec387ec77f4a245fb64454351ab6a33082ff4f2a880c53df792ca994017658b3ae7b28a187f6650b2e772e610b4ff3ff909a015e24b2293ff9959ff63dd58f77125f8ff36a12c7c80a12827c19009075085a11db669b5ba038b28cf366e5a98ef4c7be4ceee0f44ce3666eac53eeab841f63da2b211aa704ffca5c151d0438da7e678bbdf2417764cf27aedde744760080bec6cda70692ce6c3b0e65a993a5591d917d4ffda258fcca18666d70d9447d164255639bde0de2df0cc7868f97befcfa975327f6355f8f13e054f88ff5a5b157baf46cfd14882f84bffa64a59ff4b0c9fc73524c405a3bebbbadf774918f289452f736ebc066996c7c3956e07fb699db2c30d409c909a5d8574cfeb570cf6895a626804b748306194b62ae40491e21c73a961e3ac514670bc435482f9ae62fe0a571fd8cf65f47d639c27aa828d976bba846898cd18f573599ed8602d8d162fee22a2682909f04b1d3c923772d72a84d5974f990e2de590a20043f9279095a70cec30c6e13311d364b84cbf9d4870bd828d1e572bed476d2cd0767c7ca063785497c3f498aca048beeefc86db6bf86ad3c503f164e365290147d66235558a9f968c1e1fafd301d97f640520da7ac86616481c1c609a694fc9fbcb98b8c8384c56fb2a15cf74865bc66a1375de4dc6f9252e519bfd4f5cf11797d43d93210dc32a107522d6899ad11c5201612dbe9d7cd21189372721ea0cedce5d92470d56aff68156facf540e96d0f67f8e21fe01ee6cbb49ed7f25a408c502b21f8452fb56720e8dab274c369222405f09a2b4f6513392e30c987cef4dc39ae0fee8b5627bd57e7491b2029e9e261b5fedeee14bd9b7db99970a6f055591618d3da1a5df5a79c740d05f4b25775b3c405a5fb3ca7d599704b02c31e5f8464ac801bfdc417a5d97706a7abeece0c72c3354d57411897053ce6521152c4170e5af8d90e3bb7d0bf07c6da71fe6f152d07d44bdcd45d61a7a5a0c2ff4a238406929430b92bbbea3b9fa2dc7d0e965f48b4c9cdb46701fc412da4e2c46c079d6b34887bd3e55d1e59209c1042a3620a2fef26e77e9b3e6dbff0f4f4765553b5783290ef6749002a2284b4718064edad86636560d36ddff242900b950c7464c9b1f7e7fe87c137d9db38a1a35021eef086c4c0c1fcf5f9b1ea73251b0ca0bf14c01b8a821943d3b81a601a0130212b6115908e7f95252153fe3be11224d602312f507b7f9e56aa63c20df50df3bd1990cbb4692ce84c25203daabec22a5bbe1bbb0be3a09c1b1d5d5786fd41621af48956ef54b8e5647fcfec6303d826f32457fa08c61e1eba400ab13bcf86e11604a7e021c2164ba6891145a8a8a9a8caf89f195caa5d5527452c34b403c4040c806f08c28c78c7b4f3d4cc211251b0e3e16366b08c93c3fbec4b6880773facd8e7e67d23924f2b6a82897e9836ea56a543867786028c302894973f91ebf22493fd49f5da30389bfdba74abe45abe1815618d5a4ffee1e468234fa4e3ed02ed6230cb7af955dccaf7538acef4e886a92f33687dca9e02e2c938aac93c909db4b9b27444d63e667be11104d0ade28c1fd0e00846eeb50f45001499695de8d6531e43119928428b5fad4d761860d5f768344969bbfdbcae5cada35619086d2395838de221ab961efff13e467b9850850056f72e2756cdd00f1d21d7a7357e240200d5861df8d7b432dc55cdb45abc7677466f1ac0c3fbec74314e158542be9d5bf040bc532f02a589fcfcde9c7fb6d6d25390e51b98ee7a4cef5add5bc2c8be407ee05426abfdd3e4ec92f1885ed2888270efe641760c907ae33b31914562a8d8c5ba608e5bc1df509d9a3c3ce064db4c5817f3dc9a1ae96447d7f6044ec0c7ccbe74ba32241db348e654747d59d6b16ee50f9bfff37539b21815bcab5b053b3a1b295347a4b20cae1136f89bbe2116f3086f3ab6e5c5a5bf8c1b3399852f62f10d8e767bbc4f987d24f2572974f2e55ab7d805098116da5c978728beca0426194734c02e8cbfa9a4466f8dc94e2379d454a84e0dac3daf52c3b948a6859990a63bb80cceb5c662f5206110139847930a143204e68968661aed3017cbb958a02390d73adf29e0e43899618bc04414d8f91a0bfbb846cf9ec0975a446599c128e1c6ece7c46041d3eebcbf47305f9affa164d6ea5cfcba1c9e34f7443d47d5c3ae8718d018139c4846f3f480ea39ff1b73d154d3bd38a916f6a5b9cee040a468e7ccb720c66902d2ae682ca41716a071abbe11db6abec7e1bf3531cd04e489738a46db8ccf9232a09434a19454e2356bd07d91a0e94a30f23532b8669a87b055aae0526504e72e519369f0b717f4433788528ae8c67aae34009074a74b0677d0578b83430e6f5dd1d1b022461da740bd555cbfb29abc9f9262ece128ca69dbd82386d8ed243c12b99073d889f68911b97196440eeb73b51b6319b9ca6dfc7eaaa14d25db2d3914c8136853487891a0b0e46cfa93288bd84d81dbff7a842d67ba6c76fc3da74e55bf9ffeddc5dcc62ec17fe8f5143e924050e11094567cbe839cf086fae4d324b0fce8e3f2abaee9be5d0a1da1d99414000089951989d398d75b1bb48db7f2bfde3313f374564ea72786cc88a1c2b9a4e34fb209358866efc4e0f09c0248776892bcde4226ba2bd76d0bf47a3d2cf2dc32ad93df7632d9b78b1e219ade200cab19818fdf7ef556ff62fcadc2e42eff1fd082a97b500505e8bc0fe5fd0cbd1ce42de72a5514e1f111c7e6b56727734673a90ff9e76cdd9122d27ac88ebff7674cc93db3a9d58ce6eb80dee092b18fd2f9e1c235aba7720f15fc12b6f00ccfbb2b0c22306560e33f50e1c96289423f5c4403615f9a9102028cc7ca08293d292fd8258c83e169b8c8b7a73c0f04c4f9d9e4fdb8834947845b7656c50d37e5c3c9f50545815220b7fec4418da1328bd17e4b9acbda290bbe64f799e1ede148710384f838a9fb20d9cdf871c06527b0460ec25e9eda6e47e9e00fc0195da96066330b78c20c615075d801df7645c7866f45317530e1c59663f1f1ab0b930d4a45409f1489a18860607cc8d2feef766e9b58a5c2103749ae5f35fb684ab964e3aa9801f28eead61f771ba66a67ce07d8777be4d5ed2c5c2219c68a95423d90e3f70579244d44ab8bb1bfd68eb2e86a2f9931983f0e607c00600497413bcf32f7c676f14b752c3662cf66525d746531e8d33a596f0cc2b50cabf9b7213954e5dc50aeba15d51171e0bea9534a1d16b7ebc7e5bf7a9869751a2422948fdac2d7f1f935fcae8e2c6bd33e1d7d2fc85b5136c1378f10685f4b1c9ea46d6ef2dad71db90a9303ae342d61845015b87e4ee884610cdbc28a149965a50735a2de47615567846481ee9db83424a00ed13ff242bdaf08735c69d2a0c7cd245b9ed00d30bc6993f62e6e14d471354db04eb51934e6ee59409fae1ebb1234094413eeb37d3e514b26e8e603bb9fed066d7224d36b27ad5f7b51a488205e8656e0875b03d0504fe01e91a42f43064df1338689cc6acde6c34826b82cbaee55794ae4b05dc68a2c345b29cedddf61676f6793eefea361f6d65783f4f08c4b68a82262436171fef5b768408961e7970dcdb19de6908c5922c447ca1fcc8e5f81d18bde129bc6bf5314beed3e324ef1f11fb373706d8467c4e317bed439d3ede254098fd6c86810f1fc43b150ddc02e5bef9636c18c2d0669fd1df46348c53f741117dfc0a78c11a4493258567b7e522e6cbe71a1d31c6b3f5c721d1537d53c8f9b06d3ee77d81687a40dc8edbc0358c68175e9401289122aa52ec208872092e63cd7923c9651a5ea63517949993f94e03c7b14890673b33d23a9b5b3445b958ffcc676dfde33c16ab8d84d5e15d89626883666cd228a3f9581654f7379c5a6f84f9c4f299716b00e75e7c1d8408d2b5b2e4c49d426bc51d2d2066b51087c3ea752c7b24d53e25df9f8c8d66ecb0003671f128a204b39f97ada8d456cd594016d885303cb8784736eabf8850ebb48300f58604ec67ccb5ff0eb53cd5daa42bf068860ef32a3554adec63e9ceb1aac934434a17df518b13b5b5b5b508405da6c180310cf9ba7687da52412e315d52973e8d75b34f68893540763b3dac1db85a284c2fc893489d505a12bfb0049710b1359fccadf3f3faea94e16b4661828d8920d33e068b42720321cbdb8dd0625f8a4e2fbe555e1152ac2b2c635db9dd30ee4ac15df495bfa5bdb37a1a588436b7870459ede0669129bd2c9ee1532200eeda5ba822706640ddee3d39bbfc36457eafaf4b89e41585e7df5194f1585e09352c124af423afd41651dacf9caec7f0ca8693504d4fc85a87b9fad754a7d6e9f29966a57966d8df09b89d9897c3174bfdbe1f2a11edcc036457b46a6d2b0b1c999adb94a4d109c8cf6f7944c05229b3d0baa2e7e1c5fede6155c21264a238d7756054b7696e4ef7707a6f2b39be4c26bace839d9a1076018008b41ecee22af9424ab5564b56dc0bd37e678b640f20d10cd76c238466ce6b8f1a9e8c8dadf4a2d5eed67537c91979750a09581c80543d8472481936ab1f4d12d9a2f3ab21c15cb657cb5facbb60d6d26cf0be52e9c570c353d415a97812c78558b27b9cebab028a8080b4c62bc7e41391376c7a6f2fe2357b437206b7718fd100998f25db85a84eac127cc4acae7ba0468686ac85f2f203842fdafb3db3160f4a23146bf7e30caa228660b7ba4cac979e64885b2a8934725401e90be63801830310b4ed8efab3a66d4219ee03863d6f643e12e78aaf13ee4f4dbf584114748eed9c9aab7662b176ba30ce63069a3d0341f44e9fcb8ee9d7abd145e00b73019607281800908ba566d0a708cdd7c8ef49b6f273a71ecedf7d43403c5a37bda9c1d28c1cc73ae9c5fdfc40f232779104c03c0601755c5e9e6c0a31218d171ba48d2abfbf0e25c0b1e446f37926306596d5ec2be322dd7f14f3f4e44112fc23e90c12e22cfbff067dcbec9f04dd3dc1af17df6b712ca083bbb3bf204c61b91fc2cea772a2b3dbf1bc6c564e827992f9e492f3cc741cf53ee4339cdcd1d222bd0028cb73eae4656322e04d458dce91fc59d4c3c43e6df02e9b93ae7b73401e4c756ac43c46db7d2a780fcefd235a722616f0c03cccb023d4796355b9cbfd04896e1d", 0x1000}, {&(0x7f0000000000)="6b4593e53f019942e308152bc668bd394873662c370a0b7e1d2c6122f6fe1849f676b480823d504bacb8eb7dba34a0", 0x2f}, {&(0x7f0000001300)="db896386fbb9f69adb2d46fd21609eb23b687958d8e40d", 0x17}, {&(0x7f0000001340)="183b174d6ef1edba809fe421b73055f259824e6ba4ae33d4ffc1c29a8fdb0e8b1ffd55f87e5a4c7a8067e38d8a9c31e59e890bf9c64dd7c25fa84b2f97ef07f767739e473b1cd01355370f246aaba950cab66bf81f214359aa893558167b3294cdd8008f230719762eb46f852d99e00bbd35e67796de52f43cfffc898c32f9906d188ac5d3a9d62675b562ef05", 0x8d}, {&(0x7f0000001400)="b2873f602918f2b91b1463419e08035f06a131b6b50a6060f3524104dacc01f8168a5062a736cc232675d27d78ac7f29b5a346a6b55d3797696fdb957f961f2575e97d28302b7f104fbd6ac23969d8f8c05b86737380aa27d584265c31e4ba6f81cbe88d4ed6cb82f7a59fe9bc7dd74a92841009ea4ec629b7c618312622d88e7ab5", 0x82}, {&(0x7f00000014c0)="d1a36475b16e4728516d59334dd1ee3732980a80d007a2a603dda5934815568909ffb34b2770b065538c7b9c91fdb318942c55059fe4a6675598c9c9f48f668225e2cd109529419bfbb0698cd0b8e1547dbfaf64dbabc26f3120c0be8c980eb5e3b9fdbc222e96b5932fb5f8e819085515f246e920400f85b01b05a3504586c5da27a11215b9402cc79170611df96c01add4a5783b61c5fbbecbd1077944e592a7c7ccb742d5bb96d4b094ece2ff6d58e51a00bf0246a5a035aca8f5288d2b0b187f18e4", 0xc4}], 0x9) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:38:50 executing program 4: r0 = syz_open_dev$admmidi(&(0x7f0000000080), 0xffff, 0x80100) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(0xffffffffffffffff, 0x50009401, &(0x7f0000001180)={{r0}, "740356f68aa9300d768b559f73de2d5e6302bde5d04c5be171b0da8b9d1dd64b3eae0ea30308c9a34ebaed64a8f01a543f084cfde96546b82741a494c36575a25ba4cec222999437faffdfb512b5281db7b93ccd32aced3c0a4773ba7117df1dabbe062de84df292f2e7d2f2635c4261b3e1cb1f4a670170c72323361c0fb5b4d3b463c76bf0863c998857e02b2915d0e256cdca5c0ab88057b42d6e225791de06ca211db5600ff6413f6a148b82f22d345a2cd1f9a9a3a9c8a7c6c367a42ae7b264089058e8f47398756720b9bc8507aecae42494ba81a22c043d7533425eadfc0b047e0c931c91fa9142efb374d6a385ba634a44a5b2629eb0d27a527e4e7b63d33c9caf2a1f5bde09c5209c8165632665b83ab1337ef91865fef1470582c7324bd9ed92f743d6aa9e17c831e78c418475371d1af71de50144e2a89ab58ddced81882afaf3b712ace7bba6ef807fed561e6c25772578aa896a01befde0f5b12604e216114916bc15da14c452e2b62522051a8c9aac971cdabf62ae35b0d9e5dfb7a8a9ba64709d5c05ec43170e2e571fa11cda2f8e5f55f45148cd955962c67e1b77e5ee3c4e135a1bf074d5217395efa1d392e20bf5ec149d3082ee7bfc70c92e7ceb1cbe2f02f40833f791c59c8e35f45519c6933ec4c21cab8808ecb3d112fbfc0cb35264eaa463cfd9f56b9ccd4faa653eb93813ec3779e6c6dfe0e483e528c53bf4840d79fa3ba166be27ae7ba24799b8862ec981d33c57ada993c235b3b927765314a759e3ef4cf0b2198860a738e11c617f0121f8291bacdac1cd77ad767acaff05d7653a4015be8206c6db9b92ad49f765198bc2b3266ef680b2f3f1ac14f6cea832ef36df0a749c2a3e58b4e3e9b2626d2a876df066b1e2292ef5d331a81d95634fe6d6c8230a9f500518ed2cb4920f001d98df0199afa98db18afced633f73c3c55955d3075a82be771a7fbae8a992db79585acdd6618cb43e1f54f6cfbbe0d59ee7d4e68f94df31dcb052944dc6531d2ef725173f4f064779704298bcc10a4ccfd74c1afdd7b11dbd9628dfc559166bd2bb9ed1d1f2318749a29871c71a9ec82f542ba18e7248d20d19dd11fabee5982dd620c1ff090be90f60dfaad7f1a07ba261f63a5c11692e9a710098debc31d5b6d45d2165803310c7846babb7edaf7d10fcb23b18cf21b065523110c1bf6fb26875160cba683cd1822aafd82f5c7317c0f79588d3c3f05be4d959a9e7c62a4da24b5535d1517a1ef171a48ed07caaa544d42685b997986e6ab26a0b4fc215b348502ab870bec02c2cf2997656af85c713ca7f9aa78930287b07a86813db64ec6e4fc45691043b776f9d1e62d1faf3a8988f336e92284442da61246e82696877f178a63695c545b917bc67fb3e082bc4ba8bfc125b575d359e99125f72eb4f69a2c32895e7923014e43bb1a0c4b395657f2dd78e46a714a51c38436c03aa2693b544f25c247ded4542d7475afd167d159b21de54b890cea777445434c49e85de40647ea2c264fe1c00ac6cfca4910e95bf5b372dfb5aebcfde172ed0e97026c26947759801f8af06334a7bf64cb6437c2b62b1b7737990ea4c25714890b68b3c999333ed357d56b291979380203bdad2a6863ba226846b027f98a986aa31fbacc73cfe4232935865e61729e5d64ec8ed1983914076f3c58708c88547bf4e149f53d67da6089e09e31c6cb4bd5fe28497dba42fcecb2e2e79d02480081433681d2f057f992074517237ae92cc8c18cdb85dc740ca4134154ad105e81c8d4d08495c9a8c95c104e50fbf9a87769ee6ae14c3f8972ff06950a72e63f69a4a568e0fbed9faaef0d25c53c4702e1228e37fc47a892b81f104aecaf5946b95215034ac0cc1391da3bfd84818b9dc11f5ceeb54b58c7f7b797482bbb3288c3156bafde1515e2d09202ce134727788f6eb8839551795e8030b4acabd1f115c75b5314e71524c24b0c07e629f4a2bd0493a31322d9d8fce8fff9fabf123912f713c511091a604a7a02259953286ea44607459af0ca8797816115344beb81728eaa4450130622f8f4ba8b3c547b1b7a0b5a33366d597e85e516af8f9eebd76169b83892f26e330da0020454c1feb75b25184bfd9acf2568a3830b9e3bc24a1bae18ea1cb16098780b1880261423d6b7b3fcc13151c13dc34341ff22d601768039a5102d21c64874f29332be1c0444cc5c7943dfe269ef1488cd7341536b4e8dfb17c905b703c21bfc04636bdc5865d90a99d4d14ef3809d3947501f576e12a194ffc45388d17de22660eaa8866f764c950e5eb207c0e28ec73b034d2fe6db6e38ba1111cee9909f20d80f9900d94666c5a8b3246ea9331a1dd418f25d9e39f6094e7bf1072921b3291f4fdbcab9e908ed4034ae6d0ecdd32a2fb0d297449b5bb2ed19a1c19531d127a0fc1597809340e74a0e7c12d9213e703c4389e116d2200316b2f6fff69cbd694cec0ab8b8650f636d75e5cd6ac1ed200848b47ccb894fb5d83806ba0e9f098bdcc891fc9d44d869030568ee4999ac7f7a54d89690ac3b23b8de1b368f290823cd229d549cccb25627dd69aadc193561a5761a5b1e5c555dafbfd5b2e2c1e8b680029a74ce447b46bca4949b8387deb01f45b808fca6f7a1df7a6967189c49f95995a10b41169a0b736ab59fb85af0d12cf5f51b6c9edfe13a774fbde5608d7dd460d87966e9cc90c6e20d59678c48be3112fc486a100fc8daabfdf53abcc4f449c19d73d93c0b15663d214c6ff1197ab0577b96fd42ac2e48f002c382e19e753cedc419bebd1aca7b60bf034ae3c211dc5d97e798966a9c4a5ef59147ab6c3a78126d7e93d3d6c3a629d5d0c8f375bd53479b2cf1db6c13388e8ef02db54bff4591abeceb6fcf56fb7338c141a6107aa101048d7e1fc382bd53186f11329e570ab6a953a21aa78566ef4b64a5150e2ec35cc1793c0e267a9ecacfd7ddd9c937760a48090269817da99d5a94d85b756bb21e3e5cbee9e29430c955f5340b92e7303569dbefa46ae46310dc2a94dbdf9be87c6ba271c1404f2ba08c7be83d4d8403eb02096038fb59351a69a99cf9e95ae115b433c7f4d4e459dc99112b83885d119cef44ae432aa99dabfaf175c7e61c445928fb967ac10ad9b9b602ba42177a5558dddb0d49d7ba7d0af7d3a611b8d9887a1daaf52cf5c4db8d2f98a3ea149a21755e612dff5c035f7ecd9ec451b930537a6ffbb889dd253fa7210ef28c1c94fd2f125505fab8ac47e6fb8dce00ef6bb01838e0784722ac70ad34ce0312ddb176b6a88510bef71d813975f1905fa2caaa9497b025d21dbe385def31f1527e5b0ade1579de3b7193e084883aa9cb09c1803a770382422f59b5a0575923e1e74224540adba19752f5a9a9b79f8ed08b1d3c18cc0a881ad813b27e576b43ad0facce75d1087f3427681c854b58951d9ef2fa2e362055c5869b191acd5c7b75b0796d7b9a8288434b8188fe682ca8fa3397a2d9a5dbfba5e4fa140713138dcfb13fa1e5646a02308634658f597e6dbb1344704a744a79ed3b1221bcb8dd44338f8d3a50f37494b1bdbcb6e8e69724fc9845bd1dbdb8812db836bf5d64084b9945f301e0ee4937c39f335260e390f01bf6dcec78c60f97a219019c5aaa7e6f6c761c598431e79d93019e1d2fa08fb1d534ba0f1e9e311b7b5b417c86cabd9d0c9a2add08132b83fc95c3e81e3ea825771fc1a2a5fb07453a5eaa126f74a5efe5ca4f632c17627351a92accee71990f446c985338d188eb752a0048c218c8d21d3795c3d56c6e152f904f030de2fc7051cbc3099fef0d06a5aec622ec5d29325e5514fd32273899e743203863afa5a7e0e16287abd8496c7ae77c5adef39c384bd173cd0cb58580568a581af021a7ef5d5b99bc1d97d63b427fa1e4e20b31abbb3f272f8243e4736536602c9b6655d72d9e60a2fe94bb79799617895ffa121abd49b9e29c626c0babc755e2ba4ee9d031b59a5c2adc84c3f8ce78ed1863add317964c35ca43c3597f6c960c943e50802835fe86672f27149367dd2b3cc84479c67f662f6d7fcc30778eaab03a159f1f463ced954d03cbb56121c57b091d2134421c1cf0b50af1020de696911dfd42a6cf417a679c0c9fa995fe19c801ac84bbdd05d34efbbdf247e282ab39beb3a91884e7d22a5b95824032edd8ace23fe45eeebcd6a11f09cd4878499f4aab1706e43c2fd54f7445b98ac940f8d09fccd3879f2315c6827779e0cf608126027e727cc3591d9c99073d90687a4cd6625b7554ef0a2a1f9d16071a62ba9c27204aa04f3aae295555a2a9ba0a005f8af9e7d1db8796fbec3d712d0eb50b1f05f17ca30c5e44ec9388786e01e0a5eb5cf5cdcca98171678fc094eeb54a2d24083686c158f65c0696ba14cda084818e42c56172840fa5705f79ebc3e8c2501eb611d3ed31121c2c83dd2600f9f8be3e082442613865494ece83863b8f549474266e9a0d4d2b1f0885b6c4a2a32b0f72f13b8c5caf2cdbaafe9983aa22ab340b4978915e59f08714e1ed3cc97d9323ff32047c40b5a2bfb4ea3d87198ed606c5f6db9a656b6eb05f8cac165ef797225c0ecf5106ecae8b830166d6b90b23e40dd75228cc27e427764ea81b52ff0acfb9533ecb409fb4592ce2f8f72c6d30a78d4ab96ecbc710b203b9fe9a2cbcb928dd7884497cfe945fab6b8c9e4c80fd2a38c32a9f9fb2ccfa2e97b486eda7e63155fdf99db4eeedd211f9591df8b48c48c0db8eadad2a052b2d7517a6d03134fc02160368227c882d8b98ea9e8832e6e4be19b91b38901270587ef435554d7ee9d97eb023eeaa8acbfeb8e63921bcb15ea0e8470e12a2edffa569ab185a245dcd819c9a0c7d24d37744c2d98a1e120fb11c072f9c1c84d52b62022dc0984d8a886f4801cd0b14d956a67261b97d40fc4dd43957938b96e28054f1ee093c8aa0ab71cf040ccea7778bb10487ad286cde2db379fc0207c63e18e31f1df6805f094dbc1f73d6e4a92dc77671fc9a533571b6097806e7e3c577968388788b476f4b19447f7aadcdba73f75312c3cbd294f65863889f8b3db92e799f1fb1361905d1e5fac8900e172ee5d2b0b11f2e77ad187757586c7c1a7847fb6eab0096ae613ed91f3336f3f28c242f4aba9b2eb132ebc1233250b3b76d1ab172d14b94588233367fa8018af6c0371e5c95e011341a489dffdafb53204cef776f8731444b1262acbb96b613a7a414557f660e89dda45181c5c8135b656370da1dfee7972a92a39e03e17892102c3a558aebfde1a96a9da94e811bff0e1d20f5da73a872a3660f2a46087bb8dbe0d0314ed8882998812f24d1d0691149f9b6700177c92a40436c512efef658a134a1d9077ca2b8192b93148724a0d230e52032a963bec607e66970f80de4579d86753c70b10f921a1d6601002009e0092c7ad383ff3912b369c7525722e99677dc34a17af5f66a414cf9dfcd4cf15c260b566c2168cc722d726cc1ca9623bd1bced164de67a22cf3ef08cc13d89202cb134e27d94954b7db6a5bc939b78bddb25bbcb62cff7f882545bc7c099a37914db3ba65a6011ccdc91a4bae9bf968a0420e2f0160c8953a08d75b33883a44534daccf31da970cdebb02906397d93045c7fd80fc62f89d6fda018751b7bcfcb132329c82c47f11433f184477180ea50a9988d92fbec0bcca2f64b4a0129d069e5bc9e0759af9f0e25de65ea0b16becd6361d610b42daf1e74c500488684e8b02dd865013eb253d3af5a3b3f26c98e1abf70a4bc"}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x4) sendmsg$nl_route(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=@bridge_delvlan={0x44, 0x71, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@BRIDGE_VLANDB_ENTRY={0x10, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_TUNNEL_INFO={0xc, 0x4, 0x0, 0x1, @BRIDGE_VLANDB_TINFO_CMD={0x8, 0x2, 0x13}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x47, 0x2}}}, @BRIDGE_VLANDB_ENTRY={0x10, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_TUNNEL_INFO={0xc, 0x4, 0x0, 0x1, @BRIDGE_VLANDB_TINFO_CMD={0x8, 0x2, 0x13}}}]}, 0x44}}, 0x8040) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x10d800, 0x0) ioctl$TIOCSCTTY(r3, 0x540e, 0x6) sendmsg$nl_route(r3, &(0x7f00000006c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000680)={&(0x7f00000002c0)=@bridge_getneigh={0x388, 0x1e, 0x100, 0x70bd29, 0x25dfdbfc, {0x7, 0x0, 0x0, 0x0, 0x83, 0xc000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8}]}}}, @IFLA_LINKMODE={0x5, 0x11, 0xf9}, @IFLA_BROADCAST={0xa, 0x2, @random="1242429f23b5"}, @IFLA_VFINFO_LIST={0x334, 0x16, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x1, 0xfffffffffffffffa}}, @IFLA_VF_RATE={0x10, 0x6, {0x80000001, 0x0, 0x6}}, @IFLA_VF_TRUST={0xc, 0x9, {0xa96a, 0x1}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x800, 0x9}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x1, 0x90000}}]}, {0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x80, 0x80}}]}, {0x7c, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x8, 0x3}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x3, 0x80000001}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x4a, 0x401}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x3800000, 0xfffffffffffffffe}}, @IFLA_VF_RATE={0x10, 0x6, {0x13a, 0xffffffff}}, @IFLA_VF_RATE={0x10, 0x6, {0x4, 0x200, 0x8d9a}}, @IFLA_VF_TRUST={0xc, 0x9, {0x9, 0x81}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x4, 0xd51}}]}, {0xa4, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x4, 0x2}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x10001, 0x101}}, @IFLA_VF_VLAN={0x10, 0x2, {0x8, 0xe1b, 0x2}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x7, 0x1f}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0xffffffff, 0x4}}, @IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x4, 0x7c4, 0x7, 0x8100}}]}, @IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x77d42b4, 0x4}}, @IFLA_VF_MAC={0x28, 0x1, {0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x1f, 0x40}}]}, {0x104, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x401}}, @IFLA_VF_MAC={0x28, 0x1, {0x31}}, @IFLA_VF_VLAN_LIST={0x68, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x6, 0x8e9, 0x7ff, 0x8100}}, {0x14, 0x1, {0x800, 0x597, 0x5, 0x88a8}}, {0x14, 0x1, {0x10000, 0xc85, 0x9, 0x88a8}}, {0x14, 0x1, {0x1f, 0x1fa, 0x20, 0x88a8}}, {0x14, 0x1, {0x3, 0x79f, 0x400, 0x8100}}]}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x6, 0x20}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x1, 0xbc7}}, @IFLA_VF_VLAN_LIST={0x40, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x5, 0xd67, 0x4, 0x88a8}}, {0x14, 0x1, {0xfd, 0x921, 0x0, 0x8100}}, {0x14, 0x1, {0x7, 0x6ca, 0x0, 0x8100}}]}, @IFLA_VF_TRUST={0xc, 0x9, {0xcba4, 0x6}}]}, {0x48, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x4, @local}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x4, 0x5}}, @IFLA_VF_RATE={0x10, 0x6, {0x2, 0xffffffff, 0x3}}]}, {0x58, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x9, 0x6b}}, @IFLA_VF_VLAN_LIST={0x40, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x9, 0x748, 0x3ff, 0x8100}}, {0x14, 0x1, {0x5, 0x9b8, 0x0, 0x8100}}, {0x14, 0x1, {0x7f, 0x279, 0x88ff, 0x88a8}}]}]}]}]}, 0x388}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) [ 1742.630206][ T158] Bluetooth: hci10: Frame reassembly failed (-84) 15:38:51 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) write(r0, &(0x7f0000000080)="ab8de95ba396988a8e09a75afa4152b444ee2d1cf70d69a5ff98e33b4ab70c9dcf16ceeeed764ca8e874208525d3df97d2b28cd5ecfd0d650251e188897dff1f0b6e76565b991ef09cf21a6ce4b9d3ebcd6f3983c0e59bd8e99a435b3451c5bfa71ee271aa66e1334e84c6f274c48b1589c9a92cee7f0865d998d74672143a478fbac35ea851f92189399df693d1004d9c2dbe517f1d82874e85cb772a35d7ae306d5fb0f63daf312e2f7662f0a41b3e723a8aec86b49621bf2b79b544", 0xbd) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1743.026877][T23375] Bluetooth: hci11: sending frame failed (-49) [ 1744.132263][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1744.143825][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1744.222107][ T150] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1744.231550][T13853] Bluetooth: hci8: command tx timeout [ 1744.612041][T28953] Bluetooth: hci9: command 0x1003 tx timeout [ 1744.619733][ T150] Bluetooth: hci9: sending frame failed (-49) 15:38:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = syz_usb_connect$uac1(0x2, 0xe1, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcf, 0x3, 0x1, 0x80, 0xa0, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x5}, [@input_terminal={0xc, 0x24, 0x2, 0x1, 0x101, 0x2, 0xf9, 0x7, 0x80, 0xe5}, @mixer_unit={0x8, 0x24, 0x4, 0x5, 0x8, 'vT*'}, @feature_unit={0xfffffffffffffee8, 0x24, 0x6, 0x2, 0x5, 0x5, [0x9, 0xc, 0x6, 0x6, 0x5], 0x6}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x0, 0x3, 0x5, 0x1f, "f87ff9b7b2d96cfc63"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x1000, 0x9, 0xd1}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x20, 0x9, 0x7f, {0x7, 0x25, 0x1, 0x80, 0x1c, 0x10}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x1d, 0x4, 0x3f, 0x1f, "cb"}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x7, 0x7, 0x0, "b0e7"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xda, 0x1, 0x20, 0xfb, 'nc^'}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x0, 0x1, 0xf7, 0x4, "4084", "01"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x1f}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x9, 0x9, 0x0, {0x7, 0x25, 0x1, 0x82, 0xfc, 0x8000}}}}}}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0xc0, 0x1, 0x0, 0xff, 0x6}, 0x4f, &(0x7f00000000c0)={0x5, 0xf, 0x4f, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0xa, 0x6, 0x3}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x1, 0xd4, 0x4, 0x80, 0x20}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x2, 0x2, 0x6}, @ssp_cap={0x24, 0x10, 0xa, 0x6e, 0x6, 0x100, 0xf000, 0x1, [0x3f0f, 0xc0, 0xff0000, 0x3f0f, 0x3f30, 0x3f]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0x4, 0x8b1a}]}, 0x8, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x816}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x3c01}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x41a}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x447}}, {0xe1, &(0x7f0000000380)=@string={0xe1, 0x3, "561e8088f18d04f71ad21f2c35c957b913ddb568fc8ab0582495d53c9deb854751e8a41fb482857129550ad2a85c383b5b99e62702f086e4aed614570a01ee5dec90793e1328dba8b64c1c5c6a57f5393fd8f956043e508251f66135fb033b1e01893c98159a114967285cf41ded905638ea657cbd611167edadf3b6348eb2411f7cbe787720c022894f1c15afb74cf0bc1dee2416a9b93a6b0552b53194201ab578ff874d6260d06dcf7377bb815ac8ddd7b09258de43e568eb3c60230138364f76e05b60d1707e1e7650a9d587938ceea50bd6d74a46e0dc970604d0b38b"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x440a}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x424}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x422}}]}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x54, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x10}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x54}}, 0x0) syz_usb_control_io(r1, &(0x7f0000000880)={0x2c, &(0x7f00000005c0)={0x20, 0x8, 0xc5, {0xc5, 0x22, "6f7093c5af9baf63e51d6955b78ea4546b2bf9fe3afa5a56073477cb00f19dd18bfb283ff33e156339e4b6d40335064d56eb3b3eda0a3955d40f8fff140814ad920e4df40a607b1704be426debebf0dbecbb98c59e4fd37056023796edb585fe24dd4cc19323d2beea3fec9eaf59fcac97820faa1e5f50ede39c13aecf51f39622c871df5eb28e3cea1737b0f240ffd2c931a7c88d02be4268d6b1fcf6f2922775c1bf8db338253cbf3a1ad734acbb613ce0d9bfef3e508ec6e2c0f614c1b52672c349"}}, &(0x7f00000006c0)={0x0, 0x3, 0xf0, @string={0xf0, 0x3, "f2e73a0691fe2fc8046593ee624d4b24cc72478a4afe3195780c797dbe91c6e7f6f170afd5dda137868e110b37ab96a03f15bea83c4834560d667e3bfe64e6f29205291be60013273dc91c7ecfd4ef8979cc3b7a4732330f39fd5beed06117763a7ef08e7666f592d646cf2434615bbd8d712fd252e967c6cf12f804d251ca9d99024396eaa9422b0a94c553d07280bead1d138dc3096c79cc79bf90df706effa51f59f0aaca6aeefaaf8ea5e628f80e5cd5c534ef97fd1b601a0880d3736a23953fd44f0968371b99124f558d34c6e647eb05949d82ba3ee5f10c507ed91e1badc0ccea3bcfece92bb31142dfa9"}}, &(0x7f00000007c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000800)={0x20, 0x29, 0xf, {0xf, 0x29, 0x7, 0x3, 0x2, 0x9, "2eff2731", "b16674a6"}}, &(0x7f0000000840)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x8, 0xd9, 0x9, 0x7b, 0x3, 0x81}}}, &(0x7f0000000d40)={0x84, &(0x7f00000008c0)={0x20, 0x10, 0x88, "6f868513f8c6afebaa63a4eaa04615933d5f6a5ce16e880e399a9d4625985f0160c868ec3e09e783443ccb67671c47ed09fa4eea1475efd5933b9633340167f02463ae9fe29e672a115ff4d52beaf868d4fdee7c45b29c9d5975ee7fd565dc1673ca1b675ed8a5c678fa8a3ac776331ceb5ae2479bf5ea23ee81e4fb8c32f212aac96af6e554069c"}, &(0x7f0000000980)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000009c0)={0x0, 0x8, 0x1, 0x2b}, &(0x7f0000000a00)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f0000000a40)=ANY=[@ANYBLOB="206b8eea700000000000"], &(0x7f0000000a80)={0x40, 0x7, 0x2, 0xef}, &(0x7f0000000ac0)={0x40, 0x9, 0x1, 0xc5}, &(0x7f0000000b00)={0x40, 0xb, 0x2, "55b3"}, &(0x7f0000000b40)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000b80)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, &(0x7f0000000bc0)={0x40, 0x17, 0x6}, &(0x7f0000000c00)={0x40, 0x19, 0x2, "80b6"}, &(0x7f0000000c40)={0x40, 0x1a, 0x2, 0x100}, &(0x7f0000000c80)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000cc0)={0x40, 0x1e, 0x1, 0xc1}, &(0x7f0000000d00)={0x40, 0x21, 0x1, 0x7}}) ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000e00)) [ 1744.702040][T18048] Bluetooth: hci10: command 0x1003 tx timeout [ 1744.712856][T11206] Bluetooth: hci10: sending frame failed (-49) 15:38:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40e41, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1744.904841][T20859] Bluetooth: hci8: Frame reassembly failed (-84) [ 1745.102210][ T6548] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1745.141957][T28953] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 1745.541978][T28953] usb 3-1: not running at top speed; connect to a high speed hub 15:38:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_pts(r1, 0x509803) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x11) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f00000000c0)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1745.622144][T28953] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1745.644209][T28953] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 32, changing to 4 [ 1745.812445][T28953] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1745.826526][T28953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1745.836009][T28953] usb 3-1: Product: К [ 1745.840264][T28953] usb 3-1: Manufacturer: 㰁 [ 1745.846678][T28953] usb 3-1: SerialNumber: ч [ 1746.691896][T18048] Bluetooth: hci9: command 0x1001 tx timeout [ 1746.699017][T23375] Bluetooth: hci9: sending frame failed (-49) [ 1746.771853][T18048] Bluetooth: hci10: command 0x1001 tx timeout [ 1746.778108][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1746.789589][ T150] Bluetooth: hci10: sending frame failed (-49) 15:38:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0xc0389424, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1746.851845][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 1746.851960][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1746.932151][T18048] Bluetooth: hci8: command 0xfc11 tx timeout [ 1746.932245][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1746.949653][T28953] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 1746.961792][T28953] usb 3-1: 2:1 : sample bitwidth 63 in over sample bytes 4 [ 1746.969053][T28953] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1746.979810][T20859] Bluetooth: hci6: Frame reassembly failed (-84) [ 1747.014044][T28953] usb 3-1: USB disconnect, device number 10 15:38:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000080)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1747.521530][T27301] Bluetooth: hci7: Frame reassembly failed (-84) 15:38:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40e41, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1747.731932][T20417] Bluetooth: hci11: command 0xfc11 tx timeout [ 1747.732160][ T6548] Bluetooth: hci11: Entering manufacturer mode failed (-110) 15:38:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000080)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1748.771765][T20417] Bluetooth: hci9: command 0x1009 tx timeout [ 1748.851786][T13261] Bluetooth: hci10: command 0x1009 tx timeout [ 1749.011820][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1749.012047][T13261] Bluetooth: hci6: command 0xfc11 tx timeout [ 1749.571891][T20417] Bluetooth: hci7: command 0xfc11 tx timeout [ 1749.581896][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1749.731731][ T150] Bluetooth: hci8: Entering manufacturer mode failed (-110) 15:38:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000600)={0x3, 0x0, 0xe, 0x7, 0xb1, &(0x7f0000000200)}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540800002800000427bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="10000000ffff0c0010000c0006000500400700000b0001006d717072696f000008000100636273000b000100636c7361637400000600050004010000"], 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0) copy_file_range(r0, &(0x7f0000000640)=0x4, 0xffffffffffffffff, &(0x7f0000000680)=0x5, 0x0, 0x0) [ 1750.169782][ T148] Bluetooth: hci7: Frame reassembly failed (-84) 15:38:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'}) ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1750.302629][T20859] Bluetooth: hci8: Frame reassembly failed (-84) [ 1750.371871][T13261] Bluetooth: hci11: command 0xfc11 tx timeout [ 1750.371896][T23375] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1751.571866][ T8528] Bluetooth: hci6: command 0xfc11 tx timeout [ 1751.578024][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1752.211470][T13853] Bluetooth: hci7: command 0xfc11 tx timeout [ 1752.212677][ T150] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1752.371576][ T8528] Bluetooth: hci8: command 0xfc11 tx timeout [ 1752.371697][T11206] Bluetooth: hci8: Entering manufacturer mode failed (-110) 15:39:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000080)={0x20000000}) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x30001, 0x0) ioctl$TIOCSRS485(r1, 0x542f, &(0x7f0000000100)={0x3, 0xc4, 0x91}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x300, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = dup3(r1, r2, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/bpa10x', 0xc000, 0x92) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x400f) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:39:01 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:01 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfffffffd) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000600)={0x3, 0x0, 0xe, 0x7, 0xb1, &(0x7f0000000200)}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540800002800000427bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="10000000ffff0c0010000c0006000500400700000b0001006d717072696f000008000100636273000b000100636c7361637400000600050004010000"], 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0) copy_file_range(r0, &(0x7f0000000640)=0x4, 0xffffffffffffffff, &(0x7f0000000680)=0x5, 0x0, 0x0) 15:39:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfffffff5) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1753.047015][ T158] Bluetooth: hci6: Frame reassembly failed (-84) [ 1753.063082][T11654] Bluetooth: hci7: Frame reassembly failed (-84) [ 1753.069768][T11654] Bluetooth: hci7: Frame reassembly failed (-84) [ 1753.115759][ T148] Bluetooth: hci8: Frame reassembly failed (-84) 15:39:01 executing program 4: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) r5 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0), 0x20100, 0x0) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) sendmsg$can_bcm(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x6, 0x429, 0x384e, {}, {r6, r7/1000+10000}, {0x2, 0x0, 0x0, 0x1}, 0x1, @can={{0x0, 0x0, 0x1}, 0x2, 0x1, 0x0, 0x0, "c0e854958ac805f0"}}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x50) r8 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4}, 0x18) sendfile(r1, r0, 0x0, 0x80005) bind$can_j1939(r1, &(0x7f0000000140)={0x1d, r4, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x10, 0x70bd2a, 0x6e, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x4011) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r9, 0x400455c8, 0x0) [ 1753.474492][ T148] Bluetooth: hci9: Frame reassembly failed (-84) 15:39:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000080)={0x20000000}) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x30001, 0x0) ioctl$TIOCSRS485(r1, 0x542f, &(0x7f0000000100)={0x3, 0xc4, 0x91}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:01 executing program 2: r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x60802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000003400)=0xd) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)='\r\n', 0x2}], 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1753.696203][T20859] Bluetooth: hci10: Frame reassembly failed (-84) [ 1753.734546][ T6548] Bluetooth: hci11: sending frame failed (-49) [ 1754.549850][ C1] vcan0: j1939_tp_rxtimer: 0xffff888079eafc00: rx timeout, send abort [ 1754.559630][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888079eafc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1754.574107][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88801a7d1c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1755.091292][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1755.100636][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1755.101331][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1755.171153][ T8408] Bluetooth: hci8: command 0xfc11 tx timeout [ 1755.181880][T11206] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1755.491135][ T8408] Bluetooth: hci9: command 0x1003 tx timeout [ 1755.497803][T11206] Bluetooth: hci9: sending frame failed (-49) 15:39:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket(0x18, 0x0, 0x0) close(r3) r4 = socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000480)={0x1d, r6, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r3, &(0x7f0000000000)={0x1d, r6, 0x3}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2f, 0x0, 0x7, 0x200, 0x21, @dev={0xfe, 0x80, '\x00', 0x17}, @local, 0x8000, 0x10, 0x9, 0x2}}) sendfile(r3, r2, 0x0, 0x80005) bind$can_j1939(r3, &(0x7f0000000140)={0x1d, r6, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@mpls_getnetconf={0x24, 0x52, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1}, @NETCONFA_IFINDEX={0x8, 0x1, r6}]}, 0x24}}, 0xc800) 15:39:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) set_mempolicy(0x3, &(0x7f0000000000)=0x1, 0x8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x149802, 0x0) r2 = dup(r1) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000240)={0x0, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x84) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8c00, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000006, 0x12, r5, 0x0) syz_io_uring_setup(0x187, &(0x7f00000001c0), &(0x7f000017c000/0x4000)=nil, &(0x7f0000190000/0x2000)=nil, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x18) io_setup(0x1, &(0x7f0000000240)=0x0) io_submit(r7, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r6, &(0x7f0000000000)="98", 0x3e80000000}]) io_destroy(r7) write$nbd(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYRES16], 0x68) sendfile(r1, r2, 0x0, 0x80006) [ 1755.732715][ T9935] Bluetooth: hci10: Entering manufacturer mode failed (-110) 15:39:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1755.811347][ T1053] Bluetooth: hci11: command 0xfc11 tx timeout [ 1755.817720][T23375] Bluetooth: hci11: Entering manufacturer mode failed (-110) [ 1755.860727][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807c2ef800: rx timeout, send abort [ 1755.869356][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c2ef800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1755.880443][T29512] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 1755.883846][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c2ec800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1755.947250][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:39:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) set_mempolicy(0x3, &(0x7f0000000000)=0x1, 0x8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x149802, 0x0) r2 = dup(r1) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000240)={0x0, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x84) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8c00, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000006, 0x12, r5, 0x0) syz_io_uring_setup(0x187, &(0x7f00000001c0), &(0x7f000017c000/0x4000)=nil, &(0x7f0000190000/0x2000)=nil, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x18) io_setup(0x1, &(0x7f0000000240)=0x0) io_submit(r7, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r6, &(0x7f0000000000)="98", 0x3e80000000}]) io_destroy(r7) write$nbd(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYRES16], 0x68) sendfile(r1, r2, 0x0, 0x80006) 15:39:04 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000080)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket(0x18, 0x0, 0x0) close(r3) r4 = socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000480)={0x1d, r6, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r3, &(0x7f0000000000)={0x1d, r6, 0x3}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2f, 0x0, 0x7, 0x200, 0x21, @dev={0xfe, 0x80, '\x00', 0x17}, @local, 0x8000, 0x10, 0x9, 0x2}}) sendfile(r3, r2, 0x0, 0x80005) bind$can_j1939(r3, &(0x7f0000000140)={0x1d, r6, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@mpls_getnetconf={0x24, 0x52, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1}, @NETCONFA_IFINDEX={0x8, 0x1, r6}]}, 0x24}}, 0xc800) 15:39:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) set_mempolicy(0x3, &(0x7f0000000000)=0x1, 0x8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x149802, 0x0) r2 = dup(r1) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000240)={0x0, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x84) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8c00, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000006, 0x12, r5, 0x0) syz_io_uring_setup(0x187, &(0x7f00000001c0), &(0x7f000017c000/0x4000)=nil, &(0x7f0000190000/0x2000)=nil, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x18) io_setup(0x1, &(0x7f0000000240)=0x0) io_submit(r7, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r6, &(0x7f0000000000)="98", 0x3e80000000}]) io_destroy(r7) write$nbd(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYRES16], 0x68) sendfile(r1, r2, 0x0, 0x80006) [ 1756.733827][T29543] vcan0: tx drop: invalid da for name 0x0000000000000003 15:39:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) set_mempolicy(0x3, &(0x7f0000000000)=0x1, 0x8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x149802, 0x0) r2 = dup(r1) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000240)={0x0, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x84) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8c00, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000006, 0x12, r5, 0x0) syz_io_uring_setup(0x187, &(0x7f00000001c0), &(0x7f000017c000/0x4000)=nil, &(0x7f0000190000/0x2000)=nil, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x18) io_setup(0x1, &(0x7f0000000240)=0x0) io_submit(r7, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r6, &(0x7f0000000000)="98", 0x3e80000000}]) io_destroy(r7) write$nbd(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYRES16], 0x68) sendfile(r1, r2, 0x0, 0x80006) 15:39:05 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000080)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1757.571003][ T8528] Bluetooth: hci9: command 0x1001 tx timeout [ 1757.578786][T11206] Bluetooth: hci9: sending frame failed (-49) [ 1757.970998][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1757.977694][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1758.691282][ T8528] Bluetooth: hci7: command 0xfc11 tx timeout [ 1758.697500][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1759.650990][ T8528] Bluetooth: hci9: command 0x1009 tx timeout 15:39:11 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x400000000000) 15:39:11 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) set_mempolicy(0x3, &(0x7f0000000000)=0x1, 0x8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x149802, 0x0) r2 = dup(r1) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000240)={0x0, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x84) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8c00, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000006, 0x12, r5, 0x0) syz_io_uring_setup(0x187, &(0x7f00000001c0), &(0x7f000017c000/0x4000)=nil, &(0x7f0000190000/0x2000)=nil, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000044882, 0x0) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x18) io_setup(0x1, &(0x7f0000000240)=0x0) io_submit(r7, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r6, &(0x7f0000000000)="98", 0x3e80000000}]) io_destroy(r7) write$nbd(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYRES16], 0x68) sendfile(r1, r2, 0x0, 0x80006) 15:39:11 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000080)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfa338ed9) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:11 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:11 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket(0x18, 0x0, 0x0) close(r3) r4 = socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000480)={0x1d, r6, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r3, &(0x7f0000000000)={0x1d, r6, 0x3}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2f, 0x0, 0x7, 0x200, 0x21, @dev={0xfe, 0x80, '\x00', 0x17}, @local, 0x8000, 0x10, 0x9, 0x2}}) sendfile(r3, r2, 0x0, 0x80005) bind$can_j1939(r3, &(0x7f0000000140)={0x1d, r6, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@mpls_getnetconf={0x24, 0x52, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1}, @NETCONFA_IFINDEX={0x8, 0x1, r6}]}, 0x24}}, 0xc800) [ 1763.907910][T20859] Bluetooth: hci6: Frame reassembly failed (-84) [ 1763.915816][T11654] Bluetooth: hci7: Frame reassembly failed (-84) [ 1764.017938][T29582] vcan0: tx drop: invalid da for name 0x0000000000000003 15:39:12 executing program 4: process_vm_writev(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f0000000180)=""/142, 0x8e}, {&(0x7f00000000c0)=""/111, 0x6f}, {&(0x7f0000000240)=""/212, 0xd4}, {&(0x7f0000000340)=""/238, 0xee}, {&(0x7f0000000440)=""/54, 0x36}, {&(0x7f0000000480)=""/215, 0xd7}, {&(0x7f0000000580)=""/200, 0xc8}, {&(0x7f0000000680)=""/169, 0xa9}], 0x8, &(0x7f0000000800)=[{&(0x7f00000007c0)=""/22, 0x16}], 0x1, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x17) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1764.367144][ T1209] Bluetooth: hci9: Frame reassembly failed (-84) 15:39:12 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000080)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) 15:39:12 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000080)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) 15:39:12 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000080)={0x7, 0x7ff}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) read(r0, &(0x7f0000000180)=""/140, 0x8c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x1b) 15:39:13 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000080)) ioctl$KDADDIO(r1, 0x400455c8, 0x2) [ 1764.857268][T20859] Bluetooth: hci10: Frame reassembly failed (-84) 15:39:13 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000080)) ioctl$KDADDIO(r1, 0x400455c8, 0x2) 15:39:13 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000080)) ioctl$KDADDIO(r1, 0x400455c8, 0x2) 15:39:13 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) 15:39:13 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x2) [ 1765.970728][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1765.980710][ T8408] Bluetooth: hci7: command 0xfc11 tx timeout [ 1765.986917][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1765.991511][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1766.003952][ T8528] Bluetooth: hci6: command tx timeout [ 1766.380407][T13853] Bluetooth: hci9: command 0x1003 tx timeout [ 1766.388929][ T150] Bluetooth: hci9: sending frame failed (-49) 15:39:14 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x2) 15:39:14 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000080)={0x2, 0x9ac, 0x7, 0x3ff, 0xff, "31f343657578b9849b214d058da16b8ba552dd", 0xe56, 0x7}) [ 1766.656055][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) [ 1766.692693][ T1209] Bluetooth: hci7: Frame reassembly failed (-84) [ 1766.930230][ T8528] Bluetooth: hci10: command 0xfc11 tx timeout [ 1766.930593][ T8903] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1768.460180][T18048] Bluetooth: hci9: command 0x1001 tx timeout [ 1768.467018][ T8903] Bluetooth: hci9: sending frame failed (-49) [ 1768.690369][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1768.701200][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1768.707411][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1769.211608][T23375] Bluetooth: hci6: sending frame failed (-49) [ 1770.530071][T18049] Bluetooth: hci9: command 0x1009 tx timeout [ 1771.250219][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1771.261042][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:39:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f0000000080)) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x4, 0x9, 0x1, 0xff, 0x8001, 0x8}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:39:22 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x4f4c, 0x8, 0x2, 0x7}, 0x8) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x2) 15:39:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2f, 0x0, 0x7, 0x200, 0x21, @dev={0xfe, 0x80, '\x00', 0x17}, @local, 0x8000, 0x10, 0x9, 0x2}}) sendfile(r2, r1, 0x0, 0x80005) bind$can_j1939(r2, &(0x7f0000000140)={0x1d, r5, 0x3, {0x0, 0x0, 0x4}}, 0x18) 15:39:22 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000080)={0x7, 0x7ff}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) read(r0, &(0x7f0000000180)=""/140, 0x8c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x1b) 15:39:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:22 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1774.728175][ T148] Bluetooth: hci6: Frame reassembly failed (-84) 15:39:22 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) [ 1774.890813][T29703] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 1774.909133][ T9935] Bluetooth: hci9: sending frame failed (-49) 15:39:23 executing program 2: socket$inet(0x2, 0x4000000000000001, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 1776.769715][ T150] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1776.769761][ T8528] Bluetooth: hci7: command 0xfc11 tx timeout [ 1776.783616][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1776.789754][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1776.849572][T18048] Bluetooth: hci8: command 0xfc11 tx timeout [ 1776.849687][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1776.929664][T18048] Bluetooth: hci9: command 0x1003 tx timeout [ 1776.937294][T23375] Bluetooth: hci9: sending frame failed (-49) [ 1779.009407][ T8528] Bluetooth: hci9: command 0x1001 tx timeout [ 1779.016768][T23375] Bluetooth: hci9: sending frame failed (-49) [ 1781.089194][ T8528] Bluetooth: hci9: command 0x1009 tx timeout 15:39:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f0000000080)="a68776d6bd8dee307bd0b8b955327e") ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:39:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x6) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:33 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2f, 0x0, 0x7, 0x200, 0x21, @dev={0xfe, 0x80, '\x00', 0x17}, @local, 0x8000, 0x10, 0x9, 0x2}}) sendfile(r2, r1, 0x0, 0x80005) [ 1785.614285][ T158] Bluetooth: hci6: Frame reassembly failed (-84) [ 1785.684575][T20859] Bluetooth: hci7: Frame reassembly failed (-84) [ 1785.692520][T20859] Bluetooth: hci7: Frame reassembly failed (-84) 15:39:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 1785.744149][T20859] Bluetooth: hci9: Frame reassembly failed (-84) [ 1785.775606][T29756] vcan0: tx drop: invalid da for name 0x0000000000000003 15:39:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 1787.658802][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1787.668151][T18048] Bluetooth: hci6: command tx timeout [ 1787.739163][T18048] Bluetooth: hci8: command 0xfc11 tx timeout [ 1787.745379][ T150] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1787.753187][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1787.818888][T13853] Bluetooth: hci9: command 0x1003 tx timeout [ 1787.825321][ T150] Bluetooth: hci9: sending frame failed (-49) [ 1789.888625][T13853] Bluetooth: hci9: command 0x1001 tx timeout [ 1789.895302][ T150] Bluetooth: hci9: sending frame failed (-49) [ 1791.249676][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.256010][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 [ 1791.968415][T18048] Bluetooth: hci9: command 0x1009 tx timeout 15:39:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:39:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:39:44 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:39:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 1) 15:39:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:39:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1796.519323][ T148] Bluetooth: hci6: Frame reassembly failed (-84) [ 1796.557678][T29795] FAULT_INJECTION: forcing a failure. [ 1796.557678][T29795] name failslab, interval 1, probability 0, space 0, times 0 [ 1796.583615][T29804] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 1796.606112][ T148] Bluetooth: hci8: Frame reassembly failed (-84) [ 1796.621513][ T158] Bluetooth: hci9: Frame reassembly failed (-84) [ 1796.624384][T29795] CPU: 0 PID: 29795 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1796.636678][T29795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1796.646758][T29795] Call Trace: [ 1796.650058][T29795] dump_stack_lvl+0xcd/0x134 [ 1796.654687][T29795] should_fail.cold+0x5/0xa [ 1796.659224][T29795] ? tomoyo_realpath_from_path+0xc3/0x620 [ 1796.664978][T29795] should_failslab+0x5/0x10 [ 1796.669485][T29795] __kmalloc+0x72/0x320 [ 1796.673652][T29795] tomoyo_realpath_from_path+0xc3/0x620 [ 1796.679377][T29795] ? tomoyo_profile+0x42/0x50 [ 1796.684081][T29795] tomoyo_path_number_perm+0x1d5/0x590 [ 1796.689562][T29795] ? tomoyo_path_number_perm+0x18d/0x590 [ 1796.695205][T29795] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1796.701043][T29795] ? lock_downgrade+0x6e0/0x6e0 [ 1796.705919][T29795] ? __fget_files+0x23d/0x3e0 [ 1796.710634][T29795] security_file_ioctl+0x50/0xb0 [ 1796.715584][T29795] __x64_sys_ioctl+0xb3/0x200 [ 1796.720270][T29795] do_syscall_64+0x35/0xb0 [ 1796.724689][T29795] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1796.730690][T29795] RIP: 0033:0x7fd650fcaa39 [ 1796.735107][T29795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1796.754720][T29795] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1796.763140][T29795] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1796.771110][T29795] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1796.779081][T29795] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1796.787049][T29795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1796.795018][T29795] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:39:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 1796.827581][T29795] ERROR: Out of memory at tomoyo_realpath_from_path. 15:39:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 2) 15:39:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x2) [ 1797.052555][T29819] FAULT_INJECTION: forcing a failure. [ 1797.052555][T29819] name failslab, interval 1, probability 0, space 0, times 0 [ 1797.068122][T29819] CPU: 0 PID: 29819 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1797.076943][T29819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1797.087045][T29819] Call Trace: [ 1797.090348][T29819] dump_stack_lvl+0xcd/0x134 [ 1797.094980][T29819] should_fail.cold+0x5/0xa [ 1797.099518][T29819] ? tomoyo_encode2.part.0+0xe9/0x3a0 [ 1797.104945][T29819] should_failslab+0x5/0x10 [ 1797.109486][T29819] __kmalloc+0x72/0x320 [ 1797.113681][T29819] tomoyo_encode2.part.0+0xe9/0x3a0 [ 1797.118948][T29819] tomoyo_encode+0x28/0x50 [ 1797.123405][T29819] tomoyo_realpath_from_path+0x186/0x620 [ 1797.129164][T29819] tomoyo_path_number_perm+0x1d5/0x590 [ 1797.134656][T29819] ? tomoyo_path_number_perm+0x18d/0x590 [ 1797.140322][T29819] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1797.146193][T29819] ? lock_downgrade+0x6e0/0x6e0 15:39:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x2) [ 1797.151206][T29819] ? __fget_files+0x23d/0x3e0 [ 1797.155912][T29819] security_file_ioctl+0x50/0xb0 [ 1797.160887][T29819] __x64_sys_ioctl+0xb3/0x200 [ 1797.165598][T29819] do_syscall_64+0x35/0xb0 [ 1797.170046][T29819] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1797.175988][T29819] RIP: 0033:0x7fd650fcaa39 [ 1797.180433][T29819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1797.200100][T29819] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1797.208549][T29819] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1797.216544][T29819] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1797.224537][T29819] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1797.232531][T29819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1797.240576][T29819] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:39:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x2) [ 1797.266450][T29819] ERROR: Out of memory at tomoyo_realpath_from_path. 15:39:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1798.538055][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1798.608322][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1798.608453][T13853] Bluetooth: hci8: command 0xfc11 tx timeout [ 1798.635692][ T8408] Bluetooth: hci7: command 0x1003 tx timeout [ 1798.642556][T23375] Bluetooth: hci7: sending frame failed (-49) [ 1798.688071][ T8903] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1798.697548][T13853] Bluetooth: hci9: command tx timeout [ 1799.327982][ T8408] Bluetooth: hci10: command 0x1003 tx timeout [ 1799.334507][ T8903] Bluetooth: hci10: sending frame failed (-49) [ 1799.487897][ T8408] Bluetooth: hci11: command 0x1003 tx timeout [ 1799.494824][ T8903] Bluetooth: hci11: sending frame failed (-49) [ 1800.687698][ T8408] Bluetooth: hci7: command 0x1001 tx timeout [ 1800.694954][ T8903] Bluetooth: hci7: sending frame failed (-49) [ 1801.417670][T18049] Bluetooth: hci10: command 0x1001 tx timeout [ 1801.424650][ T8903] Bluetooth: hci10: sending frame failed (-49) [ 1801.577606][T18049] Bluetooth: hci11: command 0x1001 tx timeout [ 1801.584279][ T8903] Bluetooth: hci11: sending frame failed (-49) [ 1802.767541][T18048] Bluetooth: hci7: command 0x1009 tx timeout [ 1803.488226][T18048] Bluetooth: hci10: command 0x1009 tx timeout [ 1803.647799][T18049] Bluetooth: hci11: command 0x1009 tx timeout 15:39:54 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x222000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x1, 0x1e, 0x1, 0x91, &(0x7f0000000180)="8aaabf77da536fb97e7f363b3c6c7f0c4889345de60bba48cf7f3f4b8f4e417252ac7d31073d5db1c09f2316c34be216e6f8e9331f8bffd1242d2b4151b1a4d27e8afaf309f7024164fcbaf4d525ed3fc43fa790e7554922d4321a6ac799aa6f469e7acf10aa4f3015f527fa87f7c483198ae71384f5c8714a2eec2470e95f3a400b6143b86c27f664b1304abf84c567211530bc3f0311a409a7a0ddd7054994dde23cbef3bf9839beced8bf97a0563bffd6528fef765069c22101cc6a3d712903df0aee25727b1e624c105d9b10f1f8b53bc2055082c1db0b3b3488669c370f2514518b5fad828e010a3237b82a9e5e34d3d1c7ae0f89f4de6d7ad16b9cb380995814fd8a41cedec89a6ffff7d9a638a97f012ac8877b3ecce6b04f83e2b3e77d0e857e347733f2f4aedeb82151d5fa1a37da1163e1dedfbbd9191c0eeb084012755d2305cb066b6a39f9a185f6d81c88919be54cea88301ea69effdc70dd01e1ea92578c5e5720aa3e4c70b7c2100bbc23eef140345848d7e6eb3a62f2a618b47454f3d921298f98e80811228dfb57e87e1b8c38703b5c8ee0438d6045fec3a38a167bcfc140a0f2b316d6c8abd3468321b872449996c9ce866afc696a867c2d16ebb8540be78d5ea39abc97a47f661bf4685d88bffecccd05f4008559c6f01877d10233d430603d454263e00cb0898477a638a1125e0bba0462536d299e6dff541508b46a9a33ea929e8a78f3128a3e264644785bfa8834fa1881796c635416f8ed1298833874a8ecb6c22d77791ef9c852fd8dd101c88fcdd098799d23a2af303009c0946b0b9a0715aa7b56369619284c000422134f5d0e4b30d8324563c748097639bba306af54e2da6c5b7c268b1648786346a726a0ea8adcbef93462b73a55f62f9ee518e7fbfdaf8644098c109ea7747fd9f24dbcc32a59c3c75f79e2e27125843bb2a05848d518b34d85c3034a1afed118e414d20d1ddd6f731a1ae4fdf0c91d93c9acbff581f1f32deea007142970ad1c7d31bc4ac80aa5f7debf717c3721c9afb5627dfe4fb4854bc0e8054833100644793908dd2219692aa18d6cc0359af73a4c1cd992c4faf3c4659d4452e4047e04d35c55eb5e08c8e91c156949156bb7f37a5dd44458b4926a64198fd8fe3e955a5e44b0dd741d5e65879e324b54b2aa106003d2c20588c217fc587580f8df184988497814d981462fd7cfee2d25d741d301dceacd0e43097f6befe2c873d1feb5fa6fed5fa466bd2043fa3411957cf096389bd57ea2ab2e93f34f99914bb9d70d7da1f201180c9a8f841c026ec2ad3f85445d86b665b0509be3e80b7ec7bd0f0c6bd046f648b189904f67ad95a2a65d29398f531e7dd4a07f7ed73dd3ef31fd75dba192aa30e3e49a46a2155c080291d6ac151ac45beb98a04fc73e8d097091050b4442c18baff9840f64"}) 15:39:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) sendfile(r2, r1, 0x0, 0x80005) 15:39:54 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 1) 15:39:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1806.726600][T20859] Bluetooth: hci6: Frame reassembly failed (-84) [ 1806.764910][T29853] FAULT_INJECTION: forcing a failure. [ 1806.764910][T29853] name failslab, interval 1, probability 0, space 0, times 0 [ 1806.842249][T29853] CPU: 1 PID: 29853 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1806.851164][T29853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1806.861246][T29853] Call Trace: [ 1806.864631][T29853] dump_stack_lvl+0xcd/0x134 [ 1806.869258][T29853] should_fail.cold+0x5/0xa [ 1806.873802][T29853] ? tomoyo_realpath_from_path+0xc3/0x620 [ 1806.879561][T29853] should_failslab+0x5/0x10 [ 1806.884092][T29853] __kmalloc+0x72/0x320 [ 1806.888285][T29853] tomoyo_realpath_from_path+0xc3/0x620 [ 1806.893952][T29853] ? tomoyo_profile+0x42/0x50 [ 1806.898773][T29853] tomoyo_path_number_perm+0x1d5/0x590 [ 1806.904265][T29853] ? tomoyo_path_number_perm+0x18d/0x590 [ 1806.909938][T29853] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1806.915814][T29853] ? lock_downgrade+0x6e0/0x6e0 [ 1806.920718][T29853] ? __fget_files+0x23d/0x3e0 [ 1806.925468][T29853] security_file_ioctl+0x50/0xb0 [ 1806.930646][T29853] __x64_sys_ioctl+0xb3/0x200 [ 1806.935357][T29853] do_syscall_64+0x35/0xb0 15:39:55 executing program 4: ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000001fb000018800000", @ANYRES32, @ANYRES32, @ANYBLOB="000000002e2f66696c65300081e8d0da0c543629a35ba421d2de373e3c42870e234ef15fc869a5171b495236a280c99b0c4d421817a907ab9462d1259e454e6ec6b50d05b7db7df50d05edcf53d5a26cd1e73de2defb3ccdd5e2361200ca1ecfe38ec39c9059b627ee275641bdd087dc832369d9441e1eb2f81a31a9b0b28dab44a5638d18da3ffd7f4712af8d1a961bb75bb67a09fc235fdf5655219fee510dfd3ac20f2436825b531b48a7dda0b8548d964e7bc9fa4ded8c07c2b4"]) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000080)={0x0, 0xff, 0x10, 0x3, 0x2f}, &(0x7f00000000c0)=0x18) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5}, 0x18) sendfile(0xffffffffffffffff, r1, 0x0, 0x898c) bind$can_j1939(r2, &(0x7f0000000140)={0x1d, r5, 0x3, {0x0, 0x0, 0x4}}, 0x18) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000340)={r0, 0xffff, 0xaf}, &(0x7f0000000380)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000100)={r6, 0x5a6, 0xfffc}, 0x8) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x24002, 0x0) r8 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80800) getsockname$inet6(r8, &(0x7f00000002c0)={0xa, 0x0, 0x0, @private2}, &(0x7f0000000300)=0x1c) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r7, 0x400455c8, 0x0) ioctl$KDGETLED(r7, 0x4b31, &(0x7f0000000180)) [ 1806.939808][T29853] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1806.945738][T29853] RIP: 0033:0x7f29745cea39 [ 1806.950180][T29853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1806.969810][T29853] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1806.978257][T29853] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 15:39:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x604f82, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0) [ 1806.986254][T29853] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1806.994276][T29853] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1807.002307][T29853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1807.010339][T29853] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1807.027876][T29853] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1807.043253][T29868] vcan0: tx drop: invalid da for name 0x0000000000000003 15:39:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0xfd) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x9, 0x5, 0xca, 0x0, 0x0, 0x7, 0x200, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x2, 0xfffffffffffffff8}, 0x20, 0x10000, 0xff, 0x9, 0x100000001, 0x9f3, 0x8796, 0x0, 0x6, 0x0, 0x1}, 0x0, 0x0, r1, 0x3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:39:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 3) 15:39:56 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1808.017737][T29886] FAULT_INJECTION: forcing a failure. [ 1808.017737][T29886] name failslab, interval 1, probability 0, space 0, times 0 [ 1808.031214][T29886] CPU: 0 PID: 29886 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1808.040095][T29886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1808.050377][T29886] Call Trace: [ 1808.053673][T29886] dump_stack_lvl+0xcd/0x134 [ 1808.058300][T29886] should_fail.cold+0x5/0xa [ 1808.062838][T29886] ? hci_alloc_dev_priv+0x1e/0x25b0 [ 1808.068068][T29886] should_failslab+0x5/0x10 [ 1808.072585][T29886] __kmalloc+0x72/0x320 [ 1808.076750][T29886] hci_alloc_dev_priv+0x1e/0x25b0 [ 1808.081780][T29886] hci_uart_tty_ioctl+0x341/0xc50 [ 1808.086818][T29886] tty_ioctl+0xc69/0x1670 [ 1808.091154][T29886] ? hci_uart_init_work+0x170/0x170 [ 1808.096362][T29886] ? tty_lookup_driver+0x550/0x550 [ 1808.101482][T29886] ? lock_downgrade+0x6e0/0x6e0 [ 1808.106364][T29886] ? __fget_files+0x23d/0x3e0 [ 1808.111050][T29886] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1808.117383][T29886] ? tty_lookup_driver+0x550/0x550 [ 1808.122504][T29886] __x64_sys_ioctl+0x193/0x200 [ 1808.127274][T29886] do_syscall_64+0x35/0xb0 [ 1808.131779][T29886] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1808.137722][T29886] RIP: 0033:0x7fd650fcaa39 [ 1808.142141][T29886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1808.161771][T29886] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1808.170188][T29886] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1808.178166][T29886] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1808.186136][T29886] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1808.194112][T29886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1808.202098][T29886] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1808.212774][T29886] Bluetooth: Can't allocate HCI device 15:39:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 4) [ 1808.232011][ T1209] Bluetooth: hci10: Frame reassembly failed (-84) [ 1808.326897][T29893] FAULT_INJECTION: forcing a failure. [ 1808.326897][T29893] name failslab, interval 1, probability 0, space 0, times 0 [ 1808.340070][T29893] CPU: 1 PID: 29893 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1808.348833][T29893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1808.358894][T29893] Call Trace: [ 1808.362177][T29893] dump_stack_lvl+0xcd/0x134 [ 1808.366775][T29893] should_fail.cold+0x5/0xa [ 1808.371283][T29893] ? h4_open+0x50/0x180 [ 1808.375442][T29893] should_failslab+0x5/0x10 [ 1808.379976][T29893] kmem_cache_alloc_trace+0x55/0x3c0 [ 1808.385296][T29893] h4_open+0x50/0x180 [ 1808.389288][T29893] hci_uart_tty_ioctl+0x774/0xc50 [ 1808.394344][T29893] tty_ioctl+0xc69/0x1670 [ 1808.398765][T29893] ? hci_uart_init_work+0x170/0x170 [ 1808.403967][T29893] ? tty_lookup_driver+0x550/0x550 [ 1808.409102][T29893] ? lock_downgrade+0x6e0/0x6e0 [ 1808.413973][T29893] ? __fget_files+0x23d/0x3e0 [ 1808.418668][T29893] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1808.424917][T29893] ? tty_lookup_driver+0x550/0x550 [ 1808.430038][T29893] __x64_sys_ioctl+0x193/0x200 [ 1808.434809][T29893] do_syscall_64+0x35/0xb0 [ 1808.439249][T29893] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1808.445166][T29893] RIP: 0033:0x7fd650fcaa39 [ 1808.449582][T29893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1808.469196][T29893] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1808.477627][T29893] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1808.485608][T29893] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1808.493582][T29893] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1808.501563][T29893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1808.509530][T29893] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:39:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 5) [ 1808.584916][T29895] FAULT_INJECTION: forcing a failure. [ 1808.584916][T29895] name failslab, interval 1, probability 0, space 0, times 0 [ 1808.598332][T29895] CPU: 1 PID: 29895 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1808.607224][T29895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1808.617302][T29895] Call Trace: [ 1808.620657][T29895] dump_stack_lvl+0xcd/0x134 [ 1808.625276][T29895] should_fail.cold+0x5/0xa [ 1808.629794][T29895] ? alloc_workqueue+0x16d/0xef0 [ 1808.634747][T29895] should_failslab+0x5/0x10 [ 1808.639246][T29895] __kmalloc+0x72/0x320 [ 1808.643420][T29895] alloc_workqueue+0x16d/0xef0 [ 1808.648208][T29895] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1808.654467][T29895] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1808.660224][T29895] ? snprintf+0xf0/0xf0 [ 1808.664458][T29895] ? vsnprintf+0x283/0x14f0 [ 1808.668988][T29895] hci_register_dev+0x1c4/0xbd0 [ 1808.673882][T29895] ? __raw_spin_lock_init+0x36/0x110 [ 1808.679180][T29895] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1808.684218][T29895] tty_ioctl+0xc69/0x1670 [ 1808.688579][T29895] ? hci_uart_init_work+0x170/0x170 [ 1808.693801][T29895] ? tty_lookup_driver+0x550/0x550 [ 1808.698932][T29895] ? lock_downgrade+0x6e0/0x6e0 [ 1808.703805][T29895] ? __fget_files+0x23d/0x3e0 [ 1808.708500][T29895] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1808.714776][T29895] ? tty_lookup_driver+0x550/0x550 [ 1808.719914][T29895] __x64_sys_ioctl+0x193/0x200 [ 1808.724787][T29895] do_syscall_64+0x35/0xb0 [ 1808.729200][T29895] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1808.735091][T29895] RIP: 0033:0x7fd650fcaa39 [ 1808.739507][T29895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1808.759129][T29895] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1808.768268][T29895] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1808.776353][T29895] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1808.784341][T29895] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1808.792349][T29895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1808.800379][T29895] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1808.813146][T29895] Bluetooth: Can't register HCI device [ 1808.820573][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1808.828578][ T150] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1808.847031][ T8528] Bluetooth: hci7: command 0xfc11 tx timeout [ 1808.847094][ T8903] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:39:57 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 6) [ 1808.975101][T29903] FAULT_INJECTION: forcing a failure. [ 1808.975101][T29903] name failslab, interval 1, probability 0, space 0, times 0 [ 1808.988652][T29903] CPU: 0 PID: 29903 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1808.997634][T29903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1809.007701][T29903] Call Trace: [ 1809.010991][T29903] dump_stack_lvl+0xcd/0x134 [ 1809.015580][T29903] should_fail.cold+0x5/0xa [ 1809.020084][T29903] ? alloc_workqueue_attrs+0x38/0x80 [ 1809.025365][T29903] should_failslab+0x5/0x10 [ 1809.029888][T29903] kmem_cache_alloc_trace+0x55/0x3c0 [ 1809.035184][T29903] alloc_workqueue_attrs+0x38/0x80 [ 1809.040311][T29903] alloc_workqueue+0x192/0xef0 [ 1809.045070][T29903] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1809.051312][T29903] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1809.057033][T29903] ? snprintf+0xf0/0xf0 [ 1809.061215][T29903] ? vsnprintf+0x283/0x14f0 [ 1809.065724][T29903] hci_register_dev+0x1c4/0xbd0 [ 1809.070586][T29903] ? __raw_spin_lock_init+0x36/0x110 [ 1809.075890][T29903] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1809.080922][T29903] tty_ioctl+0xc69/0x1670 [ 1809.085259][T29903] ? hci_uart_init_work+0x170/0x170 [ 1809.090476][T29903] ? tty_lookup_driver+0x550/0x550 [ 1809.095612][T29903] ? lock_downgrade+0x6e0/0x6e0 [ 1809.100480][T29903] ? __fget_files+0x23d/0x3e0 [ 1809.105165][T29903] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1809.111410][T29903] ? tty_lookup_driver+0x550/0x550 [ 1809.116529][T29903] __x64_sys_ioctl+0x193/0x200 [ 1809.121300][T29903] do_syscall_64+0x35/0xb0 [ 1809.125719][T29903] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1809.131618][T29903] RIP: 0033:0x7fd650fcaa39 [ 1809.136051][T29903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1809.155763][T29903] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1809.164190][T29903] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1809.172333][T29903] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1809.180321][T29903] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1809.188383][T29903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1809.196539][T29903] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1809.205191][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1809.208898][T21576] Bluetooth: hci8: command 0xfc11 tx timeout [ 1809.215977][ T8408] Bluetooth: hci9: command 0x1003 tx timeout [ 1809.225126][T23375] Bluetooth: hci9: sending frame failed (-49) [ 1809.232333][T29903] Bluetooth: Can't register HCI device 15:39:57 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 7) [ 1809.321109][T29908] FAULT_INJECTION: forcing a failure. [ 1809.321109][T29908] name failslab, interval 1, probability 0, space 0, times 0 [ 1809.334223][T29908] CPU: 1 PID: 29908 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1809.343018][T29908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1809.353101][T29908] Call Trace: [ 1809.356389][T29908] dump_stack_lvl+0xcd/0x134 [ 1809.360991][T29908] should_fail.cold+0x5/0xa [ 1809.365520][T29908] should_failslab+0x5/0x10 [ 1809.370022][T29908] __kmalloc_track_caller+0x79/0x310 [ 1809.375310][T29908] ? kasprintf+0xbb/0xf0 [ 1809.379554][T29908] kvasprintf+0xb5/0x150 [ 1809.383813][T29908] ? bust_spinlocks+0xe0/0xe0 [ 1809.388515][T29908] kasprintf+0xbb/0xf0 [ 1809.392601][T29908] ? kvasprintf_const+0x190/0x190 [ 1809.397678][T29908] ? call_rcu_zapped+0xb0/0xb0 [ 1809.402475][T29908] ? lockdep_unlock+0x11c/0x290 [ 1809.407409][T29908] alloc_workqueue+0x45d/0xef0 [ 1809.412172][T29908] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1809.418418][T29908] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1809.424147][T29908] ? vsnprintf+0x283/0x14f0 [ 1809.428649][T29908] hci_register_dev+0x1c4/0xbd0 [ 1809.433503][T29908] ? __raw_spin_lock_init+0x36/0x110 [ 1809.438799][T29908] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1809.443933][T29908] tty_ioctl+0xc69/0x1670 [ 1809.448282][T29908] ? hci_uart_init_work+0x170/0x170 [ 1809.453477][T29908] ? tty_lookup_driver+0x550/0x550 [ 1809.458593][T29908] ? lock_downgrade+0x6e0/0x6e0 [ 1809.463467][T29908] ? __fget_files+0x23d/0x3e0 [ 1809.468139][T29908] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1809.474375][T29908] ? tty_lookup_driver+0x550/0x550 [ 1809.479482][T29908] __x64_sys_ioctl+0x193/0x200 [ 1809.484238][T29908] do_syscall_64+0x35/0xb0 [ 1809.488661][T29908] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1809.494553][T29908] RIP: 0033:0x7fd650fcaa39 [ 1809.498985][T29908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1809.518597][T29908] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1809.527011][T29908] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1809.535007][T29908] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1809.543008][T29908] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1809.551886][T29908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1809.559880][T29908] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:39:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:39:57 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 2) [ 1809.730031][T29917] FAULT_INJECTION: forcing a failure. [ 1809.730031][T29917] name failslab, interval 1, probability 0, space 0, times 0 [ 1809.742866][T29917] CPU: 1 PID: 29917 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1809.751664][T29917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1809.761855][T29917] Call Trace: [ 1809.765184][T29917] dump_stack_lvl+0xcd/0x134 [ 1809.769779][T29917] should_fail.cold+0x5/0xa [ 1809.774299][T29917] ? tomoyo_encode2.part.0+0xe9/0x3a0 [ 1809.779719][T29917] should_failslab+0x5/0x10 [ 1809.784270][T29917] __kmalloc+0x72/0x320 [ 1809.788452][T29917] tomoyo_encode2.part.0+0xe9/0x3a0 [ 1809.793689][T29917] tomoyo_encode+0x28/0x50 [ 1809.798142][T29917] tomoyo_realpath_from_path+0x186/0x620 [ 1809.803921][T29917] tomoyo_path_number_perm+0x1d5/0x590 [ 1809.809384][T29917] ? tomoyo_path_number_perm+0x18d/0x590 [ 1809.815029][T29917] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1809.820951][T29917] ? lock_downgrade+0x6e0/0x6e0 [ 1809.825844][T29917] ? __fget_files+0x23d/0x3e0 [ 1809.830560][T29917] security_file_ioctl+0x50/0xb0 [ 1809.835510][T29917] __x64_sys_ioctl+0xb3/0x200 [ 1809.840365][T29917] do_syscall_64+0x35/0xb0 [ 1809.844815][T29917] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1809.850802][T29917] RIP: 0033:0x7f29745cea39 [ 1809.855334][T29917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1809.859391][T29922] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 1809.874974][T29917] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1809.875011][T29917] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1809.875026][T29917] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1809.875041][T29917] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1809.875056][T29917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1809.875072][T29917] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1809.960774][T29917] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1809.974399][ T1209] Bluetooth: hci11: Frame reassembly failed (-84) [ 1810.287365][T28953] Bluetooth: hci10: command 0x1003 tx timeout [ 1810.294020][ T6548] Bluetooth: hci10: sending frame failed (-49) [ 1811.248545][T28953] Bluetooth: hci9: command 0x1001 tx timeout [ 1811.255711][ T6548] Bluetooth: hci9: sending frame failed (-49) 15:39:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x10) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1811.647063][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1811.659616][T18049] Bluetooth: hci6: command 0x1003 tx timeout [ 1811.665890][T23375] Bluetooth: hci6: sending frame failed (-49) [ 1811.739947][T20859] Bluetooth: hci7: Frame reassembly failed (-84) [ 1811.807150][ T150] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1812.047137][ T8408] Bluetooth: hci11: command 0xfc11 tx timeout [ 1812.058247][ T9503] Bluetooth: hci11: Entering manufacturer mode failed (-110) 15:40:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 3) [ 1812.141830][T29943] FAULT_INJECTION: forcing a failure. [ 1812.141830][T29943] name failslab, interval 1, probability 0, space 0, times 0 [ 1812.155705][T29943] CPU: 1 PID: 29943 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1812.164490][T29943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1812.174594][T29943] Call Trace: [ 1812.177863][T29943] dump_stack_lvl+0xcd/0x134 [ 1812.182466][T29943] should_fail.cold+0x5/0xa [ 1812.186972][T29943] ? hci_alloc_dev_priv+0x1e/0x25b0 [ 1812.192173][T29943] should_failslab+0x5/0x10 [ 1812.196670][T29943] __kmalloc+0x72/0x320 [ 1812.200834][T29943] hci_alloc_dev_priv+0x1e/0x25b0 [ 1812.205857][T29943] hci_uart_tty_ioctl+0x341/0xc50 [ 1812.210870][T29943] tty_ioctl+0xc69/0x1670 [ 1812.215193][T29943] ? hci_uart_init_work+0x170/0x170 [ 1812.220378][T29943] ? tty_lookup_driver+0x550/0x550 [ 1812.225490][T29943] ? lock_downgrade+0x6e0/0x6e0 [ 1812.230344][T29943] ? __fget_files+0x23d/0x3e0 [ 1812.235012][T29943] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1812.241256][T29943] ? tty_lookup_driver+0x550/0x550 [ 1812.246380][T29943] __x64_sys_ioctl+0x193/0x200 [ 1812.251133][T29943] do_syscall_64+0x35/0xb0 [ 1812.255536][T29943] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1812.261421][T29943] RIP: 0033:0x7f29745cea39 [ 1812.265839][T29943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1812.285524][T29943] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1812.293925][T29943] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1812.301896][T29943] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1812.309851][T29943] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1812.317806][T29943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1812.325774][T29943] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 15:40:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 4) [ 1812.350291][T29943] Bluetooth: Can't allocate HCI device [ 1812.367078][T28953] Bluetooth: hci10: command 0x1001 tx timeout [ 1812.373566][ T9503] Bluetooth: hci10: sending frame failed (-49) [ 1812.415303][T29945] FAULT_INJECTION: forcing a failure. [ 1812.415303][T29945] name failslab, interval 1, probability 0, space 0, times 0 [ 1812.432671][T29945] CPU: 1 PID: 29945 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1812.441471][T29945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1812.451530][T29945] Call Trace: [ 1812.454829][T29945] dump_stack_lvl+0xcd/0x134 [ 1812.459441][T29945] should_fail.cold+0x5/0xa [ 1812.463952][T29945] ? ag6xx_open+0x50/0x180 [ 1812.468389][T29945] should_failslab+0x5/0x10 [ 1812.472916][T29945] kmem_cache_alloc_trace+0x55/0x3c0 [ 1812.478220][T29945] ag6xx_open+0x50/0x180 [ 1812.482474][T29945] hci_uart_tty_ioctl+0x774/0xc50 [ 1812.487498][T29945] tty_ioctl+0xc69/0x1670 [ 1812.491820][T29945] ? hci_uart_init_work+0x170/0x170 [ 1812.497029][T29945] ? tty_lookup_driver+0x550/0x550 [ 1812.502137][T29945] ? lock_downgrade+0x6e0/0x6e0 [ 1812.507072][T29945] ? __fget_files+0x23d/0x3e0 [ 1812.511750][T29945] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1812.517989][T29945] ? tty_lookup_driver+0x550/0x550 [ 1812.523134][T29945] __x64_sys_ioctl+0x193/0x200 [ 1812.527895][T29945] do_syscall_64+0x35/0xb0 [ 1812.532303][T29945] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1812.538192][T29945] RIP: 0033:0x7f29745cea39 [ 1812.542615][T29945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1812.562501][T29945] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1812.570914][T29945] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1812.579068][T29945] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1812.587035][T29945] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1812.595001][T29945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1812.602966][T29945] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1813.326763][T28953] Bluetooth: hci9: command 0x1009 tx timeout [ 1813.726936][ T8408] Bluetooth: hci6: command 0x1001 tx timeout [ 1813.733585][ T9503] Bluetooth: hci6: sending frame failed (-49) [ 1813.806743][ T8408] Bluetooth: hci7: command 0xfc11 tx timeout [ 1813.807271][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1814.351112][T20859] Bluetooth: hci7: Frame reassembly failed (-84) [ 1814.446899][T28953] Bluetooth: hci10: command 0x1009 tx timeout [ 1815.806759][T28953] Bluetooth: hci6: command 0x1009 tx timeout [ 1816.366498][T28953] Bluetooth: hci7: command 0xfc11 tx timeout [ 1816.376748][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:40:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:40:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 5) [ 1817.572533][T29963] FAULT_INJECTION: forcing a failure. [ 1817.572533][T29963] name failslab, interval 1, probability 0, space 0, times 0 [ 1817.600673][T29963] CPU: 0 PID: 29963 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1817.609501][T29963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1817.619577][T29963] Call Trace: [ 1817.622895][T29963] dump_stack_lvl+0xcd/0x134 [ 1817.627520][T29963] should_fail.cold+0x5/0xa [ 1817.632059][T29963] ? ag6xx_open+0x50/0x180 [ 1817.636506][T29963] should_failslab+0x5/0x10 [ 1817.641035][T29963] kmem_cache_alloc_trace+0x55/0x3c0 [ 1817.646451][T29963] ag6xx_open+0x50/0x180 [ 1817.650728][T29963] hci_uart_tty_ioctl+0x774/0xc50 [ 1817.655786][T29963] tty_ioctl+0xc69/0x1670 [ 1817.660119][T29963] ? hci_uart_init_work+0x170/0x170 [ 1817.665323][T29963] ? tty_lookup_driver+0x550/0x550 [ 1817.670439][T29963] ? lock_downgrade+0x6e0/0x6e0 [ 1817.675295][T29963] ? __fget_files+0x23d/0x3e0 [ 1817.680010][T29963] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1817.686252][T29963] ? tty_lookup_driver+0x550/0x550 [ 1817.691408][T29963] __x64_sys_ioctl+0x193/0x200 [ 1817.696174][T29963] do_syscall_64+0x35/0xb0 [ 1817.700593][T29963] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1817.706493][T29963] RIP: 0033:0x7f29745cea39 [ 1817.710903][T29963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1817.730684][T29963] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1817.739459][T29963] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1817.747603][T29963] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1817.755859][T29963] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1817.763835][T29963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1817.771802][T29963] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 15:40:06 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:40:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x100000000000000) 15:40:06 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1d) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:40:06 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 6) [ 1818.897662][T29977] FAULT_INJECTION: forcing a failure. [ 1818.897662][T29977] name failslab, interval 1, probability 0, space 0, times 0 [ 1818.917923][ T1209] Bluetooth: hci9: Frame reassembly failed (-84) [ 1818.955089][T29977] CPU: 0 PID: 29977 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1818.963909][T29977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1818.974074][T29977] Call Trace: [ 1818.977366][T29977] dump_stack_lvl+0xcd/0x134 [ 1818.981988][T29977] should_fail.cold+0x5/0xa [ 1818.986522][T29977] ? alloc_workqueue_attrs+0x38/0x80 [ 1818.991835][T29977] should_failslab+0x5/0x10 [ 1818.996364][T29977] kmem_cache_alloc_trace+0x55/0x3c0 [ 1819.001690][T29977] alloc_workqueue_attrs+0x38/0x80 [ 1819.006828][T29977] alloc_workqueue+0x192/0xef0 [ 1819.011619][T29977] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1819.017905][T29977] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1819.023657][T29977] ? snprintf+0xf0/0xf0 [ 1819.027855][T29977] ? vsnprintf+0x283/0x14f0 [ 1819.032421][T29977] hci_register_dev+0x1c4/0xbd0 [ 1819.037319][T29977] ? __raw_spin_lock_init+0x36/0x110 [ 1819.042646][T29977] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1819.047708][T29977] tty_ioctl+0xc69/0x1670 [ 1819.052075][T29977] ? hci_uart_init_work+0x170/0x170 [ 1819.057303][T29977] ? tty_lookup_driver+0x550/0x550 [ 1819.062456][T29977] ? lock_downgrade+0x6e0/0x6e0 [ 1819.067362][T29977] ? __fget_files+0x23d/0x3e0 [ 1819.072072][T29977] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1819.078350][T29977] ? tty_lookup_driver+0x550/0x550 [ 1819.083498][T29977] __x64_sys_ioctl+0x193/0x200 [ 1819.088295][T29977] do_syscall_64+0x35/0xb0 [ 1819.092735][T29977] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1819.098661][T29977] RIP: 0033:0x7f29745cea39 [ 1819.103124][T29977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1819.122749][T29977] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1819.131183][T29977] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1819.139160][T29977] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1819.147145][T29977] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1819.155158][T29977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1819.163161][T29977] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1819.173968][T29977] Bluetooth: Can't register HCI device [ 1819.646870][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:40:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 8) 15:40:08 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 7) [ 1820.128829][T29997] FAULT_INJECTION: forcing a failure. [ 1820.128829][T29997] name failslab, interval 1, probability 0, space 0, times 0 [ 1820.141962][T29997] CPU: 0 PID: 29997 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1820.150787][T29997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1820.160868][T29997] Call Trace: [ 1820.161674][T29999] FAULT_INJECTION: forcing a failure. [ 1820.161674][T29999] name failslab, interval 1, probability 0, space 0, times 0 [ 1820.164160][T29997] dump_stack_lvl+0xcd/0x134 [ 1820.164199][T29997] should_fail.cold+0x5/0xa [ 1820.164229][T29997] should_failslab+0x5/0x10 [ 1820.190371][T29997] __kmalloc_track_caller+0x79/0x310 [ 1820.195682][T29997] ? kasprintf+0xbb/0xf0 [ 1820.199948][T29997] kvasprintf+0xb5/0x150 [ 1820.204209][T29997] ? bust_spinlocks+0xe0/0xe0 [ 1820.208907][T29997] kasprintf+0xbb/0xf0 [ 1820.212984][T29997] ? kvasprintf_const+0x190/0x190 [ 1820.218019][T29997] ? call_rcu_zapped+0xb0/0xb0 [ 1820.222793][T29997] ? lockdep_unlock+0x11c/0x290 [ 1820.227649][T29997] alloc_workqueue+0x45d/0xef0 [ 1820.232415][T29997] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1820.238666][T29997] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1820.244400][T29997] ? vsnprintf+0x283/0x14f0 [ 1820.248906][T29997] hci_register_dev+0x1c4/0xbd0 [ 1820.253765][T29997] ? __raw_spin_lock_init+0x36/0x110 [ 1820.259059][T29997] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1820.264092][T29997] tty_ioctl+0xc69/0x1670 [ 1820.268427][T29997] ? hci_uart_init_work+0x170/0x170 [ 1820.273629][T29997] ? tty_lookup_driver+0x550/0x550 [ 1820.278758][T29997] ? lock_downgrade+0x6e0/0x6e0 [ 1820.283713][T29997] ? __fget_files+0x23d/0x3e0 [ 1820.288402][T29997] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1820.294664][T29997] ? tty_lookup_driver+0x550/0x550 [ 1820.299784][T29997] __x64_sys_ioctl+0x193/0x200 [ 1820.304563][T29997] do_syscall_64+0x35/0xb0 [ 1820.308981][T29997] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1820.314894][T29997] RIP: 0033:0x7f29745cea39 [ 1820.319307][T29997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1820.339098][T29997] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1820.347510][T29997] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1820.355574][T29997] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1820.363542][T29997] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1820.371527][T29997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1820.379753][T29997] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1820.406429][T29999] CPU: 0 PID: 29999 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1820.415233][T29999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1820.425350][T29999] Call Trace: [ 1820.428643][T29999] dump_stack_lvl+0xcd/0x134 [ 1820.433265][T29999] should_fail.cold+0x5/0xa [ 1820.437803][T29999] ? apply_wqattrs_prepare+0xac/0x890 [ 1820.443206][T29999] should_failslab+0x5/0x10 [ 1820.447742][T29999] __kmalloc+0x72/0x320 [ 1820.451933][T29999] apply_wqattrs_prepare+0xac/0x890 [ 1820.457174][T29999] apply_workqueue_attrs_locked+0xc1/0x140 [ 1820.463011][T29999] alloc_workqueue+0xa10/0xef0 [ 1820.467859][T29999] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1820.473627][T29999] ? vsnprintf+0x283/0x14f0 [ 1820.478249][T29999] hci_register_dev+0x1c4/0xbd0 [ 1820.483136][T29999] ? __raw_spin_lock_init+0x36/0x110 [ 1820.488464][T29999] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1820.493526][T29999] tty_ioctl+0xc69/0x1670 [ 1820.498406][T29999] ? hci_uart_init_work+0x170/0x170 [ 1820.503674][T29999] ? tty_lookup_driver+0x550/0x550 [ 1820.508827][T29999] ? lock_downgrade+0x6e0/0x6e0 [ 1820.513739][T29999] ? __fget_files+0x23d/0x3e0 [ 1820.518444][T29999] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1820.524713][T29999] ? tty_lookup_driver+0x550/0x550 [ 1820.529872][T29999] __x64_sys_ioctl+0x193/0x200 [ 1820.534660][T29999] do_syscall_64+0x35/0xb0 [ 1820.539088][T29999] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1820.544990][T29999] RIP: 0033:0x7fd650fcaa39 [ 1820.549425][T29999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1820.569033][T29999] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 15:40:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1820.577450][T29999] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1820.585418][T29999] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1820.593396][T29999] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1820.601366][T29999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1820.609421][T29999] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1820.653661][T29999] Bluetooth: Can't register HCI device 15:40:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 9) [ 1820.741278][T30007] FAULT_INJECTION: forcing a failure. [ 1820.741278][T30007] name failslab, interval 1, probability 0, space 0, times 0 [ 1820.754954][T30007] CPU: 1 PID: 30007 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1820.763756][T30007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1820.773810][T30007] Call Trace: [ 1820.777086][T30007] dump_stack_lvl+0xcd/0x134 [ 1820.781677][T30007] should_fail.cold+0x5/0xa [ 1820.786217][T30007] ? alloc_workqueue_attrs+0x38/0x80 [ 1820.791558][T30007] should_failslab+0x5/0x10 [ 1820.796063][T30007] kmem_cache_alloc_trace+0x55/0x3c0 [ 1820.801368][T30007] alloc_workqueue_attrs+0x38/0x80 [ 1820.806517][T30007] apply_wqattrs_prepare+0xb4/0x890 [ 1820.811726][T30007] apply_workqueue_attrs_locked+0xc1/0x140 [ 1820.817546][T30007] alloc_workqueue+0xa10/0xef0 [ 1820.822368][T30007] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1820.828096][T30007] ? vsnprintf+0x283/0x14f0 [ 1820.832646][T30007] hci_register_dev+0x1c4/0xbd0 [ 1820.837716][T30007] ? __raw_spin_lock_init+0x36/0x110 [ 1820.843015][T30007] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1820.848050][T30007] tty_ioctl+0xc69/0x1670 [ 1820.852394][T30007] ? hci_uart_init_work+0x170/0x170 [ 1820.857675][T30007] ? tty_lookup_driver+0x550/0x550 [ 1820.862791][T30007] ? lock_downgrade+0x6e0/0x6e0 [ 1820.867664][T30007] ? __fget_files+0x23d/0x3e0 [ 1820.872339][T30007] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1820.878580][T30007] ? tty_lookup_driver+0x550/0x550 [ 1820.883755][T30007] __x64_sys_ioctl+0x193/0x200 [ 1820.888513][T30007] do_syscall_64+0x35/0xb0 [ 1820.892921][T30007] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1820.898818][T30007] RIP: 0033:0x7fd650fcaa39 [ 1820.903247][T30007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1820.922955][T30007] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1820.931430][T30007] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1820.939456][T30007] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1820.947436][T30007] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1820.955456][T30007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1820.963422][T30007] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1820.973919][ T8408] Bluetooth: hci10: command 0x1003 tx timeout [ 1820.979207][T21576] Bluetooth: hci9: command 0xfc11 tx timeout [ 1820.980747][ T9935] Bluetooth: hci10: sending frame failed (-49) [ 1820.986256][T23375] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1821.002681][T21576] Bluetooth: hci8: command 0x1003 tx timeout [ 1821.014207][T23375] Bluetooth: hci8: sending frame failed (-49) [ 1821.017683][T30007] Bluetooth: Can't register HCI device 15:40:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 10) [ 1821.114383][T30012] FAULT_INJECTION: forcing a failure. [ 1821.114383][T30012] name failslab, interval 1, probability 0, space 0, times 0 [ 1821.127308][T30012] CPU: 0 PID: 30012 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1821.136095][T30012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1821.146157][T30012] Call Trace: [ 1821.149455][T30012] dump_stack_lvl+0xcd/0x134 [ 1821.154054][T30012] should_fail.cold+0x5/0xa [ 1821.158563][T30012] ? alloc_workqueue_attrs+0x38/0x80 [ 1821.163850][T30012] should_failslab+0x5/0x10 [ 1821.168356][T30012] kmem_cache_alloc_trace+0x55/0x3c0 [ 1821.173663][T30012] alloc_workqueue_attrs+0x38/0x80 [ 1821.178789][T30012] apply_wqattrs_prepare+0xb4/0x890 [ 1821.184012][T30012] apply_workqueue_attrs_locked+0xc1/0x140 [ 1821.189827][T30012] alloc_workqueue+0xa10/0xef0 [ 1821.194604][T30012] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1821.200360][T30012] ? vsnprintf+0x283/0x14f0 [ 1821.204877][T30012] hci_register_dev+0x1c4/0xbd0 [ 1821.209743][T30012] ? __raw_spin_lock_init+0x36/0x110 [ 1821.215044][T30012] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1821.220077][T30012] tty_ioctl+0xc69/0x1670 [ 1821.224411][T30012] ? hci_uart_init_work+0x170/0x170 [ 1821.229612][T30012] ? tty_lookup_driver+0x550/0x550 [ 1821.234747][T30012] ? lock_downgrade+0x6e0/0x6e0 [ 1821.239623][T30012] ? __fget_files+0x23d/0x3e0 [ 1821.244309][T30012] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1821.250568][T30012] ? tty_lookup_driver+0x550/0x550 [ 1821.255688][T30012] __x64_sys_ioctl+0x193/0x200 [ 1821.260471][T30012] do_syscall_64+0x35/0xb0 [ 1821.264893][T30012] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1821.270809][T30012] RIP: 0033:0x7fd650fcaa39 [ 1821.275225][T30012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.294847][T30012] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1821.303275][T30012] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1821.311258][T30012] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1821.319225][T30012] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.327191][T30012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.335160][T30012] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:40:09 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1821.366480][T30012] Bluetooth: Can't register HCI device 15:40:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 11) [ 1821.496692][T30020] FAULT_INJECTION: forcing a failure. [ 1821.496692][T30020] name failslab, interval 1, probability 0, space 0, times 0 [ 1821.509690][T30020] CPU: 0 PID: 30020 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1821.518487][T30020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1821.528558][T30020] Call Trace: [ 1821.531870][T30020] dump_stack_lvl+0xcd/0x134 [ 1821.536468][T30020] should_fail.cold+0x5/0xa [ 1821.540993][T30020] should_failslab+0x5/0x10 [ 1821.545510][T30020] kmem_cache_alloc_node+0x65/0x3d0 [ 1821.550711][T30020] ? alloc_unbound_pwq+0x4a5/0xcd0 [ 1821.555867][T30020] alloc_unbound_pwq+0x4a5/0xcd0 [ 1821.560818][T30020] apply_wqattrs_prepare+0x2b6/0x890 [ 1821.566142][T30020] apply_workqueue_attrs_locked+0xc1/0x140 [ 1821.571971][T30020] alloc_workqueue+0xa10/0xef0 [ 1821.576750][T30020] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1821.582519][T30020] ? vsnprintf+0x283/0x14f0 [ 1821.587156][T30020] hci_register_dev+0x1c4/0xbd0 [ 1821.592082][T30020] ? __raw_spin_lock_init+0x36/0x110 [ 1821.597395][T30020] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1821.602526][T30020] tty_ioctl+0xc69/0x1670 [ 1821.606870][T30020] ? hci_uart_init_work+0x170/0x170 [ 1821.612090][T30020] ? tty_lookup_driver+0x550/0x550 [ 1821.617212][T30020] ? lock_downgrade+0x6e0/0x6e0 [ 1821.622100][T30020] ? __fget_files+0x23d/0x3e0 [ 1821.626802][T30020] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1821.633059][T30020] ? tty_lookup_driver+0x550/0x550 [ 1821.638178][T30020] __x64_sys_ioctl+0x193/0x200 [ 1821.643121][T30020] do_syscall_64+0x35/0xb0 [ 1821.647550][T30020] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1821.653491][T30020] RIP: 0033:0x7fd650fcaa39 [ 1821.657927][T30020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1821.677547][T30020] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1821.685983][T30020] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1821.693959][T30020] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1821.701932][T30020] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1821.709922][T30020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1821.717893][T30020] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1821.743804][T30020] Bluetooth: Can't register HCI device 15:40:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x48) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1821.850040][ T148] Bluetooth: hci9: Frame reassembly failed (-84) [ 1822.685966][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1822.697810][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1823.005989][ T1053] Bluetooth: hci10: command 0x1001 tx timeout [ 1823.013298][ T8903] Bluetooth: hci10: sending frame failed (-49) [ 1823.086774][T18048] Bluetooth: hci8: command 0x1001 tx timeout [ 1823.092972][ T8903] Bluetooth: hci8: sending frame failed (-49) [ 1823.485912][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 1823.488826][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1823.886116][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1825.095885][T18048] Bluetooth: hci10: command 0x1009 tx timeout [ 1825.166148][T18048] Bluetooth: hci8: command 0x1009 tx timeout [ 1826.445872][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:40:17 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 8) 15:40:17 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x101083, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f00000000c0)={0x800, 0x3ff, 0x10001, 0xfffffe64, 0x3, "646b508377904cbc16b7e6e28ba9dec861f6b2"}) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000080)={0x1, 0x5, 0x7, 0x7, 0x6, "01dcba1669714fbc"}) 15:40:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 12) 15:40:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:40:17 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4c) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:40:17 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) (fail_nth: 1) [ 1829.192805][T30057] FAULT_INJECTION: forcing a failure. [ 1829.192805][T30057] name failslab, interval 1, probability 0, space 0, times 0 [ 1829.211376][ T9935] Bluetooth: hci7: sending frame failed (-49) [ 1829.245981][T30057] CPU: 0 PID: 30057 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1829.254806][T30057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1829.264886][T30057] Call Trace: [ 1829.268294][T30057] dump_stack_lvl+0xcd/0x134 [ 1829.272895][T30057] should_fail.cold+0x5/0xa [ 1829.277413][T30057] ? apply_wqattrs_prepare+0xac/0x890 [ 1829.282799][T30057] should_failslab+0x5/0x10 [ 1829.287304][T30057] __kmalloc+0x72/0x320 [ 1829.291472][T30057] apply_wqattrs_prepare+0xac/0x890 [ 1829.296680][T30057] apply_workqueue_attrs_locked+0xc1/0x140 [ 1829.302497][T30057] alloc_workqueue+0xa10/0xef0 [ 1829.307267][T30057] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1829.313000][T30057] ? vsnprintf+0x283/0x14f0 [ 1829.317504][T30057] hci_register_dev+0x1c4/0xbd0 [ 1829.322374][T30057] ? __raw_spin_lock_init+0x36/0x110 [ 1829.327683][T30057] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1829.332715][T30057] tty_ioctl+0xc69/0x1670 [ 1829.337051][T30057] ? hci_uart_init_work+0x170/0x170 [ 1829.342254][T30057] ? tty_lookup_driver+0x550/0x550 [ 1829.347373][T30057] ? lock_downgrade+0x6e0/0x6e0 [ 1829.352239][T30057] ? __fget_files+0x23d/0x3e0 [ 1829.356921][T30057] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1829.363170][T30057] ? tty_lookup_driver+0x550/0x550 [ 1829.368315][T30057] __x64_sys_ioctl+0x193/0x200 [ 1829.373116][T30057] do_syscall_64+0x35/0xb0 [ 1829.377537][T30057] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1829.383560][T30057] RIP: 0033:0x7f29745cea39 [ 1829.387995][T30057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1829.407811][T30057] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1829.416587][T30057] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1829.424769][T30057] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1829.432889][T30057] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1829.440886][T30057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1829.448859][T30057] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1829.460544][T30066] FAULT_INJECTION: forcing a failure. [ 1829.460544][T30066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1829.487934][T30066] CPU: 1 PID: 30066 Comm: syz-executor.2 Not tainted 5.15.0-rc6-syzkaller #0 [ 1829.496755][T30066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1829.506835][T30066] Call Trace: [ 1829.510144][T30066] dump_stack_lvl+0xcd/0x134 [ 1829.514766][T30066] should_fail.cold+0x5/0xa [ 1829.519301][T30066] _copy_to_user+0x2c/0x150 [ 1829.523834][T30066] simple_read_from_buffer+0xcc/0x160 [ 1829.529245][T30066] proc_fail_nth_read+0x187/0x220 [ 1829.534305][T30066] ? proc_fault_inject_read+0x220/0x220 [ 1829.539896][T30066] ? security_file_permission+0xab/0xd0 [ 1829.543183][T30052] FAULT_INJECTION: forcing a failure. [ 1829.543183][T30052] name failslab, interval 1, probability 0, space 0, times 0 [ 1829.545468][T30066] ? proc_fault_inject_read+0x220/0x220 [ 1829.545547][T30066] vfs_read+0x1b5/0x600 [ 1829.545579][T30066] ksys_read+0x12d/0x250 [ 1829.545605][T30066] ? vfs_write+0xae0/0xae0 [ 1829.545634][T30066] ? syscall_enter_from_user_mode+0x21/0x70 [ 1829.545668][T30066] do_syscall_64+0x35/0xb0 [ 1829.545693][T30066] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1829.592793][T30066] RIP: 0033:0x7f2ae33795ec [ 1829.597216][T30066] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1829.616839][T30066] RSP: 002b:00007f2ae091b170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1829.625346][T30066] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f2ae33795ec [ 1829.633321][T30066] RDX: 000000000000000f RSI: 00007f2ae091b1e0 RDI: 0000000000000003 [ 1829.641292][T30066] RBP: 00007f2ae091b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1829.649260][T30066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1829.657230][T30066] R13: 00007f2ae39fdb2f R14: 00007f2ae091b300 R15: 0000000000022000 [ 1829.675943][T30057] Bluetooth: Can't register HCI device [ 1829.689196][T30052] CPU: 1 PID: 30052 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1829.698017][T30052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1829.708131][T30052] Call Trace: [ 1829.711428][T30052] dump_stack_lvl+0xcd/0x134 [ 1829.716052][T30052] should_fail.cold+0x5/0xa [ 1829.720591][T30052] ? alloc_workqueue+0x16d/0xef0 [ 1829.725558][T30052] should_failslab+0x5/0x10 [ 1829.730089][T30052] __kmalloc+0x72/0x320 [ 1829.734285][T30052] alloc_workqueue+0x16d/0xef0 [ 1829.739099][T30052] ? workqueue_sysfs_register+0x3e0/0x3e0 15:40:17 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 9) [ 1829.744867][T30052] ? vsnprintf+0x283/0x14f0 [ 1829.749401][T30052] hci_register_dev+0x216/0xbd0 [ 1829.754297][T30052] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1829.759355][T30052] tty_ioctl+0xc69/0x1670 [ 1829.763714][T30052] ? hci_uart_init_work+0x170/0x170 [ 1829.768943][T30052] ? tty_lookup_driver+0x550/0x550 [ 1829.774186][T30052] ? lock_downgrade+0x6e0/0x6e0 [ 1829.779075][T30052] ? __fget_files+0x23d/0x3e0 [ 1829.783783][T30052] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1829.790061][T30052] ? tty_lookup_driver+0x550/0x550 [ 1829.795211][T30052] __x64_sys_ioctl+0x193/0x200 [ 1829.800014][T30052] do_syscall_64+0x35/0xb0 [ 1829.804475][T30052] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1829.810409][T30052] RIP: 0033:0x7fd650fcaa39 [ 1829.814860][T30052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1829.834493][T30052] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1829.843045][T30052] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1829.851037][T30052] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1829.859034][T30052] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1829.867028][T30052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1829.875009][T30052] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1829.896185][T30052] Bluetooth: Can't register HCI device 15:40:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 13) [ 1829.949748][T30072] FAULT_INJECTION: forcing a failure. [ 1829.949748][T30072] name failslab, interval 1, probability 0, space 0, times 0 [ 1829.969469][T30072] CPU: 0 PID: 30072 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1829.978298][T30072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1829.988375][T30072] Call Trace: [ 1829.991679][T30072] dump_stack_lvl+0xcd/0x134 15:40:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 1829.996308][T30072] should_fail.cold+0x5/0xa [ 1830.000935][T30072] ? alloc_workqueue_attrs+0x38/0x80 [ 1830.006264][T30072] should_failslab+0x5/0x10 [ 1830.010797][T30072] kmem_cache_alloc_trace+0x55/0x3c0 [ 1830.016126][T30072] alloc_workqueue_attrs+0x38/0x80 [ 1830.021268][T30072] apply_wqattrs_prepare+0xb4/0x890 [ 1830.026512][T30072] apply_workqueue_attrs_locked+0xc1/0x140 [ 1830.032354][T30072] alloc_workqueue+0xa10/0xef0 [ 1830.037251][T30072] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1830.043031][T30072] ? vsnprintf+0x283/0x14f0 [ 1830.047577][T30072] hci_register_dev+0x1c4/0xbd0 [ 1830.052462][T30072] ? __raw_spin_lock_init+0x36/0x110 [ 1830.057810][T30072] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1830.062862][T30072] tty_ioctl+0xc69/0x1670 [ 1830.067198][T30072] ? hci_uart_init_work+0x170/0x170 [ 1830.072414][T30072] ? tty_lookup_driver+0x550/0x550 [ 1830.077568][T30072] ? lock_downgrade+0x6e0/0x6e0 [ 1830.082447][T30072] ? __fget_files+0x23d/0x3e0 [ 1830.087174][T30072] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1830.093424][T30072] ? tty_lookup_driver+0x550/0x550 [ 1830.098682][T30072] __x64_sys_ioctl+0x193/0x200 [ 1830.103474][T30072] do_syscall_64+0x35/0xb0 [ 1830.107918][T30072] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1830.113854][T30072] RIP: 0033:0x7f29745cea39 [ 1830.118293][T30072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1830.137992][T30072] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1830.146407][T30072] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1830.154444][T30072] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1830.162416][T30072] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1830.170407][T30072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1830.178395][T30072] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1830.199948][T30072] Bluetooth: Can't register HCI device [ 1830.208405][T30076] FAULT_INJECTION: forcing a failure. [ 1830.208405][T30076] name failslab, interval 1, probability 0, space 0, times 0 15:40:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2, 0x2) [ 1830.253447][T30076] CPU: 0 PID: 30076 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1830.262275][T30076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1830.272352][T30076] Call Trace: [ 1830.275678][T30076] dump_stack_lvl+0xcd/0x134 [ 1830.280304][T30076] should_fail.cold+0x5/0xa [ 1830.284834][T30076] ? alloc_workqueue_attrs+0x38/0x80 [ 1830.290232][T30076] should_failslab+0x5/0x10 [ 1830.294795][T30076] kmem_cache_alloc_trace+0x55/0x3c0 [ 1830.300118][T30076] alloc_workqueue_attrs+0x38/0x80 [ 1830.305253][T30076] alloc_workqueue+0x192/0xef0 [ 1830.310075][T30076] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1830.315911][T30076] ? vsnprintf+0x283/0x14f0 [ 1830.320474][T30076] hci_register_dev+0x216/0xbd0 [ 1830.325327][T30076] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1830.330360][T30076] tty_ioctl+0xc69/0x1670 [ 1830.334707][T30076] ? hci_uart_init_work+0x170/0x170 [ 1830.339901][T30076] ? tty_lookup_driver+0x550/0x550 [ 1830.345032][T30076] ? lock_downgrade+0x6e0/0x6e0 [ 1830.349909][T30076] ? __fget_files+0x23d/0x3e0 [ 1830.354589][T30076] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1830.360830][T30076] ? tty_lookup_driver+0x550/0x550 [ 1830.365960][T30076] __x64_sys_ioctl+0x193/0x200 [ 1830.370720][T30076] do_syscall_64+0x35/0xb0 [ 1830.375138][T30076] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1830.381061][T30076] RIP: 0033:0x7fd650fcaa39 15:40:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x10, 0x2) 15:40:18 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 10) [ 1830.385497][T30076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1830.405129][T30076] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1830.413578][T30076] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1830.421569][T30076] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1830.429538][T30076] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1830.437513][T30076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1830.445500][T30076] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:40:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c01, 0x2) [ 1830.519249][T30084] FAULT_INJECTION: forcing a failure. [ 1830.519249][T30084] name failslab, interval 1, probability 0, space 0, times 0 [ 1830.532806][T30084] CPU: 0 PID: 30084 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1830.541611][T30084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1830.551690][T30084] Call Trace: [ 1830.554987][T30084] dump_stack_lvl+0xcd/0x134 [ 1830.559608][T30084] should_fail.cold+0x5/0xa [ 1830.564143][T30084] ? alloc_workqueue_attrs+0x38/0x80 [ 1830.569449][T30084] should_failslab+0x5/0x10 [ 1830.573983][T30084] kmem_cache_alloc_trace+0x55/0x3c0 [ 1830.579315][T30084] alloc_workqueue_attrs+0x38/0x80 [ 1830.584485][T30084] apply_wqattrs_prepare+0xbc/0x890 [ 1830.589699][T30084] apply_workqueue_attrs_locked+0xc1/0x140 [ 1830.595538][T30084] alloc_workqueue+0xa10/0xef0 [ 1830.600348][T30084] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1830.606115][T30084] ? vsnprintf+0x283/0x14f0 [ 1830.610647][T30084] hci_register_dev+0x1c4/0xbd0 [ 1830.615535][T30084] ? __raw_spin_lock_init+0x36/0x110 [ 1830.620860][T30084] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1830.626012][T30084] tty_ioctl+0xc69/0x1670 [ 1830.630396][T30084] ? hci_uart_init_work+0x170/0x170 [ 1830.635597][T30084] ? tty_lookup_driver+0x550/0x550 [ 1830.640717][T30084] ? lock_downgrade+0x6e0/0x6e0 [ 1830.645577][T30084] ? __fget_files+0x23d/0x3e0 [ 1830.650250][T30084] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1830.656490][T30084] ? tty_lookup_driver+0x550/0x550 [ 1830.661678][T30084] __x64_sys_ioctl+0x193/0x200 [ 1830.666476][T30084] do_syscall_64+0x35/0xb0 [ 1830.670929][T30084] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1830.676861][T30084] RIP: 0033:0x7f29745cea39 [ 1830.681276][T30084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1830.701100][T30084] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1830.709518][T30084] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1830.717513][T30084] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1830.725495][T30084] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1830.733459][T30084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1830.741523][T30084] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1830.754947][T30076] Bluetooth: Can't register HCI device [ 1830.768869][T30084] Bluetooth: Can't register HCI device [ 1831.165407][T18049] Bluetooth: hci6: command 0xfc11 tx timeout [ 1831.165490][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1831.245915][ T8408] Bluetooth: hci7: command 0xfc11 tx timeout [ 1831.255723][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1831.698559][T11654] Bluetooth: hci6: Frame reassembly failed (-84) [ 1831.815526][T21576] Bluetooth: hci8: command 0x1003 tx timeout [ 1831.823477][ T9503] Bluetooth: hci8: sending frame failed (-49) [ 1833.725186][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1833.725292][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1833.885285][ T8408] Bluetooth: hci8: command 0x1001 tx timeout [ 1833.892388][T11206] Bluetooth: hci8: sending frame failed (-49) [ 1835.965223][T18049] Bluetooth: hci8: command 0x1009 tx timeout 15:40:28 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x121001, 0x0) syz_open_pts(r0, 0x42804) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:40:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x2) 15:40:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 14) 15:40:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 11) 15:40:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:40:28 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x68) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1840.018439][T30111] FAULT_INJECTION: forcing a failure. [ 1840.018439][T30111] name failslab, interval 1, probability 0, space 0, times 0 [ 1840.059483][T11654] Bluetooth: hci7: Frame reassembly failed (-84) [ 1840.072000][T30116] FAULT_INJECTION: forcing a failure. [ 1840.072000][T30116] name failslab, interval 1, probability 0, space 0, times 0 [ 1840.095958][T30111] CPU: 0 PID: 30111 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1840.104775][T30111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1840.114850][T30111] Call Trace: [ 1840.118147][T30111] dump_stack_lvl+0xcd/0x134 [ 1840.122773][T30111] should_fail.cold+0x5/0xa [ 1840.127306][T30111] should_failslab+0x5/0x10 [ 1840.131845][T30111] __kmalloc_track_caller+0x79/0x310 [ 1840.137181][T30111] ? kasprintf+0xbb/0xf0 [ 1840.141469][T30111] kvasprintf+0xb5/0x150 [ 1840.145750][T30111] ? bust_spinlocks+0xe0/0xe0 [ 1840.150482][T30111] kasprintf+0xbb/0xf0 [ 1840.154584][T30111] ? kvasprintf_const+0x190/0x190 [ 1840.159645][T30111] ? call_rcu_zapped+0xb0/0xb0 [ 1840.164448][T30111] ? lockdep_unlock+0x11c/0x290 [ 1840.169330][T30111] alloc_workqueue+0x45d/0xef0 [ 1840.174118][T30111] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1840.179855][T30111] ? vsnprintf+0x283/0x14f0 [ 1840.184359][T30111] hci_register_dev+0x216/0xbd0 [ 1840.189224][T30111] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1840.194260][T30111] tty_ioctl+0xc69/0x1670 [ 1840.198591][T30111] ? hci_uart_init_work+0x170/0x170 [ 1840.203904][T30111] ? tty_lookup_driver+0x550/0x550 [ 1840.209039][T30111] ? lock_downgrade+0x6e0/0x6e0 [ 1840.213906][T30111] ? __fget_files+0x23d/0x3e0 [ 1840.218595][T30111] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1840.224841][T30111] ? tty_lookup_driver+0x550/0x550 [ 1840.229961][T30111] __x64_sys_ioctl+0x193/0x200 [ 1840.234729][T30111] do_syscall_64+0x35/0xb0 [ 1840.239144][T30111] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1840.245042][T30111] RIP: 0033:0x7fd650fcaa39 [ 1840.249456][T30111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1840.269064][T30111] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1840.277478][T30111] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1840.285445][T30111] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1840.293409][T30111] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1840.301374][T30111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1840.309342][T30111] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1840.351536][T30116] CPU: 1 PID: 30116 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1840.360355][T30116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1840.370435][T30116] Call Trace: [ 1840.373770][T30116] dump_stack_lvl+0xcd/0x134 [ 1840.378394][T30116] should_fail.cold+0x5/0xa [ 1840.382910][T30116] should_failslab+0x5/0x10 [ 1840.387426][T30116] kmem_cache_alloc_node+0x65/0x3d0 [ 1840.392645][T30116] ? alloc_unbound_pwq+0x4a5/0xcd0 [ 1840.397768][T30116] alloc_unbound_pwq+0x4a5/0xcd0 [ 1840.402722][T30116] apply_wqattrs_prepare+0x2b6/0x890 [ 1840.408044][T30116] apply_workqueue_attrs_locked+0xc1/0x140 [ 1840.413858][T30116] alloc_workqueue+0xa10/0xef0 [ 1840.418633][T30116] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1840.424462][T30116] ? vsnprintf+0x283/0x14f0 [ 1840.428979][T30116] hci_register_dev+0x1c4/0xbd0 [ 1840.433844][T30116] ? __raw_spin_lock_init+0x36/0x110 [ 1840.439170][T30116] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1840.444222][T30116] tty_ioctl+0xc69/0x1670 [ 1840.448557][T30116] ? hci_uart_init_work+0x170/0x170 [ 1840.453774][T30116] ? tty_lookup_driver+0x550/0x550 [ 1840.458898][T30116] ? lock_downgrade+0x6e0/0x6e0 [ 1840.463768][T30116] ? __fget_files+0x23d/0x3e0 [ 1840.468454][T30116] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1840.474699][T30116] ? tty_lookup_driver+0x550/0x550 [ 1840.479821][T30116] __x64_sys_ioctl+0x193/0x200 [ 1840.484591][T30116] do_syscall_64+0x35/0xb0 [ 1840.489018][T30116] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1840.494919][T30116] RIP: 0033:0x7f29745cea39 [ 1840.499343][T30116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1840.518951][T30116] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1840.527365][T30116] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1840.535421][T30116] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1840.543387][T30116] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 15:40:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x2) [ 1840.551357][T30116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1840.559325][T30116] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1840.669744][T30116] Bluetooth: Can't register HCI device 15:40:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 12) [ 1840.799563][T30138] FAULT_INJECTION: forcing a failure. [ 1840.799563][T30138] name failslab, interval 1, probability 0, space 0, times 0 [ 1840.812550][T30138] CPU: 0 PID: 30138 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1840.821337][T30138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1840.831414][T30138] Call Trace: [ 1840.834701][T30138] dump_stack_lvl+0xcd/0x134 [ 1840.839305][T30138] should_fail.cold+0x5/0xa [ 1840.843827][T30138] ? alloc_workqueue+0x16d/0xef0 [ 1840.848786][T30138] should_failslab+0x5/0x10 [ 1840.853306][T30138] __kmalloc+0x72/0x320 [ 1840.857475][T30138] alloc_workqueue+0x16d/0xef0 [ 1840.862247][T30138] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1840.867978][T30138] ? vsnprintf+0x283/0x14f0 [ 1840.872503][T30138] hci_register_dev+0x216/0xbd0 [ 1840.877368][T30138] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1840.882402][T30138] tty_ioctl+0xc69/0x1670 [ 1840.886733][T30138] ? hci_uart_init_work+0x170/0x170 [ 1840.891937][T30138] ? tty_lookup_driver+0x550/0x550 [ 1840.897072][T30138] ? lock_downgrade+0x6e0/0x6e0 [ 1840.901941][T30138] ? __fget_files+0x23d/0x3e0 [ 1840.906623][T30138] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1840.912955][T30138] ? tty_lookup_driver+0x550/0x550 [ 1840.918075][T30138] __x64_sys_ioctl+0x193/0x200 [ 1840.922843][T30138] do_syscall_64+0x35/0xb0 [ 1840.927264][T30138] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1840.933163][T30138] RIP: 0033:0x7f29745cea39 [ 1840.937576][T30138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1840.957268][T30138] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1840.965685][T30138] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1840.973657][T30138] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1840.981628][T30138] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1840.989597][T30138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1840.997567][T30138] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 15:40:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x2) [ 1841.029207][T30138] Bluetooth: Can't register HCI device 15:40:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 13) 15:40:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x2) [ 1841.164811][T30143] FAULT_INJECTION: forcing a failure. [ 1841.164811][T30143] name failslab, interval 1, probability 0, space 0, times 0 [ 1841.178346][T30143] CPU: 0 PID: 30143 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1841.187236][T30143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1841.197322][T30143] Call Trace: [ 1841.200625][T30143] dump_stack_lvl+0xcd/0x134 [ 1841.205259][T30143] should_fail.cold+0x5/0xa [ 1841.209801][T30143] ? alloc_workqueue_attrs+0x38/0x80 15:40:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x2) [ 1841.215110][T30143] should_failslab+0x5/0x10 [ 1841.219901][T30143] kmem_cache_alloc_trace+0x55/0x3c0 [ 1841.225260][T30143] alloc_workqueue_attrs+0x38/0x80 [ 1841.230408][T30143] alloc_workqueue+0x192/0xef0 [ 1841.235213][T30143] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1841.240988][T30143] ? vsnprintf+0x283/0x14f0 [ 1841.245530][T30143] hci_register_dev+0x216/0xbd0 [ 1841.250436][T30143] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1841.255671][T30143] tty_ioctl+0xc69/0x1670 [ 1841.260035][T30143] ? hci_uart_init_work+0x170/0x170 [ 1841.265270][T30143] ? tty_lookup_driver+0x550/0x550 [ 1841.270430][T30143] ? lock_downgrade+0x6e0/0x6e0 [ 1841.275328][T30143] ? __fget_files+0x23d/0x3e0 [ 1841.280037][T30143] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1841.286316][T30143] ? tty_lookup_driver+0x550/0x550 [ 1841.291465][T30143] __x64_sys_ioctl+0x193/0x200 [ 1841.296266][T30143] do_syscall_64+0x35/0xb0 [ 1841.300712][T30143] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1841.306618][T30143] RIP: 0033:0x7f29745cea39 [ 1841.311029][T30143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1841.330649][T30143] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1841.339172][T30143] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1841.347156][T30143] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1841.355121][T30143] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1841.363089][T30143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1841.371076][T30143] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1841.391886][T30143] Bluetooth: Can't register HCI device [ 1841.498557][ T1209] Bluetooth: hci8: Frame reassembly failed (-84) [ 1842.124492][T21576] Bluetooth: hci7: command 0xfc11 tx timeout [ 1842.124913][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1842.684605][T18048] Bluetooth: hci6: command 0x1003 tx timeout [ 1842.690849][T18048] Bluetooth: hci10: command 0x1003 tx timeout [ 1842.690955][ T9935] Bluetooth: hci6: sending frame failed (-49) [ 1842.698976][T23375] Bluetooth: hci10: sending frame failed (-49) [ 1843.564683][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1844.764821][T28953] Bluetooth: hci6: command 0x1001 tx timeout [ 1844.771823][ T8903] Bluetooth: hci6: sending frame failed (-49) [ 1844.778496][T18048] Bluetooth: hci10: command 0x1001 tx timeout [ 1844.784776][ T8903] Bluetooth: hci10: sending frame failed (-49) [ 1846.854301][T13261] Bluetooth: hci10: command 0x1009 tx timeout [ 1846.865089][T13261] Bluetooth: hci6: command 0x1009 tx timeout 15:40:38 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 14) 15:40:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x2) 15:40:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 15) 15:40:39 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:40:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x6c) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1850.923025][T30169] FAULT_INJECTION: forcing a failure. [ 1850.923025][T30169] name failslab, interval 1, probability 0, space 0, times 0 [ 1850.999064][T30169] CPU: 1 PID: 30169 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1851.008070][T30169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1851.018179][T30169] Call Trace: [ 1851.021480][T30169] dump_stack_lvl+0xcd/0x134 [ 1851.026110][T30169] should_fail.cold+0x5/0xa [ 1851.030655][T30169] should_failslab+0x5/0x10 [ 1851.035188][T30169] __kmalloc_track_caller+0x79/0x310 [ 1851.040513][T30169] ? kasprintf+0xbb/0xf0 [ 1851.044832][T30169] kvasprintf+0xb5/0x150 [ 1851.049113][T30169] ? bust_spinlocks+0xe0/0xe0 [ 1851.053844][T30169] kasprintf+0xbb/0xf0 [ 1851.056863][T30180] FAULT_INJECTION: forcing a failure. [ 1851.056863][T30180] name failslab, interval 1, probability 0, space 0, times 0 [ 1851.057950][T30169] ? kvasprintf_const+0x190/0x190 [ 1851.057991][T30169] ? call_rcu_zapped+0xb0/0xb0 [ 1851.058025][T30169] ? lockdep_unlock+0x11c/0x290 [ 1851.085242][T30169] alloc_workqueue+0x45d/0xef0 [ 1851.090054][T30169] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1851.095820][T30169] ? vsnprintf+0x283/0x14f0 [ 1851.100359][T30169] hci_register_dev+0x216/0xbd0 [ 1851.105261][T30169] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1851.110325][T30169] tty_ioctl+0xc69/0x1670 [ 1851.114687][T30169] ? hci_uart_init_work+0x170/0x170 [ 1851.119915][T30169] ? tty_lookup_driver+0x550/0x550 [ 1851.125066][T30169] ? lock_downgrade+0x6e0/0x6e0 [ 1851.129966][T30169] ? __fget_files+0x23d/0x3e0 [ 1851.134681][T30169] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1851.140989][T30169] ? tty_lookup_driver+0x550/0x550 [ 1851.146135][T30169] __x64_sys_ioctl+0x193/0x200 [ 1851.151365][T30169] do_syscall_64+0x35/0xb0 [ 1851.155900][T30169] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1851.161836][T30169] RIP: 0033:0x7f29745cea39 [ 1851.166276][T30169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1851.185909][T30169] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1851.194472][T30169] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1851.202480][T30169] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1851.210516][T30169] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1851.218507][T30169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1851.226504][T30169] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1851.234535][T30180] CPU: 0 PID: 30180 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1851.243335][T30180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1851.253414][T30180] Call Trace: [ 1851.256710][T30180] dump_stack_lvl+0xcd/0x134 [ 1851.261336][T30180] should_fail.cold+0x5/0xa [ 1851.265873][T30180] ? apply_wqattrs_prepare+0xac/0x890 [ 1851.271269][T30180] should_failslab+0x5/0x10 [ 1851.275807][T30180] __kmalloc+0x72/0x320 [ 1851.279997][T30180] apply_wqattrs_prepare+0xac/0x890 [ 1851.285323][T30180] apply_workqueue_attrs_locked+0xc1/0x140 [ 1851.291169][T30180] alloc_workqueue+0xa10/0xef0 15:40:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x2) [ 1851.295974][T30180] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1851.301744][T30180] ? vsnprintf+0x283/0x14f0 [ 1851.306276][T30180] hci_register_dev+0x216/0xbd0 [ 1851.311166][T30180] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1851.316266][T30180] tty_ioctl+0xc69/0x1670 [ 1851.320632][T30180] ? hci_uart_init_work+0x170/0x170 [ 1851.325862][T30180] ? tty_lookup_driver+0x550/0x550 [ 1851.331016][T30180] ? lock_downgrade+0x6e0/0x6e0 [ 1851.335917][T30180] ? __fget_files+0x23d/0x3e0 [ 1851.340633][T30180] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1851.346913][T30180] ? tty_lookup_driver+0x550/0x550 [ 1851.352063][T30180] __x64_sys_ioctl+0x193/0x200 [ 1851.356859][T30180] do_syscall_64+0x35/0xb0 [ 1851.361310][T30180] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1851.367235][T30180] RIP: 0033:0x7fd650fcaa39 [ 1851.371683][T30180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1851.391313][T30180] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1851.399291][ T158] Bluetooth: hci7: Frame reassembly failed (-84) [ 1851.399748][T30180] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1851.414065][T30180] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1851.422063][T30180] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1851.430063][T30180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1851.438054][T30180] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:40:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 16) [ 1851.517863][T30180] Bluetooth: Can't register HCI device [ 1851.605086][T30196] FAULT_INJECTION: forcing a failure. [ 1851.605086][T30196] name failslab, interval 1, probability 0, space 0, times 0 [ 1851.617987][T30196] CPU: 0 PID: 30196 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1851.626783][T30196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1851.636862][T30196] Call Trace: [ 1851.640168][T30196] dump_stack_lvl+0xcd/0x134 [ 1851.644798][T30196] should_fail.cold+0x5/0xa [ 1851.649343][T30196] ? alloc_workqueue_attrs+0x38/0x80 [ 1851.654659][T30196] should_failslab+0x5/0x10 [ 1851.659228][T30196] kmem_cache_alloc_trace+0x55/0x3c0 [ 1851.664556][T30196] alloc_workqueue_attrs+0x38/0x80 [ 1851.669715][T30196] apply_wqattrs_prepare+0xb4/0x890 [ 1851.674933][T30196] apply_workqueue_attrs_locked+0xc1/0x140 [ 1851.680747][T30196] alloc_workqueue+0xa10/0xef0 [ 1851.685549][T30196] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1851.691290][T30196] ? vsnprintf+0x283/0x14f0 [ 1851.695811][T30196] hci_register_dev+0x216/0xbd0 [ 1851.700692][T30196] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1851.705722][T30196] tty_ioctl+0xc69/0x1670 [ 1851.710056][T30196] ? hci_uart_init_work+0x170/0x170 [ 1851.715277][T30196] ? tty_lookup_driver+0x550/0x550 [ 1851.720418][T30196] ? lock_downgrade+0x6e0/0x6e0 [ 1851.725303][T30196] ? __fget_files+0x23d/0x3e0 [ 1851.729984][T30196] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1851.736230][T30196] ? tty_lookup_driver+0x550/0x550 [ 1851.741350][T30196] __x64_sys_ioctl+0x193/0x200 [ 1851.746140][T30196] do_syscall_64+0x35/0xb0 [ 1851.750661][T30196] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1851.756565][T30196] RIP: 0033:0x7fd650fcaa39 [ 1851.760995][T30196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1851.780606][T30196] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1851.789023][T30196] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1851.797006][T30196] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 15:40:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x2) [ 1851.804983][T30196] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1851.812953][T30196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1851.820924][T30196] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1851.864253][T30196] Bluetooth: Can't register HCI device 15:40:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 17) 15:40:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x2) [ 1852.059556][T30204] FAULT_INJECTION: forcing a failure. [ 1852.059556][T30204] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.075720][T30204] CPU: 1 PID: 30204 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1852.084541][T30204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1852.094618][T30204] Call Trace: [ 1852.097925][T30204] dump_stack_lvl+0xcd/0x134 [ 1852.102562][T30204] should_fail.cold+0x5/0xa [ 1852.107103][T30204] ? alloc_workqueue_attrs+0x38/0x80 [ 1852.112519][T30204] should_failslab+0x5/0x10 [ 1852.117058][T30204] kmem_cache_alloc_trace+0x55/0x3c0 [ 1852.122403][T30204] alloc_workqueue_attrs+0x38/0x80 [ 1852.127558][T30204] apply_wqattrs_prepare+0xbc/0x890 [ 1852.132815][T30204] apply_workqueue_attrs_locked+0xc1/0x140 [ 1852.138681][T30204] alloc_workqueue+0xa10/0xef0 [ 1852.143522][T30204] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1852.149302][T30204] ? vsnprintf+0x283/0x14f0 [ 1852.153848][T30204] hci_register_dev+0x216/0xbd0 [ 1852.158775][T30204] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1852.163849][T30204] tty_ioctl+0xc69/0x1670 [ 1852.168226][T30204] ? hci_uart_init_work+0x170/0x170 [ 1852.173468][T30204] ? tty_lookup_driver+0x550/0x550 [ 1852.178628][T30204] ? lock_downgrade+0x6e0/0x6e0 [ 1852.183553][T30204] ? __fget_files+0x23d/0x3e0 [ 1852.188274][T30204] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1852.194553][T30204] ? tty_lookup_driver+0x550/0x550 [ 1852.199712][T30204] __x64_sys_ioctl+0x193/0x200 [ 1852.204519][T30204] do_syscall_64+0x35/0xb0 [ 1852.208976][T30204] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1852.214913][T30204] RIP: 0033:0x7fd650fcaa39 [ 1852.219356][T30204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1852.238994][T30204] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1852.247526][T30204] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 15:40:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x2) [ 1852.255527][T30204] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1852.263522][T30204] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.271519][T30204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.279603][T30204] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:40:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x2) [ 1852.350653][T30204] Bluetooth: Can't register HCI device [ 1852.684924][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 1852.691348][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.403793][T28953] Bluetooth: hci7: command 0xfc11 tx timeout [ 1853.406445][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1853.483850][T13261] Bluetooth: hci8: command 0xfc11 tx timeout [ 1853.484054][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) 15:40:41 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 15) 15:40:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 18) 15:40:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x2) [ 1853.574080][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1853.665464][T30224] FAULT_INJECTION: forcing a failure. [ 1853.665464][T30224] name failslab, interval 1, probability 0, space 0, times 0 [ 1853.682642][T30224] CPU: 0 PID: 30224 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1853.691460][T30224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1853.701560][T30224] Call Trace: [ 1853.704864][T30224] dump_stack_lvl+0xcd/0x134 [ 1853.709497][T30224] should_fail.cold+0x5/0xa [ 1853.714038][T30224] should_failslab+0x5/0x10 [ 1853.718566][T30224] kmem_cache_alloc_node+0x65/0x3d0 [ 1853.723796][T30224] ? alloc_unbound_pwq+0x4a5/0xcd0 [ 1853.729051][T30224] alloc_unbound_pwq+0x4a5/0xcd0 [ 1853.734033][T30224] apply_wqattrs_prepare+0x2b6/0x890 [ 1853.739347][T30224] apply_workqueue_attrs_locked+0xc1/0x140 [ 1853.745151][T30224] alloc_workqueue+0xa10/0xef0 [ 1853.750027][T30224] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1853.755800][T30224] ? vsnprintf+0x283/0x14f0 [ 1853.760337][T30224] hci_register_dev+0x216/0xbd0 [ 1853.765220][T30224] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1853.770264][T30224] tty_ioctl+0xc69/0x1670 [ 1853.774620][T30224] ? hci_uart_init_work+0x170/0x170 [ 1853.779844][T30224] ? tty_lookup_driver+0x550/0x550 [ 1853.784970][T30224] ? lock_downgrade+0x6e0/0x6e0 [ 1853.789851][T30224] ? __fget_files+0x23d/0x3e0 [ 1853.794562][T30224] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1853.800829][T30224] ? tty_lookup_driver+0x550/0x550 [ 1853.805957][T30224] __x64_sys_ioctl+0x193/0x200 [ 1853.812164][T30224] do_syscall_64+0x35/0xb0 [ 1853.816604][T30224] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1853.822530][T30224] RIP: 0033:0x7fd650fcaa39 [ 1853.826946][T30224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.846557][T30224] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1853.854978][T30224] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1853.862974][T30224] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1853.870962][T30224] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.878938][T30224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1853.886908][T30224] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1853.910164][T30226] FAULT_INJECTION: forcing a failure. [ 1853.910164][T30226] name failslab, interval 1, probability 0, space 0, times 0 [ 1853.924644][T30226] CPU: 1 PID: 30226 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1853.933459][T30226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1853.943536][T30226] Call Trace: [ 1853.946824][T30226] dump_stack_lvl+0xcd/0x134 [ 1853.951425][T30226] should_fail.cold+0x5/0xa [ 1853.955950][T30226] ? apply_wqattrs_prepare+0xac/0x890 [ 1853.961327][T30226] should_failslab+0x5/0x10 [ 1853.965830][T30226] __kmalloc+0x72/0x320 [ 1853.970017][T30226] apply_wqattrs_prepare+0xac/0x890 [ 1853.975252][T30226] apply_workqueue_attrs_locked+0xc1/0x140 [ 1853.981164][T30226] alloc_workqueue+0xa10/0xef0 [ 1853.985938][T30226] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1853.991681][T30226] ? vsnprintf+0x283/0x14f0 [ 1853.996189][T30226] hci_register_dev+0x216/0xbd0 [ 1854.001058][T30226] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1854.006107][T30226] tty_ioctl+0xc69/0x1670 [ 1854.010468][T30226] ? hci_uart_init_work+0x170/0x170 [ 1854.015690][T30226] ? tty_lookup_driver+0x550/0x550 [ 1854.020951][T30226] ? lock_downgrade+0x6e0/0x6e0 [ 1854.025861][T30226] ? __fget_files+0x23d/0x3e0 [ 1854.030550][T30226] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1854.036901][T30226] ? tty_lookup_driver+0x550/0x550 [ 1854.042025][T30226] __x64_sys_ioctl+0x193/0x200 [ 1854.046804][T30226] do_syscall_64+0x35/0xb0 [ 1854.051223][T30226] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1854.057143][T30226] RIP: 0033:0x7f29745cea39 [ 1854.061566][T30226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1854.081184][T30226] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1854.089618][T30226] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1854.097596][T30226] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1854.105578][T30226] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1854.113564][T30226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1854.121544][T30226] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1854.154668][T30224] Bluetooth: Can't register HCI device [ 1854.174175][T30226] Bluetooth: Can't register HCI device 15:40:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) socket$inet(0x2, 0x4000000000000001, 0x0) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:40:42 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1, &(0x7f0000000380)=""/55, 0x37}, 0x1) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x4, 0x1) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = dup3(r2, r3, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000014c0)={0xffffffffffffffff, 0xc0, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=0x9, 0x0, 0x0, 0x0, &(0x7f00000012c0)={0x8, 0x5}, 0x0, 0x0, &(0x7f0000001340)={0x0, 0x10, 0x1, 0x2}, &(0x7f0000001380)=0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f00000013c0)=0x70a}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x4, &(0x7f0000001580)=ANY=[@ANYBLOB="18020000000000000034c300000b0000850000002a0000009500f2ffffff00003464d071e1ff33a70e0000000000000009e6ae5dc926959b167fc09e23ec3679d818a05d29fe4dd3ff1e07789a22245c83b34eba7c1fbbe96442037628cd498dbb17f47a2b8f59ca73db8512773b0e7de97ee58544dd27090098add07110efa83979bbb070440dcff74c4c00b0e13212a55db69f166bdc6f9baf4ca444f46aacafffff0000000000000f57104f2ff1a3355a8fba5b380c7b2e1e240d2ca46620e2843d64749695d1bfd7f792ae95a881942be1c5a4c004c546b0d7da604b48eb0a0e9d3501f64ae16ebe17c59639ef27738a7ec54b84fed4f23e95998be42e6a1e520bb62377e95bb10500000000000000b0f701a1ddbaed1d6b3c1dee58e7ef72e71abf58da477505871857c58d66a45f0af309ef78757f15b760368f4cf31767f9d948d67bc6adc14cc99443a942ea4e91f8dfea55fff42fdea739a8087ef08e60b073022a61cfadcccdf1d4c43b157a81c47344966cab55d4a57960a51473bb2a467688023832ddde07a6b3dd4bc2a3acc7a6d417ccf92e1145f224b982383e33db7e94743ea637b8ace34a784da926dc10afeef19fd03541e69fb922778aae2bc73ee3e3e5c9ee06d143cfb65683fa12f818a4e96e3854b2e4f6956fbe5740b22e82c3fd528f153a578cd872866ab3c8434814a510de62f8efa80aec4e4d96af6283c8ea4f0fcae353b4a72c9de04009bf209369dba0d4fe56eb5d753d4b51e646289ec82ed6bc2d6da1cd0725e7ac009db345222bf531c23b5f08dcbfa8ad03ddc6a75e6f20b5edccc1f9e35221c23949ba0efb6bad58a28eaa59a87125f99482108ec3d2c1aa46d3c498e445e246d3b327c306b2c656f0de8621bf7c0b9bcd128d3ab8e1b4f0d59bb792ec594b00000000000000abf70616de934c30bc9d6336dabc85bddd9806c1c283d0a8c572a39061c7d8c2b9059f2a034eee70c1b2c813acb0b9cbc49ed788f94fd6f903f93a8725ad7190eefd0079f8c1c5f8c8ff0957ec6dffca30e344fe491ca90f25032ada808ae3b1f8036f59a58cdd148fd32d0fb6d4355b77b95ca1b54536521204acbaa0d8efad1813b501b94c51d848186a359582850e9b90a264e645af94659c40a61da6cb70cd4abf38a38cc5f20ce144d095a6771d3fafde6c5b03c5774ce07e39ed4cfb4eab1952a7911566a31bfcf47b9a54ff43ae60d4a887227ca53b7b32d3ea0c1d680213c69f0a76d9a2cd3e3f570732c7d34a9ffe16ae3606a7f0c704551b990ccc2729f5bcbcf9c75257d2d221f9851a77a57962d52a5d55d6c5dc53c3e8a7ab20c061231d82068de4172bfa209cef9964a6d5c66a4df5c4d3e2791f7453105f32ad6dc10956edadb2da18c632dd7fd11f00000000000000000000000000000000000000000000000000000000000000000000866f846f9c0fd0c5c98b4c813925c24d4d9a87b90b76387b0d2ad131c482603d2ff829f6c49c21e67deb268b302d7480aa683eb3515726956eccdcc6b9fcb79dd8e33ea3faae084c37360abd5f0028dca1b4ee24e01b8cd337ca324ace83b92bff6c6908f5cb9e181f84251fcb6a4fd27fd6efbb41320c20734a199781dcc1d1b7454c3562b9f550e86620ba582bb94c5f51551a32f6c6f133a537df6c1d12c952aa8d9a388ad4035a56f2574e419b526cbbc5c3f277193d7122e03f91fdf4df18f03d01c85e26ea876b057ef6aab94cd199a4291065c5645df105f4ba062459d901436a47e98f004b67e658fb31c058eb8d6ee54bc7797533a3a9ff1fd27ad4bb9ade94caa80b3048acd45c6ef4b1e799f93a7e93ae86a822daab7bcb2797ab72986d2dc279a251532503231b1c01c4c1fd0ad40a971e1a1749e1b2018cde12964bec9dd8148f6fd548fb53ceb089aa0f0108b28f086f95bbca5cfb0f4b4857bf2451b1954aa2ed28907f4cecd87eb64190fb6f670c84f1fbeaed80088308ce9e8636430177906b1656d4bc56625fd5daac1fe1e66fda771d979ed64f3b311720f257d88c01c6f55c518cf705fca6fe925ffbbef7e95cfde2167ed3444783cdeb1bf7d67218d80c02a7caa0df6b2c7a4e85a947cc8c381eaae6cfaa7d35707c15117b6adce5eb27725010c8ebbb8422a8cf00986037867b5807000098afd88ff9798366c0108f51eb981168280b0752606a25c50feb92d4d9627546097c766e29f51699a3912f6e1466443a76c5ed6a4a292e269da42bb941e24d8dccbdf0cb94a6692f783e682f0bbfac1c782da513bf8cc84cf9b4079ffc6a5dea9ab5934ca20b2d1a104c4537b451c413e28a633b2bcdfbb37a60ce6773612dbed40ef5cf1ae270ebb07576e902c7dc8cf7e031c4cce906d7c1e6fbd7f5bd230a99af852812e93ce185756f2863cab968ecaff8397d347b85db5504b53022a7560922957fb0a939897fce2a42b8b7f087e7275dec30ef46bd8454d9b9acd495c00df2a5048ffdde74d073097734fcf08a191faa09be7f2585744f1df14272ad8de268ca75385f690375ed939d2529f3cbb72d1aca6db3dfb98be4204c2434fcf8c7fd9c93d27c7b5f5bfeb2774123cb376df5bc323bb0b4acb9e9443fafad9dc4f2956a14dbd5eea36fe09790c47781a665479ca49fa2777368c9fd0bfef67253412d5ffd9121b364b4e1fce47a6c514938e4b10e4c15912a409e6d3f65821f51a9d353ad33161d3b0a5085a0e3b01edb9908686eb0cb0b928d9ea147a6c778eaa840d51cf9b6d379418cf33fb25ee0aa002bc048185b82df7e6b5f9f63a136a60101a854d0df6e133545771a567748e6745b712bfdab0b444916efb50bec18ddb5f39618a4571277fd205ec60039f80e282096d84ec4e939efecf8d8395b91125354929f0eeb6b4950d76fcafe779c4fd298cf13675d641d1ad29f63428c53bca1ed215b25e99e82bf74a5979fd3c72b96ada813143d5458000000000000000000d584c121dccb7921af030ed207d3efae7259596985384874001f35bd4ca46d8191dbf27fb5ccced080e3053544c823aa338b1c08727f8e15e4976c2ae9aed462e46259bbbc1bc9e2def1b71e09928ada0a2bd282fc0d6b8f02e4a25b6bf82d012a02a326942a597897003acbb5b97c4e1d7cf818e817818d5d22dde6eb01e3eaaed1e85e96c6bec1f76cda544320f8c868bc6d074692821d7e0dd1c572ef7035633b00111c50def491d7d0f2b615e54a4659a8d714145a755ba31a7c8fe4e8bed2a5926961d3797def5cda9dbeb6ef78bf4e432c1eacaea7614bcc138bf2002c39d53128c207db5fe066b0071815644fb0421698a403770b39b666e3ef69a3371c6412815546098fc78e895148", @ANYRES16=r1, @ANYRESOCT=r1], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1009, &(0x7f0000001f00)=""/4105, 0x0, 0x0, '\x00', 0x0, 0x1b, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r5}, 0x78) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r6, 0x3, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r7, 0x3, 0x0) dup3(r6, r7, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x10, 0xe, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x7}, [@generic={0x0, 0x6, 0xf, 0x1, 0x7}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x4}, @jmp={0x5, 0x1, 0x6, 0xa, 0x0, 0xffffffffffffffc0, 0xffffffffffffffe8}, @jmp={0x5, 0x1, 0xb, 0x9, 0xb, 0x0, 0xfffffffffffffffc}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x10001}]}, &(0x7f0000000000)='syzkaller\x00', 0x7, 0xb3, &(0x7f0000000180)=""/179, 0x41100, 0x8, '\x00', r1, 0x6, r3, 0x8, &(0x7f0000000400)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000440)={0x3, 0x3, 0x3, 0x3}, 0x10, r5, r7}, 0x78) lseek(0xffffffffffffffff, 0x3, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001500)={0x0, 0x80, 0x1f, 0x8, 0xc9, 0x20, 0x0, 0x7ff, 0x40000, 0x3, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfff, 0x0, @perf_config_ext={0x768, 0x2}, 0x2100, 0x7, 0xfffff800, 0x3, 0xfff, 0x1, 0x0, 0x0, 0x8000, 0x0, 0x5}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0xb) 15:40:42 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x74) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:40:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x2) 15:40:42 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 19) 15:40:42 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 16) [ 1854.328495][T11654] Bluetooth: hci6: Frame reassembly failed (-84) [ 1854.338767][T30233] FAULT_INJECTION: forcing a failure. [ 1854.338767][T30233] name failslab, interval 1, probability 0, space 0, times 0 [ 1854.362884][T30235] FAULT_INJECTION: forcing a failure. [ 1854.362884][T30235] name failslab, interval 1, probability 0, space 0, times 0 15:40:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x2) [ 1854.407709][T30233] CPU: 0 PID: 30233 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1854.416565][T30233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1854.426649][T30233] Call Trace: [ 1854.429953][T30233] dump_stack_lvl+0xcd/0x134 [ 1854.434580][T30233] should_fail.cold+0x5/0xa [ 1854.439119][T30233] ? __d_alloc+0x2a/0x950 [ 1854.443485][T30233] should_failslab+0x5/0x10 [ 1854.448019][T30233] kmem_cache_alloc+0x5e/0x390 [ 1854.452830][T30233] __d_alloc+0x2a/0x950 [ 1854.457043][T30233] ? mark_lock+0xef/0x17b0 [ 1854.461504][T30233] d_alloc+0x4a/0x230 [ 1854.465529][T30233] d_alloc_parallel+0xe2/0x19f0 [ 1854.470426][T30233] ? __lock_acquire+0x162f/0x54a0 [ 1854.475483][T30233] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1854.481550][T30233] ? __d_lookup_rcu+0x6c0/0x6c0 [ 1854.486441][T30233] ? lockdep_init_map_type+0x2c3/0x7b0 [ 1854.491931][T30233] ? lockdep_init_map_type+0x2c3/0x7b0 [ 1854.497435][T30233] __lookup_slow+0x193/0x480 [ 1854.502088][T30233] ? page_put_link+0x220/0x220 [ 1854.506895][T30233] ? __d_lookup+0x400/0x720 [ 1854.511424][T30233] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1854.517148][T30233] ? d_lookup+0x101/0x170 [ 1854.521511][T30233] lookup_one_len+0x16a/0x1a0 [ 1854.526200][T30233] ? try_lookup_one_len+0x180/0x180 [ 1854.531406][T30233] ? __down_timeout+0x10/0x10 [ 1854.536104][T30233] ? do_raw_spin_unlock+0x171/0x230 [ 1854.541395][T30233] ? mntput+0xc/0x90 [ 1854.545314][T30233] start_creating.part.0+0x13a/0x290 [ 1854.550711][T30233] debugfs_create_dir+0x6b/0x500 [ 1854.555684][T30233] hci_register_dev+0x2a7/0xbd0 [ 1854.560549][T30233] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1854.565599][T30233] tty_ioctl+0xc69/0x1670 [ 1854.569939][T30233] ? hci_uart_init_work+0x170/0x170 [ 1854.575145][T30233] ? tty_lookup_driver+0x550/0x550 [ 1854.580271][T30233] ? lock_downgrade+0x6e0/0x6e0 [ 1854.585140][T30233] ? __fget_files+0x23d/0x3e0 [ 1854.589832][T30233] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1854.596082][T30233] ? tty_lookup_driver+0x550/0x550 [ 1854.601203][T30233] __x64_sys_ioctl+0x193/0x200 [ 1854.606095][T30233] do_syscall_64+0x35/0xb0 [ 1854.610538][T30233] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1854.616443][T30233] RIP: 0033:0x7fd650fcaa39 [ 1854.620881][T30233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1854.640600][T30233] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1854.649026][T30233] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1854.657000][T30233] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1854.664968][T30233] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1854.672953][T30233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1854.680923][T30233] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1854.705709][T30235] CPU: 0 PID: 30235 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1854.714533][T30235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1854.724609][T30235] Call Trace: [ 1854.727909][T30235] dump_stack_lvl+0xcd/0x134 [ 1854.732537][T30235] should_fail.cold+0x5/0xa [ 1854.737114][T30235] ? alloc_workqueue_attrs+0x38/0x80 [ 1854.742418][T30235] should_failslab+0x5/0x10 [ 1854.747083][T30235] kmem_cache_alloc_trace+0x55/0x3c0 [ 1854.752453][T30235] alloc_workqueue_attrs+0x38/0x80 [ 1854.757596][T30235] apply_wqattrs_prepare+0xb4/0x890 [ 1854.762886][T30235] apply_workqueue_attrs_locked+0xc1/0x140 [ 1854.768731][T30235] alloc_workqueue+0xa10/0xef0 [ 1854.773540][T30235] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1854.779304][T30235] ? vsnprintf+0x283/0x14f0 [ 1854.783838][T30235] hci_register_dev+0x216/0xbd0 [ 1854.788729][T30235] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1854.793800][T30235] tty_ioctl+0xc69/0x1670 [ 1854.798171][T30235] ? hci_uart_init_work+0x170/0x170 [ 1854.803409][T30235] ? tty_lookup_driver+0x550/0x550 [ 1854.808569][T30235] ? lock_downgrade+0x6e0/0x6e0 [ 1854.813472][T30235] ? __fget_files+0x23d/0x3e0 [ 1854.818171][T30235] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1854.824440][T30235] ? tty_lookup_driver+0x550/0x550 [ 1854.829564][T30235] __x64_sys_ioctl+0x193/0x200 [ 1854.834339][T30235] do_syscall_64+0x35/0xb0 [ 1854.838781][T30235] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1854.844690][T30235] RIP: 0033:0x7f29745cea39 [ 1854.849123][T30235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1854.868752][T30235] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1854.877190][T30235] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1854.885166][T30235] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1854.893142][T30235] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1854.901118][T30235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1854.909179][T30235] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 15:40:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x2) [ 1855.116510][T30235] Bluetooth: Can't register HCI device 15:40:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x2) 15:40:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 17) [ 1855.234709][T30263] FAULT_INJECTION: forcing a failure. [ 1855.234709][T30263] name failslab, interval 1, probability 0, space 0, times 0 [ 1855.248510][T30263] CPU: 0 PID: 30263 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1855.257310][T30263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1855.267385][T30263] Call Trace: [ 1855.270685][T30263] dump_stack_lvl+0xcd/0x134 [ 1855.275310][T30263] should_fail.cold+0x5/0xa [ 1855.279843][T30263] ? alloc_workqueue_attrs+0x38/0x80 [ 1855.285154][T30263] should_failslab+0x5/0x10 [ 1855.289680][T30263] kmem_cache_alloc_trace+0x55/0x3c0 [ 1855.295004][T30263] alloc_workqueue_attrs+0x38/0x80 [ 1855.300147][T30263] apply_wqattrs_prepare+0xbc/0x890 [ 1855.305389][T30263] apply_workqueue_attrs_locked+0xc1/0x140 [ 1855.311214][T30263] alloc_workqueue+0xa10/0xef0 [ 1855.315997][T30263] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1855.321736][T30263] ? vsnprintf+0x283/0x14f0 [ 1855.326251][T30263] hci_register_dev+0x216/0xbd0 [ 1855.331136][T30263] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1855.336170][T30263] tty_ioctl+0xc69/0x1670 [ 1855.340504][T30263] ? hci_uart_init_work+0x170/0x170 [ 1855.345709][T30263] ? tty_lookup_driver+0x550/0x550 [ 1855.350836][T30263] ? lock_downgrade+0x6e0/0x6e0 [ 1855.355708][T30263] ? __fget_files+0x23d/0x3e0 [ 1855.360401][T30263] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1855.366660][T30263] ? tty_lookup_driver+0x550/0x550 [ 1855.371785][T30263] __x64_sys_ioctl+0x193/0x200 [ 1855.376594][T30263] do_syscall_64+0x35/0xb0 [ 1855.381134][T30263] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1855.387123][T30263] RIP: 0033:0x7f29745cea39 [ 1855.391547][T30263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1855.411158][T30263] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1855.419578][T30263] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1855.427554][T30263] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 15:40:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x2) [ 1855.435537][T30263] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1855.443506][T30263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1855.451474][T30263] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 15:40:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 18) [ 1855.493585][T30263] Bluetooth: Can't register HCI device [ 1855.571577][T30271] FAULT_INJECTION: forcing a failure. [ 1855.571577][T30271] name failslab, interval 1, probability 0, space 0, times 0 [ 1855.584475][T30271] CPU: 1 PID: 30271 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1855.593264][T30271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1855.603593][T30271] Call Trace: [ 1855.606895][T30271] dump_stack_lvl+0xcd/0x134 [ 1855.611501][T30271] should_fail.cold+0x5/0xa [ 1855.616011][T30271] should_failslab+0x5/0x10 [ 1855.620518][T30271] kmem_cache_alloc_node+0x65/0x3d0 [ 1855.625724][T30271] ? alloc_unbound_pwq+0x4a5/0xcd0 [ 1855.630848][T30271] alloc_unbound_pwq+0x4a5/0xcd0 [ 1855.635815][T30271] apply_wqattrs_prepare+0x2b6/0x890 [ 1855.641134][T30271] apply_workqueue_attrs_locked+0xc1/0x140 [ 1855.646951][T30271] alloc_workqueue+0xa10/0xef0 [ 1855.651725][T30271] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1855.657463][T30271] ? vsnprintf+0x283/0x14f0 [ 1855.661975][T30271] hci_register_dev+0x216/0xbd0 [ 1855.666849][T30271] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1855.671886][T30271] tty_ioctl+0xc69/0x1670 [ 1855.676226][T30271] ? hci_uart_init_work+0x170/0x170 [ 1855.681439][T30271] ? tty_lookup_driver+0x550/0x550 [ 1855.686591][T30271] ? lock_downgrade+0x6e0/0x6e0 [ 1855.691462][T30271] ? __fget_files+0x23d/0x3e0 [ 1855.696151][T30271] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1855.702432][T30271] ? tty_lookup_driver+0x550/0x550 [ 1855.707557][T30271] __x64_sys_ioctl+0x193/0x200 [ 1855.712342][T30271] do_syscall_64+0x35/0xb0 [ 1855.716777][T30271] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1855.722696][T30271] RIP: 0033:0x7f29745cea39 [ 1855.727130][T30271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1855.746759][T30271] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1855.755193][T30271] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1855.763187][T30271] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1855.771171][T30271] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1855.779138][T30271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1855.787109][T30271] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1855.819392][T30271] Bluetooth: Can't register HCI device [ 1856.363566][T28953] Bluetooth: hci6: command 0x1003 tx timeout [ 1856.370142][ T9935] Bluetooth: hci6: sending frame failed (-49) [ 1856.933525][T11206] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1856.942841][T28953] Bluetooth: hci7: command 0x1003 tx timeout [ 1856.955477][T11206] Bluetooth: hci7: sending frame failed (-49) [ 1857.173484][T23375] Bluetooth: hci10: Entering manufacturer mode failed (-110) [ 1857.182697][ T1053] Bluetooth: hci10: command tx timeout 15:40:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) socket$inet(0x2, 0x4000000000000001, 0x0) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1857.754008][T11206] Bluetooth: hci8: sending frame failed (-49) [ 1858.453265][ T1053] Bluetooth: hci6: command 0x1001 tx timeout [ 1858.460217][T11206] Bluetooth: hci6: sending frame failed (-49) [ 1859.003310][T28953] Bluetooth: hci7: command 0x1001 tx timeout [ 1859.010634][T11206] Bluetooth: hci7: sending frame failed (-49) [ 1859.803248][ T8408] Bluetooth: hci8: command 0xfc11 tx timeout [ 1859.803761][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1860.523141][ T8408] Bluetooth: hci6: command 0x1009 tx timeout [ 1861.083083][T28953] Bluetooth: hci7: command 0x1009 tx timeout 15:40:53 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) fsetxattr(r1, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', &(0x7f0000000080)=',{:)^^{(@-+}&#\xfb\'((!\x00', 0x14, 0x2) 15:40:53 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 19) 15:40:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x2) 15:40:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 20) 15:40:53 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7a) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:40:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) socket$inet(0x2, 0x4000000000000001, 0x0) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1865.039993][T30300] FAULT_INJECTION: forcing a failure. [ 1865.039993][T30300] name failslab, interval 1, probability 0, space 0, times 0 [ 1865.091367][T30300] CPU: 0 PID: 30300 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1865.100367][T30300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1865.110444][T30300] Call Trace: [ 1865.113776][T30300] dump_stack_lvl+0xcd/0x134 [ 1865.118403][T30300] should_fail.cold+0x5/0xa [ 1865.123028][T30300] ? __d_alloc+0x2a/0x950 [ 1865.127398][T30300] should_failslab+0x5/0x10 [ 1865.131926][T30300] kmem_cache_alloc+0x5e/0x390 [ 1865.136732][T30300] __d_alloc+0x2a/0x950 15:40:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x2) [ 1865.140909][T30300] ? mark_lock+0xef/0x17b0 [ 1865.145360][T30300] d_alloc+0x4a/0x230 [ 1865.149378][T30300] d_alloc_parallel+0xe2/0x19f0 [ 1865.154263][T30300] ? __lock_acquire+0x162f/0x54a0 [ 1865.159314][T30300] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1865.165333][T30300] ? __d_lookup_rcu+0x6c0/0x6c0 [ 1865.170260][T30300] ? lockdep_init_map_type+0x2c3/0x7b0 [ 1865.175759][T30300] ? lockdep_init_map_type+0x2c3/0x7b0 [ 1865.181263][T30300] __lookup_slow+0x193/0x480 [ 1865.185888][T30300] ? page_put_link+0x220/0x220 [ 1865.190692][T30300] ? __d_lookup+0x400/0x720 [ 1865.195238][T30300] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1865.201001][T30300] ? d_lookup+0x101/0x170 [ 1865.205376][T30300] lookup_one_len+0x16a/0x1a0 [ 1865.210086][T30300] ? try_lookup_one_len+0x180/0x180 [ 1865.215312][T30300] ? __down_timeout+0x10/0x10 [ 1865.220016][T30300] ? do_raw_spin_unlock+0x171/0x230 [ 1865.225251][T30300] ? mntput+0xc/0x90 [ 1865.229181][T30300] start_creating.part.0+0x13a/0x290 [ 1865.234501][T30300] debugfs_create_dir+0x6b/0x500 [ 1865.239503][T30300] hci_register_dev+0x2a7/0xbd0 [ 1865.244396][T30300] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1865.249458][T30300] tty_ioctl+0xc69/0x1670 [ 1865.253853][T30300] ? hci_uart_init_work+0x170/0x170 [ 1865.259086][T30300] ? tty_lookup_driver+0x550/0x550 [ 1865.264248][T30300] ? lock_downgrade+0x6e0/0x6e0 [ 1865.269148][T30300] ? __fget_files+0x23d/0x3e0 [ 1865.273854][T30300] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1865.280154][T30300] ? tty_lookup_driver+0x550/0x550 [ 1865.285335][T30300] __x64_sys_ioctl+0x193/0x200 [ 1865.290134][T30300] do_syscall_64+0x35/0xb0 [ 1865.294576][T30300] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1865.300530][T30300] RIP: 0033:0x7f29745cea39 [ 1865.304962][T30300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1865.324686][T30300] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1865.333133][T30300] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1865.341167][T30300] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1865.349166][T30300] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1865.357247][T30300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1865.365260][T30300] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 15:40:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x2) [ 1865.443447][T23375] Bluetooth: hci7: sending frame failed (-49) [ 1865.464524][T30309] FAULT_INJECTION: forcing a failure. [ 1865.464524][T30309] name failslab, interval 1, probability 0, space 0, times 0 [ 1865.477519][T11654] Bluetooth: hci8: Frame reassembly failed (-84) [ 1865.484140][ T148] Bluetooth: hci9: Frame reassembly failed (-84) [ 1865.508707][T30309] CPU: 0 PID: 30309 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1865.517553][T30309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1865.527806][T30309] Call Trace: [ 1865.531101][T30309] dump_stack_lvl+0xcd/0x134 [ 1865.535721][T30309] should_fail.cold+0x5/0xa [ 1865.540247][T30309] ? alloc_inode+0x161/0x230 [ 1865.544861][T30309] should_failslab+0x5/0x10 [ 1865.549383][T30309] kmem_cache_alloc+0x5e/0x390 [ 1865.554183][T30309] alloc_inode+0x161/0x230 [ 1865.558629][T30309] new_inode+0x27/0x2f0 [ 1865.562819][T30309] debugfs_get_inode+0x1a/0x130 [ 1865.567696][T30309] debugfs_create_dir+0xde/0x500 [ 1865.572660][T30309] hci_register_dev+0x2a7/0xbd0 [ 1865.577551][T30309] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1865.582604][T30309] tty_ioctl+0xc69/0x1670 [ 1865.586954][T30309] ? hci_uart_init_work+0x170/0x170 [ 1865.592188][T30309] ? tty_lookup_driver+0x550/0x550 [ 1865.597331][T30309] ? lock_downgrade+0x6e0/0x6e0 [ 1865.602222][T30309] ? __fget_files+0x23d/0x3e0 [ 1865.606951][T30309] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1865.613204][T30309] ? tty_lookup_driver+0x550/0x550 [ 1865.618341][T30309] __x64_sys_ioctl+0x193/0x200 [ 1865.623109][T30309] do_syscall_64+0x35/0xb0 [ 1865.627528][T30309] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1865.633427][T30309] RIP: 0033:0x7fd650fcaa39 [ 1865.637839][T30309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1865.657441][T30309] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1865.665850][T30309] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1865.673826][T30309] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1865.681813][T30309] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1865.689796][T30309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1865.697765][T30309] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:40:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x2) [ 1865.799091][T30309] debugfs: out of free dentries, can not create directory 'hci10' [ 1865.833870][ T148] Bluetooth: hci10: Frame reassembly failed (-84) 15:40:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x2) 15:40:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x2) 15:40:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x2) [ 1867.082659][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1867.082678][ T8528] Bluetooth: hci6: command 0xfc11 tx timeout [ 1867.482744][T11206] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1867.482849][T13261] Bluetooth: hci7: command 0xfc11 tx timeout [ 1867.496626][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1867.500740][ T1053] Bluetooth: hci8: command 0x1003 tx timeout [ 1867.513960][ T9503] Bluetooth: hci8: sending frame failed (-49) [ 1867.882588][ T8528] Bluetooth: hci10: command 0x1003 tx timeout [ 1867.889648][ T9503] Bluetooth: hci10: sending frame failed (-49) [ 1869.562590][T13261] Bluetooth: hci8: command 0x1001 tx timeout [ 1869.569703][ T9503] Bluetooth: hci8: sending frame failed (-49) [ 1869.962500][T13261] Bluetooth: hci10: command 0x1001 tx timeout [ 1869.968772][ T9503] Bluetooth: hci10: sending frame failed (-49) [ 1871.652375][T18049] Bluetooth: hci8: command 0x1009 tx timeout [ 1872.042291][T18049] Bluetooth: hci10: command 0x1009 tx timeout 15:41:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x1014c1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x12a84, 0x0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) r3 = pidfd_getfd(r1, r2, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r4 = socket$netlink(0x10, 0x3, 0xe) io_uring_register$IORING_REGISTER_FILES_UPDATE(r3, 0x6, &(0x7f0000000140)={0x393f, 0x0, &(0x7f0000000100)=[r4]}, 0x1) 15:41:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x2) 15:41:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 20) [ 1875.810709][T30358] FAULT_INJECTION: forcing a failure. [ 1875.810709][T30358] name failslab, interval 1, probability 0, space 0, times 0 [ 1875.835759][T30358] CPU: 0 PID: 30358 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1875.844574][T30358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1875.854736][T30358] Call Trace: [ 1875.858034][T30358] dump_stack_lvl+0xcd/0x134 [ 1875.862648][T30358] should_fail.cold+0x5/0xa [ 1875.867172][T30358] ? alloc_inode+0x161/0x230 [ 1875.871789][T30358] should_failslab+0x5/0x10 [ 1875.876305][T30358] kmem_cache_alloc+0x5e/0x390 [ 1875.881098][T30358] alloc_inode+0x161/0x230 [ 1875.885545][T30358] new_inode+0x27/0x2f0 [ 1875.889731][T30358] debugfs_get_inode+0x1a/0x130 [ 1875.894631][T30358] debugfs_create_dir+0xde/0x500 [ 1875.899610][T30358] hci_register_dev+0x2a7/0xbd0 [ 1875.904491][T30358] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1875.909542][T30358] tty_ioctl+0xc69/0x1670 [ 1875.913914][T30358] ? hci_uart_init_work+0x170/0x170 [ 1875.919137][T30358] ? tty_lookup_driver+0x550/0x550 [ 1875.924284][T30358] ? lock_downgrade+0x6e0/0x6e0 [ 1875.929179][T30358] ? __fget_files+0x23d/0x3e0 [ 1875.933884][T30358] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1875.940157][T30358] ? tty_lookup_driver+0x550/0x550 [ 1875.945336][T30358] __x64_sys_ioctl+0x193/0x200 [ 1875.950158][T30358] do_syscall_64+0x35/0xb0 [ 1875.954594][T30358] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1875.960507][T30358] RIP: 0033:0x7f29745cea39 [ 1875.964936][T30358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1875.984557][T30358] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1875.992989][T30358] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1876.000994][T30358] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1876.008982][T30358] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1876.016974][T30358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1876.024963][T30358] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1876.048995][T30358] debugfs: out of free dentries, can not create directory 'hci6' 15:41:04 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 21) 15:41:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:41:04 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x300) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x2) 15:41:04 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000000)=0x4) ioctl$KDADDIO(r0, 0x400455c8, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) 15:41:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x2) [ 1876.521602][T20859] Bluetooth: hci8: Frame reassembly failed (-84) [ 1876.546064][T30389] FAULT_INJECTION: forcing a failure. [ 1876.546064][T30389] name failslab, interval 1, probability 0, space 0, times 0 15:41:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x2) [ 1876.615995][T30389] CPU: 1 PID: 30389 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1876.624836][T30389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1876.634908][T30389] Call Trace: [ 1876.638203][T30389] dump_stack_lvl+0xcd/0x134 [ 1876.642818][T30389] should_fail.cold+0x5/0xa [ 1876.647342][T30389] ? alloc_inode+0x161/0x230 [ 1876.651957][T30389] should_failslab+0x5/0x10 [ 1876.656470][T30389] kmem_cache_alloc+0x5e/0x390 [ 1876.661269][T30389] alloc_inode+0x161/0x230 [ 1876.665720][T30389] new_inode+0x27/0x2f0 [ 1876.669907][T30389] debugfs_get_inode+0x1a/0x130 [ 1876.674783][T30389] debugfs_create_dir+0xde/0x500 [ 1876.679854][T30389] hci_register_dev+0x2a7/0xbd0 [ 1876.684740][T30389] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1876.689797][T30389] tty_ioctl+0xc69/0x1670 [ 1876.694169][T30389] ? hci_uart_init_work+0x170/0x170 [ 1876.699405][T30389] ? tty_lookup_driver+0x550/0x550 [ 1876.704560][T30389] ? lock_downgrade+0x6e0/0x6e0 [ 1876.709459][T30389] ? __fget_files+0x23d/0x3e0 [ 1876.714172][T30389] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1876.720438][T30389] ? tty_lookup_driver+0x550/0x550 [ 1876.725689][T30389] __x64_sys_ioctl+0x193/0x200 [ 1876.730462][T30389] do_syscall_64+0x35/0xb0 [ 1876.734891][T30389] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1876.740800][T30389] RIP: 0033:0x7fd650fcaa39 [ 1876.745237][T30389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1876.764846][T30389] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1876.773341][T30389] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1876.781309][T30389] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1876.789290][T30389] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 [ 1876.797267][T30389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1876.805232][T30389] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 15:41:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x2) [ 1876.864900][T30389] debugfs: out of free dentries, can not create directory 'hci10' [ 1876.889008][ T148] Bluetooth: hci10: Frame reassembly failed (-84) 15:41:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x2) 15:41:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x2) 15:41:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x2) [ 1878.121860][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1878.131919][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:06 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 21) [ 1878.218981][T30420] FAULT_INJECTION: forcing a failure. [ 1878.218981][T30420] name failslab, interval 1, probability 0, space 0, times 0 [ 1878.232102][T30420] CPU: 1 PID: 30420 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1878.240883][T30420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1878.250936][T30420] Call Trace: [ 1878.254226][T30420] dump_stack_lvl+0xcd/0x134 [ 1878.258843][T30420] should_fail.cold+0x5/0xa [ 1878.263380][T30420] ? security_inode_alloc+0x34/0x160 [ 1878.268713][T30420] should_failslab+0x5/0x10 [ 1878.273226][T30420] kmem_cache_alloc+0x5e/0x390 [ 1878.278020][T30420] security_inode_alloc+0x34/0x160 [ 1878.283153][T30420] inode_init_always+0x5d8/0xe10 [ 1878.288117][T30420] alloc_inode+0x82/0x230 [ 1878.292478][T30420] new_inode+0x27/0x2f0 [ 1878.296669][T30420] debugfs_get_inode+0x1a/0x130 [ 1878.301630][T30420] debugfs_create_dir+0xde/0x500 [ 1878.306596][T30420] hci_register_dev+0x2a7/0xbd0 [ 1878.311551][T30420] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1878.316586][T30420] tty_ioctl+0xc69/0x1670 [ 1878.320938][T30420] ? hci_uart_init_work+0x170/0x170 [ 1878.326155][T30420] ? tty_lookup_driver+0x550/0x550 [ 1878.331318][T30420] ? lock_downgrade+0x6e0/0x6e0 [ 1878.336203][T30420] ? __fget_files+0x23d/0x3e0 [ 1878.340895][T30420] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1878.347131][T30420] ? tty_lookup_driver+0x550/0x550 [ 1878.352250][T30420] __x64_sys_ioctl+0x193/0x200 [ 1878.357052][T30420] do_syscall_64+0x35/0xb0 [ 1878.361482][T30420] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1878.367381][T30420] RIP: 0033:0x7f29745cea39 [ 1878.371785][T30420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1878.391400][T30420] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1878.399811][T30420] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1878.407818][T30420] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1878.415787][T30420] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1878.424555][T30420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1878.432541][T30420] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1878.458751][T30420] debugfs: out of free dentries, can not create directory 'hci6' [ 1878.522213][T13261] Bluetooth: hci7: command 0xfc11 tx timeout [ 1878.531882][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1878.543527][ T8408] Bluetooth: hci8: command 0x1003 tx timeout [ 1878.549686][ T9935] Bluetooth: hci8: sending frame failed (-49) [ 1878.601812][T13261] Bluetooth: hci9: command 0xfc11 tx timeout [ 1878.612136][T11206] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1878.921799][ T8408] Bluetooth: hci10: command 0x1003 tx timeout [ 1878.929122][T11206] Bluetooth: hci10: sending frame failed (-49) [ 1880.601632][ T8408] Bluetooth: hci8: command 0x1001 tx timeout [ 1880.608416][ T9935] Bluetooth: hci8: sending frame failed (-49) [ 1881.002004][T13261] Bluetooth: hci10: command 0x1001 tx timeout [ 1881.008286][ T9935] Bluetooth: hci10: sending frame failed (-49) [ 1881.081816][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1882.681501][ T1053] Bluetooth: hci8: command 0x1009 tx timeout [ 1883.081632][ T1053] Bluetooth: hci10: command 0x1009 tx timeout 15:41:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) (fail_nth: 22) 15:41:15 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x2) 15:41:15 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 22) 15:41:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:41:15 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x500) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) (fail_nth: 1) [ 1887.341876][T30452] FAULT_INJECTION: forcing a failure. [ 1887.341876][T30452] name failslab, interval 1, probability 0, space 0, times 0 [ 1887.385298][T30452] CPU: 0 PID: 30452 Comm: syz-executor.4 Not tainted 5.15.0-rc6-syzkaller #0 [ 1887.394140][T30452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1887.404212][T30452] Call Trace: [ 1887.407492][T30452] dump_stack_lvl+0xcd/0x134 [ 1887.412092][T30452] should_fail.cold+0x5/0xa [ 1887.416595][T30452] ? tomoyo_realpath_from_path+0xc3/0x620 [ 1887.422313][T30452] should_failslab+0x5/0x10 [ 1887.426818][T30452] __kmalloc+0x72/0x320 [ 1887.430983][T30452] tomoyo_realpath_from_path+0xc3/0x620 [ 1887.436544][T30452] ? tomoyo_profile+0x42/0x50 [ 1887.441228][T30452] tomoyo_path_number_perm+0x1d5/0x590 [ 1887.446697][T30452] ? tomoyo_path_number_perm+0x18d/0x590 [ 1887.452329][T30452] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1887.458161][T30452] ? lock_downgrade+0x6e0/0x6e0 [ 1887.463028][T30452] ? __fget_files+0x23d/0x3e0 [ 1887.467719][T30452] security_file_ioctl+0x50/0xb0 [ 1887.472666][T30452] __x64_sys_ioctl+0xb3/0x200 [ 1887.477361][T30452] do_syscall_64+0x35/0xb0 [ 1887.481776][T30452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1887.487678][T30452] RIP: 0033:0x7fa6f1118a39 [ 1887.492093][T30452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1887.511698][T30452] RSP: 002b:00007fa6ee68e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1887.520209][T30452] RAX: ffffffffffffffda RBX: 00007fa6f121bf60 RCX: 00007fa6f1118a39 [ 1887.528175][T30452] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1887.536139][T30452] RBP: 00007fa6ee68e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1887.544107][T30452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1887.552072][T30452] R13: 00007fa6f174fb2f R14: 00007fa6ee68e300 R15: 0000000000022000 [ 1887.570465][T27301] Bluetooth: hci6: Frame reassembly failed (-84) [ 1887.581241][T20859] Bluetooth: hci7: Frame reassembly failed (-84) [ 1887.587582][T30457] FAULT_INJECTION: forcing a failure. [ 1887.587582][T30457] name failslab, interval 1, probability 0, space 0, times 0 [ 1887.587618][T30457] CPU: 0 PID: 30457 Comm: syz-executor.3 Not tainted 5.15.0-rc6-syzkaller #0 [ 1887.587645][T30457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1887.587661][T30457] Call Trace: [ 1887.587670][T30457] dump_stack_lvl+0xcd/0x134 [ 1887.626898][T30457] should_fail.cold+0x5/0xa [ 1887.631441][T30457] should_failslab+0x5/0x10 [ 1887.635953][T30457] __kmalloc_track_caller+0x79/0x310 [ 1887.641240][T30457] ? kstrdup_const+0x53/0x80 [ 1887.645849][T30457] kstrdup+0x36/0x70 [ 1887.649746][T30457] kstrdup_const+0x53/0x80 [ 1887.654172][T30457] kvasprintf_const+0x108/0x190 [ 1887.659031][T30457] kobject_set_name_vargs+0x56/0x150 [ 1887.664318][T30457] dev_set_name+0xbb/0xf0 [ 1887.668734][T30457] ? device_initialize+0x560/0x560 [ 1887.673873][T30457] ? up_write+0x148/0x470 [ 1887.678209][T30457] hci_register_dev+0x2ee/0xbd0 [ 1887.683089][T30457] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1887.688118][T30457] tty_ioctl+0xc69/0x1670 [ 1887.692450][T30457] ? hci_uart_init_work+0x170/0x170 [ 1887.697649][T30457] ? tty_lookup_driver+0x550/0x550 [ 1887.702780][T30457] ? lock_downgrade+0x6e0/0x6e0 [ 1887.707645][T30457] ? __fget_files+0x23d/0x3e0 [ 1887.712334][T30457] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1887.718577][T30457] ? tty_lookup_driver+0x550/0x550 [ 1887.723693][T30457] __x64_sys_ioctl+0x193/0x200 [ 1887.728461][T30457] do_syscall_64+0x35/0xb0 [ 1887.732877][T30457] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1887.738790][T30457] RIP: 0033:0x7f29745cea39 [ 1887.743208][T30457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1887.762829][T30457] RSP: 002b:00007f2971b44188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1887.771238][T30457] RAX: ffffffffffffffda RBX: 00007f29746d1f60 RCX: 00007f29745cea39 [ 1887.779205][T30457] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1887.787184][T30457] RBP: 00007f2971b441d0 R08: 0000000000000000 R09: 0000000000000000 [ 1887.795165][T30457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1887.803133][T30457] R13: 00007f2974c05b2f R14: 00007f2971b44300 R15: 0000000000022000 [ 1887.821978][T30460] FAULT_INJECTION: forcing a failure. [ 1887.821978][T30460] name failslab, interval 1, probability 0, space 0, times 0 15:41:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x6364, 0x2) [ 1887.902310][T30460] CPU: 0 PID: 30460 Comm: syz-executor.1 Not tainted 5.15.0-rc6-syzkaller #0 [ 1887.911125][T30460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1887.921232][T30460] Call Trace: [ 1887.924532][T30460] dump_stack_lvl+0xcd/0x134 [ 1887.929151][T30460] should_fail.cold+0x5/0xa [ 1887.933691][T30460] should_failslab+0x5/0x10 [ 1887.938220][T30460] __kmalloc_track_caller+0x79/0x310 [ 1887.943538][T30460] ? kstrdup_const+0x53/0x80 [ 1887.948171][T30460] kstrdup+0x36/0x70 [ 1887.952106][T30460] kstrdup_const+0x53/0x80 [ 1887.956553][T30460] kvasprintf_const+0x108/0x190 [ 1887.961431][T30460] kobject_set_name_vargs+0x56/0x150 [ 1887.966746][T30460] dev_set_name+0xbb/0xf0 [ 1887.971101][T30460] ? device_initialize+0x560/0x560 [ 1887.976329][T30460] ? up_write+0x148/0x470 [ 1887.980694][T30460] hci_register_dev+0x2ee/0xbd0 [ 1887.985583][T30460] hci_uart_tty_ioctl+0x8c5/0xc50 [ 1887.990640][T30460] tty_ioctl+0xc69/0x1670 [ 1887.994996][T30460] ? hci_uart_init_work+0x170/0x170 [ 1888.000230][T30460] ? tty_lookup_driver+0x550/0x550 [ 1888.005419][T30460] ? lock_downgrade+0x6e0/0x6e0 [ 1888.010317][T30460] ? __fget_files+0x23d/0x3e0 [ 1888.015029][T30460] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1888.021304][T30460] ? tty_lookup_driver+0x550/0x550 [ 1888.026448][T30460] __x64_sys_ioctl+0x193/0x200 [ 1888.031251][T30460] do_syscall_64+0x35/0xb0 [ 1888.035691][T30460] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1888.041611][T30460] RIP: 0033:0x7fd650fcaa39 [ 1888.046044][T30460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1888.065665][T30460] RSP: 002b:00007fd64e540188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1888.074102][T30460] RAX: ffffffffffffffda RBX: 00007fd6510cdf60 RCX: 00007fd650fcaa39 [ 1888.082120][T30460] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1888.090108][T30460] RBP: 00007fd64e5401d0 R08: 0000000000000000 R09: 0000000000000000 15:41:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8913, 0x2) [ 1888.098103][T30460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1888.106090][T30460] R13: 00007fd651601b2f R14: 00007fd64e540300 R15: 0000000000022000 [ 1888.167770][T30457] Bluetooth: Can't register HCI device [ 1888.177551][T30452] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1888.186842][T30460] Bluetooth: Can't register HCI device [ 1888.211337][T30452] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1888.250332][ T148] Bluetooth: hci8: Frame reassembly failed (-84) 15:41:16 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:41:16 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 15:41:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8914, 0x2) [ 1888.342932][T30478] debugfs: Directory 'hci9' with parent 'bluetooth' already present! 15:41:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8933, 0x2) 15:41:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448c9, 0x2) 15:41:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448dd, 0x2) 15:41:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x2) [ 1889.641005][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1889.641142][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 1889.650857][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:41:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:41:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x2) [ 1890.271629][ T8903] Bluetooth: hci6: sending frame failed (-49) [ 1890.281653][T28953] Bluetooth: hci8: command 0xfc11 tx timeout [ 1890.288247][T11206] Bluetooth: hci8: Entering manufacturer mode failed (-110) 15:41:18 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:41:18 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x600) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400454ca, 0x2) [ 1890.440960][ T9935] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 1890.441155][T21576] Bluetooth: hci9: command 0xfc11 tx timeout [ 1890.450235][T28953] Bluetooth: hci10: command 0x1003 tx timeout [ 1890.469140][ T9935] Bluetooth: hci10: sending frame failed (-49) 15:41:18 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2, 0x9) [ 1890.512822][T30527] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 1892.280774][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1892.289689][T21576] Bluetooth: hci6: command tx timeout [ 1892.440782][T18049] Bluetooth: hci7: command 0xfc11 tx timeout [ 1892.451244][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1892.520835][ T8408] Bluetooth: hci10: command 0x1001 tx timeout [ 1892.527224][T11206] Bluetooth: hci10: sending frame failed (-49) [ 1892.600716][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 1892.600788][T18049] Bluetooth: hci8: command 0xfc11 tx timeout [ 1894.600778][ T8408] Bluetooth: hci10: command 0x1009 tx timeout [ 1895.000522][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1895.000574][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2, 0x0) 15:41:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x2) 15:41:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x10, 0x9) 15:41:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2, 0x9) 15:41:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:41:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x700) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 1898.933778][T27301] Bluetooth: hci7: Frame reassembly failed (-84) 15:41:27 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c01, 0x9) 15:41:27 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x10, 0x9) 15:41:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x10, 0x0) 15:41:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x2) 15:41:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c01, 0x0) 15:41:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40082404, 0x2) 15:41:27 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x9) 15:41:27 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x227c, 0x9) 15:41:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x2) 15:41:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x0) [ 1900.920124][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1900.920233][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1901.000213][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1901.094828][T11654] Bluetooth: hci6: Frame reassembly failed (-84) [ 1903.160011][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1903.169073][T21576] Bluetooth: hci6: command tx timeout [ 1903.479966][T28953] Bluetooth: hci7: command 0xfc11 tx timeout [ 1903.491609][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:41:31 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf00) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x9) 15:41:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x227e, 0x9) 15:41:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x0) 15:41:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40186366, 0x2) 15:41:31 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1903.605076][T20859] Bluetooth: hci6: Frame reassembly failed (-84) 15:41:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x401c5820, 0x2) 15:41:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x0) 15:41:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x9) 15:41:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2284, 0x9) 15:41:32 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x2) 15:41:32 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x9) [ 1905.639775][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1905.640136][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1905.649868][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1905.657173][T28953] Bluetooth: hci7: command tx timeout [ 1906.187820][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:41:36 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1d00) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x0) 15:41:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c01, 0x9) 15:41:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40405514, 0x2) 15:41:36 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x9) 15:41:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1908.199862][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x0) 15:41:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x9) 15:41:36 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x9) 15:41:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x2) 15:41:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x0) 15:41:36 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x9) [ 1910.359436][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1910.359492][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1910.439442][T28953] Bluetooth: hci7: command 0xfc11 tx timeout [ 1910.439451][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1910.984365][T27301] Bluetooth: hci6: Frame reassembly failed (-84) [ 1912.999439][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1913.005603][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:41 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1f00) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x9) 15:41:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x2) 15:41:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x0) 15:41:41 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x9) 15:41:41 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:41:41 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x9) 15:41:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x2) 15:41:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x9) 15:41:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x0) 15:41:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x9) 15:41:41 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x9) [ 1914.119782][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.126137][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 [ 1915.239070][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1915.240078][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1915.248231][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 1915.807263][T23375] Bluetooth: hci6: sending frame failed (-49) [ 1917.878786][T28953] Bluetooth: hci6: command 0xfc11 tx timeout [ 1917.884934][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:46 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:46 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x2) 15:41:46 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x0) 15:41:46 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x9) 15:41:46 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x9) 15:41:46 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:41:46 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x0) 15:41:46 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x9) 15:41:46 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x9) 15:41:46 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x2) 15:41:46 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x2) 15:41:46 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x9) [ 1920.038949][T28953] Bluetooth: hci6: command 0xfc11 tx timeout [ 1920.045125][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1920.118878][T13261] Bluetooth: hci7: command 0xfc11 tx timeout [ 1920.118959][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:41:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3f00) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x0) 15:41:50 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x9) 15:41:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x2) 15:41:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x9) 15:41:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(0xffffffffffffffff, r1, 0x0, 0x80005) [ 1922.598533][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1922.608779][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x0) [ 1922.757725][ T148] Bluetooth: hci6: Frame reassembly failed (-84) 15:41:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x9) 15:41:51 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x9) 15:41:51 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x2) 15:41:51 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x9) 15:41:51 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x0) [ 1924.758238][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1924.758516][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1924.918400][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1924.918481][T18048] Bluetooth: hci7: command 0xfc11 tx timeout [ 1927.478286][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:55 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x9) 15:41:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086301, 0x2) 15:41:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x9) 15:41:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x0) 15:41:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(0xffffffffffffffff, r1, 0x0, 0x80005) 15:41:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x9) 15:41:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086601, 0x2) 15:41:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x0) 15:41:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x9) 15:41:56 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x801c581f, 0x2) 15:41:56 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x9) 15:41:56 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4800) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:41:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x0) 15:41:56 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x9) 15:41:56 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x81f8943c, 0x2) 15:41:56 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x9) [ 1929.638072][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:41:58 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(0xffffffffffffffff, r1, 0x0, 0x80005) 15:41:58 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541b, 0x9) 15:41:58 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x9) 15:41:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x2) 15:41:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x0) 15:41:58 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x9) 15:41:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x0) [ 1930.357953][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1930.367312][T18048] Bluetooth: hci7: command tx timeout [ 1930.891458][ T9503] Bluetooth: hci7: sending frame failed (-49) [ 1932.357648][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 1932.357978][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x2) 15:42:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x9) 15:42:01 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4c00) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x0) 15:42:01 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80005) 15:42:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x9) [ 1932.917795][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1932.927095][T18048] Bluetooth: hci7: command tx timeout 15:42:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x9) 15:42:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x2) 15:42:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x9) [ 1933.151699][T20859] Bluetooth: hci7: Frame reassembly failed (-84) 15:42:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x0) 15:42:01 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x9) 15:42:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x2) 15:42:01 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x0) 15:42:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x9) [ 1935.157574][ T8408] Bluetooth: hci6: command 0xfc11 tx timeout [ 1935.157660][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1935.184194][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1937.717478][T28953] Bluetooth: hci6: command 0xfc11 tx timeout [ 1937.717542][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x6800) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x9) 15:42:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0709411, 0x2) 15:42:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x9) 15:42:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x0) 15:42:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80005) 15:42:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x9) 15:42:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x0) [ 1937.882687][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:42:06 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xd000943d, 0x2) 15:42:06 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x9) 15:42:06 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x9) 15:42:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x0) [ 1939.957957][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1939.958609][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 1939.973193][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:10 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x6c00) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:10 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xd000943e, 0x2) 15:42:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x0) 15:42:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x9) 15:42:10 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x9) 15:42:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80005) [ 1942.517055][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1942.517073][T13261] Bluetooth: hci6: command 0xfc11 tx timeout [ 1942.632083][ T158] Bluetooth: hci6: Frame reassembly failed (-84) 15:42:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x9) 15:42:10 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x9) 15:42:10 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 15:42:11 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x0) 15:42:11 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x9) [ 1942.955446][T31141] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 15:42:11 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x9) [ 1944.676768][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1944.677970][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1944.756838][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1944.996749][T18048] Bluetooth: hci8: command 0x1003 tx timeout [ 1945.003347][ T9935] Bluetooth: hci8: sending frame failed (-49) [ 1945.221573][T27301] Bluetooth: hci6: Frame reassembly failed (-84) [ 1947.076788][T28953] Bluetooth: hci8: command 0x1001 tx timeout [ 1947.083648][T23375] Bluetooth: hci8: sending frame failed (-49) 15:42:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x9) 15:42:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x0) 15:42:15 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x9) 15:42:15 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7400) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1947.236649][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x0) [ 1947.402162][ T1209] Bluetooth: hci7: Frame reassembly failed (-84) [ 1947.439384][T31183] vcan0: tx drop: invalid da for name 0x0000000000000003 15:42:15 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x9) 15:42:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x0) [ 1949.156415][T18048] Bluetooth: hci8: command 0x1009 tx timeout [ 1949.396575][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 1949.396825][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1949.476690][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1949.485353][T21576] Bluetooth: hci7: command tx timeout [ 1952.036381][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1952.042554][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) 15:42:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x9) 15:42:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x0) 15:42:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x9) 15:42:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) 15:42:21 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7a00) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x9) [ 1953.298282][T20859] Bluetooth: hci7: Frame reassembly failed (-84) [ 1953.376380][T31234] vcan0: tx drop: invalid da for name 0x0000000000000003 15:42:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x0) 15:42:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x9) 15:42:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) 15:42:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x9) 15:42:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x9) 15:42:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x0) 15:42:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x9) 15:42:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8) 15:42:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x9) [ 1955.316035][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1955.316104][T28953] Bluetooth: hci7: command 0xfc11 tx timeout [ 1955.316153][T28953] Bluetooth: hci6: command 0xfc11 tx timeout [ 1955.324194][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1955.452654][ T148] Bluetooth: hci6: Frame reassembly failed (-84) [ 1955.469310][ T148] Bluetooth: hci6: Frame reassembly failed (-84) [ 1955.489200][T31272] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 1957.475931][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1957.484875][T18048] Bluetooth: hci6: command tx timeout 15:42:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x8089) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) 15:42:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x9) 15:42:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x0) 15:42:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5501, 0x9) 15:42:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5, 0x3}, 0x18) sendfile(r2, r1, 0x0, 0x80005) [ 1957.875955][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 1957.876044][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:42:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x11) [ 1958.049331][T31293] vcan0: tx drop: invalid da for name 0x0000000000000003 15:42:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x9) 15:42:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x6364, 0x0) 15:42:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5509, 0x9) 15:42:26 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xc0) [ 1958.279716][T31316] vcan0: tx drop: invalid da for name 0x0000000000000003 15:42:26 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x20000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8913, 0x0) 15:42:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x9) 15:42:26 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x6364, 0x9) [ 1958.636771][T31325] vcan0: tx drop: invalid da for name 0x0000000000000003 15:42:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8914, 0x0) 15:42:26 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:26 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x9) 15:42:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8913, 0x9) [ 1958.757148][ T148] Bluetooth: hci6: Frame reassembly failed (-84) 15:42:27 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8933, 0x0) 15:42:27 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8914, 0x9) [ 1960.755576][T13261] Bluetooth: hci6: command 0xfc11 tx timeout [ 1960.755655][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1961.298011][ T9503] Bluetooth: hci6: sending frame failed (-49) 15:42:31 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x400000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x6364, 0x9) 15:42:31 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8982, 0x0) 15:42:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8918, 0x9) 15:42:31 executing program 2: ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f00000001c0)) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r0, 0x3, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) openat$cgroup_ro(r2, &(0x7f0000000180)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) lseek(r1, 0x3, 0x0) dup3(r0, r1, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD(r1, 0xc01064c1, &(0x7f0000000000)={0x0, 0x1}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r5, 0x3, 0x0) dup3(r4, r5, 0x0) ioctl$VIDIOC_QBUF(r5, 0xc058560f, &(0x7f00000000c0)={0x4, 0x1, 0x4, 0x2000, 0x1, {0x77359400}, {0x2, 0x2, 0x3, 0x81, 0x6, 0xf0, "13c2a98b"}, 0xfffffbff, 0x3, @offset=0x7fff}) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r3, 0x400455c8, 0x2) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x200481, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000240)=0xcb) [ 1963.315489][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1963.324255][ T1053] Bluetooth: hci6: command tx timeout 15:42:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448c9, 0x0) 15:42:31 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8913, 0x9) 15:42:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:42:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8933, 0x9) 15:42:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8914, 0x9) [ 1965.555237][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 1965.555452][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:36 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448dd, 0x0) 15:42:36 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae71, 0x9) 15:42:36 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:42:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8933, 0x9) [ 1968.115340][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1968.115461][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout 15:42:36 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:36 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xaf01, 0x9) 15:42:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) dup(r0) 15:42:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x0) 15:42:36 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae80, 0x9) 15:42:36 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) [ 1970.355021][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1970.893606][ T158] Bluetooth: hci6: Frame reassembly failed (-84) 15:42:41 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:41 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448c9, 0x9) 15:42:41 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r0, 0x3, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) dup3(r0, r1, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r1, 0x8040ae69, &(0x7f0000000000)={0x2, 0x7ff, 0x1000, 0xa, 0x7c02}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)={0x0, 0xfb, 0x1d, 0x6, 0x6, "00fc4295a55603000000b9fff400", "51676c4d72a0e7f7"}, 0x1d, 0x3) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000180)) ioctl$KDADDIO(r2, 0x400455c8, 0x2) 15:42:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x0) 15:42:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448c9, 0x9) 15:42:41 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) [ 1972.914696][ T8528] Bluetooth: hci6: command 0xfc11 tx timeout [ 1972.914818][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:41 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448dd, 0x9) [ 1973.111272][T11654] Bluetooth: hci6: Frame reassembly failed (-84) 15:42:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400454ca, 0x0) 15:42:41 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400448dd, 0x9) 15:42:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000000)={0x400, 0x9, 0x928}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:42:41 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) [ 1975.154639][T13261] Bluetooth: hci6: command 0xfc11 tx timeout [ 1975.154802][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1975.565794][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 1975.572151][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 [ 1977.715073][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1977.724411][T21576] Bluetooth: hci6: command tx timeout 15:42:45 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x0) 15:42:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x9) 15:42:45 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x9) 15:42:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0) syz_open_dev$vcsa(&(0x7f0000000100), 0x8000, 0x240640) memfd_secret(0x80000) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x5) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x4) read(0xffffffffffffffff, &(0x7f0000000180)=""/166, 0xa6) 15:42:46 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x0) 15:42:46 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x9) 15:42:46 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x9) 15:42:46 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x14041, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x0, '\x00', [0x0, 0x0, 0x8000]}) splice(r0, &(0x7f00000000c0)=0x4, r1, &(0x7f0000000100), 0x3, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/rt6_stats\x00') r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r3, 0xc008551b, &(0x7f0000003240)=ANY=[@ANYBLOB="000001000100006f0c6e1fcc"]) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000003200)={0x101, 0x1377, 0x401}) flistxattr(r2, &(0x7f0000000080)=""/13, 0xd) ioctl$EVIOCGPROP(r2, 0x80404509, &(0x7f0000000180)=""/4088) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000031c0), 0x284200, 0x0) read$FUSE(r2, &(0x7f0000001180)={0x2020}, 0x2020) 15:42:46 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:46 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400454ca, 0x9) [ 1979.874159][T13261] Bluetooth: hci6: command 0xfc11 tx timeout [ 1979.874307][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x0) 15:42:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) syz_open_dev$ptys(0xc, 0x3, 0x1) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x2) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000080)={{0x0, 0x1, 0x7fff, 0x6, 0x8000, 0x200, 0xfff, 0xbdca, 0x2, 0x0, 0x5, 0x5, 0x5, 0x3f, 0x5}, 0x10, [0x0, 0x0]}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000180)={{r3, 0x7, 0x5, 0x2, 0xbe, 0x8, 0xc71, 0x5, 0x6a, 0x101, 0x8001, 0x2, 0x55, 0x1, 0x1}, 0x50, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 15:42:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400454ca, 0x9) 15:42:50 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r3, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:50 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400454d1, 0x9) [ 1982.434055][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 1982.434376][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:42:50 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4004550a, 0x9) 15:42:50 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r3, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) [ 1982.631770][T27301] Bluetooth: hci6: Frame reassembly failed (-84) 15:42:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x9) 15:42:50 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r3, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000080)) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) 15:42:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40186366, 0x0) [ 1984.673886][T28953] Bluetooth: hci6: command 0xfc11 tx timeout [ 1984.677278][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1985.222707][ T9935] Bluetooth: hci6: sending frame failed (-49) [ 1987.233828][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1987.242849][T21576] Bluetooth: hci6: command tx timeout 15:42:55 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:42:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x9) 15:42:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x9) 15:42:55 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x401c5820, 0x0) 15:42:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x16) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x40) ioctl$KDADDIO(r0, 0x400455c8, 0x3fffffffffffffe) 15:42:55 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:42:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x9) 15:42:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x0) 15:42:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x9) 15:42:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x305003, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000200)=0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x5) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r4 = syz_open_dev$vcsa(&(0x7f0000000100), 0x5, 0x20000) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0x3) r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f0000000180)={r5, 0x0, 0x40, 0x3}) ioctl$FIONREAD(r6, 0x541b, &(0x7f00000001c0)) 15:42:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40186366, 0x9) [ 1989.483508][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1989.492474][T21576] Bluetooth: hci6: command tx timeout [ 1990.019071][T27301] Bluetooth: hci6: Frame reassembly failed (-84) 15:43:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x6000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4004af61, 0x9) 15:43:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x0) 15:43:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x565080, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x40) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) 15:43:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x401c5820, 0x9) [ 1992.043480][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1992.052606][T18048] Bluetooth: hci6: command tx timeout 15:43:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r3, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x9) 15:43:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r3, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) [ 1992.286279][ T158] Bluetooth: hci6: Frame reassembly failed (-84) 15:43:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x17) ioctl$KDADDIO(r0, 0x400455c8, 0x8000) 15:43:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r3, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x0) [ 1994.353313][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1994.901138][ T158] Bluetooth: hci6: Frame reassembly failed (-84) [ 1996.912931][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 1996.913018][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:43:05 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, 0x0, 0x0) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40085503, 0x9) 15:43:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5000943a, 0x9) 15:43:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x8001, 0x400001) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x8) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:43:05 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x0) 15:43:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x0) 15:43:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x9) 15:43:05 executing program 2: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x483, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00'}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) [ 1997.151429][ T148] Bluetooth: hci6: Frame reassembly failed (-84) 15:43:05 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, 0x0, 0x0) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x9) 15:43:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x0) 15:43:05 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, 0x0, 0x0) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:05 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4008af03, 0x9) 15:43:05 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x9) 15:43:05 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0x39, 0xe0, 0x2, 0x20, 0x4, 0xcb, 0x7f, 0x9, 0x0, 0x1, 0x3, 0x0, 0x1, 0x3}, 0xe) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x17, 0x2010, r2, 0x84381000) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) [ 1999.153318][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1999.161275][T21576] Bluetooth: hci6: command tx timeout [ 2001.712612][T13261] Bluetooth: hci6: command 0xfc11 tx timeout [ 2001.713075][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:43:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:09 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x0) 15:43:09 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40095505, 0x9) 15:43:09 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x9) 15:43:09 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440), 0x210842, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x10401) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x1b) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000080)={0x4, 0x4, 0x1000, 0x7fffffff, 0x2, 0x6}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r1, 0xffffffffffffffff, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) r5 = dup3(r2, r4, 0x0) r6 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$KDGKBLED(r3, 0x4b64, &(0x7f0000000400)) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000100)='{)\\-^:\x00', 0x0, r6) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r5, 0xc0505510, &(0x7f0000000340)={0xfffffffd, 0x5, 0x2, 0x53, &(0x7f0000000200)=[{}, {}, {}, {}, {}]}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x13) 15:43:09 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x0) 15:43:10 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0xa0}, {r0, 0x400}], 0x2, 0x9) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="020100bcedbb115a0000000000003000"]) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x10011) ioctl$KDADDIO(r1, 0x400455c8, 0x2) 15:43:10 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x9) 15:43:10 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40186366, 0x9) [ 2001.937069][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:43:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x0) [ 2003.952481][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2003.952522][T13261] Bluetooth: hci6: command 0xfc11 tx timeout 15:43:14 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x10000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, 0x0, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:14 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x401c5820, 0x9) 15:43:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x9) 15:43:14 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x60203, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:43:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086301, 0x0) [ 2006.512070][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 2006.512197][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:43:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086601, 0x0) 15:43:14 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x9) 15:43:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x9) 15:43:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:14 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f0000000180)={{r1}, "26288b3f37cb9eff40559993b89c46cf8ac08111f0a1648dd62b0eb2537c62791b9c157efab98ddfeefd707b30e60f42c6d80f3af4e68636b1e70bf6ce5f6ff6d1989563fe0cbe8e38b3856adba20cea1aeb861ff93c974cf4734db7f4586c7207851e3e1d8c9228c6e476ce2f91144e424712d42745a6872ea949fd4c2ec30cae5c8ad9bcca2638417f47b58f3fe1b19304ad441e67165e6627c0f6ac8b764563eab08c11d3bb589f023b567d63a2de8d9d4e4a8b1d28712da026e2ef7e81d63dad838bb111054f1c92684e596a3556a7fdcaf35cebc4c2a55f75a56bb81bf275dde48255a504e5144605214e52e1c60b3e1fe7e86cef5bf6b391a256006980c00bd4697fd171b44815606045fd2dda1002c3e495a407684d7ec8ef84726dc2467bcd94f08d4e6a19d8b020d84a6deabca326cfdd482778fd182d7eb1fa32aeb7e84c8f41cf5731550672e2649ae569456202365ca4cce090aef680aec9e2b6a13b4f97f1822d01da11779150f86563f4f03306ca30031751757a8ff4ceb426ebb3386c2836f5ce2f17d7a6eab0f90b6b4f21ee1705bf395f660cd73966a94d87c366d3e2b497e4c8f163f5358806214ccf6631904d17c9fc1bc75b2b2a70f140671c75beddd82ca6eb9865c15748bd757788465aded221dbfc59d25af2bc25f51c6d76a486760226d05984a7988665c16b476107f798ad5ab5cc90f1d3fa3122c140c97c53a5b954a5c636820b985fbcfd6104b4e0bd41a183542ee064b1df077125febb81c0ec296bc36cec010dea2b36790e109361cc0a1e57ad1216215565cecb78de056b0ae2e0d175a324c720599957e08c9700a96fa250433b30410c91d0a13a02fba30d352a42af1cf5996c77234d4038560f032de9c3ca0eb27181ff096f2dbf5710f114c2f1ab7603117afffaed2d52af6da7b63b0da50559a6caa300b31ffbd594f7ede4d1e87a4650c3390ee3600f7a008b5716a8574ea2fa0ea76b0e84bd2276ddae72eaf6ed3f79b239523b44bb656407d6efe8e5948563f71900514510811713a122b1e9123ca3502aa3608bddbbe5dc2ae7c7050f1ddeea5072f75935c34f38b0950b49f394b187ce700ccce7a5c4d25a7b88b6b404e2d60c40881316b930dad309d2ad9915bb59dcd26482ea8043654c9f102e2407f382c80fb9ceb3147875120f3fa500f4dc2c9485b6b3e5cd6062bd738228750da4872c2e02d6b1fd4c49bfd0029541680a510e55b437de0963f18bfd1ac62189b7dfe744b73ecd86c129dcdd099b157b9d2d2425d94c76e7d00e0a4240a2a6a8b2c8634c8a2ffcaae0c2ae291e7240ebc3ec2da6360fc3c8b525a5e46480b15cfcf2ff88a5d4e23d7bdb9ccfa8f950b405efffda71d8b5c03ac8522801dec4a166646672bf647bb134941ead95d3958d90ce473bef684ad0ba767aadfaeb4fbb892b1490764340759fadce8dddfd8d153f2ab9b6a387a74c8c4c5477f137746386f1efeae6cba9bfd16abef3e14a0dfdc2574e9586e3f1e8da0bd62ddc2c9f563bb0754948090960826a36a523b7c7ab6db5ed0f71c0c64cc2d22bdf9f3079fa25feeed44e32068a86b50784a905340e6c61848d33b6b76f3fedcc13ffe3faf34712c333536fb89ff68d5c4f6906c82f74e2166152c7d12e53cb47338b1bb236d103fbf09eb751e1f1b2eedcb7e4c76dc90c61ba2c16c7fd535065fe6d59a381f755bccee0390b67d5ea4fe79380754ac973154dc9dd2bf141a8c46099b6acc13505f96e073030c6b24f8a43d478e2d51c665e549f1113e858eacf2c539b2c3c5834cefa5aea3ddfc7a85b4b957431a07fc239f7f185bd4100f7c377e52b9f8824e695c83b60aa1d293abe3f6ede76ed16bf442b2ea2310ec7a75aa6d875cf70f5dc589fda976509fc7b2e8817ee6843a66654d6d526c4ee3dad51feab32d5a595bd27e569a68416857267372993c52a82f36ffba035d7cb5de1308f3a5e0916e479a10da04a70e74913f79ec198f8b54c24e428b63df0fc05422c6d7e8e0ebbb13cf2cf3006dc49a465da86d98c0f8f636588b1a38384b143af2570052df16bf4f53a6491de14134612206894aec2add206aa7106bf426f5861e86aaeb50a2d2ab1b8cc8b9764ec1b1d86cdfcae3249ef5a2ad2ba7d1800d4bd91cae67a21959e7fb2e8839bbbf4ab0613ee9f9386ef2885da050a1eb2f3046d8cbfcc46d12d937f4bdfccd3c2391c9dc76c7135dfa47724c006a1f121e5e57c63c01e337fdc517d31038fa95365a2e655f0796d035f3e3c174708256820807728287367aaf26fbaf7ca1a159b649b0b3a2efb394814cf4f74ca6d10f21062d9ea586e9df74b1c71de56c64af5a9361bd412da485ccb6e330e28f192324bf22041d3cb61ef3466c26e2d31bf9d73663be74f2545397b719f4c6390f7539f1ccf457ab75387348e513ad7e4aa0e0b674b33cf76393b5ecd79836d1b484d530012261f4b8ea10ac09639fde1be5e38fcb5b0527076e47e1040130a945dc5b7b7625111e9aee5034ceb4ac9890c5f09b3c29a49afade7eaa1003adfff4a990f441104804742147e44e454ba3e158688dd5455204041919aa1a8cc15bcf7c503e2e0fd61221df614a97092c837d1b7d3346fc0383800099c42b0d1d115a292ab507213a88ba6aa5b930d36723245042fc8dbc2be9da5072ab5a9b2e850d7579b5c5f83205a9ac16cfb6517b02b182e1c4b20195837e48a0d0a619d0cf8f758bd5191c2ac87a9b851a8c6d2e9c0569c2fc620a858c234a4959aba994453f5adda20b8399381fbebcf389885b509140dd81183076e0d7c7e0928fd4cda0dbc766ced97db6e2e7f4f20d76f8724b88c309767f8b1e7b84444ee2ea5bef03bd1ba637a28232ee07e3296ba0210441171a66a1d92e82b9df83d4868d59ded4c0ebea3b9d9339f76a018dce0db65cbbd135edf216479992f0af0e784ef565a7a8184dee9c6be03d64b6fbb4c597558ac21e3e02168adf90f5466e66fd4434d464fd28b91c63aa6b35996a71cf599546cd1973db26360b23b1296d2e06e124091e438089d559b8e056ed39ba901887ebb1311733923cbf455393f3990bb6bb8a14dfd1399afe1378cb7c1dc8b3c652cb64b5dfba3a6813c1a8a09f78dbf0dda0f28761ca6ef491cbf6c2714509285b35aef5a49e65be735ccc910bb1fac63f2c5fc256fb2fbdc750b05c89b7b065313240365ac88c1a9b5b68b4bbd53e69878b7ead723b8a8cc7d49a778aab09dd2efafd844219f627848741afaa3360665a13b6510c33a620ca07e242dcb9aa2ad81985b1a25eeeca9a9d8b2ffe655634981140b675ef14884c527d114b17dbeec3719d9b980949a182f7abbc980fc5f640ab672d99b42727997a8f558b3d1b99dcd59a559864e2b10e9539a4437a856d4999f05e0db4eb7e4a8f55091dbb734295055176d165cf275dbd096097444761645768017f3533684ee114c4ee9a92384a38a582031835ae719389553048d5c0d7bcf49f7ad6eb64f0de3c4e59c04c4313f2014583ff769aee6c1c797dcbd027ad68bb18ab6a96a7b41d08d360b20365d8f0af3197190cc54135a9613d3fc18134c0b7dc0b63d4b6e315f6fdcf38426cf59cf531a9e4460018eb1ed3d13654ae126e55db365dad9f5f9445fea323cbbbc6fb6483e224641d01a1dfc2e55c9e67dba3d0ec807bcc95bd72928d2d755dc88010d45a3cf57a3303d0a6bbf43563cae2708d43c34a9b7c9f9adac5184820ca3767b5ddcf62d2b9e178fe63dc1896ea7eadb1748125f82ca868a6c7724130d2292adfde50240c85013b2e63815ca0d8fa3d2daf556dc1bf64b26405255cebacfc3665a60395b013094437832bdbdec71caf25ce4b2f8be009a73ce3d6ffa27b17a4c6686aa11cf698b207996c60b1605c224591df59492f8b354946240de458135e99c24c4d9755ed07b0fc6c7c78ceffedc0807b3207103e1ca1c739e106245ca986979645dbf8788bb68666ab39201df82466fc08d8d7dc0fbd8028da5eafd3b153fa699c0c20ec2c3541a09dfa0ae826cdbb8f11d23b7dc1fe597aa5b1dfaa2bea3bb50c9667f126275e526bded553fece4685b77232079e5821670e0292c5e004df5dc9721003d14a850888be8addfdb8c2017593acb1c3cbdb1d76436f03f45f63d36ff082ca3398a52cd885d8e379d155cd64ac58e78e5c797b6d4b744a87c8b5a8af1f54a7007f0c04eb533c485353ff5a3abd598d9899b2c04775bb9ca704be233dd08a75435b705e5c6cec151802d42d561f5775fdbb1554efa34675ad9926f7ae80a6ec9495d09a6b7f58af7b6018f77fa5e63701dcaf870ea4b2f7957fd3a8a0d088b3b761e2000fa1ddd14139016e71baccd6a4ca1046a2fe4d221f3da85672a3b743f8792b5bf9020c089eca0f650033b03de4ff95f3b403c2fb875854d49bd7236117232b994c36e6906207e59f99b3798de813f686a4c8d4724930782acbc78b2d26722967bbac15012bcb3b2d0b58d1a449dffda8c434758632719ae67592955e8196a127bbee1f12e4e0efefa005ae055cb0c61a8a9105f9b7c41e4b47a7a0298e3a40aeef283df4d7cb9c00441baeef81d5874435b58aa40e2123623ce4aec28bfc75cb5721e4595e2b85d42b5a88f32c0acdb18f3e9616e4e652f839eb2092a4514c71f5b8ad73935cfe84c95de5694099cb3d86086b8f151173aeb792bf2a6e94f88b65d5b1522d63baf32490da3fe0ab48e1b28ab982a7b9a3a27b68537ede4e3670f8134a7f67a10d019fa22efc8d3ead393041155aa251164cfc5620c7fee16c027c72f3b0cc17d396ebac053012ee5d0c9f60838026f99e3b7b823bf5346e7aa1bfc4d6cc96a03c8103a3939adaa69b03c66b8fd6551634d7292c44fde99b808ba2df1c9c43fe00acc8a100675ceb1146e98b984afd1095ec7607f6c43cab1321f96ff504b80e59c5bd79af3e71bf915ea181ee1df9b7295582541f703a06de1ff2c093786cc02298f5e9a6628e5709fc0ec635e8b8c1fef5d4be14cc8bc137963768121ff83ab3c7a482c2aeef1ddca9bd7a03254c58f59d941df4e5d85c9ea680c250ced3047bae6c011047c411553ff111726856eb96e8d3bf162d8b60f9a54e9e9fc1857bd6f9c1d2ee5139f39316244e88f8189ea8bb82368eb3926dd918a898f080cacb5885f2e28d3294ae787ab72f7a99209fb08467646fcca1f4fe6cbe7d41d4c928680fe63858d0cf54b51d900ce6f60a3f06af24cae78c1406028405c2741ea0648b351ae96a39fd7f9f349f75caa3f4a8d29c73ec12278a78845d7dd02bfa42d2a02fafef85ded82331b7facdd24e353029258d4896d5a0ab175cfac68309d934d424be5408695027bfa2547846d5f9f7b6982b9b3828093f8eb5da1dd91ad998a19f0b72b3718d41ebc2374d51d9e40675fb6f54bc40e93fcccbc1eb6eeae0e86949b9430d86cb6f90d46c1b666eeff676b8930ad3ac3439dcbc61e57ac093eccfc2436cb23238591288d3e4a584b7e87410e4e26592a2766598dec1c22c4517136209679fdf5d5dab5f21141805a23e6a1028b20cfbd79d29de407881980cdb92e51531945067fad6a0f767fff98e6ccad37849a7372ef5c5bd20da8c5e970740964153b774cab14f42d52b2d167fb6a1878b4ba1591b59820bb7932686cbd83fbe48892c3505e78513ce016042f3d11e1bb1dbe4ca4d42c4f18cc19a78ee61b13cc910d3718c3baeedb88aace8200e0c0d40f341e1f4d0b3527171149ac3faa47f493bf"}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:43:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x801c581f, 0x0) [ 2006.916348][T31834] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2008.671800][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 2008.681902][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2011.231498][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 2011.231611][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:43:19 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1d000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:19 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40405514, 0x9) 15:43:19 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:19 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x9) 15:43:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x0) 15:43:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x42e400, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1040, 0x0) syz_open_pts(r1, 0x80000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:43:19 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:19 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x41015500, 0x9) [ 2011.456422][T27301] Bluetooth: hci6: Frame reassembly failed (-84) 15:43:19 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x0) 15:43:19 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x9) 15:43:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = syz_io_uring_complete(0x0) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000000)) 15:43:19 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x9) [ 2013.471125][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 2013.471238][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:43:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1f000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086301, 0x9) 15:43:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x0) 15:43:24 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x9) 15:43:24 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x109842, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000080)) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 2016.030894][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:43:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, 0x0, 0x0) sendfile(r1, r0, 0x0, 0x80005) 15:43:24 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x9) 15:43:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x0) 15:43:24 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086601, 0x9) 15:43:24 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x9) 15:43:24 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x14c20, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) [ 2018.270572][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2018.816182][ T9935] Bluetooth: hci6: sending frame failed (-49) 15:43:29 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x20000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:29 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, 0x0, 0x0) sendfile(r1, r0, 0x0, 0x80005) [ 2020.830194][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:43:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:43:29 executing program 2: ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)=ANY=[@ANYBLOB="51818c0d2e92c9f9740a8100", @ANYRES32, @ANYBLOB="000000004b8900002e2f66696c653000"]) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x16) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x2) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x10) 15:43:29 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x801c581f, 0x9) 15:43:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x9) 15:43:29 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, 0x0, 0x0) sendfile(r1, r0, 0x0, 0x80005) 15:43:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x9) 15:43:29 executing program 2: perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x10000, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0xfffffffc}, 0x1c) sendmmsg(r1, &(0x7f0000004d80)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0xffffffe0}}], 0xaa, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) clock_gettime(0x0, &(0x7f0000001a40)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f00000019c0)=[{{&(0x7f00000003c0)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/28, 0x1c}, {0x0}], 0x2}, 0x1000}, {{&(0x7f0000000780)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, 0x0, 0x0, &(0x7f0000001980)=""/41, 0x29}, 0x2}], 0x2, 0x0, &(0x7f0000001a80)={r3, r4+10000000}) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) r5 = socket(0x0, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600)) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001ac0)=ANY=[@ANYRES32], 0x38}}, 0x0) readv(r5, &(0x7f0000000300)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000840)=""/4096, 0x1000}], 0x5) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xb) [ 2021.040624][ T9935] Bluetooth: hci6: sending frame failed (-49) 15:43:29 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8138ae83, 0x9) 15:43:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 15:43:29 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x9) [ 2021.300377][T31970] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 2023.069839][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2025.629501][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:43:33 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3f000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:33 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x9) 15:43:33 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:33 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x9) 15:43:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 15:43:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x19) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0xfffffffd, 0x0, '\x00', 0x1}, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffc62, 0x0, 'syz1\x00', 0x0, 0x0, '\x00', [0x82]}) write$binfmt_misc(r2, &(0x7f0000000100)={'syz0', "db644a56334a4e7845b3c2a13ad28ff88eccbb0d87de98c1f700f6c9345dc5025bbe25bdf601149c2215851247c9c1390bfe12401d"}, 0x39) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$TCFLSH(r3, 0x540b, 0x0) ioctl$TCSBRKP(r0, 0x5425, 0x101) 15:43:34 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x9) 15:43:34 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:34 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x9) 15:43:34 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x9) 15:43:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x569501, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0xa8800, 0x0) lseek(r2, 0x3, 0x1) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x2) 15:43:34 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, 0x0, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) [ 2026.749570][ T2955] kworker/dying (2955) used greatest stack depth: 20528 bytes left [ 2027.789102][T13261] Bluetooth: hci6: command 0x1003 tx timeout [ 2027.797622][ T9503] Bluetooth: hci6: sending frame failed (-49) [ 2027.869054][T13261] Bluetooth: hci7: command 0xfc11 tx timeout [ 2027.869131][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2029.868819][T18048] Bluetooth: hci6: command 0x1001 tx timeout [ 2029.875475][ T9503] Bluetooth: hci6: sending frame failed (-49) [ 2030.428670][T21576] Bluetooth: hci7: command 0xfc11 tx timeout [ 2030.428836][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:43:38 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x48000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:38 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:43:38 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80085502, 0x9) 15:43:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) [ 2031.948541][T21576] Bluetooth: hci6: command 0x1009 tx timeout [ 2032.588371][T21576] Bluetooth: hci7: command 0xfc11 tx timeout [ 2032.588521][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2035.148028][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2035.148494][T18048] Bluetooth: hci7: command 0xfc11 tx timeout 15:43:44 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8008551d, 0x9) 15:43:44 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 15:43:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x420201, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000080)={0xff, 0x9, 0xcb14}) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000000)={0x200, 0xfffff800, 0x1f, 0x1, 0x11, "345f2b56116aa7b1565061f46a5b29b501cbe9"}) 15:43:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) 15:43:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x4c000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 2036.486150][T20859] Bluetooth: hci6: Frame reassembly failed (-84) 15:43:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 15:43:44 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086301, 0x9) 15:43:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x487afe2b, 0x0, 0x7}) 15:43:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6) 15:43:45 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086601, 0x9) 15:43:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) 15:43:45 executing program 2: ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 2036.993657][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 2037.000208][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 15:43:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8) 15:43:45 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x801c581f, 0x9) 15:43:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xc) ioctl$KDADDIO(r0, 0x400455c8, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x3, 0x61) ioctl$TIOCNOTTY(r1, 0x5422) [ 2037.297494][ C0] vcan0: j1939_tp_txtimer: 0xffff88807d888000: tx aborted with unknown reason: -2 [ 2037.806730][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807d888000: abort rx timeout. Force session deactivation [ 2038.205877][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 2038.507488][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 2038.517521][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2038.747344][T18048] Bluetooth: hci7: command 0x1003 tx timeout [ 2038.754362][T23375] Bluetooth: hci7: sending frame failed (-49) [ 2038.962340][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801f499c00: rx timeout, send abort [ 2039.051972][T20859] Bluetooth: hci6: Frame reassembly failed (-84) [ 2039.470711][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801f499c00: abort rx timeout. Force session deactivation [ 2040.837031][T18048] Bluetooth: hci7: command 0x1001 tx timeout [ 2040.843880][ T9503] Bluetooth: hci7: sending frame failed (-49) 15:43:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x68000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) [ 2041.067134][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2041.075953][T18048] Bluetooth: hci6: command tx timeout [ 2042.906896][T21576] Bluetooth: hci7: command 0x1009 tx timeout [ 2043.226916][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 2043.228216][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2045.786534][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2045.795267][ T8408] Bluetooth: hci6: command tx timeout 15:43:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) 15:43:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) 15:43:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x9) 15:43:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0xe4, 0x4, 0x8, 0x3, 0x70bd26, 0x7ff, {0x7, 0x0, 0x9}, [@generic="4b65f58cdb3d15785973994e65634131438e55e9f2448bdcea7ef70e92299e89eed539f21ff6b782f50dbe4ea4dc4b45c3de84674d9e5562a974767561753000f532a402143d28543723d657bef3859ce6bbd6c27e37a0f457b6ecc5c52d398744bd500c2d941672e992c7254a5e9b1264e8694afb3937eb5f090e552c110e03e5f135b5beb329e14daa12ea3a574ef37e6455f5f005dece470e705538184606631b38cc30679bbcf0b27293cd5b7781354e41843be16cb386eacab53baa7c32a8f9c8ebb2798f7f78e8cfc817cb2b8f"]}, 0xe4}, 0x1, 0x0, 0x0, 0x40005}, 0x804) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) write(r1, &(0x7f00000002c0)="921e7ffa233565f5855e376ed3bcc7c12d9ed8", 0x13) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) r2 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) r5 = dup3(r3, r4, 0x0) fcntl$dupfd(r2, 0x406, r5) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r6, 0x3, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r7, 0x3, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000000080)) 15:43:55 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:43:55 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x6c000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10) 15:43:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x9) 15:43:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6) 15:43:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/spi_master', 0x41e81, 0x18) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x6) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:43:55 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0085504, 0x9) 15:43:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3e) 15:43:55 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) 15:43:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x48) 15:43:56 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x9) [ 2047.977072][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:43:56 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8) 15:43:56 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(0xffffffffffffffff, r0, 0x0, 0x80005) [ 2048.913507][ C0] vcan0: j1939_tp_rxtimer: 0xffff888077337400: rx timeout, send abort [ 2049.421720][ C0] vcan0: j1939_tp_rxtimer: 0xffff888077337400: abort rx timeout. Force session deactivation 15:43:58 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x74000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:43:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0xffffffffffffffff, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$F2FS_IOC_GET_PIN_FILE(r2, 0x8004f50e, &(0x7f0000000080)) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000000)=0x80) r3 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000180)={0xfc21, 0x6}) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000002c0)={r4, 0x43}, &(0x7f0000000440)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000000c0)={0x9, 0x3, 0x0, 0x10001, 0x1ff, 0x1, 0x3, 0x10000, r4}, &(0x7f0000000100)=0x20) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TCFLSH(r0, 0x540b, 0x2) 15:43:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4c) 15:43:58 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x9) 15:43:58 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xa) 15:43:58 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(0xffffffffffffffff, r0, 0x0, 0x80005) [ 2050.035848][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2050.036245][T18048] Bluetooth: hci6: command 0xfc11 tx timeout 15:43:58 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) 15:43:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x68) 15:43:58 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(0xffffffffffffffff, r0, 0x0, 0x80005) 15:43:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x80000) ioctl$TIOCL_SCROLLCONSOLE(r2, 0x541c, &(0x7f0000000000)={0xd, 0x3}) 15:43:58 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0389424, 0x9) 15:43:58 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xc) [ 2052.265536][T13261] Bluetooth: hci6: command 0xfc11 tx timeout [ 2052.277241][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2052.803017][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:44:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x7a000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:03 executing program 0: openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x18, 0x0, 0x0) close(r0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000480)={0x1d, r3}, 0x18) connect$can_j1939(r0, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80005) 15:44:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6c) 15:44:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:44:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xd) 15:44:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x1, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 'syz1\x00', 0x0, 0x0, '\x00', [0x0, 0x0, 0x100]}) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x8) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) poll(&(0x7f0000000000)=[{r2, 0x2000}], 0x1, 0x7ad4) [ 2054.825185][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2054.825192][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 2054.952967][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:44:03 executing program 0: openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x18, 0x0, 0x0) close(r0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000480)={0x1d, r3}, 0x18) connect$can_j1939(r0, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80005) 15:44:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xe) 15:44:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x74) 15:44:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 15:44:03 executing program 0: openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x18, 0x0, 0x0) close(r0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000480)={0x1d, r3}, 0x18) connect$can_j1939(r0, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r0, 0xffffffffffffffff, 0x0, 0x80005) 15:44:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10) 15:44:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x89800000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:03 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x0) 15:44:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) 15:44:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7a) 15:44:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x11) [ 2055.623940][T32309] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2055.675456][ T148] Bluetooth: hci8: Frame reassembly failed (-84) [ 2056.984801][T21576] Bluetooth: hci6: command 0x1003 tx timeout [ 2056.993110][T11206] Bluetooth: hci6: sending frame failed (-49) [ 2057.624852][ T8528] Bluetooth: hci7: command 0x1003 tx timeout [ 2057.634068][T11206] Bluetooth: hci7: sending frame failed (-49) [ 2057.704801][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2057.704826][T18048] Bluetooth: hci8: command 0xfc11 tx timeout [ 2058.227120][T32317] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2059.064444][T18048] Bluetooth: hci6: command 0x1001 tx timeout [ 2059.072063][T11206] Bluetooth: hci6: sending frame failed (-49) [ 2059.714407][T21576] Bluetooth: hci7: command 0x1001 tx timeout [ 2059.721033][T11206] Bluetooth: hci7: sending frame failed (-49) [ 2060.264406][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2061.144116][T21576] Bluetooth: hci6: command 0x1009 tx timeout [ 2061.794171][T21576] Bluetooth: hci7: command 0x1009 tx timeout 15:44:13 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x12) 15:44:13 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x0) 15:44:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x300) 15:44:13 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0x8, 0x5, 0x99, 0x0, 0x19, "b90403b67d983f17fe85f9116cb60c59626905"}) 15:44:13 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x97ffffff) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:13 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x0) 15:44:13 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5a) 15:44:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x500) 15:44:13 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:44:14 executing program 2: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000000)={0xff, 0x81, 0x39, 0x2, 0x7a6b}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x202400, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x16) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:44:14 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x775) 15:44:14 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) 15:44:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x600) 15:44:14 executing program 2: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000480)=0x10) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x2) ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000000)={0x26, 0x12, &(0x7f0000000080)="f6f7099e91792e18237fe2ef0abbacc97ff9c3137505a6b67ebf35000cae24d43987559791387107dec7a8315627ef23509616b2235ec9291493d24d470b4bb964ca3c908b54adf26aed3bc1a4cd2f219876a4e4df05146667d1555d61e09514fda106ffbdd542f01d60a1633e9a147ed473a693856648f07a46b43e6a2d350f1fd549aef2a10bb052f6ef469fcb46727c3ab5f025495330a0673a8ed839351fb84f67852aab01d51cfc1f709a3be73d145fbacc36b084758986da120c8dcc7d1aeaf53c72f3f1a0c44e037a907f7b505d199c0de35818c56c7cc52cdd051d345b43e78ea710c2282a977d16e573437ae6e980f2d66e6586fbd74baebace61d89cfd8f261c7763d58017cd946edf10839e47791c76243877e95de16a8b10f35ea82ac4865b3c3fd2d9f1551352dfc7dd9df57692399c90dd461b2d066c9f4c0231a2c1779ca71a790cf25f39e8e7d34caf9be9d8a8b2ee62217b3fafdef3b778de72dc62645ffedc3439d9c31e59755955c67e518bf02b7592b2d7d4a373da7bd9ca4546e8c7992ac1fbcf9cb8451c2016da7c26fdd8db1928cc45072d4e03decffd3d4ed4f271e578a9e3205e08c071026b35e8aa9e82e71c25b5247351b8807d2c5e40c6481d3a82e2e94418994c7cfa4bd0f3fbe9114b592469b0053ab18a0dc20ca4b048df2e07fd655f2e3ef4c20eeb73cfa699bfa88bf07d660d1109d1a583fac44c6f7ce31d8def769420084667b69d5a930ebdc447893144b49c2063ae5398d1d0a72e550c2a4252e0000895017c20ec9de8cfcb7b839c4bde98b5358921ec54f6af5eb271ef6e5642195cea58094cba091d58f86b58683cb001c7c943b9397a52d6cb11e1036b4a6a8abc3772a28651680b167d9c6a39e671422eafe0ab5d1089fdf80a3c3be32efc93962b11f07c68a5b1f0aebd934916a804fe80ea536a077aaaca4507638dead45d709b5474e21d54e859d9b7ce064500f41cbd13096bf2bdec8f9f47be88f4be87d08cf324c0e3a70e389781372054714da96b5243fac295069a6342486a087b4cad2ec4c3b232ed04798095418b3d99645dad1276709e7aa86fdca4aa6117a1f54f1e305f503075d1e5056af8a0fc03619e22305df20f4d85ae81124a04c1c430ec7e7d4a607c29e86d9ad2d2572057fd3563d8e90ac7fc5f11f962f99a81be22129b1e0a14c2c25b365989bc9d2824a3f1f9e7e82f68326df2d80f38ecd71bc0846611bcd5b09e8b4eb46fc36ef75a5ee865623628e18ea8def06ef17d8bc5391fcca4573e97ac19da3f256a4150cd4895c8cdd2671810bf2afda01dcd31fe7b50ae1bd42c13ba690cecc146126bdd8cd54f0e30d6467d52c58d129091249f754d7284915af7e3e86221511f922c679903a956396ba8ab4138fa9351d3d8998d6ebf45ce6af79b701fc22f875098577e2a7d"}) 15:44:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x700) 15:44:14 executing program 4: fallocate(0xffffffffffffffff, 0x0, 0x4, 0xec) r0 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = fsmount(0xffffffffffffffff, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r4, 0x36046319b25807ff, 0x0, 0x0, {{}, {@val={0x8, 0x6}, @val={0xc}}}}, 0x28}}, 0x0) sendmsg$NL80211_CMD_FLUSH_PMKSA(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, r4, 0x100, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x25}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x20048001) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x9) [ 2066.246254][ T9503] Bluetooth: hci7: sending frame failed (-49) [ 2067.303312][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 2067.317076][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2067.553607][ C0] vcan0: j1939_tp_rxtimer: 0xffff888146ae1400: rx timeout, send abort [ 2068.061862][ C0] vcan0: j1939_tp_rxtimer: 0xffff888146ae1400: abort rx timeout. Force session deactivation [ 2068.263320][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 2068.263430][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2069.862953][ T1053] Bluetooth: hci6: command 0xfc11 tx timeout [ 2069.863030][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:44:18 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xd98e33fa) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:18 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6) 15:44:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb00) 15:44:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0x7) ioctl$KDADDIO(r2, 0x400455c8, 0x5) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0xa) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000080)="50de986e0051edf95ed008a67cfa09fc76bafa408aef11c4091774983732865e4bc0434e4cb8b161bc079ceadf5fa792c8f3b71f18cf61323e3f54e7793332492de959af8543c276ef313962417da1733b2433b9aa8ea658cde15bdfb1154ef763f4eae28222c5ca5d735a740a3d5b247a6ea9ee91ac34470acb4b2e93c184692933eed1198c703569b7965509597d33c545936755") 15:44:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1f000000) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:18 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) [ 2070.019383][T32405] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2070.033708][ T158] Bluetooth: hci6: Frame reassembly failed (-84) 15:44:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1f00) [ 2070.093592][T20859] Bluetooth: hci8: Frame reassembly failed (-84) 15:44:18 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8) 15:44:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000100), 0x401, 0x8881) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140), 0x10000, 0x0) ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f00000001c0)={0x5, 0x3, 0x4, 0x100000, 0x6, {0x0, 0x2710}, {0x5, 0x8, 0x0, 0x1, 0xd6, 0x40, "d94d9c4d"}, 0x0, 0x3, @userptr=0x1, 0xca, 0x0, r1}) sendfile(r4, r5, &(0x7f0000000240)=0xfffffffffffff800, 0x4) lseek(r3, 0x3, 0x1) dup3(r2, r3, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x8) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000280)) preadv(r0, &(0x7f0000002800)=[{&(0x7f00000002c0)=""/199, 0xc7}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f00000023c0)=""/172, 0xac}, {&(0x7f0000002480)}, {&(0x7f00000024c0)=""/247, 0xf7}, {&(0x7f00000025c0)=""/254, 0xfe}, {&(0x7f00000026c0)=""/50, 0x32}, {&(0x7f0000002700)=""/96, 0x60}, {&(0x7f0000002780)=""/79, 0x4f}], 0xa, 0xc8b9, 0x6) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r6 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x654b81) ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x1, 0xe}) ioctl$TCGETA(r0, 0x5405, &(0x7f00000000c0)) 15:44:18 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xa) 15:44:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x200200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) pwritev(r1, &(0x7f0000001540)=[{&(0x7f0000000080)="f400c8bd04e2f7fec2906aa8bd614d5c92696c18b6789a234c27e8cf2c7161a8b183f61d2af51883f4e3f9437bb2f1417a11a0c1062cb1c48015039b99c2b66595dc6db7cd2760d971cf15f4ce506cc21b3920cb0643afaa15ba4786bf00a9910b442b7d09bc2d2964d04983f7851e78723b310d4684b7b88791b951f1f5bb9a4a96b91ee05fdef4c6a1494768c0c32c9dd141e76177f75c19e91290545595fc045f", 0xa2}, {&(0x7f0000000180)="011cada1d091107acd06ac4d5a5b41f134db86745ad5c27608b31031b0d39f004bba8b9e527ea1031b771d4703ff8e7c16d63a7a0341623a0ac75a4449d41af773624192e3d4162936176ebf08953cc512c27971eee7299eca42030e2ea5800102d28fa043cebaa79c769a3a6a326280bafefb6209c931bbc140c0eb76edf508131593c0789b9eaaa479bcbd1f0756f0f3216254404a9b95056fc86b4eecf89ebdb83374d721ee179ddf5bf133d9e2bba399ca77ab42fe52dd9ccdba7767e474f5f24a8ff13f6c2a1a7dcab061", 0xcd}, {&(0x7f0000000280)="6651f244d7ff9d4321d41a1bac143cf6f6c202a104a1c2805d35a4f8c0bfdf52271e50fa1d9365c555cc2f65ef7b0632e9921dd8e6e80e9f85b83eeeae7fe18abb68074d46e3df4181f3f3ca1c5a651a3fd129e20fe8bf58b6c9aefe14298524911cd9ad44caa7033daa667fb487c6d7e4943ea564922e11e7ce3414a7643ebbd18986feadd7f2a9e6a5ef11e74a76d0c7ea9dd89414909a98b0862fe6582cf7c892f45fe24b1c53c148ffac57d9df5abe60fdbf4b3bd7bc1c8d6c0f9e15c66aa07bc9c91a8d2d0fa1a540f08666d655ab79c60b6df9a7d2000e3c605685402149b3cbddc63c60f0513fd45bb9f0ddc5b2a15b5be153ff5fa0392e37278f1d5c0e183e7178c06cde8bc32e4ea67fa68df8e946d63d1a7b4f34634f2cbc6e1a69a8bb4218a5a03a8537c3ca8165788c06b300901f0f1161b53118e76886ba824ae193a8d81f6ca80e4916c482192c899eb7e4cdd796cada6460f9652ffc2aa0ead2f858bb9b60d9b513501344b7330ae40385e27bf78b3267c7694837c19be93dcf40ad28b8f4e784a7e3d2936db83240d77e2b568fbe51c0af93f24a6d283baaac4e5ef8ae578a984ea8e23603855978b1543047de844f38cbde9002ace655f530f8db0000ad76e18477d1b5e4b90c39cce20eac9e30b764260f644885c32ce81724eab4f296987115041c6a06d78643f3d9540fab81e3fc67ec7a3f8d1c7098c3ae046524120fc0a06025a4241d973172a2d9b70d176a115748804d55fd7099ae5b3e8621d9b081bffccf9e19b50cd821dc2f193a94b7d86592b4fe5a48332fa07e783b610d643e51ffd35ed06a2f783c2b2399178c96c38c13c726feb10cefefaa29a4d7340dfc397a151244382197acd59a5d5c5ee137eab849d40496853103537fff0e5c518733f6ce37b3c8cdd3cfed189311c6936c3ce5d181134e43eda8dfcb71396f00d3b4a35d0fa4d2437a7bd6306de16daf4162fca6f66088a9ea948b02741185888ce2325e448a73be3a896f9e3f932ebe5db0b88b791a2274ddc353e0bb8491d99d0916214b92fb93f3d2b5fc7fc8833030229b3302c333ce4fd5e838365bc8d5a5456699d2186c762ef8c06d4fa0fbcf2b4e0c70c3baeb8737ac3c6cf4443a260cb7983806b42c521b137466ac80c8acb08ffb5c262359d6568bedb9f6559a8409173aed6eef380de5d1fcd9598e616d04788036faeeeec73d917a9c9c59846b2286ba626da5a43e04d9358167be5384415f89a7d2805ea1c952eeee3ffd97e318fab53aae4d909d393293738f11701183a01b5f54f23612ae6678c53800b9d5dc830167ebad9cedfad275b7623b14d460cc19d25a3945bd1672d491cccebb23c39276405e296a6cac707706f90043ed4ff52a6a20e074b08d7a379756337ab26540834cf9324c624b5ceea96f7ad5528930fb608e74cea6404131adabd6531c7ed804d236881dab80a4052f16baaa00a184d56946b86e62a627d3c06efc16dd53a21fc2547cc6245319bae80a24fc9e4c1b1ce0bec9e0156a40fe295942183ac1b5ab6663fdaa9cca2fdffd65773997ebf692797b8a5fd0d094d561fd6c9e220d649d255b17851f39e06a32aab3c495c36b0608b86b153eed6018bca2416fd4443d2e27c0878c37c3a6820828d3b56f49aaafb395f680c03db7aaced59d75af6383737a30bf21ae4fda8a11dcc5977c61f04a27659db98cdca5fc1a8e9648110edae22b16925bdc69ec0c31ed2baff20d7bdb4a45f4af9b6f00f076155551cb2146c3621de8ad47807a92caa81cc6e7ef4a1204604775390b2a285fe3df7aa8062c8e0a0461b8492216729f8f1985947e7b7ffb33bf31083f0ca679419c4336e3d3e21af3b977a8ec16c513549dbb738d0c2e98dd77f1a4e7a7fa766c9bfe99a7623d6873ba5dd4e71f3d7df1dc73485c5de8ae2a96ccfa72b26816582d4ddfdc528f6491e8018ec990012402f93bca701ad461df469fbdcc754c5e77e4d9d04c5ba40dbce4bd315161c7c43d6bed2063409a554b1a5de3c2b15f785ec358bf8783981da2cd0466923a91035d360a7927e4b96e681e865f3fca77266b6130b9021b52b8cd09dbbe65122663d9e21a8a709782b4ab7534242e58da4c2f850fc8edc3b68998d592e8cd03737f888567d56c3da6185554fa5caef83fcbca62f2a36bf0b2feb2fc346f0c81e18b9bf8b3da751fffe844491ecebcf6a73f6e4a3c4926f4bcdd259d2cde78b6129f798489922c0d3d02fa6869042223ad1b46cf5020b4105927ca29d93c00d6516af142ed88caa3c3cbdc42619d1519cde85445f8f22161301f3647414c9f78e27fd1032dee63b2bbd51cff4ba8b59d51702118d68f6c8fdd28dea56bf2d7875e5683738326ec683b62d79cf92771508a200756a5afd50fa6fd52f5b72713a2aec5f0975a44b519fc14a8029dd4fa689b8f70fb5818dec5091585ee3ebf3faafc21d930f6f32509240b23e348c81f7ecfc9a548b65fc79fbf423b38acf8cbb0600320e4f458739c774b801996d0a077d1481dfd34cb58dfb7d6d777024a37380a1c9061de5393b618189b6b881114089c7021e409c2b5574b157b9f2588bbc928956b1d3c49c4023f01d2d4389cde682d28f5cb50aad9f0705beba8afea7fb5ee55380db63f6bc615b96f4063e566293634496bebf4b459aec72d958b83b388b85c01dada776da15c63df6850815845f2231b143911c146cdae8f93a737be7ab0a50ddc8c649c9b28ba9fcf49539ad1fdcbf2820d2b8929d0af1d3470e147aecd7cfd7b9f020dbebed1931ff029da7bb806f33d773796457d8dfcaa916665fc8c9d88abc6c833b326e85b24ab0a358b097305b300434ec916e0efe114992ae6420c349268199f62f40a5c991c6fa92b29bec679a37cdb0bba1a18847f280a327b2f7e27775caf124d1ff55dd64214ae5e757dc01be16fe66ee522772aee243b6c75523c6e7a59370cf78bb0c454e09516571b7be62a0d7b8bd7d765bd069f52e8b6ad5ca0bce77f08c5afe6045de2be80b8b72ab022301ec5c7b6a4b06f6748b4d12dfd466013b342f2114b64487a5bc826a63d23016b297f81000b47c8386be56ba8a4a7651fff49c717f998c95b6b96f6745dfc4175f6c3f3e3790b4a29eb3bef0ee00ad8ce4cf5adf17ed286fb149622c1f66dc1633ddef519d56b8fa1bcfa8a0a202cdae9521b9a8c48524603b66cadb65f3b325811dc058ec717839194e28ce788d9edac8a2cee7de90985e9b5064a63da423e29455f47ff13c02f1258f01a5621be5996d820631cb5597a90a6c1eb2bd6405521b827d30e331d15ec10cf38a574b341eb93f192c86a40496cf30411be089b361a187a473038a98f054198363c0fd359c784c60cf06d355e7e709a05b3e227f99c9f56e03db2303b95eddb111a967e44d8483660333eb6c57803b8d6b636bffbb85fc9be9137d41f11a2f13444e387e803ab2b525639a725316694db37f94f80558f5a3470c6e3177f49c1cf042b9d68078aaf3333475f72735f20855af9d4bf327c1422427d01860fb47197fd9c6ddb62c0a1bd5e6957c4d593e0159e4432ee21b701aa2e348011c1b35c7a8943c3d8ce80cb7cd4d71ab2558f5fd40ff4b363177d394923edcb5034b73104c502dc4ffce717f366f03d9baaca5fe357cd58559e14651c0ead1cbe771d444a97f19f740847a083f8ba3d53a1f584d5eca6b7010b0173e174dd046a30af0038a426223a990e22d6e14ca852ba2e005fafe08caf65819ede9170963f90faa0192d2a3ed60be9bf4c3e13f444eaf46259d13678ed2b472e59d85e2dda00e5780b1225b01833c456546e558cb4b527fa0caf2b0d94638f8202b7134046781a1c4237d8b637005e550a1b7424c6d6000279fab44dcd87cc5165d7e3b6c6bb27314d82a15ae773746e266ea7c67ce2d8db17d5209dd905e242a2c8a5319030bbff88ba45a951ed6a7e18a3c6fedb7d58aad1d7868438ce9173aff6e022439d907e6db41acd82af0d2a2bc8f574c665cadaf3fb33c3408cdadd30c9d27fde57a555690484a842a7b9aef26560f41f75e3cbfaa9d324f785e44d2e4a103dcfe883826b5ec694638c37f0f1cb7d62ee2036fa6313e6654c80f85622eaa17bbaaaab4857806d39228885e5bb94ebeb27e652e5cbf06e7f5f8f32bdcd7f5c29e055b92d07cd857763801dd9f6c318a799ce04f73714ae5cca31ad0c868d18e591f64d5e371c8384d418299c736fed72bfb71220d0245fd152d7563f92bc4bb0bab3b2111d1078f92516bd2d84a48ea82fc974fde784419d12473c32005d42c6d81ed30c1ffb5c09a084303499dc70cb63f6c49637810ac5ffe0489feede87de7d253e28aefd74ef8cc37ec5a7f6555396a3bd16d96788dafffec4306da9ca7c847ad662d78f680e26012d973b992097557238baf3ad3672caf9a864dc26e572b6d2d25d553e6dabf2775060210664c2925e485792601229abe0c58113df96ce96a5513bbf65f035613498ecbd13283d2585098ea025d9c2d837eda2f369b0a962452a9c7dbc8fe288a72fb6b587bdafcad6d98f19ae84878265f4fe4ed3c883d749ce3d9b5e37e9f5d95484eed3356ba0c0f6ad0e17a933e956b7082de3062d02b9572c4efa6236dc3c96a27da6b18f9aae160be3538865246c441705e2d168a814427f100d355ad0d79d91a156e9f77b0019e0bb4b09f16c300732ecad1cb6437d1306ce0f3742c65e3652ba63034db47d27b822634a42765914e39c8aad1c0ebdd40a987ac1704d736dea9e146f465e5c55ee37f82d42130844cf60e0cbb0c71072c075385787603478c008a324c0ef0e7ca335dcc3a67984eb00560229a85f23dcb60cac2e94d9b90bf14909535d3361804436f22930c23c11c8b58f930794cbda739325ce1b6a91e5e007545dcf1f4610254650e087676df45e00c6c58d974e5845eddf42e813ba55e5cacb36b6a30e43315082c3836aee30776f8f4eef164b094e2e7c50ccbb6e3c729c19ce2d13559f221cbc7ac2c50ff96422d9cf92e554dc1ed868cbece642463bdb1e8a6b36ad0c7993bf69008c7ee4241eba3b7aeec95e50fd3ecfdd0996cc7aa2d91fdb6e569ee32b2de08a191d9dc90f0614bd01668f44c89b5c7059348799882a33dce583bbbc8fda17d4b789a66e47e1da4864326875e99401cec7443dddabd0ac2ea78ca7a94280fe5768a8d4679f8f81a1e62e372aa0aacc4f69f84992f7ac56bf4c1d39b61d94872d939de9789a1385d7d70ac357d49f014f32f0d34d61d626e879cc85cd20ca97981512f6c206ecc713a2f2a36663b4fcd3ffb8cd1665658858ebdfa6eba5ff08eec9d83b69c4619acd5bf54a039740b724b702daed8a97cd747420daaa73073f2803a91130db4dc231723df21cdfac9e026af5c5afece0899a68bee3f5cc5def4d51da41940fa3a262b405eaa7d7caa95ed9e003d2f75325db3be5766c68a671b934c19efa5ea8062295c582ecde8e64bcc6b0c01a6fc196ae6b17727298510181dd9d4b8d7c5a93dbf12802cccac435e8ac551a48c431d956487e1324c0f2856dfece76298ac887efacba9375b87ac2c5b59efb8fcba2dd361f0ee75a8eebed42a97ddce61da4c8657d2128d230de05d4a10187888d0a59e4342df8fb4f01e1145876c0342e2d86eef9eb8dfb067751f8cd8dd3fe652aadb6221f95d942265a7658eab924198e0ee87cc895b298d494e2a7d4ca857218bece2edb3980f5c0717a60c9ca907c1d9e613f4e936dcf4123a9bae8891884391de27783", 0x1000}, {&(0x7f0000001280)="c033066f5f53c576b16d21e8c103d1d50e450307a7c00b6046594571f8373b2a9a4e134d0a58726246433b274433a4e9b8722d2771333b132dd61a7734e89fa8585029ccc014e2f43f537b0348354adb633de8c324d927ab06c5ca89fda1968c33c4c16690793902ffacc71fa6", 0x6d}, {&(0x7f0000001300)="90d08f03cb491803a9a4f5464a9ebea39904dce253670b95df60de9dae53aff5ea5c4677301764115081aee839ddb7ac48b3bc5d486fcf6a6852be169ca3e28f50cfa85995536b05da5b2e7ba095cf7c05cebaa0a1f5738ee7cc93e4594a36840e76", 0x62}, {&(0x7f0000001380)="7db0d16f4d5a05b67eb3471f01287f914d6599f7f096d8f2330e20f610a46a34162c66a305182ec51cb33767d938bcb1ab8f054b4dbfd41beac6ed699333bf3d75b92bff0a59008faca9d1defd0fdb4310846cfb13b53bbbfbce7be2bf061627f7e20a2fbbb75b01eea7ab28e175d639a10f89d65e49576950c84c475bbb1f917000c37dd9bc39e73d01a8cab18fc204b9e8ca4d697ad073a5796135929ea26a6371", 0xa2}, {&(0x7f0000001440)="e7ad961337b6d4490550a2c5a7c10acc39bbc9367c4c0756cb8ca26ed7cc2b8eccf60f21eb01f76c39e3c3bd93bea52c72d6eb05a87be1305f117891330043be9b3d29c063d514becd77cfbfde348cca08e80e154d4a3eca84589c30c0166b1eeba2cbb3d82271511f414a889b5599d5cb7b2e88af924cf3a32a0719da6ff3db24c4d1ee820f010b681a2a69445aed92ff04bcc1222b895fa6c690af11bab2026fdf6af42cec47e0ec1d78628f4839e786219641457d66c0a5e3a6c9829c2bc94290753cf18fed5c1fcfe1b87400a991fa06ee6fbde8cfd19c5e5f", 0xdb}], 0x7, 0x101, 0x36) syz_io_uring_setup(0x37cb, &(0x7f0000000140)={0x0, 0x0, 0xd}, &(0x7f0000ee8000/0x4000)=nil, &(0x7f0000ee9000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x5}, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r4) r5 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r6 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) syz_io_uring_submit(r2, 0x0, &(0x7f00000015c0)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd=r5, 0x0, 0x0, 0xfffffffb, 0x1, 0x0, {0x0, 0x0, r6}}, 0x9) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 2070.343203][ T8528] Bluetooth: hci7: command 0xfc11 tx timeout [ 2070.352539][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:44:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2000) [ 2072.102797][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2072.102806][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:44:20 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf5ffffff) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:20 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x2000, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) lseek(0xffffffffffffffff, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000300)={[0x6, 0x2c, 0x3, 0x800004e6, 0x10001, 0x205, 0x5, 0x3, 0x100000000, 0xfffffffffffffffd, 0xffffffffffffffff, 0x3ff, 0x7fff, 0x3f, 0x10000, 0x3], 0x10000, 0x401}) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000280)) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000004c0)=0x81) dup3(r1, 0xffffffffffffffff, 0x0) ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=""/214}) r4 = syz_open_dev$vcsa(&(0x7f0000000100), 0x20, 0x424200) ioctl$TIOCCBRK(r4, 0x5428) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8020000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYRES16], 0x34}, 0x1, 0x0, 0x0, 0x24000008}, 0x4010) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:44:20 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb) 15:44:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3e00) 15:44:20 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x13) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) 15:44:20 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r3, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) 15:44:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x0) [ 2072.817886][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) 15:44:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xc) 15:44:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3f00) 15:44:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x240000, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:44:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) tkill(0x0, 0x40) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000100), 0x80a, 0x301240) ioctl$KDGKBMODE(r3, 0x4b44, &(0x7f0000000180)) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xfd, 0x1f, 0x77, 0x4, 0x0, 0x2be5, 0x4, 0x6, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x7, 0x6}, 0x8000, 0xff, 0x0, 0x4, 0x400, 0x0, 0x80, 0x0, 0x6, 0x0, 0xfffffffffffff801}, 0x0, 0x7, r1, 0xa) 15:44:21 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) [ 2073.127118][T27301] Bluetooth: hci7: Frame reassembly failed (-84) [ 2074.822243][T18049] Bluetooth: hci6: command 0xfc11 tx timeout [ 2074.822637][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2075.142383][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2075.206501][ T158] Bluetooth: hci6: Frame reassembly failed (-84) [ 2077.221955][ T8528] Bluetooth: hci6: command 0xfc11 tx timeout [ 2077.235977][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:44:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfa338ed9) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:25 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4800) 15:44:25 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xd) 15:44:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x10c180, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, 0xffffffffffffffff, 0x0, 0x80005) 15:44:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = fsmount(0xffffffffffffffff, 0x1, 0x7e) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xc) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:44:25 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000580)=0x3) r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x40000) close(r0) vmsplice(r3, &(0x7f00000003c0)=[{&(0x7f0000000680)="c94c230809c28f0529a4e2304541c940196cde807343a90434b0c61ade286cfff75f9864b1d243b18e53dd636d393fbab75bce9e08562c004229cbb6c17a2a49bd6c0f0f4410e40f784d7452abd5bd64a7d6814a6b71fcd49af06f1df64e259a7de21b79a23061460e4cccc2337e3552291983cdb13fec767174538d219569d1b96bfca221a97f8904e9614a908b8b52205a19922614222b0324ccdbd90da342fc2af81dfd4f0c091505025ade36523c54c24d1c2c66b13314a7f187a2b6fc356e5a2bc774b37c6768c5b6f0", 0xcc}, {&(0x7f0000000080)="09e981c01faa3ec4b55d9759abd443f761621f747f78926f9c8a", 0x1a}, {&(0x7f00000005c0)="5c3d17d01ffa481298536e36bf1184cf90874d06548bbd4d20937f7b75369f3f93a25c8a1575dd1879c9e0eedf8edfbe92773e6959c09625ea610a25c683d2f4353b48e24344a3fba15e395441d4c76b635dfbdea0e526da99b687ebf448b7d02bf65292e5be450f9966fb6c8f8ca767f6a3d9412c9079f7294a3e7aad2d3d629827b107388ab1", 0x87}, {&(0x7f00000000c0)="496fbb4eba9cb054d409c004c197f961678e53642fb18ac67f34cbba110beb434815cda5d373be25323c2829c853e88c912b732f5a33b9525dbf09412390441e70bc6154d863cfa073f662b100e25633e75e6ad676e31cbc4e4d9a", 0x5b}, {&(0x7f0000000340)="18c1cd226954f0b0f7786ab8664c1b267f7d262e595beb7d4beb97cc47e5257a0bd378e1e0c0dd8c1a83bb0b8aa2516185dfef902de37a9f34f85414e41b3d10b407", 0x42}], 0x5, 0x2) r4 = syz_open_pts(r0, 0x2) ioctl$TCXONC(r4, 0x540a, 0x3) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r5 = openat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x400440, 0x0, 0xa}, 0x18) read$usbmon(r5, &(0x7f00000004c0)=""/170, 0xaa) [ 2077.381996][T21576] Bluetooth: hci7: command 0xfc11 tx timeout [ 2077.382065][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:44:25 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xe) 15:44:25 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4c00) 15:44:25 executing program 4: write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000000)='disconnect aa:aa:aa:aa:aa:10 0', 0x1e) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:44:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pwritev(r1, &(0x7f00000023c0)=[{&(0x7f00000000c0)="a832fa85377b73d54971be70ce0fd4fd9f6a4a8ec62866e7124b550d34edfe0b0c52a5ced0fd5327", 0x28}, {&(0x7f0000000180)="a8f56295cad9c3478b684b5bb631b4451bc4dceb5ac1242c82921946a4cc2c8b917aa373b2c424bcb0fb61dbc785512d36caad24c3251f1ef7e5cec78651e5549ffefe915ab1a1b0c4ae8837df0d9de41e20a97ecb4cfd53a6b22099ebccf27e97fa95ba89fc465c7911a2c5cff631155b92ea9e0951817ea8e1dd8f50828d9fdfe088b5155cdeb14f3cc084e5d4b576cbc2eed02a730850f860d74718bf9366b10de8d831b96259909dd0224a534c00c88b9e24c676fba59645d12fd073d53b024cbf80c9b18b2fe902c56f650e97671bf604de9e89308dbaa5cda01abaa6d7bcf6709cfa9f41b0fe997a7b94c14b291c76459260c563b85fc798f9168963ae90814ea0352d68af55e69313a1271f49db6de356136484c202428e3f33e54bc85bff3e95de7031c4b818af02a7f994df5aef8f8d50d1c4d3a85b55d357b103414fc407a70414477dfac3fd91624a410e71edb0814e0966e759d37d7de586821e7ce51e2b8c1c8b05bb8d0d852fd252cc78866f008131a90d3a1089c60e486e8169386fff01350eafc67b5500ae8d22869d597429e347ca269ee4acc8a9d282d7983bd361e43f9957ae3979db1eba90c7fe56329067a1f0f27df118deb68364dc8e4547a89ab23967838d4a5486628a739de7ef321825eb69be7616cc93e32ec40f4710f1a7911d3c3cbf7e8af87b9da1ecf8db66cfae0f9e6d1e17faedc173d4e1f7fe0a08e4e8b57077e6414f559c747dc23dd9077b57cbab70e27008542186fc1eab3ef96ba6b28bf2b8b9219361719af410663d116ab7fb348c854b19b705ad6ac48d2dbb1b539ad0c23de6a30611763cc213b356ba164df71625613d93e903d4837a5a1251f250a42f33af99cc9de359d078edb1480d98d4d3b2515b5de3471bfa22c4a6ed59089ceb504c5f76a44b175c3224215406949442db5294e2c1859cebcedb84f88ed4261c8bd646b6a1f742b99eade1924009ced365a7113927c19411bb8caefd69041fb6e8d5e799c06e78e450fa1c30e249611d9bd613026a54269d058ff6d63ba57ffbfba1495af986fe183a64b0e2159c130697498be14eafd4d00d1f31079f3b3e40624d3ac23b60801cc480048a7ffa41a6b6b425909fc03c43068b92aa41ce71df487e9fbb3c7c00fc4ac829f961575992d374c86a1e670a910b067fc1685076b021469742d47bf3fc245290737a1a33c9d8c74a519792c4dcf7401c060ffce00bb74c80876f56e72a97dfded55334dee36319fa61279d21eeafe81f76012648d77bace63ab7d3d7a84bf3897996b45e7043024fa1c56853be61476c9e4ec99225a52693a353af351d3ad8426c516252a4011258653386166e46bb38e74dcd17540237f9ddb1ae319493ec35bb387a8de6c430436903f8de78e68609cbf75e9e62cb28f89aa0c4c84f804d591c74205147a4ce2420f334595ffc7afe07904f15ee2551da52e0a5e16437ae10238490541df6e6b2165081a729b677ba6b0e0d44962c193f992e86b06f5b2b76fb68b8e43d732cac63cb848df1a4dbe5653520d6e38b4e11695616437060b9151d2f8768709de3ba6c24cb79fd05083a45e4f10174192e64bfce5ad09ee47398e7b17fdf51130c6e07838d0125230286916045ed9805f67b6bfc1cae882cc053d77135b3cd239463ebe8229764d5060fdd1367779c56e6086017022b6672b70182ec45e0b787e2ba7ca62832af784d2934bcf59185539adef6488d578e5bf803467f22a1c9a65e95dd25cca9535939da8fc3d466de3323a7e7b51a55109d08da0f608ca07ab4600aba1f3caf972a0445e7f19b3cdc1eea85c51836eef80dde0c3f115f227a96368b021475b79cf1e5ac7a28a4473df2de7f7385c966f823d2a79cb56f2ae06c401ba9ed5423b5fe5202b2a0e7b3e0dfbc87a6eac99dc75654bdfb0249266d2d16305f182ae6509092c0b5596ec8cbbed8a5f6cca5e73e7d0993ba3f2698b7293fbf037f0b9dd629771dd9b6225f27cfb3c8ab83838a4ced4dfbe7e9b9d8c00ccd6099d207adb98eab82bc28e8e5d514bad73867db1ebbb6667a8af847315063a137a0f3dcdf23a68ebd117fcd509804076929d38e53ca8f57227c699bd9f49f4dfb06946a7c06767b6e046dc8f91d758c994db0fc75f446e3b371432145a9e082c46c5008d9b65709a729d9f2b245a148035e69545ae96f6c70974a433f3def7750b84c2ea434b346c6590d29b324b290143cb045094a8926a0e5f4b58b0b6e3547836b64414d7f2c9e9ffa54d2f60865dabb6db6a3a303586e77d2f22f57af03dd7ada44299a41545c4e4a18384bbe07691104fa8f1effa1b64546ae8bbfb171eff57874ce9eb63775a1c784bcc5d169d8ed8a307bf902a07286929b60d3537c17932f10752e27d2b33107bf9d630e1d37b7b016780e72a3c8b244915883b8ce27fc03e1d924c4f1ab5f7bf9bb4b7ec76006fac37ac3963e766f915e1e64a4720eedb6d5b376cc15e882c25634deea1ab8f82343f2a8c7ca52e03921951cb2d978816f48614bfb56c1c7d8bbbd9b8fe9e3dc6f7b6e4c6e598b946eb9aa39285bc4aa869c03d23699a12d8cdbc993d7cd6e9946a3bc002cb78d467caef25983476e39095a98638464b564ba5a93be2f151dfc9ec074de56593cfe2b9bce87571320f9f81d4ecea8484060120ecf4e4234c9f5b0c93c37784e946dad6c92cf824a097e86bc978004ac1bdeea8deb7d9d31e475bede6df1715dd42a10f2642905ec12c641ade5794b0552136e457b3f90da22025dcdd8cb83e5cdb57b2e2cca7a3e7d50e2976609a1335922200c5c165b5ec4f3a1eb1f562d58aceb8514b1e58a3ecbe011989aa43ab3182c91f186ee186c1d92704021a1c4c8fcd13c9b1640ab4bb48bffd0fc80544a867ac81ff6aad78912df5d8d0418b176e0b90e0a0b213dc689d6b84e9f14da2c6a0b62bf51ae4091849839d966932958160bc966d068e0d3d40203c2aa337b9bbbfa0e75cb68e61c941f367e4edf4737d5f986ff037341f3826e047877cbe7fe8215f1dde170cf5a728a4d5206bd3b19e08aa4524bbec593ed162454fef07e3fa8a1966091455f9686bac3900620a7a5920f93759859b3e5b54fd9002cec1e10fdce7ee3e86d8edfa8807de551e8d1b97c24069e9d2b436d55fd4687671a20df3317cdb37aebd2e450824a72b566aa57799fd0accc0e884b533c686f8ad68da3f9736f42d9824e632c55108c919d44ad3aaac7f1c4da6b2f004da3e66f497478f90490d9ff255ee20364a178df6f241dfcca0c20a2af78fe8615c036b1c9095cd55cb3ca5589e99ecd849a32123553519bfc6a8124f6204f7e3a6dec5033a812dbd861fd44bb8299ccf745f66a72fdce7bf51ca4927e425e9e036797c94a3608ffaeb5449b925c24cff1ea72c4e5247392f1cf9b1609cb9405f92651253d57dc476d666de5238c342c33bae0552ba70b85244f89b9148ccecf8f145cf38b855d094c692634c76ed1e153104dde82455a0e286a4d6a3f81aed8a09ecbb3fa31121a8f32d5ece05f0d6305c683bfe068b44de0846083fc35dc62d63ee1f3ba13c535632cbb2a6a406cc0121bd561fc3462cd0a66d36bde6f61296d03f606dca296c1a8ef433154b48d325e1a7bb2f22e412d7432bca47964db32e5fb088180a37d3f1dd76837fe0d3df22701e08cdf21b5475b7064afdfc8b47edf1c35d64de96b7e2dedf06f3c633de2ef7b8e8e15fba5e31874783df0073625cbc84276bebc84494315134e6907543efb916baf7ac016c10db8c065d859e5fb884089879f118f7ff4b12149579b4f2c3ed38de44e966de810d336d5c6f7603630f56414d1c66306939a1bf2a03120ed050d633c3ac35b57904c6d9976bbf03fe6cb8719c681c87000054bbe3a9af33826f3a589ef13129cbee17e93b2734d23875ac5733d1f1155e34116a5e392bb96266645029b5fa5d5c9d9c514dd4ff5bc991248c1800c31314ced4e41fabe17e2a75355dfd8961ebbc7468d6e74c20a8b78e68296d2d26259fb28aca7775db45e7d57b16f2bd71c1c0fc9a477bf49617a5a978cb61a821a29b79d49e6fd43f40a8f6badd21bfa2315451fb1cbda6c648b85d6ead7028df5a973f2739d9cd30a9bc743a7b29bdbb84f5564b7c3c7688e6aff324235b9d7967274d70e494e76266a96ba52bedaf0ad8be975d6176aa71a8a992b24c18d617245490d18f15860c3577c2660d6129f415922372c9935fecf24549dd7ad7243c2090cd4e7fff69a8be22a598f6c3e3a13ba3f9b1c5589cea0ec5f7718e2e0cc5b7f022bc7a220e6a080dd68b0f01a49a435a56dfb2a32b1614aab835ad087f869f23eef0d8d83af3149cce7f1cb07da1b599b9a588ec2a997b88072074f11eab0adee9d336dce82251052fba562fe871f43de5caba8dc53bf8b9c5e4a6b82f10d8049cbf30eb72c09739530f989ea7d50258f8a0828555f6d620d85728a74b1bbcb0589500680689ec2a50188dd0644bb6adb3096ed027806ef96d0c52856191bd626be9bb5d0045bb66ce0be22566f1ff1e2d987ed1203f50586cb919fa7466edb78dae5127ba8890a0628ba39bc32448abac24b08f98f858f20bf9d1f9396e9846e368696a1893dcab5c04c516e8904cfc2cd39c058dc961323b3e02e7eceb9086c61e574f1d9fadfbfed5c67794db46b5239018d99801dd076427c81b67e4f38cfc15f9b5c539e67580fbf9593e250f93eab89834974ef17155301b74ccf4b1b5fe7589229b5e2bdab25fbf66323876f8f6d30e6e11ba5ad6a176fe38110dd0285f4028f3a98eae6f2e260e5cb27c6d7590fe0d15eade8a386def179951cae9d12decc03e66d4114b562644b21936d831293f8c5c88af317a928975baf699eb69287d70e4bb6d68347483ff00073362a9fca355bfe327fb54df997d9a57198d68e2cbf8531060d8471349eac9acb5cb4fa2aa5c07fdf330fe0f0ffbdc6b2dbb87c2d60e7db032a4cd3c87238fa4be63ee925f94dfe2ff43cfcf8f5062904fb79a7d01688377f462cce7572bb1f2c59a27d42784f1b0b64940be3aeeac8eb93fd796a2b5aed5dd89af7d6188f21f7d77270fc5a949a2b77f2042fbd32d855eb5dce26ab801ed4571970a4c03ff15f8a8bb67c3ce260caa24235c408dbc2bea28a9b560f51cc819c83151b078a2c25458270801f34409be296694cb2e7de351905c6669c63808ff6b58b77a9f854b07549376a6d8eac7d26c186bcb27535d2405b204600c747ee9a46134e8a96e2cead7d133e2fb4610b4173e192b4c1e20df37ff692d9ec8808a614e546828257f5962861975415e49e681a09e4bf125e5697623e4b3125281ea2d91069ce0601821cb7e8131a625fe2f3c11d98f0c85215210dfd84dbca525ae5601dbb1b4c7548f6de522ebe298b2c85ccf85f151a018d07d27c6355f4f7a5166abcc61d6b1c0d764dc0c47324ea73ecf85a94f5ac260a7c45a9f692fc1ed7f62db250812bbbdd25ae2a08e6045cb5e87acc51d33f0daa67f6ec9bf02ebb5baa622f922c82297629f4c39ce3a9d1ea5212c5929cbd087c5d1543cf1c7b88de033ba528e246ca2f2f57b150eae5d86fa70b088c2ef5c89fcbd53190fd96448e3ad1e782b31599bd41d0c8512ce2e2ed9b055d82320ba6bfd1327115cd6a4c4cf1335542787fe8a8e44c8ed664379971ac2cf3d7c0179e0593a9062d9b3b8326b21d7d6e2fe0a6cbd9aaf53611faaf1c354b01a8c47d6fa039af3ec021651836653b095c89f03c8840c1d832e0dafcd10f335ab4", 0x1000}, {&(0x7f0000001180)="0d1e850b12b3ef2f99b1f601960cb0e55e4202fd2223d4d32ab5f65abc83e41ef8c5f37a20ac4f2714c0c0c0cccdf0f70c49656ba243912c1214f325a856ab30b757cc7e41901e83a2e2b6f03f0df36b674de53965eb0c3920f0b545de7cf46ebc74a25feff7d106a98449e9de21bdb5dfefce119e64b6a7ffd1076b625bbb9cb68dfd7e5cd109ba2f8918b0c9cc2055522a82516e725d61e6d07096ef5e75d33b47dc26d7a2f9637e70b120640c5e31ec4241b2914a0e052fe25a8008", 0xbd}, {&(0x7f0000001240)="02adabb32b3ae4c6902637a49ccf14c8144fca1373bb47b8a9e739da2fe465b2e727faf0f5fd58e94a62499a8b3ea74c1c1d4ced6e7483705aa947cdbd1d6bfe2f073654b11e68e3a2e6f57adc36ecb653367f1c6028988d97b4bbdbc0a96b067dc0804d2e474cf37503c66028c284663aafad0695820c311bd6dd59b1951f06191946ea476c95eb127331ae41f4ccf32696a9fb3c6a1c4b096fda1605590f80733aca488e59e2b2508aac7b634a9801e4093467d3", 0xb5}, {&(0x7f0000001300)="f3a2dedede8a47c7322498c4a49b828e9d2d8458ec8e1799c164b70565602dbea2aa55698408dacabd49161e429c2eb90b480002c27287ecfd300b790a8174e3b6913543", 0x44}, {&(0x7f0000000100)="db8f018611ce0dd2ec096a8783634ef486e45a5ffc", 0x15}, {&(0x7f0000001380)="546d9c2fc3d39197b394e9805b100a00d6f3", 0x12}, {&(0x7f00000013c0)="8d447d22f4b7ef4c1dd7e046844fc0cccc96e5661e4f8f62bbd8c0d0628efe89453d0614e37b960db8e8b8d98fcfd9cd3af3d5f249fc3dacb79babbe40b5312a0aa04f36e027b5b65e29f76828c1056e24a632259fe9ee6d28fb9b439756e039e2a1d1a747dbf178cb216967fb46cde64401b1d911aba1bcaf2b9ab5fcff717023b63f6dc27537ec6c632c0d6846e569ff476891c6d7845414223bf604b463ababcf82531198903b0835c794a390532cae97becef08ee2f99583e4d0a0599a957777744117a2827b094fd64ea9c18edf7eb7e04360a090fa70dc871e68ff7a14647ad8f4ca5d13247585b4d2bd10d5eade1febaa13e1d8bbcea7cb42dd864cf890f3e6eadd163beece6e6ce6a76311bf1a0318b96ad0dec7ee163b5fb6356f25d92ac7d1a95f0221acc9deefb2bc0f07b39cf208c28f2ec2479daf4900c674759c4fbce9411410b168ff5455a6798f610e7053365ddb17abb4b71241cb725b90adcbf24f42ecd75ce2ac6cf5ecde239e564ea000af7e2fa29734040c4df1c0a91d31b8051091c801e447b9316ab8db311a8ebcbc2d43c26634b856a2112ea70e2c83ada34074de19d7215456cce10d1440cbd59c6c5782d7a89e21da08d53f94207a8be5649a8a1f64b2cfed407a6f9fee86f8e77ce2eb11d4ec0126d8563df12a16b8c44d9508630d52207bc047dd599eab420a196322b7c0f71452ff4168c278f5b8ac0ecbe63d1cfc656eec33f0d1006abea433f4357d8afc28772fa866d431a1f015ea754ae84863faf1f1ec792c48ee0557d32f71d02e7eb6e75a3a3f7255a723d662218cccd35af11de52f8a4707340250d2c17021bb69d647d075351da68c9347ee4d27358395fd97918c3e27279332109ed14e9334a37cce84eb6769db5c63847c468be88b500e93db26befb9df22301024d3e809d8f06f9e69ce2e5d169c49de3e3fa20902b217f63169ccbb45ea84d8c2ee207157264ebadac1bf0b612731d775ed04ef811051c20d6bb8496d2549c910656394bfe68cbedb1eb92562df3bb5cb4ce587401f9696cbebf3c3992a77f9cd1ea1c854948252f24f2892820ff53a3a99e2aed888cb7e3526d175a36c4a93bf1c57cc101cc06c786c8674974acd647b66f3ecd604bd138bd87e48b11e451b67a6fbbc4d08163f16b00dda620e3d0b4e654e656e35173f72f241e91405236b83add5a739f9dcfa332271a3bee1ee0670eaf3e90274f7eabe2354f21bf46fd18cc14164bbef5b4cd00b11752ef64db70a0f3fb5d13922f8a93f21b06ce652513aa08d3853a990e5a509b5b4a5adb641613fea680f1e4ac7376fdf15625a02278fb8eafd8a26decf1bfa74a97a7aeeb39638bc4b3816851c9d14b723f5713239ba7006882fd1d520ee17fd9b54ed8652e59073a81052fd284c8e3052012e921fe1e1b0210caa30a9814ccebbfe735e8f47bebc13ed9a015073c383355febd6cab258146c90e62958c22e78e92e51c2943c511292f90ef0d813726b7ed415c28b833c8442acf86232775afb1fb43d632e6bede7d0de54b42aacfc59f89e82bfc33d69e14de6a3650b55ff19d144aed61029f78fa56d90d890293032884f99252d49c8b3a3ab89f7f2612b666f012d4307262b55d7946b0e6a1462df9065846380ae171217a13faec69ca0648c329a4c747a077dc2e76587f3de497a28f4daaae258634ba105639b522a894a47de96c8f6fa0301244d539fe7930e6cfddc9b84dbd88f7c0672f50ec3c313b26cfa2db8f69268f8cb89091f978ccdc1dcbd850dbb26cdaa4ca87fe166e66aeb46fe5b0cd04f83fab2e3149072135df814a6834c217d7820033a3c54dc2222def45c91b34ca7c737a57ce2b826b48a67d61e682ad2f99ff5c28975cdcbf6dc97ce4e1fdb8dc878b3c462438f3e1e7b1e844a3c37303d1db64c6560b7b669d58eebf883ccea6d2018c9c6b2219a323774cd4d8f32953c71c39fb23dfd510cbfa4d9d31d0d90944db589b858ad83daef64178d5638babe21e7a2dfaaaa152a124d31ae929fb1f5fc8c805cb87f21c8ee8988815605d0224fbea7bcb46fbb164ffd290ae2d12bcd5c4c5e25fd4e59758f7b563c4e6845b84b67cd13a8a07ff2a4739bf42a529edb08354d3fa5edb802f4c41f534c8ef3972fa14c6529eeb4914272778a63d66eeb0135a96af34718c6c5704da100728c893a7174e9b1e3bc6c87f7628f8546e26a29c35829cf48e1e0d946c4659ecb7dbcbe4f67775213963eb215ccb3a4bb00737d48061586ae0a5a273ea8fce02fcd6f7899b07e92fd107aed271cf7a8bb8eeee921a3d666b12b89fd1aeec7df5e7f42718ca9afe00af3c8bb20931f00236ef64f14bcaea31610c3782e88ef959880cd189062721a9b14eed60f1854e074a49895f2b5f793d55711741adbc45e55cd1be73a6333b1c3d520e2cfde2767762fc7b1e51c48955498fb58d84cc220102af480fff7d81dffbf74dbee8c738f559e710e130c281212b4d2c244e92067bb00a5fd2fd68cee7c8a68677106a99fc0f90b04e288b1fd1dbd0e1b6b774225562ed236a23b0d064561a2110d5ee469f77c8f8a5ecec889a976bad985d40e14511f71d620365d38931bf5933630e22e856de6b579d86096e9a064009ec341b15fe1de1dc9e07606ed8465457e2d03f9b07f415a3b8cd50f05006e72f1cda043ca28f70efc6bd02b32d35e58e177708b1bf6368a17099c6816cf7e20814f0b39d31d0eec119e326c7f0ced6b467c98cb1360f970ecf2a60158b99ffd5a49549c10b1b25ed25826bf5a3f2ca050136f8148b2fd24a0f115555c060c95a00d5d69fca2a19b51a75a45e65148a022ab59cfc0a468aa0aa8407591ca9ed8f37be2bc3a03b058a0e2a6d2373cd71ff3e37bb019a0fd328d7c9f0c004578f1e0025cbf7fe348b9bcaf3d11a8340cfb34765a1351138b1e84c8385b5fcae12d77399d4cbfbfb7f757626778f99c2b3e6579fe50a33c17a7235fec4ae09600c9b2898d71121c9d87f1eef24f5b8ae2e678193718203ae303b724d3cd2fb449e5931f3d868649b9c2df153ec8bb619855e58152e7362452ba67162b191d23aca52d57064bf8d8a485e19e6bbffe457193ed44e3b64a568a46e23714d076d9241c14335cc88882e993315b959321d396b71a51f2001b0f9ad3f2b8ced7dad42c378f27e2be008b3489de40e1205914b12d28cf0d80c8e2f1c647f05a6056a9d977291230e2408dcd090c8cc2eb9a7090adf1486c6750d2a9a31ea8867c2948b0e1ebc841d18d35882795b13e52d1213838c01769d2ef47a53dd5f53491aaa39cd53806a67a3e45948b166ce6280ac496dfa9fab8e2db20cdcaf38f847a2dcc5e601795e1a9515939378da03e68d5490d71c06c294e6a1d218010a3dc100c59965e5dba4e8d46f271953ec42b292ec1c55734777934f315d40891a79ee83f764b1e29e395a406a80a72f0b44ece2512c6e2e60f758ba9df8e1e5e42255550625600673f0643a818645437683e0264ec1e9249183d1d37c9dd1510166aaaa380469884ca95bc39020e874fc2e401ab393d1daf0fa2fea437054b836ab907efd745327c23f8e09dd7df03648a6cc96d34151fe3b1dd54434a0eba0bb29e2b952a7dfaf745d47d1903217c0b3557d0bb45e910f55b498a947a6a2928bb168a58ddc6d8362d71668590d2f6d5204b2ae2f343bf8091c6672ea6efaf3356e277f2a9ad9a4b9ca6e2f69b896ebdaa51bbb6f4ec525383560b5a5e8bb6b41cac4eae4e3afd842d1ba931a2d6ee2f4dc584441954dac4b7dd9fa0c210f66d772f8ae41fff4c80d1c428e4ab0d2b7b091098746aa4a098284448e02e4f2dd2dd0f3f5425dc797c637097a837578ffd509170d03348ce29ae57267e8b1c2b791b356db6bec1b1a1769eb356e19cbc3a5edf160c3be62c19d7b1cbe08bbc75ad7aebf12557de5a64a54babd758cce6d9ff1ab74d616b32875fea3337282ec13a795ad3a281502943407a55d73cdd30059155bfff3be1984ce955ef8ca3e72434ca1d32a4e78d7838d8194a15c904387a19eb6faf0a0aef9743ae4a5977572ae73f9091d4cc6a6cd1b17416f4ebbffc3c06328cf89347aed2b7f3f7c5903e981734267b0477e6d81aa554d330d2762167e27f8d6fd686fb04ee0ffae0d6e0acd363ef7027e0ee9cd17b220bd5355d276343af3a5f8aff993739b4af59a27600aaff833e54c2dabc4679d1a5a21955dcde1145d47851a7acd5a5b1eab4c9b76833d9609dda6691a688683b9e28f0205affa434642f8c0606292aab81d92afa3e53d9371e8c574a001fbf8bb863fb0ead39ec390113ec3ac469ea20e57b65671b390f447b19a361d2618d93824bab7c5639788bcfbfc1239931805db22fb441fd56603bf94045c46662e2a59ef18b3b36f718cbb87bd1f53c77ebd6bd811b1487a32311cb36e44c771390344c12288abba544090dd5e9dc5e1ebf15c750f395bbbeda21d7a7669e3ef4b7350d0af71c49dd7f04d1c0fd88dc23642fe95d9b0baeec7e7cc85b36becd287654858bb3cdc5cd1e8ed2636ba07f2e97d240b2c4e4808e45bb91d40d154b35de2cbb3ad31123aafcbb3a3331152e4f9c752bf42dc019e98a5ff422b34f2bd9e14ee39d8ba7e6b5f95db4a73f41665e55f7dc6049e68dc21f3f28741ec886d7ed53903cd64665376461ab793107e23863f86bd6b328e18a392b8d36f055a727da71d92cd2e5647bca8014be62618b70c8b4121d67c6f5616ed6327e8172c51fd043b4a3cc608c5c258648252671de4e14be862aadf0d8a1d319f1005a3c69d1b387ae165e01fe86cdda6f3ca216c3d70dd36b6430e9c5350027ab8f26032f9e9904ecf43e33ab4d149a1103990eeb184aa6b1b0f21b4103eab1b9b94e65c1b43cbe35b251c375b8c7ee1bc266265600c6b0adfce2eeb4f56db0639eddd87230a2bec73c62c11086c0c2a4352babf7f329d5e24b797b2857c177bfa22a093fc3947fb60e7a5f37fc5907cfdaa9be5419d9ec3fca7e288b4a957975a595cc12d18061dd11bd6159c171498eb373b7ffc09c9cad32b2e6f164baa2c67e43ed4e5c0a19aa753c9ff6f2d01d93eede9d3b5ce9c52692e44b193dec585a8b4008e9f3bc56dd123db2b6a995c305ce7487abefcb621cdf9dfab4558334129f7f36819dc9dd2281295b2ac4dad42ded4b1e964402a903137d693afdcb38e4029e7488417a902f16e087134db0cfe76ca2cf44afec4b3491463b8a0b790dda66c80f61cdcde9983cec291269dfa32d9bbe7addad8afa3f50c6e976a8ca9314f01eed39f63502d2c6779e8408fe6b964d6b2be721466a1fcad22e8feaa8987a1ac36aa0af2836e0e957b358a76ca338ad3b063c93f38dcd410a193bb6792162f69966d6ca6e5f77f39833f5a9d967dce14604fabab3c114a1f64dff9f8d032d8bd8befdddfd47c78043d681fe1ff4e60793622cdad1361dd84556897142c430573e0a671c9bcd52a24adb01128ba10f89dca6673ffb88c716f8cb84d5d8ce4724970b5f99335b9ef326032228c73ebd4397516ef59625b3e5aa1ae563e0681b2e42f24670c5dbd5e5f8e1e4f57defe7467429f540f59cbd86ddd5f88213f34e68ef77ef14f3a0eef101c287bf81b132f0d8a64d868c5404463dc4dae573d0b387c8185c813539008d52b560347339cfb716d2c447c9a07713b04cd3942099fabc508aba8036236e5dfe7d6b9484c9ac0329be82fb55d9e7e2f4a8c73369165c8712fcba794239302f147fc2039484f3c91cef779d8", 0x1000}], 0x8, 0xfffffe00, 0x1) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000), 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000002580)={&(0x7f0000002440)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000002540)={&(0x7f0000002480)=ANY=[@ANYBLOB="b4000000", @ANYRES16=0x0, @ANYBLOB="000a26bd7000fbdbdf2506000000700007800c00040068ac0000000000000c000300010000000000000008000100ffffffff0c0004001f0000000000000008000100090000000c000400000000000000000008000100e8bc00000c000400c8000000000000000c00040007000000000000000c000300040000000000000010000580080001006574680004000280200005801c000280080001001700000008000400090000000800000000000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000050}, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x6) dup3(r1, r2, 0x0) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000000000)) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:44:25 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10) [ 2077.803694][T32540] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 15:44:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6800) [ 2079.541951][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2079.621974][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2079.861622][ T8408] Bluetooth: hci8: command 0xfc11 tx timeout [ 2079.871604][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2080.162047][ T9935] Bluetooth: hci6: sending frame failed (-49) 15:44:30 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfdfdffff) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:30 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x11) 15:44:30 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) read(r0, &(0x7f0000000080)=""/120, 0x78) 15:44:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6c00) 15:44:30 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x40c480, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 15:44:30 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) [ 2082.191298][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2082.200173][T21576] Bluetooth: hci6: command tx timeout pwritev(r1, &(0x7f00000023c0)=[{&(0x7f00000000c0)="a832fa85377b73d54971be70ce0fd4fd9f6a4a8ec62866e7124b550d34edfe0b0c52a5ced0fd5327", 0x28}, {&(0x7f0000000180)="a8f56295cad9c3478b684b5bb631b4451bc4dceb5ac1242c82921946a4cc2c8b917aa373b2c424bcb0fb61dbc785512d36caad24c3251f1ef7e5cec78651e5549ffefe915ab1a1b0c4ae8837df0d9de41e20a97ecb4cfd53a6b22099ebccf27e97fa95ba89fc465c7911a2c5cff631155b92ea9e0951817ea8e1dd8f50828d9fdfe088b5155cdeb14f3cc084e5d4b576cbc2eed02a730850f860d74718bf9366b10de8d831b96259909dd0224a534c00c88b9e24c676fba59645d12fd073d53b024cbf80c9b18b2fe902c56f650e97671bf604de9e89308dbaa5cda01abaa6d7bcf6709cfa9f41b0fe997a7b94c14b291c76459260c563b85fc798f9168963ae90814ea0352d68af55e69313a1271f49db6de356136484c202428e3f33e54bc85bff3e95de7031c4b818af02a7f994df5aef8f8d50d1c4d3a85b55d357b103414fc407a70414477dfac3fd91624a410e71edb0814e0966e759d37d7de586821e7ce51e2b8c1c8b05bb8d0d852fd252cc78866f008131a90d3a1089c60e486e8169386fff01350eafc67b5500ae8d22869d597429e347ca269ee4acc8a9d282d7983bd361e43f9957ae3979db1eba90c7fe56329067a1f0f27df118deb68364dc8e4547a89ab23967838d4a5486628a739de7ef321825eb69be7616cc93e32ec40f4710f1a7911d3c3cbf7e8af87b9da1ecf8db66cfae0f9e6d1e17faedc173d4e1f7fe0a08e4e8b57077e6414f559c747dc23dd9077b57cbab70e27008542186fc1eab3ef96ba6b28bf2b8b9219361719af410663d116ab7fb348c854b19b705ad6ac48d2dbb1b539ad0c23de6a30611763cc213b356ba164df71625613d93e903d4837a5a1251f250a42f33af99cc9de359d078edb1480d98d4d3b2515b5de3471bfa22c4a6ed59089ceb504c5f76a44b175c3224215406949442db5294e2c1859cebcedb84f88ed4261c8bd646b6a1f742b99eade1924009ced365a7113927c19411bb8caefd69041fb6e8d5e799c06e78e450fa1c30e249611d9bd613026a54269d058ff6d63ba57ffbfba1495af986fe183a64b0e2159c130697498be14eafd4d00d1f31079f3b3e40624d3ac23b60801cc480048a7ffa41a6b6b425909fc03c43068b92aa41ce71df487e9fbb3c7c00fc4ac829f961575992d374c86a1e670a910b067fc1685076b021469742d47bf3fc245290737a1a33c9d8c74a519792c4dcf7401c060ffce00bb74c80876f56e72a97dfded55334dee36319fa61279d21eeafe81f76012648d77bace63ab7d3d7a84bf3897996b45e7043024fa1c56853be61476c9e4ec99225a52693a353af351d3ad8426c516252a4011258653386166e46bb38e74dcd17540237f9ddb1ae319493ec35bb387a8de6c430436903f8de78e68609cbf75e9e62cb28f89aa0c4c84f804d591c74205147a4ce2420f334595ffc7afe07904f15ee2551da52e0a5e16437ae10238490541df6e6b2165081a729b677ba6b0e0d44962c193f992e86b06f5b2b76fb68b8e43d732cac63cb848df1a4dbe5653520d6e38b4e11695616437060b9151d2f8768709de3ba6c24cb79fd05083a45e4f10174192e64bfce5ad09ee47398e7b17fdf51130c6e07838d0125230286916045ed9805f67b6bfc1cae882cc053d77135b3cd239463ebe8229764d5060fdd1367779c56e6086017022b6672b70182ec45e0b787e2ba7ca62832af784d2934bcf59185539adef6488d578e5bf803467f22a1c9a65e95dd25cca9535939da8fc3d466de3323a7e7b51a55109d08da0f608ca07ab4600aba1f3caf972a0445e7f19b3cdc1eea85c51836eef80dde0c3f115f227a96368b021475b79cf1e5ac7a28a4473df2de7f7385c966f823d2a79cb56f2ae06c401ba9ed5423b5fe5202b2a0e7b3e0dfbc87a6eac99dc75654bdfb0249266d2d16305f182ae6509092c0b5596ec8cbbed8a5f6cca5e73e7d0993ba3f2698b7293fbf037f0b9dd629771dd9b6225f27cfb3c8ab83838a4ced4dfbe7e9b9d8c00ccd6099d207adb98eab82bc28e8e5d514bad73867db1ebbb6667a8af847315063a137a0f3dcdf23a68ebd117fcd509804076929d38e53ca8f57227c699bd9f49f4dfb06946a7c06767b6e046dc8f91d758c994db0fc75f446e3b371432145a9e082c46c5008d9b65709a729d9f2b245a148035e69545ae96f6c70974a433f3def7750b84c2ea434b346c6590d29b324b290143cb045094a8926a0e5f4b58b0b6e3547836b64414d7f2c9e9ffa54d2f60865dabb6db6a3a303586e77d2f22f57af03dd7ada44299a41545c4e4a18384bbe07691104fa8f1effa1b64546ae8bbfb171eff57874ce9eb63775a1c784bcc5d169d8ed8a307bf902a07286929b60d3537c17932f10752e27d2b33107bf9d630e1d37b7b016780e72a3c8b244915883b8ce27fc03e1d924c4f1ab5f7bf9bb4b7ec76006fac37ac3963e766f915e1e64a4720eedb6d5b376cc15e882c25634deea1ab8f82343f2a8c7ca52e03921951cb2d978816f48614bfb56c1c7d8bbbd9b8fe9e3dc6f7b6e4c6e598b946eb9aa39285bc4aa869c03d23699a12d8cdbc993d7cd6e9946a3bc002cb78d467caef25983476e39095a98638464b564ba5a93be2f151dfc9ec074de56593cfe2b9bce87571320f9f81d4ecea8484060120ecf4e4234c9f5b0c93c37784e946dad6c92cf824a097e86bc978004ac1bdeea8deb7d9d31e475bede6df1715dd42a10f2642905ec12c641ade5794b0552136e457b3f90da22025dcdd8cb83e5cdb57b2e2cca7a3e7d50e2976609a1335922200c5c165b5ec4f3a1eb1f562d58aceb8514b1e58a3ecbe011989aa43ab3182c91f186ee186c1d92704021a1c4c8fcd13c9b1640ab4bb48bffd0fc80544a867ac81ff6aad78912df5d8d0418b176e0b90e0a0b213dc689d6b84e9f14da2c6a0b62bf51ae4091849839d966932958160bc966d068e0d3d40203c2aa337b9bbbfa0e75cb68e61c941f367e4edf4737d5f986ff037341f3826e047877cbe7fe8215f1dde170cf5a728a4d5206bd3b19e08aa4524bbec593ed162454fef07e3fa8a1966091455f9686bac3900620a7a5920f93759859b3e5b54fd9002cec1e10fdce7ee3e86d8edfa8807de551e8d1b97c24069e9d2b436d55fd4687671a20df3317cdb37aebd2e450824a72b566aa57799fd0accc0e884b533c686f8ad68da3f9736f42d9824e632c55108c919d44ad3aaac7f1c4da6b2f004da3e66f497478f90490d9ff255ee20364a178df6f241dfcca0c20a2af78fe8615c036b1c9095cd55cb3ca5589e99ecd849a32123553519bfc6a8124f6204f7e3a6dec5033a812dbd861fd44bb8299ccf745f66a72fdce7bf51ca4927e425e9e036797c94a3608ffaeb5449b925c24cff1ea72c4e5247392f1cf9b1609cb9405f92651253d57dc476d666de5238c342c33bae0552ba70b85244f89b9148ccecf8f145cf38b855d094c692634c76ed1e153104dde82455a0e286a4d6a3f81aed8a09ecbb3fa31121a8f32d5ece05f0d6305c683bfe068b44de0846083fc35dc62d63ee1f3ba13c535632cbb2a6a406cc0121bd561fc3462cd0a66d36bde6f61296d03f606dca296c1a8ef433154b48d325e1a7bb2f22e412d7432bca47964db32e5fb088180a37d3f1dd76837fe0d3df22701e08cdf21b5475b7064afdfc8b47edf1c35d64de96b7e2dedf06f3c633de2ef7b8e8e15fba5e31874783df0073625cbc84276bebc84494315134e6907543efb916baf7ac016c10db8c065d859e5fb884089879f118f7ff4b12149579b4f2c3ed38de44e966de810d336d5c6f7603630f56414d1c66306939a1bf2a03120ed050d633c3ac35b57904c6d9976bbf03fe6cb8719c681c87000054bbe3a9af33826f3a589ef13129cbee17e93b2734d23875ac5733d1f1155e34116a5e392bb96266645029b5fa5d5c9d9c514dd4ff5bc991248c1800c31314ced4e41fabe17e2a75355dfd8961ebbc7468d6e74c20a8b78e68296d2d26259fb28aca7775db45e7d57b16f2bd71c1c0fc9a477bf49617a5a978cb61a821a29b79d49e6fd43f40a8f6badd21bfa2315451fb1cbda6c648b85d6ead7028df5a973f2739d9cd30a9bc743a7b29bdbb84f5564b7c3c7688e6aff324235b9d7967274d70e494e76266a96ba52bedaf0ad8be975d6176aa71a8a992b24c18d617245490d18f15860c3577c2660d6129f415922372c9935fecf24549dd7ad7243c2090cd4e7fff69a8be22a598f6c3e3a13ba3f9b1c5589cea0ec5f7718e2e0cc5b7f022bc7a220e6a080dd68b0f01a49a435a56dfb2a32b1614aab835ad087f869f23eef0d8d83af3149cce7f1cb07da1b599b9a588ec2a997b88072074f11eab0adee9d336dce82251052fba562fe871f43de5caba8dc53bf8b9c5e4a6b82f10d8049cbf30eb72c09739530f989ea7d50258f8a0828555f6d620d85728a74b1bbcb0589500680689ec2a50188dd0644bb6adb3096ed027806ef96d0c52856191bd626be9bb5d0045bb66ce0be22566f1ff1e2d987ed1203f50586cb919fa7466edb78dae5127ba8890a0628ba39bc32448abac24b08f98f858f20bf9d1f9396e9846e368696a1893dcab5c04c516e8904cfc2cd39c058dc961323b3e02e7eceb9086c61e574f1d9fadfbfed5c67794db46b5239018d99801dd076427c81b67e4f38cfc15f9b5c539e67580fbf9593e250f93eab89834974ef17155301b74ccf4b1b5fe7589229b5e2bdab25fbf66323876f8f6d30e6e11ba5ad6a176fe38110dd0285f4028f3a98eae6f2e260e5cb27c6d7590fe0d15eade8a386def179951cae9d12decc03e66d4114b562644b21936d831293f8c5c88af317a928975baf699eb69287d70e4bb6d68347483ff00073362a9fca355bfe327fb54df997d9a57198d68e2cbf8531060d8471349eac9acb5cb4fa2aa5c07fdf330fe0f0ffbdc6b2dbb87c2d60e7db032a4cd3c87238fa4be63ee925f94dfe2ff43cfcf8f5062904fb79a7d01688377f462cce7572bb1f2c59a27d42784f1b0b64940be3aeeac8eb93fd796a2b5aed5dd89af7d6188f21f7d77270fc5a949a2b77f2042fbd32d855eb5dce26ab801ed4571970a4c03ff15f8a8bb67c3ce260caa24235c408dbc2bea28a9b560f51cc819c83151b078a2c25458270801f34409be296694cb2e7de351905c6669c63808ff6b58b77a9f854b07549376a6d8eac7d26c186bcb27535d2405b204600c747ee9a46134e8a96e2cead7d133e2fb4610b4173e192b4c1e20df37ff692d9ec8808a614e546828257f5962861975415e49e681a09e4bf125e5697623e4b3125281ea2d91069ce0601821cb7e8131a625fe2f3c11d98f0c85215210dfd84dbca525ae5601dbb1b4c7548f6de522ebe298b2c85ccf85f151a018d07d27c6355f4f7a5166abcc61d6b1c0d764dc0c47324ea73ecf85a94f5ac260a7c45a9f692fc1ed7f62db250812bbbdd25ae2a08e6045cb5e87acc51d33f0daa67f6ec9bf02ebb5baa622f922c82297629f4c39ce3a9d1ea5212c5929cbd087c5d1543cf1c7b88de033ba528e246ca2f2f57b150eae5d86fa70b088c2ef5c89fcbd53190fd96448e3ad1e782b31599bd41d0c8512ce2e2ed9b055d82320ba6bfd1327115cd6a4c4cf1335542787fe8a8e44c8ed664379971ac2cf3d7c0179e0593a9062d9b3b8326b21d7d6e2fe0a6cbd9aaf53611faaf1c354b01a8c47d6fa039af3ec021651836653b095c89f03c8840c1d832e0dafcd10f335ab4", 0x1000}, {&(0x7f0000001180)="0d1e850b12b3ef2f99b1f601960cb0e55e4202fd2223d4d32ab5f65abc83e41ef8c5f37a20ac4f2714c0c0c0cccdf0f70c49656ba243912c1214f325a856ab30b757cc7e41901e83a2e2b6f03f0df36b674de53965eb0c3920f0b545de7cf46ebc74a25feff7d106a98449e9de21bdb5dfefce119e64b6a7ffd1076b625bbb9cb68dfd7e5cd109ba2f8918b0c9cc2055522a82516e725d61e6d07096ef5e75d33b47dc26d7a2f9637e70b120640c5e31ec4241b2914a0e052fe25a8008", 0xbd}, {&(0x7f0000001240)="02adabb32b3ae4c6902637a49ccf14c8144fca1373bb47b8a9e739da2fe465b2e727faf0f5fd58e94a62499a8b3ea74c1c1d4ced6e7483705aa947cdbd1d6bfe2f073654b11e68e3a2e6f57adc36ecb653367f1c6028988d97b4bbdbc0a96b067dc0804d2e474cf37503c66028c284663aafad0695820c311bd6dd59b1951f06191946ea476c95eb127331ae41f4ccf32696a9fb3c6a1c4b096fda1605590f80733aca488e59e2b2508aac7b634a9801e4093467d3", 0xb5}, {&(0x7f0000001300)="f3a2dedede8a47c7322498c4a49b828e9d2d8458ec8e1799c164b70565602dbea2aa55698408dacabd49161e429c2eb90b480002c27287ecfd300b790a8174e3b6913543", 0x44}, {&(0x7f0000000100)="db8f018611ce0dd2ec096a8783634ef486e45a5ffc", 0x15}, {&(0x7f0000001380)="546d9c2fc3d39197b394e9805b100a00d6f3", 0x12}, {&(0x7f00000013c0)="8d447d22f4b7ef4c1dd7e046844fc0cccc96e5661e4f8f62bbd8c0d0628efe89453d0614e37b960db8e8b8d98fcfd9cd3af3d5f249fc3dacb79babbe40b5312a0aa04f36e027b5b65e29f76828c1056e24a632259fe9ee6d28fb9b439756e039e2a1d1a747dbf178cb216967fb46cde64401b1d911aba1bcaf2b9ab5fcff717023b63f6dc27537ec6c632c0d6846e569ff476891c6d7845414223bf604b463ababcf82531198903b0835c794a390532cae97becef08ee2f99583e4d0a0599a957777744117a2827b094fd64ea9c18edf7eb7e04360a090fa70dc871e68ff7a14647ad8f4ca5d13247585b4d2bd10d5eade1febaa13e1d8bbcea7cb42dd864cf890f3e6eadd163beece6e6ce6a76311bf1a0318b96ad0dec7ee163b5fb6356f25d92ac7d1a95f0221acc9deefb2bc0f07b39cf208c28f2ec2479daf4900c674759c4fbce9411410b168ff5455a6798f610e7053365ddb17abb4b71241cb725b90adcbf24f42ecd75ce2ac6cf5ecde239e564ea000af7e2fa29734040c4df1c0a91d31b8051091c801e447b9316ab8db311a8ebcbc2d43c26634b856a2112ea70e2c83ada34074de19d7215456cce10d1440cbd59c6c5782d7a89e21da08d53f94207a8be5649a8a1f64b2cfed407a6f9fee86f8e77ce2eb11d4ec0126d8563df12a16b8c44d9508630d52207bc047dd599eab420a196322b7c0f71452ff4168c278f5b8ac0ecbe63d1cfc656eec33f0d1006abea433f4357d8afc28772fa866d431a1f015ea754ae84863faf1f1ec792c48ee0557d32f71d02e7eb6e75a3a3f7255a723d662218cccd35af11de52f8a4707340250d2c17021bb69d647d075351da68c9347ee4d27358395fd97918c3e27279332109ed14e9334a37cce84eb6769db5c63847c468be88b500e93db26befb9df22301024d3e809d8f06f9e69ce2e5d169c49de3e3fa20902b217f63169ccbb45ea84d8c2ee207157264ebadac1bf0b612731d775ed04ef811051c20d6bb8496d2549c910656394bfe68cbedb1eb92562df3bb5cb4ce587401f9696cbebf3c3992a77f9cd1ea1c854948252f24f2892820ff53a3a99e2aed888cb7e3526d175a36c4a93bf1c57cc101cc06c786c8674974acd647b66f3ecd604bd138bd87e48b11e451b67a6fbbc4d08163f16b00dda620e3d0b4e654e656e35173f72f241e91405236b83add5a739f9dcfa332271a3bee1ee0670eaf3e90274f7eabe2354f21bf46fd18cc14164bbef5b4cd00b11752ef64db70a0f3fb5d13922f8a93f21b06ce652513aa08d3853a990e5a509b5b4a5adb641613fea680f1e4ac7376fdf15625a02278fb8eafd8a26decf1bfa74a97a7aeeb39638bc4b3816851c9d14b723f5713239ba7006882fd1d520ee17fd9b54ed8652e59073a81052fd284c8e3052012e921fe1e1b0210caa30a9814ccebbfe735e8f47bebc13ed9a015073c383355febd6cab258146c90e62958c22e78e92e51c2943c511292f90ef0d813726b7ed415c28b833c8442acf86232775afb1fb43d632e6bede7d0de54b42aacfc59f89e82bfc33d69e14de6a3650b55ff19d144aed61029f78fa56d90d890293032884f99252d49c8b3a3ab89f7f2612b666f012d4307262b55d7946b0e6a1462df9065846380ae171217a13faec69ca0648c329a4c747a077dc2e76587f3de497a28f4daaae258634ba105639b522a894a47de96c8f6fa0301244d539fe7930e6cfddc9b84dbd88f7c0672f50ec3c313b26cfa2db8f69268f8cb89091f978ccdc1dcbd850dbb26cdaa4ca87fe166e66aeb46fe5b0cd04f83fab2e3149072135df814a6834c217d7820033a3c54dc2222def45c91b34ca7c737a57ce2b826b48a67d61e682ad2f99ff5c28975cdcbf6dc97ce4e1fdb8dc878b3c462438f3e1e7b1e844a3c37303d1db64c6560b7b669d58eebf883ccea6d2018c9c6b2219a323774cd4d8f32953c71c39fb23dfd510cbfa4d9d31d0d90944db589b858ad83daef64178d5638babe21e7a2dfaaaa152a124d31ae929fb1f5fc8c805cb87f21c8ee8988815605d0224fbea7bcb46fbb164ffd290ae2d12bcd5c4c5e25fd4e59758f7b563c4e6845b84b67cd13a8a07ff2a4739bf42a529edb08354d3fa5edb802f4c41f534c8ef3972fa14c6529eeb4914272778a63d66eeb0135a96af34718c6c5704da100728c893a7174e9b1e3bc6c87f7628f8546e26a29c35829cf48e1e0d946c4659ecb7dbcbe4f67775213963eb215ccb3a4bb00737d48061586ae0a5a273ea8fce02fcd6f7899b07e92fd107aed271cf7a8bb8eeee921a3d666b12b89fd1aeec7df5e7f42718ca9afe00af3c8bb20931f00236ef64f14bcaea31610c3782e88ef959880cd189062721a9b14eed60f1854e074a49895f2b5f793d55711741adbc45e55cd1be73a6333b1c3d520e2cfde2767762fc7b1e51c48955498fb58d84cc220102af480fff7d81dffbf74dbee8c738f559e710e130c281212b4d2c244e92067bb00a5fd2fd68cee7c8a68677106a99fc0f90b04e288b1fd1dbd0e1b6b774225562ed236a23b0d064561a2110d5ee469f77c8f8a5ecec889a976bad985d40e14511f71d620365d38931bf5933630e22e856de6b579d86096e9a064009ec341b15fe1de1dc9e07606ed8465457e2d03f9b07f415a3b8cd50f05006e72f1cda043ca28f70efc6bd02b32d35e58e177708b1bf6368a17099c6816cf7e20814f0b39d31d0eec119e326c7f0ced6b467c98cb1360f970ecf2a60158b99ffd5a49549c10b1b25ed25826bf5a3f2ca050136f8148b2fd24a0f115555c060c95a00d5d69fca2a19b51a75a45e65148a022ab59cfc0a468aa0aa8407591ca9ed8f37be2bc3a03b058a0e2a6d2373cd71ff3e37bb019a0fd328d7c9f0c004578f1e0025cbf7fe348b9bcaf3d11a8340cfb34765a1351138b1e84c8385b5fcae12d77399d4cbfbfb7f757626778f99c2b3e6579fe50a33c17a7235fec4ae09600c9b2898d71121c9d87f1eef24f5b8ae2e678193718203ae303b724d3cd2fb449e5931f3d868649b9c2df153ec8bb619855e58152e7362452ba67162b191d23aca52d57064bf8d8a485e19e6bbffe457193ed44e3b64a568a46e23714d076d9241c14335cc88882e993315b959321d396b71a51f2001b0f9ad3f2b8ced7dad42c378f27e2be008b3489de40e1205914b12d28cf0d80c8e2f1c647f05a6056a9d977291230e2408dcd090c8cc2eb9a7090adf1486c6750d2a9a31ea8867c2948b0e1ebc841d18d35882795b13e52d1213838c01769d2ef47a53dd5f53491aaa39cd53806a67a3e45948b166ce6280ac496dfa9fab8e2db20cdcaf38f847a2dcc5e601795e1a9515939378da03e68d5490d71c06c294e6a1d218010a3dc100c59965e5dba4e8d46f271953ec42b292ec1c55734777934f315d40891a79ee83f764b1e29e395a406a80a72f0b44ece2512c6e2e60f758ba9df8e1e5e42255550625600673f0643a818645437683e0264ec1e9249183d1d37c9dd1510166aaaa380469884ca95bc39020e874fc2e401ab393d1daf0fa2fea437054b836ab907efd745327c23f8e09dd7df03648a6cc96d34151fe3b1dd54434a0eba0bb29e2b952a7dfaf745d47d1903217c0b3557d0bb45e910f55b498a947a6a2928bb168a58ddc6d8362d71668590d2f6d5204b2ae2f343bf8091c6672ea6efaf3356e277f2a9ad9a4b9ca6e2f69b896ebdaa51bbb6f4ec525383560b5a5e8bb6b41cac4eae4e3afd842d1ba931a2d6ee2f4dc584441954dac4b7dd9fa0c210f66d772f8ae41fff4c80d1c428e4ab0d2b7b091098746aa4a098284448e02e4f2dd2dd0f3f5425dc797c637097a837578ffd509170d03348ce29ae57267e8b1c2b791b356db6bec1b1a1769eb356e19cbc3a5edf160c3be62c19d7b1cbe08bbc75ad7aebf12557de5a64a54babd758cce6d9ff1ab74d616b32875fea3337282ec13a795ad3a281502943407a55d73cdd30059155bfff3be1984ce955ef8ca3e72434ca1d32a4e78d7838d8194a15c904387a19eb6faf0a0aef9743ae4a5977572ae73f9091d4cc6a6cd1b17416f4ebbffc3c06328cf89347aed2b7f3f7c5903e981734267b0477e6d81aa554d330d2762167e27f8d6fd686fb04ee0ffae0d6e0acd363ef7027e0ee9cd17b220bd5355d276343af3a5f8aff993739b4af59a27600aaff833e54c2dabc4679d1a5a21955dcde1145d47851a7acd5a5b1eab4c9b76833d9609dda6691a688683b9e28f0205affa434642f8c0606292aab81d92afa3e53d9371e8c574a001fbf8bb863fb0ead39ec390113ec3ac469ea20e57b65671b390f447b19a361d2618d93824bab7c5639788bcfbfc1239931805db22fb441fd56603bf94045c46662e2a59ef18b3b36f718cbb87bd1f53c77ebd6bd811b1487a32311cb36e44c771390344c12288abba544090dd5e9dc5e1ebf15c750f395bbbeda21d7a7669e3ef4b7350d0af71c49dd7f04d1c0fd88dc23642fe95d9b0baeec7e7cc85b36becd287654858bb3cdc5cd1e8ed2636ba07f2e97d240b2c4e4808e45bb91d40d154b35de2cbb3ad31123aafcbb3a3331152e4f9c752bf42dc019e98a5ff422b34f2bd9e14ee39d8ba7e6b5f95db4a73f41665e55f7dc6049e68dc21f3f28741ec886d7ed53903cd64665376461ab793107e23863f86bd6b328e18a392b8d36f055a727da71d92cd2e5647bca8014be62618b70c8b4121d67c6f5616ed6327e8172c51fd043b4a3cc608c5c258648252671de4e14be862aadf0d8a1d319f1005a3c69d1b387ae165e01fe86cdda6f3ca216c3d70dd36b6430e9c5350027ab8f26032f9e9904ecf43e33ab4d149a1103990eeb184aa6b1b0f21b4103eab1b9b94e65c1b43cbe35b251c375b8c7ee1bc266265600c6b0adfce2eeb4f56db0639eddd87230a2bec73c62c11086c0c2a4352babf7f329d5e24b797b2857c177bfa22a093fc3947fb60e7a5f37fc5907cfdaa9be5419d9ec3fca7e288b4a957975a595cc12d18061dd11bd6159c171498eb373b7ffc09c9cad32b2e6f164baa2c67e43ed4e5c0a19aa753c9ff6f2d01d93eede9d3b5ce9c52692e44b193dec585a8b4008e9f3bc56dd123db2b6a995c305ce7487abefcb621cdf9dfab4558334129f7f36819dc9dd2281295b2ac4dad42ded4b1e964402a903137d693afdcb38e4029e7488417a902f16e087134db0cfe76ca2cf44afec4b3491463b8a0b790dda66c80f61cdcde9983cec291269dfa32d9bbe7addad8afa3f50c6e976a8ca9314f01eed39f63502d2c6779e8408fe6b964d6b2be721466a1fcad22e8feaa8987a1ac36aa0af2836e0e957b358a76ca338ad3b063c93f38dcd410a193bb6792162f69966d6ca6e5f77f39833f5a9d967dce14604fabab3c114a1f64dff9f8d032d8bd8befdddfd47c78043d681fe1ff4e60793622cdad1361dd84556897142c430573e0a671c9bcd52a24adb01128ba10f89dca6673ffb88c716f8cb84d5d8ce4724970b5f99335b9ef326032228c73ebd4397516ef59625b3e5aa1ae563e0681b2e42f24670c5dbd5e5f8e1e4f57defe7467429f540f59cbd86ddd5f88213f34e68ef77ef14f3a0eef101c287bf81b132f0d8a64d868c5404463dc4dae573d0b387c8185c813539008d52b560347339cfb716d2c447c9a07713b04cd3942099fabc508aba8036236e5dfe7d6b9484c9ac0329be82fb55d9e7e2f4a8c73369165c8712fcba794239302f147fc2039484f3c91cef779d8", 0x1000}], 0x8, 0xfffffe00, 0x1) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000), 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000002580)={&(0x7f0000002440)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000002540)={&(0x7f0000002480)=ANY=[@ANYBLOB="b4000000", @ANYRES16=0x0, @ANYBLOB="000a26bd7000fbdbdf2506000000700007800c00040068ac0000000000000c000300010000000000000008000100ffffffff0c0004001f0000000000000008000100090000000c000400000000000000000008000100e8bc00000c000400c8000000000000000c00040007000000000000000c000300040000000000000010000580080001006574680004000280200005801c000280080001001700000008000400090000000800000000000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000050}, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x6) dup3(r1, r2, 0x0) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000000000)) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:44:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7400) 15:44:30 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x12) 15:44:30 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = dup3(r2, r3, 0x0) ioctl$IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r3, 0x40096100, &(0x7f0000000100)={{&(0x7f0000000080)={'Accelerator0\x00'}}, 0x8}) lseek(r1, 0x3, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r5, 0x9, 0x0) dup3(r1, r5, 0x0) r6 = dup2(r2, r4) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x1f, 0x0, 0x3, 0x8, 0x0, 0x3ff, 0x24, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x1}, 0x10c00, 0x1ab, 0x3, 0x6, 0x1000, 0x6, 0x7, 0x0, 0x7, 0x0, 0x7}, 0xffffffffffffffff, 0x5, r6, 0x9) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x5) 15:44:30 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000580)=0x3) r3 = syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x40000) close(r0) vmsplice(r3, &(0x7f00000003c0)=[{&(0x7f0000000680)="c94c230809c28f0529a4e2304541c940196cde807343a90434b0c61ade286cfff75f9864b1d243b18e53dd636d393fbab75bce9e08562c004229cbb6c17a2a49bd6c0f0f4410e40f784d7452abd5bd64a7d6814a6b71fcd49af06f1df64e259a7de21b79a23061460e4cccc2337e3552291983cdb13fec767174538d219569d1b96bfca221a97f8904e9614a908b8b52205a19922614222b0324ccdbd90da342fc2af81dfd4f0c091505025ade36523c54c24d1c2c66b13314a7f187a2b6fc356e5a2bc774b37c6768c5b6f0", 0xcc}, {&(0x7f0000000080)="09e981c01faa3ec4b55d9759abd443f761621f747f78926f9c8a", 0x1a}, {&(0x7f00000005c0)="5c3d17d01ffa481298536e36bf1184cf90874d06548bbd4d20937f7b75369f3f93a25c8a1575dd1879c9e0eedf8edfbe92773e6959c09625ea610a25c683d2f4353b48e24344a3fba15e395441d4c76b635dfbdea0e526da99b687ebf448b7d02bf65292e5be450f9966fb6c8f8ca767f6a3d9412c9079f7294a3e7aad2d3d629827b107388ab1", 0x87}, {&(0x7f00000000c0)="496fbb4eba9cb054d409c004c197f961678e53642fb18ac67f34cbba110beb434815cda5d373be25323c2829c853e88c912b732f5a33b9525dbf09412390441e70bc6154d863cfa073f662b100e25633e75e6ad676e31cbc4e4d9a", 0x5b}, {&(0x7f0000000340)="18c1cd226954f0b0f7786ab8664c1b267f7d262e595beb7d4beb97cc47e5257a0bd378e1e0c0dd8c1a83bb0b8aa2516185dfef902de37a9f34f85414e41b3d10b407", 0x42}], 0x5, 0x2) r4 = syz_open_pts(r0, 0x2) ioctl$TCXONC(r4, 0x540a, 0x3) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r5 = openat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x400440, 0x0, 0xa}, 0x18) read$usbmon(r5, &(0x7f00000004c0)=""/170, 0xaa) 15:44:30 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3e) 15:44:30 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(0xffffffffffffffff, 0x3, 0x3) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000), 0x18) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80005) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x3, {0x0, 0x0, 0x4}}, 0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)=@ipv6_delroute={0x2c, 0x19, 0x400, 0x70bd2d, 0x25dfdbfd, {0xa, 0x20, 0x80, 0x7f, 0xfd, 0x3, 0x0, 0x3, 0x400}, [@RTA_PREF={0x5}, @RTA_PRIORITY={0x8, 0x6, 0xff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48001}, 0x841) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = gettid() tkill(r3, 0x40) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xd7, 0x81, 0xbb, 0x9, 0x0, 0x8, 0x208, 0xb, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, @perf_config_ext={0x3, 0x7fff}, 0x1001, 0x26, 0x2c43, 0x5, 0x5, 0x80000000, 0x1ff, 0x0, 0x783, 0x0, 0x40}, r3, 0x10, r2, 0x0) r4 = dup3(r1, r2, 0x0) ioctl$KDENABIO(r1, 0x4b36) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xf) r5 = fsmount(r4, 0x1, 0x9) accept$packet(0xffffffffffffffff, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000980)=0x14) sendmmsg$inet(r2, &(0x7f0000000b40)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000280)="b271ce2d293d86927cdf0ef590f0ab68ca782bea0a33243403cf699180a54312f45cc483acb89bf575de0aa9d86e27b962d0b0a5d04a5029dd26d0d3a87ef72e05dc2c796345381a457174ce61184d3f684661622833adc848c5a1bbbb079197eeadf19c849eea4b4711466a895e4b6f31262bd2d38d346da02b71135086b541f52613a3cd7a5fb1c0dc", 0x8a}, {&(0x7f0000000340)="6a36040e7903af07f1549e41072a341c6f33851ac9eaa56ed59f2c9c4b8c731ed6294331f3734446c0b9e0", 0x2b}, {&(0x7f0000000380)="aa5e8a133ac9de92b2e83e334735121882a1dd88b9408ef7198ced87ef73f6783f5e9902743672a7506d2e10d6d283fc66d2096a743bad77a9f0d083a53d5514bc3d7faec838c7c73bcc63d146bff7a1655d62b8f1513c40c750689740677c864defd258b49e19cf00c0618482d4978ca280a861c236ff5a1a64251674b6ddf941303d1253d2048235f72f1a18ce09c54e959d836b08d12768ef8c04e6be5c26690d00e65af286d5d58d909180924ad1dc6c07fee530a3155bbe39cb091284e05654e33872b3846a0376b4a6d4b83affff19db17e7dcb30a954939d9b146644ced95b6de4c64047abb4bd5cbd2f2767071754d10e8d58816b7", 0xf9}, {&(0x7f0000000480)="a0d6d1bf97d46f32d726916b5fa18c3d6fbcdf85cc097b7a74e004259096b1cfb5c7a7fc22723f11f17d464378176167f39e43ad0f0f9ddcbad1ad00ee53e2d553a3db85e648d4c92a44142b53a742d82d37af4b0fb9b8350bcc96ab36caf949adba50e05b19248776c171b01fe029ff4a0429bd2dfe17f69e76c103549a29fdd51ce2cd6d2d8c0647ffc4d1d896d5fd589680f0be6e377b1fc267c770a87041c0943bd565c7fd2835ddd7fe50a6751f80c6cc52b65ab869b0d31e70df08b1c4944ffbdc5181b019f342f526c1135a2e41e71c2db8c47c9c9b43632a3b4dc6dd83fb890da77e100a1dc4082d6edb", 0xee}, {&(0x7f0000000580)="23bb32ad06e2f64692c666a2eef99e139893322c7906e5fe96c6259a56d08f", 0x1f}, {&(0x7f00000005c0)="3b48f61fdf64fd51633eedd6f9dd9a2ef3d652bebc709bf4a7f20bf6", 0x1c}, {&(0x7f0000000600)="c03b278da943206b81f64b6a6b00a8fbc977ca7e4323f684bb526ec3f30e719f2f4fa4bc7117fa1eb7597113602290d9305aaa99ccf3fee95f499474fe417fbfd3d38239a1ddc804b98b3d0d681873417d681cc6008c2c111e117182abffd05818489f77970042f4766ec1a8197a3badaa3c2d3e1dffb4e789a393d47ab701b836a133c880ef7a721d9e4fb93db686fc4d19", 0x92}], 0x7, &(0x7f00000009c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty, @multicast2}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}, @end, @noop, @generic={0x7, 0x2}, @ra={0x94, 0x4}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x80000000}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @loopback}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x80}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @remote}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @rand_addr=0x64010100}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x80000001}}, @ip_retopts={{0x84, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x54, 0xda, 0x3, 0xe, [{@multicast2, 0x6}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {@empty, 0x80000000}, {@dev={0xac, 0x14, 0x14, 0x16}, 0x7}, {@multicast2, 0x3}, {@multicast2, 0x7}, {@remote, 0x9}, {@multicast2, 0x7ff}, {@multicast2, 0x5}, {@rand_addr=0x64010101, 0xffffffb9}]}, @timestamp_addr={0x44, 0x14, 0xce, 0x1, 0x3, [{@empty, 0x5}, {@multicast1, 0x8}]}, @generic={0x88, 0xa, "87baafba7a18597f"}, @noop, @noop]}}}], 0x170}}], 0x1, 0x5) ioctl(r5, 0x4bb4, &(0x7f0000000180)="c9020b3ab14bf75499b5676a22b52c1ec63ccf10ea5ad927435344d7a3e0189f4b9ad38d058a91329bbee381a56b5e5195a46ff4018b731560f600b79bcdd97e533568474031a0b54f6d4ccc40d51801aa35730b60515cade36077ec5c467cb6db28d9d25f1cef61a53b46fee3c890827f71e909f09d3469c405b580fed5796bafcfb696cf3f42b85d778d460374a643cd0902eae201c0c0d0d87edcfd5108aa9271f6fbfd7bb65c045de46e8f2de6db7490e9bab3c724bdd01f74de19d896b3c4c141a6b1282446c223ea859a689c50990d") ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 2082.564821][T20859] Bluetooth: hci7: Frame reassembly failed (-84) [ 2084.500970][T18048] Bluetooth: hci6: command 0xfc11 tx timeout [ 2084.501382][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2084.581215][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2084.583989][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 2085.061323][ T148] Bluetooth: hci6: Frame reassembly failed (-84) [ 2087.060747][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:44:35 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfdffffff) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7a00) 15:44:35 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5a) 15:44:35 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x16) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="532eea86130238ab23b04f4ac77e6228c082af36f7e8fe0d142f55dc7fa844db46c94b5c9119abcc3945a6cc88e90b77dc6267ae5032b0b8ccbd505492ed8302086fb74a56c47342ae8c918b822b1d8f4fa99dc089efd3abfe1dcd632407469d5100cd5af474e3ff1180e99afa417a474e6f88cf40", 0xfffffffffffffcfc}, {&(0x7f0000000180)="cea0cb3abb32b5ddb845e6c56c93ae3a2e25ac0d4e3c683d89cd4f586ca20241fa507a86c79d52d0e17e5a3e5d0c2b36f41199d6ddc070595a631a14bcebaff7755b8c37e2a04acbf14e60b9fbcaedf726472846a6245facfce83ba74657e364518159e174d670d80313192ded4b0cd8eb7c88650cff7fad428603fa3892201a91b8ca7696fff1953ce01005037799a26f60e43ca25c4075f15624a35bd186ca53143bbe1586b081b9da3de69d529f17b15a8236c5fdd360d9c04713ae066a80b8d49b61843df7088a206e77cf757b58e5327d40bc8c28820f5d719a11dec673b63a1e56dc6e49b83e3e816a476cf2b5fdba8bec26f4f493f84e73811e9a235ea90a3bbad78eb8da6134f5a19ea1f37cf002622d3688b9a7ba80859699ba0e3ef5be74fe0d8a98f7855e2c635de058dae49571c85e8f07b50a09cd95482dd52070c1ccfae312f002b223654ae79c26408760ee7ee38d42ebf18eea23601634aacbd15a5ba9de82ddc03b478aeff888fc2c56b675ed98e48f17947d9807538a1388fa1b7d2db10b9f7a4c4f3ab8cf4c6a9493f0dc3c0e13bf6e39637f7b642e932d99ff88e4c15888be15c5b56802a3286b9d1deccf3dc941b10cacff332985fa4cd56f306f83ce3e808c2d450983eb4341978b6514cfdbb0528d6c08db3a07eea2af57aacac5017cb0f9e3859d4a8aea240685e5d53e960a3bed757952457906e452970a946bd03b5c43aa059bc9665da450d6c3a4e306943dc8e246d34e5ac03a4057f41ab98bc11672cadc5b0dfcbdcb874af72a2b1ae7a0231eb552308b57f8b1f995cfa52d59b5d764c2092c2de7a1595bc73b5d593f723af3a5d2f180f4e1539aa9b0996afb31d85356b70f5063d077dea898111c0cab1093b32df23a824da6dc7d124068c50d71d2dba5338a7e2522d0f83d9d0a650394600b2667c6c2c620cbd27c87d9040dcef35f49695b54da55e0a5ad446d5571f9bd0c0d4c66f5a9c47e92c33f15cd54cb399a4a40027176d43a7c2fee3110c5838665d8299e7dfc0b0e2265056517906292708075dd774e86ecf9070a3bf3d2d49c3f562314ddff60c59a6b85c050e479d413cbf25d2b6067895d0768cbaafba357590c054a1f323fb15a019beb90b5ab40b1bc4ea63ff2b8801380423b9a1e880cdcba2181b3f7e9de276573e45826228d662244e58812839e208ac43825a72958835d2c8ad7f1dc143355f338bb7368db9147c66e70f64380d0316941257cb76fed10c54d46214576ec333108a26ad773f09486cc1f18bf6e3b0d1af572cfdb061b087a54fa3ff21cb30a2e9fbd8868de48a84ca84d22b49eaf60bf73cb92f7f253757d13272534b189842f212d90b884ac059549924b60396c2ba7cf2d61d26341edd4548b6b9151672d3a8eab5d14be3f3525933211ece74b3079c4d351f4e10ed4ae080a114e0ed0ba6093f908988a0541fa4b7f7a1d4d94d735c6725c9078083d51ecaa00d097f8e0d6a74b3629e960ddf8488bb6bda5c52add4b3d1e21b41cecc33d48ee49634bd982bfec93020da927440ba5ba7cceb366fc7d1f469c9be0ab9b4bcadba98d328b5b009569522ef34cc3892f27c8a0b9165c88758455aeafdfa186a9b04d389b89bc2b58974793cafb0c8218cd6c3ca0184d18a9c5898dc6211fddc4d112553ee03b73ab4a349d0f473662f5539bb95711646d12f77c0eb139284189a0bc5d4f48cbbaa4a3e64ea963c6e0e49e04dc4a9ba03ccd3d246cb19e4018973828de4cac946ddc9e33ad097478537aad3c8a8f04389f913fbd20e4a6fbe75952dcbf64d2097dd2a244542a773002e260f1f3bc1428b504f2c5a59751a8eff543f9af10d4ed021b3d962bc3483fc3637e3a4cc6e611e66dcfbd8fc2897b754497c5df0bcb90f5dca0b0913491ca3b8bcfda436b55147592c0304164cd3b210a067f173a38264d62991baf67d309c6ab316407949b5705fb39c0ab3bf997e3bb6fd823a25402ed3e21c5076afe86e179623161b8dec55649e1a4244deb7cbf7a01ab93a214fca63fcb53efaf0b07a8ef476f32df0319611ad5a3b8fa3cd20d53d168cf0f4b4920e07ad30d5577a89838cd218c8eb98af0365b12d35e6fb00c022914f1107ba443a7a5b11501376b5f3156a764eb66a2073db8a44fb683c972936ccaf094bda4f528fa1e05c9314e480a0df18b1f2345d40fca9598c9a88b572817117b78eb365546bd7772ab2d9b3a3b567d65dbb8a31a64eda1d718979dca2ff4d0a1790174bd43828dfcc4e71dae87317e100f84906446d181be66e29ad54cdadeabfdcbe80d7e2a4b35825e18bb9b275314ee70ff99a9f31223ecb8c0b3c67bc95ce76b42a23c252220893342239a79159e4d7fa03f0b5fd6e1f42e3bced0c2c57c3a3b9db2ea4bef4e4b92f7227af7d05efa9f921beddb66339b4b56d18499d4a2be3b03aeca6c049605bec601341b7121e56bd4bfa4362982edf7fe51498605bc164ae4e3887eefddce6af2c9da6e66b5095d944d08313277362015303143abe64527d94e517256b496ece6bec62e252101f82bb7eda508cf3ff173d8e9c66a40d4ebdeea78f6183efb90896ff62cf45b16192704936a2a2911eb4632736334c9126f2680b8989aaa4c91eb17786b7e60a6b1a106fd01a372a3bfcf770163f1e2e2190262078a25ac3696e57d363dce9ac02680ed0044d0e2872a4d0eff94d764e8dc721ad7401ed56c2c7b233200c89043f951b072f9b4e5aa04a987ba5f592069de747ce0bcf10a73bf69c79eab0530d24eb12f731b8c531b87b30128f90e0b9721ecf4b5088bcd06a5110203e8a0693d1540ffe78b183f909ca282700d3f1376e75812e1693e948073d878b47ae7be9bdca12dc42da23cc84a2a6ccb850208c90504d3185b20e2823dc90477a0768be95e88f323f42a51f069f93a8f2efd346d4b180c31c0b25e47e78aaba60b53f9fa5fdb15468bc976aeac9d8b990a1d04d7bb5ccfaa447f2b607c4b77881bc8202fb57664385de7502e15037e83425c131d4aa7c9001b076ca3f208d984f2ee110628ed112d9c23ee55c1ee0d9447b84686f77cc6ab78b67b10236588647cfab21d8cf6d6087917376d09f7aa1802a24191b8b69532fff678cdc8b330b8396f68a5f942ba4e617a57ed0d95b6a17d5603fcbb5c2f5abe510fb134424f297b0dfd7b96ba96e7c72b7786c658d87dcd4588d480b87c240aaba172d2c03cfb85ab8c9316276472b74b33c2bb42a83a79f722fa388e8c79b37bedcec06da5649ce4fca75b21f1ae7f8fbc2dd80f4d9d4c4234c6ed0c5260288b300fb66a2d560150e39f410abd425a42a0554639d432acc76a44de426493356898e1a07577faffc027626b086500dcbcb64c75ac7cbb34020d470803c8d78e117e3c15d4caada9645e0c4902946e08eb465e16cbf2a0ef33c3fce413660745db1e7fde31e43a88a3cf60aefc0f31d5a1c8675655d9ec98460c22430caf6ea32364c858216f16976248f332beb397d5719a389c3fb493aa1c5281a75c4945730eb1eed38acbf36f1817297da85d742aa1d93afe4242e301e0f6d9eeb191d6059c98a402ea8ad9455d898126302a76d8ef56a61c597a9c54a6146b0793072063c2bef22c82e15340aaca70ab6801a70606977482c1959e72a87b1e9450d6f93a4d96623eda13363eb5804906ecf4dd78671bccb239db3a9515c6cbf854eb2781eec3132ebeed4e196b6347e50c0691357231e30c0d41fcfd08892c663e21c121bf3ef3157a241d31bfeb6bcffc27bd02e002e7364f64f9abddd2a9255533542166322ee8c272fdf4e82d22d8f959f1d1bc89ca1c6acaef588c7a8bbc7da654b1010145b3cdddf5b4b875c199a8450d56f3527acbd7a5b272aa80939afcbecf9e42158d4076c3a782bb227b6fb98ae568626373dde11f12acb69e0fa64453d52ba6b1fca087a6beddb4fd82d0c5b90aee3c0aa29bac028d7b87ee4138bc632a6d51bc1e594c12b30cbd4b0eadc2e1699bbbafcb87e2245eaa44a785cddbc2bff915b8cbb7d1eb11ac6f2311d82a379e25b2d35dba1758e07bc68a00018310fe8919daee8cef3461e522a8ddf25cc6a372b4b17e55d6f967463b659bd57285ba0d2341f150b171dee1fab0e54d57eda050ddec1703621871606585d878225c4f4832efb95263a565498f7d14b3e2978e97c1bc7868bcf41ec55e2d0c643c8d8e5a699e2a409464caaf7fefe594217d8310674d77f2308812f7c2007ec56180d41ed430674e95844e17d0b6c9952e6ac7bae5a02b583217b3db45b8078ed6c1cfc187e142a4c11ba7b67c164d0bb6752976f30d08517a743f04ead6418f80345c2e520562c30bc399efc37a2000ec53389c0789595d0ee0bccf5f3ff36af70754774caa835652d69477c26e242d2a4fec61d250b70df9b5ecf1a24911c36a003d3abd56d54745f09e3d0548b0312cfae9ede0bff647078c8908fa8daf70fa7d2a6530a7de01372a391210ac1003d71a8bc0a498c3b3e550e4865c184435245127eee63f2bf116985727e0af8cc56c00d5b764ffa2f22d9e3b7a105a76689f09187d5ad5ea37560b0e8928a513186bcec2018b4dab37829162d238ac5524b5e29e424f5b63f2174dbad1e32dd07aed1e82b420bc66b7b28e302cea7adb1fc8838c2eec1489eeca2f0b9c09689000e8c7928c4a51feac6fb074343007d3cab10a262b7738c0d52f6f28f87aac6fe9d48d8a5081cdd03969be36437056151dbfbcf17ab195c9d021b56378f2daafacf4dd70b6dbbf87647565824a15d1146881ff7a9312cef13eb4b892a0ee2419d77d75ef7a4560f18249d26b252b46816c9456673aaaff194359bb984753083b72526318e515fb2ec12595d47db99579ebc69713a1796f4f949ef6fc54aa6ef06f6cc277d9c144fa424af6141db1e0b010d66a8aee91528c91268f845d23ed4dd32f427bcd2fd82bc130be524aeec47b859d25dce6427c9d5ca960725c821ef9ad1156337c2e665ec50a88ad2057bca6f3d73d67b5a4da0eca5d18d8bfaafe2dbeb6561a4eea657d46e2e9f469c915cccd8d7622fc2b749292113960f323169bf548341b8e79ef2bf15e4167ebf8f872d169a9ab5f81e81c66beb7d507fa3aeb44878676d71bddedfce7d591a930f969856dc49ef7981d6449801c1bfe6163dccaddab756da01a206bb2f3bd7d772fb4990bdaa3417fa723fc46e2c22ea04c466ec0cdf26fc3035d2724168bf88646733279a7db659098528198b90c97ebddc3a33ab3f8e5f2307d49498be89e9dbc315a70aafd352f978b3f32e83319666211dc0abf586aae889a931db0977eebd25e475059a7ac740dda62eb6ad063f6ffc7529f29e6817e052f83ac8ee7ce74c6531eff38441abc5a57755e62af8ecfe38112f4acf4cbb446cc3b689893e8192067cdc8cfd47423d59dd352f1721d0fdc2e389c5078ad4ad6ac1424730b99a0793a50d8e7766be9dce2423e19124a19c97360f0ec5ecc1be8a0cef5eee4bf81d659b4c714b563eba4ccb82cf2719a11c1fa514d0051e84996cad3faf4514c05352e8ed504d6eda661f04fdbdbec3829e7198927952a240f50e18cba7c263385b669052ab247a4048dd37edc878e7dd235f3680fea5db62417fcc7e61a042268004544a3b5460bb4e36e3202dc2bd6c3b793aecf5f244295211ad4129e0e5f60e7cfa63371fa026ac7cbf44eb6f7eb872645b0ab683fbda7a3cffff7c0e889f870eb8ee9b3ca5ff1ce9ace7aa9e2913c6435c0e17611065eb69da26b727f", 0x1000}], 0x2, 0x4b936ad0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:44:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1f00) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:35 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) r2 = socket(0x18, 0x0, 0x0) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000480)={0x1d, r5, 0x0, {0x0, 0xf0}, 0xfe}, 0x21) connect$can_j1939(r2, &(0x7f0000000000)={0x1d, r5}, 0x18) sendfile(r2, r1, 0x0, 0x80005) sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2100}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="240000005ed464c53b6ca64da376ac63dc1d0e5ba262cea8c16305e8a8dbff6c9846c48ffa2ca56ebbb20b2adac3b9d214393fd836c5f3d345b13ce35c91b5edc11cd265ba001f7d81599dc7", @ANYRES16=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x34}, 0x1, 0x0, 0x0, 0x84001}, 0x4100) bind$can_j1939(r2, &(0x7f0000000180)={0x1d, r5, 0x2, {0x0, 0x0, 0x1}, 0xff}, 0x18) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e23}, 0x10) bind$can_j1939(r2, &(0x7f0000000140)={0x1d, r5, 0x3, {0x0, 0x0, 0x4}}, 0x18) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2087.179838][T27301] Bluetooth: hci6: Frame reassembly failed (-84) [ 2087.263307][ T1209] Bluetooth: hci7: Frame reassembly failed (-84) 15:44:35 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x775) [ 2087.362901][T32636] vcan0: tx drop: invalid sa for name 0x0000000000000002 15:44:35 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x240000, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x4) [ 2087.407094][T32649] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2087.436989][T11206] Bluetooth: hci8: sending frame failed (-49) 15:44:35 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x17) 15:44:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8089) 15:44:35 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:44:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x20000) [ 2087.666940][T32666] debugfs: Directory 'hci9' with parent 'bluetooth' already present! [ 2088.573102][ C0] vcan0: j1939_tp_rxtimer: 0xffff888024eb6400: rx timeout, send abort [ 2089.081354][ C0] vcan0: j1939_tp_rxtimer: 0xffff888024eb6400: abort rx timeout. Force session deactivation [ 2089.220533][T18049] Bluetooth: hci6: command 0xfc11 tx timeout [ 2089.226727][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2089.300416][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2089.460347][ T9503] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2089.700136][T18048] Bluetooth: hci9: command 0xfc11 tx timeout [ 2089.700296][T11206] Bluetooth: hci9: Entering manufacturer mode failed (-110) [ 2089.773245][T11654] Bluetooth: hci6: Frame reassembly failed (-84) [ 2091.779944][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:44:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfeffffff) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:39 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc7a) 15:44:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) ioctl$EVIOCSKEYCODE_V2(r3, 0x40284504, &(0x7f00000000c0)={0x3, 0x1a, 0x2, 0xff, "f2734968dca14dee0d3f4dbd826bc0872384d55665bbcd68cbe788da3bd0be2e"}) dup3(r1, r2, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x2000000) 15:44:39 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = syz_open_dev$audion(&(0x7f0000000000), 0x10000, 0x400000) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x9) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:44:39 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 1) 15:44:39 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000080)={0x8, 0x10, [0x9, 0x7c5b, 0xff, 0xffffffffffff0001], &(0x7f0000000000)=[0x0, 0x0]}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2091.947857][T32708] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2091.951203][T32703] FAULT_INJECTION: forcing a failure. [ 2091.951203][T32703] name failslab, interval 1, probability 0, space 0, times 0 15:44:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0xf503, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x2, 0x0, 0x800, 'syz0\x00'}, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r3 = openat2(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x142502b0ba19c650, 0x64, 0x6}, 0x18) ioctl$VT_DISALLOCATE(r3, 0x5608) fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000000), &(0x7f0000000080)={'U-', 0xfffffffffffffffd}, 0x16, 0x0) r4 = dup3(0xffffffffffffffff, r0, 0x80000) r5 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r6 = userfaultfd(0x180001) sendfile(r5, r6, 0x0, 0xf7) ioctl$TCSETS(r4, 0x5402, &(0x7f00000001c0)={0x5, 0x2, 0x0, 0x1, 0x1b, "7712ec5836de7670bfff8c718d58745c47bdcb"}) syz_open_pts(0xffffffffffffffff, 0x4000) [ 2092.042198][T32703] CPU: 1 PID: 32703 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2092.051022][T32703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2092.061079][T32703] Call Trace: [ 2092.064360][T32703] dump_stack_lvl+0xcd/0x134 [ 2092.068963][T32703] should_fail.cold+0x5/0xa [ 2092.073483][T32703] ? alloc_pipe_info+0x105/0x590 [ 2092.078424][T32703] should_failslab+0x5/0x10 [ 2092.082929][T32703] kmem_cache_alloc_trace+0x55/0x3c0 [ 2092.088321][T32703] alloc_pipe_info+0x105/0x590 [ 2092.093092][T32703] splice_direct_to_actor+0x6f1/0x8c0 [ 2092.098573][T32703] ? generic_file_splice_read+0x6d0/0x6d0 [ 2092.104416][T32703] ? apparmor_file_permission+0x264/0x4e0 [ 2092.110206][T32703] ? do_splice_to+0x250/0x250 [ 2092.114886][T32703] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2092.121134][T32703] ? security_file_permission+0xab/0xd0 [ 2092.126689][T32703] do_splice_direct+0x1b3/0x280 [ 2092.131553][T32703] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2092.137105][T32703] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2092.143354][T32703] ? security_file_permission+0xab/0xd0 [ 2092.148930][T32703] do_sendfile+0xae9/0x1240 [ 2092.153462][T32703] ? do_pwritev+0x270/0x270 [ 2092.157966][T32703] ? __context_tracking_exit+0xb8/0xe0 [ 2092.163444][T32703] ? lock_downgrade+0x6e0/0x6e0 [ 2092.168309][T32703] ? lock_downgrade+0x6e0/0x6e0 [ 2092.173194][T32703] __x64_sys_sendfile64+0x1cc/0x210 [ 2092.178402][T32703] ? __ia32_sys_sendfile+0x220/0x220 [ 2092.183694][T32703] ? syscall_enter_from_user_mode+0x21/0x70 [ 2092.189603][T32703] do_syscall_64+0x35/0xb0 [ 2092.194039][T32703] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2092.199959][T32703] RIP: 0033:0x7f66c83a4a39 [ 2092.204397][T32703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2092.224011][T32703] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2092.232447][T32703] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2092.240430][T32703] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2092.248406][T32703] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2092.256376][T32703] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2092.264344][T32703] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 15:44:40 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 2) 15:44:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc7b) [ 2092.417030][T32721] FAULT_INJECTION: forcing a failure. [ 2092.417030][T32721] name failslab, interval 1, probability 0, space 0, times 0 [ 2092.444310][T32721] CPU: 0 PID: 32721 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2092.453178][T32721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2092.463256][T32721] Call Trace: [ 2092.466580][T32721] dump_stack_lvl+0xcd/0x134 [ 2092.471198][T32721] should_fail.cold+0x5/0xa [ 2092.475732][T32721] ? alloc_pipe_info+0x1e0/0x590 [ 2092.480696][T32721] should_failslab+0x5/0x10 [ 2092.485218][T32721] __kmalloc+0x72/0x320 [ 2092.489406][T32721] alloc_pipe_info+0x1e0/0x590 [ 2092.494202][T32721] splice_direct_to_actor+0x6f1/0x8c0 [ 2092.499604][T32721] ? generic_file_splice_read+0x6d0/0x6d0 [ 2092.505472][T32721] ? apparmor_file_permission+0x264/0x4e0 [ 2092.511224][T32721] ? do_splice_to+0x250/0x250 15:44:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc7c) [ 2092.515930][T32721] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2092.522199][T32721] ? security_file_permission+0xab/0xd0 [ 2092.527786][T32721] do_splice_direct+0x1b3/0x280 [ 2092.532668][T32721] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2092.538257][T32721] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2092.544533][T32721] ? security_file_permission+0xab/0xd0 [ 2092.550124][T32721] do_sendfile+0xae9/0x1240 [ 2092.554668][T32721] ? do_pwritev+0x270/0x270 [ 2092.559197][T32721] ? __context_tracking_exit+0xb8/0xe0 [ 2092.564687][T32721] ? lock_downgrade+0x6e0/0x6e0 [ 2092.569571][T32721] ? lock_downgrade+0x6e0/0x6e0 [ 2092.574483][T32721] __x64_sys_sendfile64+0x1cc/0x210 [ 2092.579716][T32721] ? __ia32_sys_sendfile+0x220/0x220 [ 2092.585031][T32721] ? syscall_enter_from_user_mode+0x21/0x70 [ 2092.590981][T32721] do_syscall_64+0x35/0xb0 [ 2092.595420][T32721] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2092.601365][T32721] RIP: 0033:0x7f66c83a4a39 15:44:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc7d) [ 2092.605801][T32721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2092.625441][T32721] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2092.633880][T32721] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2092.641870][T32721] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2092.649864][T32721] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2092.657857][T32721] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2092.665848][T32721] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 15:44:40 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 3) [ 2092.778458][T32732] FAULT_INJECTION: forcing a failure. [ 2092.778458][T32732] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2092.795937][T32732] CPU: 0 PID: 32732 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2092.804750][T32732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2092.814815][T32732] Call Trace: [ 2092.818100][T32732] dump_stack_lvl+0xcd/0x134 [ 2092.822706][T32732] should_fail.cold+0x5/0xa [ 2092.827220][T32732] prepare_alloc_pages+0x17b/0x580 [ 2092.832353][T32732] __alloc_pages+0x12f/0x500 [ 2092.836947][T32732] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2092.843716][T32732] ? lock_downgrade+0x6e0/0x6e0 [ 2092.848594][T32732] alloc_pages+0x1a7/0x300 [ 2092.853163][T32732] __page_cache_alloc+0x303/0x3a0 [ 2092.858262][T32732] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2092.864260][T32732] page_cache_ra_unbounded+0x363/0x950 [ 2092.869740][T32732] ? read_pages+0x8d0/0x8d0 [ 2092.874262][T32732] ? lock_downgrade+0x6e0/0x6e0 [ 2092.879127][T32732] ? __lock_acquire+0xbc2/0x54a0 [ 2092.884087][T32732] ondemand_readahead+0x61e/0x11d0 [ 2092.889213][T32732] page_cache_sync_ra+0x1cb/0x200 [ 2092.894244][T32732] filemap_get_pages+0x2a6/0x1870 [ 2092.899455][T32732] ? is_bpf_text_address+0x77/0x170 [ 2092.904720][T32732] ? __lock_page_async+0x4d0/0x4d0 [ 2092.909959][T32732] filemap_read+0x2ca/0xe50 [ 2092.914581][T32732] ? __kernel_text_address+0x9/0x30 [ 2092.919816][T32732] ? filemap_get_pages+0x1870/0x1870 [ 2092.925151][T32732] ? apparmor_path_mkdir+0x440/0x720 [ 2092.930439][T32732] ? lock_downgrade+0x6e0/0x6e0 [ 2092.935342][T32732] generic_file_read_iter+0x397/0x4f0 [ 2092.940719][T32732] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2092.946982][T32732] ? __fsnotify_parent+0x488/0x9d0 [ 2092.952181][T32732] blkdev_read_iter+0x127/0x1c0 [ 2092.957111][T32732] generic_file_splice_read+0x453/0x6d0 [ 2092.962676][T32732] ? do_splice_direct+0x280/0x280 [ 2092.967756][T32732] ? security_file_permission+0xab/0xd0 [ 2092.973427][T32732] ? do_splice_direct+0x280/0x280 [ 2092.978481][T32732] do_splice_to+0x1bf/0x250 [ 2092.982990][T32732] splice_direct_to_actor+0x2c2/0x8c0 [ 2092.988368][T32732] ? generic_file_splice_read+0x6d0/0x6d0 [ 2092.994113][T32732] ? do_splice_to+0x250/0x250 [ 2092.998788][T32732] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2093.005035][T32732] ? security_file_permission+0xab/0xd0 [ 2093.010593][T32732] do_splice_direct+0x1b3/0x280 [ 2093.015450][T32732] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2093.021019][T32732] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2093.027265][T32732] ? security_file_permission+0xab/0xd0 [ 2093.032818][T32732] do_sendfile+0xae9/0x1240 [ 2093.037342][T32732] ? do_pwritev+0x270/0x270 [ 2093.041854][T32732] ? __context_tracking_exit+0xb8/0xe0 [ 2093.047405][T32732] ? lock_downgrade+0x6e0/0x6e0 [ 2093.052262][T32732] ? lock_downgrade+0x6e0/0x6e0 [ 2093.057123][T32732] __x64_sys_sendfile64+0x1cc/0x210 [ 2093.062326][T32732] ? __ia32_sys_sendfile+0x220/0x220 [ 2093.067618][T32732] ? syscall_enter_from_user_mode+0x21/0x70 [ 2093.073519][T32732] do_syscall_64+0x35/0xb0 [ 2093.077946][T32732] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2093.083846][T32732] RIP: 0033:0x7f66c83a4a39 [ 2093.088465][T32732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2093.108078][T32732] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2093.116493][T32732] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2093.124486][T32732] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2093.132457][T32732] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2093.140433][T32732] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2093.148507][T32732] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2093.171645][T32732] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2093.939578][ T8408] Bluetooth: hci7: command 0xfc11 tx timeout [ 2093.939593][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 2093.942353][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2093.945893][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2094.019679][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2096.029448][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:44:44 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfffffdfd) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x5) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:44:44 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc7e) 15:44:44 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 4) 15:44:44 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) 15:44:44 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_service_time_recursive\x00', 0x0, 0x0) ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000080)={0x0, 0x26, 0x8000}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2096.579294][T32747] Bluetooth: hci7: command 0xfc11 tx timeout [ 2096.579394][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2096.702852][T32766] FAULT_INJECTION: forcing a failure. [ 2096.702852][T32766] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2096.717723][T32766] CPU: 1 PID: 32766 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2096.726522][T32766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2096.736757][T32766] Call Trace: [ 2096.740056][T32766] dump_stack_lvl+0xcd/0x134 [ 2096.744684][T32766] should_fail.cold+0x5/0xa [ 2096.749231][T32766] prepare_alloc_pages+0x17b/0x580 [ 2096.754354][T32766] __alloc_pages+0x12f/0x500 [ 2096.758948][T32766] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2096.765828][T32766] ? lock_downgrade+0x6e0/0x6e0 [ 2096.770725][T32766] alloc_pages+0x1a7/0x300 [ 2096.775177][T32766] __page_cache_alloc+0x303/0x3a0 [ 2096.780204][T32766] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2096.786211][T32766] page_cache_ra_unbounded+0x363/0x950 [ 2096.791689][T32766] ? read_pages+0x8d0/0x8d0 [ 2096.796203][T32766] ? lock_downgrade+0x6e0/0x6e0 [ 2096.801063][T32766] ? __lock_acquire+0xbc2/0x54a0 [ 2096.806011][T32766] ondemand_readahead+0x61e/0x11d0 [ 2096.811144][T32766] page_cache_sync_ra+0x1cb/0x200 [ 2096.816189][T32766] filemap_get_pages+0x2a6/0x1870 [ 2096.821253][T32766] ? is_bpf_text_address+0x77/0x170 [ 2096.826577][T32766] ? __lock_page_async+0x4d0/0x4d0 [ 2096.831723][T32766] filemap_read+0x2ca/0xe50 [ 2096.836271][T32766] ? __kernel_text_address+0x9/0x30 [ 2096.841490][T32766] ? filemap_get_pages+0x1870/0x1870 [ 2096.846782][T32766] ? apparmor_path_mkdir+0x440/0x720 [ 2096.852075][T32766] ? lock_downgrade+0x6e0/0x6e0 [ 2096.856946][T32766] generic_file_read_iter+0x397/0x4f0 [ 2096.862334][T32766] ? ___slab_alloc+0xcb5/0x1050 [ 2096.867205][T32766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2096.873464][T32766] ? __fsnotify_parent+0x488/0x9d0 [ 2096.878582][T32766] blkdev_read_iter+0x127/0x1c0 [ 2096.883457][T32766] generic_file_splice_read+0x453/0x6d0 [ 2096.889023][T32766] ? do_splice_direct+0x280/0x280 [ 2096.894060][T32766] ? security_file_permission+0xab/0xd0 [ 2096.899623][T32766] ? do_splice_direct+0x280/0x280 [ 2096.904654][T32766] do_splice_to+0x1bf/0x250 [ 2096.909188][T32766] splice_direct_to_actor+0x2c2/0x8c0 [ 2096.914585][T32766] ? generic_file_splice_read+0x6d0/0x6d0 [ 2096.920314][T32766] ? do_splice_to+0x250/0x250 [ 2096.924995][T32766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2096.931256][T32766] ? security_file_permission+0xab/0xd0 [ 2096.936832][T32766] do_splice_direct+0x1b3/0x280 [ 2096.941707][T32766] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2096.947264][T32766] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2096.953511][T32766] ? security_file_permission+0xab/0xd0 [ 2096.959069][T32766] do_sendfile+0xae9/0x1240 [ 2096.963766][T32766] ? do_pwritev+0x270/0x270 [ 2096.968276][T32766] ? __context_tracking_exit+0xb8/0xe0 [ 2096.973928][T32766] ? lock_downgrade+0x6e0/0x6e0 [ 2096.978797][T32766] ? lock_downgrade+0x6e0/0x6e0 [ 2096.983741][T32766] __x64_sys_sendfile64+0x1cc/0x210 [ 2096.988946][T32766] ? __ia32_sys_sendfile+0x220/0x220 [ 2096.994253][T32766] ? syscall_enter_from_user_mode+0x21/0x70 [ 2097.000160][T32766] do_syscall_64+0x35/0xb0 [ 2097.004579][T32766] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2097.010494][T32766] RIP: 0033:0x7f66c83a4a39 [ 2097.014922][T32766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2097.034533][T32766] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2097.042961][T32766] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2097.050931][T32766] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2097.058899][T32766] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2097.066873][T32766] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2097.074852][T32766] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2097.093041][T32766] vcan0: tx drop: invalid da for name 0x0000000000000003 15:44:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 5) [ 2097.140075][ T158] Bluetooth: hci7: Frame reassembly failed (-84) 15:44:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc7f) 15:44:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x4000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x2c91}}, './file0\x00'}) ioctl$KDADDIO(r1, 0x400455c8, 0x66f) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000080)={0x0, 0x800, 0xe776, 0x1, 0x16, "98adff00c7f991210c9f07d2a870ee84f90db8"}) [ 2097.326138][ T317] FAULT_INJECTION: forcing a failure. [ 2097.326138][ T317] name failslab, interval 1, probability 0, space 0, times 0 [ 2097.339404][ T317] CPU: 1 PID: 317 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2097.348017][ T317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2097.358150][ T317] Call Trace: [ 2097.361557][ T317] dump_stack_lvl+0xcd/0x134 [ 2097.366265][ T317] should_fail.cold+0x5/0xa [ 2097.370891][ T317] ? xas_alloc+0x330/0x440 [ 2097.375332][ T317] should_failslab+0x5/0x10 [ 2097.379949][ T317] kmem_cache_alloc+0x5e/0x390 [ 2097.385112][ T317] xas_alloc+0x330/0x440 [ 2097.389384][ T317] xas_create+0x56a/0x1070 [ 2097.393842][ T317] xas_store+0x8a/0x1bc0 [ 2097.398137][ T317] ? xas_start+0x157/0x730 [ 2097.402593][ T317] ? xas_find_conflict+0x3e3/0x8a0 [ 2097.407747][ T317] __add_to_page_cache_locked+0x6fd/0x1050 [ 2097.413594][ T317] ? __filemap_fdatawrite_range+0xe0/0xe0 [ 2097.419343][ T317] ? lock_downgrade+0x6e0/0x6e0 [ 2097.424230][ T317] ? __page_memcg+0x250/0x250 [ 2097.428941][ T317] add_to_page_cache_lru+0x173/0x5c0 [ 2097.434253][ T317] ? add_to_page_cache_locked+0x40/0x40 [ 2097.439810][ T317] ? __page_cache_alloc+0x10d/0x3a0 [ 2097.445021][ T317] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2097.451190][ T317] page_cache_ra_unbounded+0x3c6/0x950 [ 2097.456665][ T317] ? read_pages+0x8d0/0x8d0 [ 2097.461181][ T317] ? lock_downgrade+0x6e0/0x6e0 [ 2097.466035][ T317] ? __lock_acquire+0xbc2/0x54a0 [ 2097.470983][ T317] ondemand_readahead+0x61e/0x11d0 [ 2097.476108][ T317] page_cache_sync_ra+0x1cb/0x200 [ 2097.481143][ T317] filemap_get_pages+0x2a6/0x1870 [ 2097.486267][ T317] ? is_bpf_text_address+0x77/0x170 [ 2097.491472][ T317] ? __lock_page_async+0x4d0/0x4d0 [ 2097.496604][ T317] filemap_read+0x2ca/0xe50 [ 2097.501107][ T317] ? __kernel_text_address+0x9/0x30 [ 2097.506324][ T317] ? filemap_get_pages+0x1870/0x1870 [ 2097.511615][ T317] ? apparmor_path_mkdir+0x440/0x720 [ 2097.517356][ T317] ? lock_downgrade+0x6e0/0x6e0 [ 2097.522316][ T317] generic_file_read_iter+0x397/0x4f0 [ 2097.527694][ T317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2097.534131][ T317] ? __fsnotify_parent+0x488/0x9d0 [ 2097.539259][ T317] blkdev_read_iter+0x127/0x1c0 [ 2097.544238][ T317] generic_file_splice_read+0x453/0x6d0 [ 2097.549793][ T317] ? do_splice_direct+0x280/0x280 [ 2097.554849][ T317] ? security_file_permission+0xab/0xd0 [ 2097.560400][ T317] ? do_splice_direct+0x280/0x280 [ 2097.565427][ T317] do_splice_to+0x1bf/0x250 [ 2097.569944][ T317] splice_direct_to_actor+0x2c2/0x8c0 [ 2097.575336][ T317] ? generic_file_splice_read+0x6d0/0x6d0 [ 2097.581085][ T317] ? do_splice_to+0x250/0x250 [ 2097.585828][ T317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2097.592095][ T317] ? security_file_permission+0xab/0xd0 [ 2097.597665][ T317] do_splice_direct+0x1b3/0x280 [ 2097.602525][ T317] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2097.608103][ T317] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2097.614349][ T317] ? security_file_permission+0xab/0xd0 [ 2097.619906][ T317] do_sendfile+0xae9/0x1240 [ 2097.624427][ T317] ? do_pwritev+0x270/0x270 [ 2097.628939][ T317] ? __context_tracking_exit+0xb8/0xe0 [ 2097.634509][ T317] ? lock_downgrade+0x6e0/0x6e0 [ 2097.639537][ T317] ? lock_downgrade+0x6e0/0x6e0 [ 2097.644401][ T317] __x64_sys_sendfile64+0x1cc/0x210 [ 2097.649625][ T317] ? __ia32_sys_sendfile+0x220/0x220 [ 2097.654933][ T317] ? syscall_enter_from_user_mode+0x21/0x70 [ 2097.660838][ T317] do_syscall_64+0x35/0xb0 [ 2097.665254][ T317] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2097.671154][ T317] RIP: 0033:0x7f66c83a4a39 [ 2097.675571][ T317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2097.695194][ T317] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2097.703618][ T317] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2097.711603][ T317] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2097.719676][ T317] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 15:44:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc80) 15:44:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r5, 0x3, 0x0) r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r6, 0x3, 0x0) dup3(r5, r6, 0x0) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0) ioctl$KDADDIO(r5, 0x400455c8, 0x9) [ 2097.727654][ T317] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2097.735727][ T317] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 15:44:45 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket(0x18, 0x0, 0x0) close(r3) r4 = socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000480)={0x1d, r6, 0x0, {0x0, 0xf0}}, 0x18) connect$can_j1939(r3, &(0x7f0000000000)={0x1d, r6}, 0x18) sendfile(r3, r2, 0x0, 0x80005) bind$can_j1939(r3, &(0x7f0000000140)={0x1d, r6, 0x3, {0x0, 0x0, 0x4}}, 0x18) recvmmsg$unix(r3, &(0x7f0000004580)=[{{&(0x7f0000000080)=@abs, 0x6e, &(0x7f0000000500)=[{&(0x7f0000000100)=""/21, 0x15}, {&(0x7f0000000180)=""/196, 0xc4}, {&(0x7f0000000280)=""/89, 0x59}, {&(0x7f0000000300)}, {&(0x7f0000000340)=""/144, 0x90}, {&(0x7f0000000400)=""/245, 0xf5}], 0x6, &(0x7f0000000580)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x118}}, {{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f00000006c0)=""/156, 0x9c}, {&(0x7f0000000780)=""/110, 0x6e}, {&(0x7f0000000800)=""/151, 0x97}, {&(0x7f00000008c0)=""/221, 0xdd}, {&(0x7f00000009c0)=""/132, 0x84}], 0x5, &(0x7f0000000b00)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x88}}, {{&(0x7f0000000bc0)=@abs, 0x6e, &(0x7f0000001cc0)=[{&(0x7f0000000c40)=""/4096, 0x1000}, {&(0x7f0000001c40)=""/128, 0x80}], 0x2, &(0x7f0000001d00)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f0000001d40)=@abs, 0x6e, &(0x7f0000003ec0)=[{&(0x7f0000001dc0)=""/37, 0x25}, {&(0x7f0000001e00)=""/87, 0x57}, {&(0x7f0000001e80)=""/4096, 0x1000}, {&(0x7f0000002e80)=""/4096, 0x1000}, {&(0x7f0000003e80)=""/14, 0xe}], 0x5}}, {{&(0x7f0000003f40)=@abs, 0x6e, &(0x7f00000044c0)=[{&(0x7f0000003fc0)=""/27, 0x1b}, {&(0x7f0000004000)=""/98, 0x62}, {&(0x7f0000004080)=""/71, 0x47}, {&(0x7f0000004100)=""/137, 0x89}, {&(0x7f00000041c0)=""/90, 0x5a}, {&(0x7f0000004240)=""/228, 0xe4}, {&(0x7f0000004340)=""/27, 0x1b}, {&(0x7f0000004380)=""/11, 0xb}, {&(0x7f00000043c0)=""/84, 0x54}, {&(0x7f0000004440)=""/97, 0x61}], 0xa}}], 0x5, 0x40000040, &(0x7f00000046c0)={0x77359400}) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r7, 0x3, 0x0) dup3(r1, r7, 0x0) r8 = signalfd4(r1, &(0x7f0000000040)={[0x8]}, 0x8, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x1f) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2097.790337][ T317] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2098.419789][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 2098.426128][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 [ 2098.739008][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2099.138933][ T9503] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2099.139142][T32746] Bluetooth: hci7: command 0xfc11 tx timeout [ 2101.308543][T21576] Bluetooth: hci6: command 0xfc11 tx timeout [ 2101.310023][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:44:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xffffff7f) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:49 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 6) 15:44:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc81) 15:44:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000000)) ioctl$KDADDIO(r0, 0x400455c8, 0x800000100000001) 15:44:49 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCGISO7816(r1, 0x80285442, &(0x7f0000000000)) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:44:49 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x7, 0x30, r0, 0xa3df8000) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x4) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2101.483362][ T365] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2101.486405][ T362] FAULT_INJECTION: forcing a failure. [ 2101.486405][ T362] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2101.514950][ T369] debugfs: Directory 'hci9' with parent 'bluetooth' already present! 15:44:49 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc82) [ 2101.548867][ T1209] Bluetooth: hci8: Frame reassembly failed (-84) [ 2101.625820][ T362] CPU: 1 PID: 362 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2101.634482][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2101.644563][ T362] Call Trace: [ 2101.647865][ T362] dump_stack_lvl+0xcd/0x134 [ 2101.652494][ T362] should_fail.cold+0x5/0xa [ 2101.657075][ T362] prepare_alloc_pages+0x17b/0x580 [ 2101.662257][ T362] __alloc_pages+0x12f/0x500 [ 2101.666881][ T362] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2101.673678][ T362] ? lock_downgrade+0x6e0/0x6e0 [ 2101.678581][ T362] alloc_pages+0x1a7/0x300 [ 2101.683040][ T362] __page_cache_alloc+0x303/0x3a0 [ 2101.688149][ T362] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2101.694435][ T362] page_cache_ra_unbounded+0x363/0x950 [ 2101.699990][ T362] ? read_pages+0x8d0/0x8d0 [ 2101.704532][ T362] ? lock_downgrade+0x6e0/0x6e0 [ 2101.709429][ T362] ? __lock_acquire+0xbc2/0x54a0 [ 2101.714402][ T362] ondemand_readahead+0x61e/0x11d0 [ 2101.719567][ T362] page_cache_sync_ra+0x1cb/0x200 [ 2101.724639][ T362] filemap_get_pages+0x2a6/0x1870 [ 2101.729712][ T362] ? is_bpf_text_address+0x77/0x170 [ 2101.734946][ T362] ? __lock_page_async+0x4d0/0x4d0 [ 2101.740107][ T362] filemap_read+0x2ca/0xe50 [ 2101.744656][ T362] ? __kernel_text_address+0x9/0x30 [ 2101.749912][ T362] ? filemap_get_pages+0x1870/0x1870 [ 2101.755236][ T362] ? apparmor_path_mkdir+0x440/0x720 [ 2101.760561][ T362] ? lock_downgrade+0x6e0/0x6e0 [ 2101.765469][ T362] generic_file_read_iter+0x397/0x4f0 [ 2101.770855][ T362] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2101.777103][ T362] ? __fsnotify_parent+0x488/0x9d0 [ 2101.782223][ T362] blkdev_read_iter+0x127/0x1c0 [ 2101.787093][ T362] generic_file_splice_read+0x453/0x6d0 [ 2101.792653][ T362] ? do_splice_direct+0x280/0x280 [ 2101.797710][ T362] ? security_file_permission+0xab/0xd0 [ 2101.803264][ T362] ? do_splice_direct+0x280/0x280 [ 2101.808297][ T362] do_splice_to+0x1bf/0x250 [ 2101.812829][ T362] splice_direct_to_actor+0x2c2/0x8c0 [ 2101.818213][ T362] ? generic_file_splice_read+0x6d0/0x6d0 [ 2101.823965][ T362] ? do_splice_to+0x250/0x250 [ 2101.828731][ T362] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2101.834979][ T362] ? security_file_permission+0xab/0xd0 [ 2101.840534][ T362] do_splice_direct+0x1b3/0x280 [ 2101.845393][ T362] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2101.850946][ T362] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2101.857193][ T362] ? security_file_permission+0xab/0xd0 [ 2101.862749][ T362] do_sendfile+0xae9/0x1240 [ 2101.867267][ T362] ? do_pwritev+0x270/0x270 [ 2101.871809][ T362] ? __context_tracking_exit+0xb8/0xe0 [ 2101.877288][ T362] ? lock_downgrade+0x6e0/0x6e0 [ 2101.882161][ T362] ? lock_downgrade+0x6e0/0x6e0 [ 2101.887043][ T362] __x64_sys_sendfile64+0x1cc/0x210 [ 2101.892257][ T362] ? __ia32_sys_sendfile+0x220/0x220 [ 2101.897563][ T362] ? syscall_enter_from_user_mode+0x21/0x70 [ 2101.903560][ T362] do_syscall_64+0x35/0xb0 [ 2101.907995][ T362] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2101.913896][ T362] RIP: 0033:0x7f66c83a4a39 [ 2101.918323][ T362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2101.938054][ T362] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2101.946503][ T362] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2101.954605][ T362] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2101.962591][ T362] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 15:44:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc83) [ 2101.970575][ T362] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2101.978546][ T362] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2102.043735][ T362] vcan0: tx drop: invalid da for name 0x0000000000000003 15:44:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc84) 15:44:50 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 7) [ 2102.166513][ T387] FAULT_INJECTION: forcing a failure. [ 2102.166513][ T387] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2102.180160][ T387] CPU: 0 PID: 387 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2102.188784][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2102.198866][ T387] Call Trace: [ 2102.202162][ T387] dump_stack_lvl+0xcd/0x134 [ 2102.206780][ T387] should_fail.cold+0x5/0xa [ 2102.211296][ T387] prepare_alloc_pages+0x17b/0x580 [ 2102.216451][ T387] __alloc_pages+0x12f/0x500 [ 2102.221054][ T387] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2102.227848][ T387] ? lock_downgrade+0x6e0/0x6e0 [ 2102.232751][ T387] alloc_pages+0x1a7/0x300 [ 2102.237209][ T387] __page_cache_alloc+0x303/0x3a0 [ 2102.242242][ T387] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2102.248271][ T387] page_cache_ra_unbounded+0x363/0x950 [ 2102.253762][ T387] ? read_pages+0x8d0/0x8d0 [ 2102.258270][ T387] ? lock_downgrade+0x6e0/0x6e0 [ 2102.263176][ T387] ? __lock_acquire+0xbc2/0x54a0 [ 2102.268135][ T387] ondemand_readahead+0x61e/0x11d0 [ 2102.273279][ T387] page_cache_sync_ra+0x1cb/0x200 [ 2102.278327][ T387] filemap_get_pages+0x2a6/0x1870 [ 2102.283375][ T387] ? is_bpf_text_address+0x77/0x170 [ 2102.288579][ T387] ? __lock_page_async+0x4d0/0x4d0 [ 2102.293737][ T387] filemap_read+0x2ca/0xe50 [ 2102.298239][ T387] ? __kernel_text_address+0x9/0x30 [ 2102.303507][ T387] ? filemap_get_pages+0x1870/0x1870 [ 2102.308795][ T387] ? apparmor_path_mkdir+0x440/0x720 [ 2102.314101][ T387] ? lock_downgrade+0x6e0/0x6e0 [ 2102.318971][ T387] generic_file_read_iter+0x397/0x4f0 [ 2102.324360][ T387] ? ___slab_alloc+0xcb5/0x1050 [ 2102.329356][ T387] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2102.335688][ T387] ? __fsnotify_parent+0x488/0x9d0 [ 2102.340911][ T387] blkdev_read_iter+0x127/0x1c0 [ 2102.345807][ T387] generic_file_splice_read+0x453/0x6d0 [ 2102.351361][ T387] ? do_splice_direct+0x280/0x280 [ 2102.356413][ T387] ? security_file_permission+0xab/0xd0 [ 2102.361965][ T387] ? do_splice_direct+0x280/0x280 [ 2102.367014][ T387] do_splice_to+0x1bf/0x250 [ 2102.371541][ T387] splice_direct_to_actor+0x2c2/0x8c0 [ 2102.376929][ T387] ? generic_file_splice_read+0x6d0/0x6d0 [ 2102.382657][ T387] ? do_splice_to+0x250/0x250 [ 2102.387370][ T387] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2102.393610][ T387] ? security_file_permission+0xab/0xd0 [ 2102.399171][ T387] do_splice_direct+0x1b3/0x280 [ 2102.404054][ T387] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2102.409609][ T387] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2102.415868][ T387] ? security_file_permission+0xab/0xd0 [ 2102.421427][ T387] do_sendfile+0xae9/0x1240 [ 2102.425977][ T387] ? do_pwritev+0x270/0x270 [ 2102.430483][ T387] ? __context_tracking_exit+0xb8/0xe0 [ 2102.435981][ T387] ? lock_downgrade+0x6e0/0x6e0 [ 2102.440840][ T387] ? lock_downgrade+0x6e0/0x6e0 [ 2102.445712][ T387] __x64_sys_sendfile64+0x1cc/0x210 [ 2102.450918][ T387] ? __ia32_sys_sendfile+0x220/0x220 [ 2102.456240][ T387] ? syscall_enter_from_user_mode+0x21/0x70 [ 2102.462156][ T387] do_syscall_64+0x35/0xb0 [ 2102.466592][ T387] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2102.472487][ T387] RIP: 0033:0x7f66c83a4a39 [ 2102.476942][ T387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.496580][ T387] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2102.504991][ T387] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 15:44:50 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc85) [ 2102.512957][ T387] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2102.520925][ T387] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2102.528910][ T387] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2102.536892][ T387] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2102.575182][ T387] vcan0: tx drop: invalid da for name 0x0000000000000003 15:44:50 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 8) [ 2102.671291][ T392] FAULT_INJECTION: forcing a failure. [ 2102.671291][ T392] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2102.685435][ T392] CPU: 0 PID: 392 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2102.694038][ T392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2102.704136][ T392] Call Trace: [ 2102.707444][ T392] dump_stack_lvl+0xcd/0x134 [ 2102.712064][ T392] should_fail.cold+0x5/0xa [ 2102.716602][ T392] prepare_alloc_pages+0x17b/0x580 [ 2102.721743][ T392] __alloc_pages+0x12f/0x500 [ 2102.726348][ T392] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2102.733124][ T392] ? lock_downgrade+0x6e0/0x6e0 [ 2102.738037][ T392] alloc_pages+0x1a7/0x300 [ 2102.742598][ T392] __page_cache_alloc+0x303/0x3a0 [ 2102.747627][ T392] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2102.753641][ T392] page_cache_ra_unbounded+0x363/0x950 [ 2102.759150][ T392] ? read_pages+0x8d0/0x8d0 [ 2102.763686][ T392] ? lock_downgrade+0x6e0/0x6e0 [ 2102.768557][ T392] ? __lock_acquire+0xbc2/0x54a0 [ 2102.773533][ T392] ondemand_readahead+0x61e/0x11d0 [ 2102.778686][ T392] page_cache_sync_ra+0x1cb/0x200 [ 2102.783832][ T392] filemap_get_pages+0x2a6/0x1870 [ 2102.788874][ T392] ? is_bpf_text_address+0x77/0x170 [ 2102.794111][ T392] ? __lock_page_async+0x4d0/0x4d0 [ 2102.799237][ T392] filemap_read+0x2ca/0xe50 [ 2102.803742][ T392] ? __kernel_text_address+0x9/0x30 [ 2102.808962][ T392] ? filemap_get_pages+0x1870/0x1870 [ 2102.814263][ T392] ? apparmor_path_mkdir+0x440/0x720 [ 2102.819728][ T392] ? lock_downgrade+0x6e0/0x6e0 [ 2102.824599][ T392] generic_file_read_iter+0x397/0x4f0 [ 2102.829989][ T392] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2102.836241][ T392] ? __fsnotify_parent+0x488/0x9d0 [ 2102.841359][ T392] blkdev_read_iter+0x127/0x1c0 [ 2102.846219][ T392] generic_file_splice_read+0x453/0x6d0 [ 2102.851791][ T392] ? do_splice_direct+0x280/0x280 [ 2102.856954][ T392] ? security_file_permission+0xab/0xd0 [ 2102.862528][ T392] ? do_splice_direct+0x280/0x280 [ 2102.867562][ T392] do_splice_to+0x1bf/0x250 [ 2102.872071][ T392] splice_direct_to_actor+0x2c2/0x8c0 [ 2102.877449][ T392] ? generic_file_splice_read+0x6d0/0x6d0 [ 2102.883199][ T392] ? do_splice_to+0x250/0x250 [ 2102.887879][ T392] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2102.894144][ T392] ? security_file_permission+0xab/0xd0 [ 2102.899698][ T392] do_splice_direct+0x1b3/0x280 [ 2102.904557][ T392] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2102.910124][ T392] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2102.916369][ T392] ? security_file_permission+0xab/0xd0 [ 2102.921936][ T392] do_sendfile+0xae9/0x1240 [ 2102.926453][ T392] ? do_pwritev+0x270/0x270 [ 2102.930962][ T392] ? __context_tracking_exit+0xb8/0xe0 [ 2102.936431][ T392] ? lock_downgrade+0x6e0/0x6e0 [ 2102.941290][ T392] ? lock_downgrade+0x6e0/0x6e0 [ 2102.946173][ T392] __x64_sys_sendfile64+0x1cc/0x210 [ 2102.951392][ T392] ? __ia32_sys_sendfile+0x220/0x220 [ 2102.956861][ T392] ? syscall_enter_from_user_mode+0x21/0x70 [ 2102.962765][ T392] do_syscall_64+0x35/0xb0 [ 2102.967183][ T392] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2102.973085][ T392] RIP: 0033:0x7f66c83a4a39 [ 2102.977508][ T392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.997118][ T392] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2103.005540][ T392] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2103.013527][ T392] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2103.021498][ T392] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2103.029500][ T392] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2103.037475][ T392] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2103.065197][ T392] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2103.458355][ T9503] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2103.540780][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2103.541589][T32747] Bluetooth: hci7: command 0xfc11 tx timeout [ 2103.603269][ T9503] Bluetooth: hci6: sending frame failed (-49) [ 2103.618878][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2103.626800][T21576] Bluetooth: hci9: command 0x1003 tx timeout [ 2103.634375][T23375] Bluetooth: hci9: sending frame failed (-49) 15:44:52 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xffffff97) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:44:52 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc86) 15:44:52 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 9) [ 2104.179720][ T411] FAULT_INJECTION: forcing a failure. [ 2104.179720][ T411] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2104.210873][ T411] CPU: 1 PID: 411 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2104.219526][ T411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2104.229604][ T411] Call Trace: [ 2104.232901][ T411] dump_stack_lvl+0xcd/0x134 [ 2104.237553][ T411] should_fail.cold+0x5/0xa [ 2104.242085][ T411] prepare_alloc_pages+0x17b/0x580 [ 2104.247237][ T411] __alloc_pages+0x12f/0x500 [ 2104.251854][ T411] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2104.258644][ T411] ? lock_downgrade+0x6e0/0x6e0 [ 2104.263547][ T411] alloc_pages+0x1a7/0x300 [ 2104.268000][ T411] __page_cache_alloc+0x303/0x3a0 [ 2104.273059][ T411] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2104.279081][ T411] page_cache_ra_unbounded+0x363/0x950 [ 2104.284596][ T411] ? read_pages+0x8d0/0x8d0 [ 2104.289137][ T411] ? lock_downgrade+0x6e0/0x6e0 [ 2104.294018][ T411] ? __lock_acquire+0xbc2/0x54a0 [ 2104.298999][ T411] ondemand_readahead+0x61e/0x11d0 [ 2104.304157][ T411] page_cache_sync_ra+0x1cb/0x200 [ 2104.309221][ T411] filemap_get_pages+0x2a6/0x1870 [ 2104.314330][ T411] ? is_bpf_text_address+0x77/0x170 [ 2104.319542][ T411] ? __lock_page_async+0x4d0/0x4d0 [ 2104.324679][ T411] filemap_read+0x2ca/0xe50 [ 2104.329179][ T411] ? __kernel_text_address+0x9/0x30 [ 2104.334388][ T411] ? filemap_get_pages+0x1870/0x1870 [ 2104.339675][ T411] ? apparmor_path_mkdir+0x440/0x720 [ 2104.344962][ T411] ? lock_downgrade+0x6e0/0x6e0 [ 2104.349837][ T411] generic_file_read_iter+0x397/0x4f0 [ 2104.355220][ T411] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2104.361552][ T411] ? __fsnotify_parent+0x488/0x9d0 [ 2104.366683][ T411] blkdev_read_iter+0x127/0x1c0 [ 2104.371530][ T411] generic_file_splice_read+0x453/0x6d0 [ 2104.377073][ T411] ? do_splice_direct+0x280/0x280 [ 2104.382117][ T411] ? security_file_permission+0xab/0xd0 [ 2104.387693][ T411] ? do_splice_direct+0x280/0x280 [ 2104.392740][ T411] do_splice_to+0x1bf/0x250 [ 2104.397244][ T411] splice_direct_to_actor+0x2c2/0x8c0 [ 2104.402668][ T411] ? generic_file_splice_read+0x6d0/0x6d0 [ 2104.408389][ T411] ? do_splice_to+0x250/0x250 [ 2104.413068][ T411] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2104.419328][ T411] ? security_file_permission+0xab/0xd0 [ 2104.424871][ T411] do_splice_direct+0x1b3/0x280 [ 2104.429721][ T411] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2104.435267][ T411] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2104.441530][ T411] ? security_file_permission+0xab/0xd0 [ 2104.447184][ T411] do_sendfile+0xae9/0x1240 [ 2104.451691][ T411] ? do_pwritev+0x270/0x270 [ 2104.456188][ T411] ? __context_tracking_exit+0xb8/0xe0 [ 2104.461646][ T411] ? lock_downgrade+0x6e0/0x6e0 [ 2104.466514][ T411] ? lock_downgrade+0x6e0/0x6e0 [ 2104.471359][ T411] __x64_sys_sendfile64+0x1cc/0x210 [ 2104.476571][ T411] ? __ia32_sys_sendfile+0x220/0x220 [ 2104.481855][ T411] ? syscall_enter_from_user_mode+0x21/0x70 [ 2104.487762][ T411] do_syscall_64+0x35/0xb0 [ 2104.492180][ T411] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2104.498068][ T411] RIP: 0033:0x7f66c83a4a39 [ 2104.502473][ T411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2104.522072][ T411] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2104.530476][ T411] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2104.538446][ T411] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2104.546426][ T411] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2104.554404][ T411] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000001 [ 2104.562398][ T411] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2104.588903][ T411] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2105.618154][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2105.618337][T32747] Bluetooth: hci6: command 0xfc11 tx timeout [ 2105.707395][T32747] Bluetooth: hci9: command 0x1001 tx timeout [ 2105.714846][T11206] Bluetooth: hci9: sending frame failed (-49) [ 2106.258017][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2106.779725][T11654] Bluetooth: hci6: Frame reassembly failed (-84) [ 2107.777663][T18048] Bluetooth: hci9: command 0x1009 tx timeout [ 2108.817798][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) 15:45:00 executing program 2: ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, &(0x7f00000000c0)={0x7, "17c42c34c059356ea4a23564bd78610744f61de4d981e81c3f2044e6277ebafd", 0x2}) unlink(&(0x7f0000000000)='./file0\x00') r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = open(&(0x7f0000000080)='./file0\x00', 0x80000, 0x2) ioctl$KDADDIO(r1, 0x400455c8, 0xfffffffffffffffa) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x18}, 0x10) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r3, 0xc0845658, &(0x7f0000000180)={0x0, @reserved}) r5 = dup2(r0, r2) fcntl$lock(r5, 0x24, &(0x7f0000000100)={0x1, 0x0, 0x5d, 0x6}) 15:45:00 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r1, 0x4018f50b, &(0x7f0000000000)={0x1, 0x10000, 0x4}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) vmsplice(r2, &(0x7f0000000700)=[{&(0x7f0000000240)="c7dc680ca115d37f72ee511880dcf5264a2deeb223c5c92304a99b74a2035e200b2888f4136eb630bdcc59f2ed9ae36e632c8440ae5c80978c226c003238cb77224ce066e90bb35d068c861c569ae1354530a00250b502f1bc763ec082d025b697a9e1c5eaba398f1e8219fdc3893eb1ac37bb9a62d53847881e83bbed3000e6a6313346e8ffbd66d092011a33e77bf436a7e6bff5cba27bb4f7b78607e82384cd336dc1c19d3f38", 0xa8}, {&(0x7f0000000300)="2f3722bbea1855933cf2ed585811886782a63195c7a8f5d4dc73f46594d57b694ae3e307dc030d3da9b3af1ca99a2423119c552c451189e25ab0cd536430d1b506b747698dfffc147475c4cec3da8d3bbbe618566a3d6371bf5a18a821ed75ee96e103ebc322be17bfe9cc36fd96642133cf5d0ca14d5e010ce37b232e07488f741fb338c47532dcf7667c071654501f12324b9b566754502d0ae97175880325789947f701b6eb0079a050e4e3e81e3813c335a15ed27c1ed15ccdaa321af447afa77f7eb212328dfa8c574a5a66bf9779cb869dd0642e9d324135c9ebb579da04e07a413c2926eaad5082569bb2945f4e402f3ba642fa8aa7576fde47", 0xfd}, {&(0x7f0000000500)="5d38b13b44f232351791bd785aa1c0c269c224ac02d7a795700a94a55edfcab136e861d78b0ed250a054e562d2f5a9560c05e9971bac4b4ded04b9aa9e68d213272f44237e756772bb19151ba7f76fea7771556019131487e97162441ba092fca81ba2b10d3370205e9445ec4e539206a3bc0fc005e738ecff6dad88814cc6017618e9392d1f3375827bcd332c160a8beeb3dba7878835c05262884a53805fd65e52c50a6ce6bffcdbf64ce2cceb136c131486f0bfdd1ff7a18f74cf57d13a37b9efb95cec8bc02f4296", 0xca}, {&(0x7f0000000400)="dbb569eab305a089db9a27a16842870826c0b18413aff401fde96f4c8fc2cd560e22790d3dabf263890a8dd4b904e05d2738b0b5e8226580d6e2fdda5c5a609abef5934c2d5d68d2edd3f820d1ca4c97dcbabd85f300d6593a9241f84543db2d7d63869f67e9487ebd4118399f114b3365f7c38af381ddcdc2920b43b8a7345e9520581a1052c9f0b2e3293359594e00edf59e22992c3f796ea6507ad7c9bb56a30815a2d9b06a5903084c9453fa", 0xae}, {&(0x7f0000000600)="bcdde987c3ebc31225e29fae895722a66fd79dcc452e4bb6018d2550ce3163fecc1042361c68a7839caa3517304c24e1bc1bbc77a92f47cf587f56f39f6ed041d9a94e17ff49137df4dee16ec57166bcf36e0616fc5aaa4a8dcc12beb954f8f76b29889debc916bcb7928d1d6f59dc5946d2e3cfaf055c554e167a3600385559339a135435aca94f89842e259de7c97c604b74ea8a8037fdf4b359a8078c7b8f05a43accab107a057bcd84771c25b3567434890c91d13b87d7c5832d0f2e91a758686619a82672a4a8ef", 0xca}], 0x5, 0x1) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000007c0), 0x10000, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000780), r5) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) r6 = openat$cgroup_netprio_ifpriomap(r4, &(0x7f0000000200), 0x2, 0x0) lseek(r6, 0x1, 0x4) ioctl$TCSETS(r3, 0x5402, &(0x7f00000001c0)={0xffff, 0x14400000, 0x80, 0x7, 0xe, "2b9544bbb654c41f4bbe1c126c328322363592"}) 15:45:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc87) 15:45:00 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfffffff5) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:45:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 10) 15:45:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x404882, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) dup3(r3, r4, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000100)=0xe) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f00000000c0)=0x3) dup3(r1, r2, 0x0) ioctl$TIOCGRS485(r0, 0x542e, &(0x7f0000000080)) ioctl$KDGETLED(r1, 0x4b31, &(0x7f0000000000)) [ 2111.995312][ T148] Bluetooth: hci6: Frame reassembly failed (-84) [ 2111.995384][ T443] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2112.009873][ T442] FAULT_INJECTION: forcing a failure. [ 2112.009873][ T442] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2112.009910][ T442] CPU: 1 PID: 442 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2112.009937][ T442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2112.009953][ T442] Call Trace: [ 2112.009963][ T442] dump_stack_lvl+0xcd/0x134 [ 2112.009997][ T442] should_fail.cold+0x5/0xa [ 2112.010031][ T442] prepare_alloc_pages+0x17b/0x580 [ 2112.010069][ T442] __alloc_pages+0x12f/0x500 [ 2112.064346][ T442] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2112.071159][ T442] ? lock_downgrade+0x6e0/0x6e0 [ 2112.076066][ T442] alloc_pages+0x1a7/0x300 [ 2112.080522][ T442] __page_cache_alloc+0x303/0x3a0 [ 2112.085573][ T442] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2112.091599][ T442] page_cache_ra_unbounded+0x363/0x950 [ 2112.097108][ T442] ? read_pages+0x8d0/0x8d0 [ 2112.101685][ T442] ? lock_downgrade+0x6e0/0x6e0 [ 2112.106565][ T442] ? __lock_acquire+0xbc2/0x54a0 [ 2112.111574][ T442] ondemand_readahead+0x61e/0x11d0 [ 2112.116756][ T442] page_cache_sync_ra+0x1cb/0x200 [ 2112.121820][ T442] filemap_get_pages+0x2a6/0x1870 [ 2112.126888][ T442] ? is_bpf_text_address+0x77/0x170 [ 2112.132149][ T442] ? __lock_page_async+0x4d0/0x4d0 [ 2112.137305][ T442] filemap_read+0x2ca/0xe50 [ 2112.141832][ T442] ? __kernel_text_address+0x9/0x30 [ 2112.147277][ T442] ? filemap_get_pages+0x1870/0x1870 [ 2112.152707][ T442] ? apparmor_path_mkdir+0x440/0x720 [ 2112.158030][ T442] ? lock_downgrade+0x6e0/0x6e0 [ 2112.162937][ T442] generic_file_read_iter+0x397/0x4f0 [ 2112.168350][ T442] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2112.174631][ T442] ? __fsnotify_parent+0x488/0x9d0 [ 2112.179782][ T442] blkdev_read_iter+0x127/0x1c0 [ 2112.184669][ T442] generic_file_splice_read+0x453/0x6d0 [ 2112.190248][ T442] ? do_splice_direct+0x280/0x280 [ 2112.195316][ T442] ? security_file_permission+0xab/0xd0 [ 2112.200978][ T442] ? do_splice_direct+0x280/0x280 [ 2112.206033][ T442] do_splice_to+0x1bf/0x250 [ 2112.210568][ T442] splice_direct_to_actor+0x2c2/0x8c0 [ 2112.216066][ T442] ? generic_file_splice_read+0x6d0/0x6d0 [ 2112.221824][ T442] ? do_splice_to+0x250/0x250 [ 2112.226531][ T442] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2112.232832][ T442] ? security_file_permission+0xab/0xd0 [ 2112.238429][ T442] do_splice_direct+0x1b3/0x280 [ 2112.243317][ T442] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2112.248916][ T442] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2112.255191][ T442] ? security_file_permission+0xab/0xd0 [ 2112.260782][ T442] do_sendfile+0xae9/0x1240 [ 2112.265332][ T442] ? do_pwritev+0x270/0x270 [ 2112.269904][ T442] ? __context_tracking_exit+0xb8/0xe0 [ 2112.275396][ T442] ? lock_downgrade+0x6e0/0x6e0 [ 2112.280258][ T442] ? lock_downgrade+0x6e0/0x6e0 [ 2112.285123][ T442] __x64_sys_sendfile64+0x1cc/0x210 [ 2112.290330][ T442] ? __ia32_sys_sendfile+0x220/0x220 [ 2112.295735][ T442] ? syscall_enter_from_user_mode+0x21/0x70 [ 2112.301727][ T442] do_syscall_64+0x35/0xb0 [ 2112.306158][ T442] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2112.312071][ T442] RIP: 0033:0x7f66c83a4a39 [ 2112.316487][ T442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.336094][ T442] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 15:45:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1) [ 2112.344508][ T442] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2112.352477][ T442] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2112.360444][ T442] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.368413][ T442] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2112.376383][ T442] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2112.431793][ T442] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc88) 15:45:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score\x00') ioctl$TIOCGSERIAL(r1, 0x541e, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/69}) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000200)={0xa20000, 0x16, 0x5, 0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x9a090b, 0x4, '\x00', @value64=0x1f}}) 15:45:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 11) 15:45:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc89) [ 2112.621824][ T470] FAULT_INJECTION: forcing a failure. [ 2112.621824][ T470] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2112.635700][ T470] CPU: 0 PID: 470 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2112.644332][ T470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2112.654409][ T470] Call Trace: [ 2112.657750][ T470] dump_stack_lvl+0xcd/0x134 [ 2112.662373][ T470] should_fail.cold+0x5/0xa [ 2112.666900][ T470] prepare_alloc_pages+0x17b/0x580 15:45:00 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc8a) [ 2112.672051][ T470] __alloc_pages+0x12f/0x500 [ 2112.676680][ T470] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2112.683480][ T470] ? lock_downgrade+0x6e0/0x6e0 [ 2112.688386][ T470] alloc_pages+0x1a7/0x300 [ 2112.692832][ T470] __page_cache_alloc+0x303/0x3a0 [ 2112.697884][ T470] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2112.703985][ T470] page_cache_ra_unbounded+0x363/0x950 [ 2112.709500][ T470] ? read_pages+0x8d0/0x8d0 [ 2112.714040][ T470] ? lock_downgrade+0x6e0/0x6e0 [ 2112.718921][ T470] ? __lock_acquire+0xbc2/0x54a0 [ 2112.723894][ T470] ondemand_readahead+0x61e/0x11d0 [ 2112.729046][ T470] page_cache_sync_ra+0x1cb/0x200 [ 2112.734098][ T470] filemap_get_pages+0x2a6/0x1870 [ 2112.739140][ T470] ? is_bpf_text_address+0x77/0x170 [ 2112.744348][ T470] ? __lock_page_async+0x4d0/0x4d0 [ 2112.749494][ T470] filemap_read+0x2ca/0xe50 [ 2112.754007][ T470] ? __kernel_text_address+0x9/0x30 [ 2112.759229][ T470] ? filemap_get_pages+0x1870/0x1870 [ 2112.764520][ T470] ? apparmor_path_mkdir+0x440/0x720 [ 2112.769815][ T470] ? lock_downgrade+0x6e0/0x6e0 [ 2112.774692][ T470] generic_file_read_iter+0x397/0x4f0 [ 2112.780091][ T470] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2112.786339][ T470] ? __fsnotify_parent+0x488/0x9d0 [ 2112.791563][ T470] blkdev_read_iter+0x127/0x1c0 [ 2112.796440][ T470] generic_file_splice_read+0x453/0x6d0 [ 2112.801995][ T470] ? do_splice_direct+0x280/0x280 [ 2112.807035][ T470] ? security_file_permission+0xab/0xd0 [ 2112.812588][ T470] ? do_splice_direct+0x280/0x280 [ 2112.817628][ T470] do_splice_to+0x1bf/0x250 [ 2112.822155][ T470] splice_direct_to_actor+0x2c2/0x8c0 [ 2112.827533][ T470] ? generic_file_splice_read+0x6d0/0x6d0 [ 2112.833276][ T470] ? do_splice_to+0x250/0x250 [ 2112.838071][ T470] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2112.844317][ T470] ? security_file_permission+0xab/0xd0 [ 2112.849880][ T470] do_splice_direct+0x1b3/0x280 [ 2112.854752][ T470] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2112.860307][ T470] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2112.866553][ T470] ? security_file_permission+0xab/0xd0 [ 2112.872105][ T470] do_sendfile+0xae9/0x1240 [ 2112.876708][ T470] ? do_pwritev+0x270/0x270 [ 2112.881236][ T470] ? __context_tracking_exit+0xb8/0xe0 [ 2112.886730][ T470] ? lock_downgrade+0x6e0/0x6e0 [ 2112.891605][ T470] ? lock_downgrade+0x6e0/0x6e0 [ 2112.896465][ T470] __x64_sys_sendfile64+0x1cc/0x210 [ 2112.901672][ T470] ? __ia32_sys_sendfile+0x220/0x220 [ 2112.906980][ T470] ? syscall_enter_from_user_mode+0x21/0x70 [ 2112.912886][ T470] do_syscall_64+0x35/0xb0 [ 2112.917309][ T470] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2112.923214][ T470] RIP: 0033:0x7f66c83a4a39 [ 2112.927630][ T470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.947240][ T470] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2112.955675][ T470] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2112.963650][ T470] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2112.971638][ T470] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.979621][ T470] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2112.987588][ T470] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2113.025957][ T470] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:01 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 12) [ 2113.140153][ T479] FAULT_INJECTION: forcing a failure. [ 2113.140153][ T479] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2113.154697][ T479] CPU: 1 PID: 479 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2113.163329][ T479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2113.173501][ T479] Call Trace: [ 2113.176793][ T479] dump_stack_lvl+0xcd/0x134 [ 2113.181396][ T479] should_fail.cold+0x5/0xa [ 2113.186061][ T479] prepare_alloc_pages+0x17b/0x580 [ 2113.191185][ T479] __alloc_pages+0x12f/0x500 [ 2113.195821][ T479] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2113.202582][ T479] ? lock_downgrade+0x6e0/0x6e0 [ 2113.207465][ T479] alloc_pages+0x1a7/0x300 [ 2113.211906][ T479] __page_cache_alloc+0x303/0x3a0 [ 2113.216943][ T479] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2113.222945][ T479] page_cache_ra_unbounded+0x363/0x950 [ 2113.228417][ T479] ? read_pages+0x8d0/0x8d0 [ 2113.232919][ T479] ? lock_downgrade+0x6e0/0x6e0 [ 2113.237957][ T479] ? __lock_acquire+0xbc2/0x54a0 [ 2113.242896][ T479] ondemand_readahead+0x61e/0x11d0 [ 2113.248026][ T479] page_cache_sync_ra+0x1cb/0x200 [ 2113.253075][ T479] filemap_get_pages+0x2a6/0x1870 [ 2113.258274][ T479] ? is_bpf_text_address+0x77/0x170 [ 2113.263484][ T479] ? __lock_page_async+0x4d0/0x4d0 [ 2113.268600][ T479] filemap_read+0x2ca/0xe50 [ 2113.273095][ T479] ? __kernel_text_address+0x9/0x30 [ 2113.278306][ T479] ? filemap_get_pages+0x1870/0x1870 [ 2113.283606][ T479] ? apparmor_path_mkdir+0x440/0x720 [ 2113.288889][ T479] ? lock_downgrade+0x6e0/0x6e0 [ 2113.293748][ T479] generic_file_read_iter+0x397/0x4f0 [ 2113.299112][ T479] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2113.305354][ T479] ? __fsnotify_parent+0x488/0x9d0 [ 2113.310467][ T479] blkdev_read_iter+0x127/0x1c0 [ 2113.315413][ T479] generic_file_splice_read+0x453/0x6d0 [ 2113.320994][ T479] ? do_splice_direct+0x280/0x280 [ 2113.326478][ T479] ? security_file_permission+0xab/0xd0 [ 2113.332027][ T479] ? do_splice_direct+0x280/0x280 [ 2113.337062][ T479] do_splice_to+0x1bf/0x250 [ 2113.341563][ T479] splice_direct_to_actor+0x2c2/0x8c0 [ 2113.347038][ T479] ? generic_file_splice_read+0x6d0/0x6d0 [ 2113.352756][ T479] ? do_splice_to+0x250/0x250 [ 2113.357423][ T479] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2113.363671][ T479] ? security_file_permission+0xab/0xd0 [ 2113.369236][ T479] do_splice_direct+0x1b3/0x280 [ 2113.374080][ T479] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2113.379622][ T479] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2113.385868][ T479] ? security_file_permission+0xab/0xd0 [ 2113.391429][ T479] do_sendfile+0xae9/0x1240 [ 2113.395965][ T479] ? do_pwritev+0x270/0x270 [ 2113.400473][ T479] ? __context_tracking_exit+0xb8/0xe0 [ 2113.406035][ T479] ? lock_downgrade+0x6e0/0x6e0 [ 2113.410915][ T479] ? lock_downgrade+0x6e0/0x6e0 [ 2113.415776][ T479] __x64_sys_sendfile64+0x1cc/0x210 [ 2113.420988][ T479] ? __ia32_sys_sendfile+0x220/0x220 [ 2113.426289][ T479] ? syscall_enter_from_user_mode+0x21/0x70 [ 2113.432210][ T479] do_syscall_64+0x35/0xb0 [ 2113.436635][ T479] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2113.442531][ T479] RIP: 0033:0x7f66c83a4a39 [ 2113.446949][ T479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2113.466604][ T479] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2113.475017][ T479] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2113.482985][ T479] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2113.491068][ T479] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2113.499113][ T479] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2113.507121][ T479] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2113.547895][ T479] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2114.017397][T32746] Bluetooth: hci6: command 0xfc11 tx timeout [ 2114.026897][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2114.417061][T18048] Bluetooth: hci7: command 0xfc11 tx timeout [ 2114.423226][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2114.426946][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2114.440204][T28953] Bluetooth: hci8: command tx timeout 15:45:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc8b) 15:45:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x80000000) 15:45:03 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 13) 15:45:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x15) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x18) 15:45:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfffffffd) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:45:03 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0xe4800, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0xd) [ 2115.035160][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) [ 2115.057927][T11654] Bluetooth: hci7: Frame reassembly failed (-84) [ 2115.078618][ T507] FAULT_INJECTION: forcing a failure. [ 2115.078618][ T507] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2115.174956][ T507] CPU: 1 PID: 507 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2115.183647][ T507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2115.193815][ T507] Call Trace: [ 2115.197143][ T507] dump_stack_lvl+0xcd/0x134 [ 2115.201767][ T507] should_fail.cold+0x5/0xa [ 2115.206301][ T507] prepare_alloc_pages+0x17b/0x580 [ 2115.211537][ T507] __alloc_pages+0x12f/0x500 [ 2115.216290][ T507] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 15:45:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc8c) [ 2115.223085][ T507] ? lock_downgrade+0x6e0/0x6e0 [ 2115.227990][ T507] alloc_pages+0x1a7/0x300 [ 2115.232436][ T507] __page_cache_alloc+0x303/0x3a0 [ 2115.237486][ T507] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2115.243505][ T507] page_cache_ra_unbounded+0x363/0x950 [ 2115.249018][ T507] ? read_pages+0x8d0/0x8d0 [ 2115.253559][ T507] ? lock_downgrade+0x6e0/0x6e0 [ 2115.258441][ T507] ? __lock_acquire+0xbc2/0x54a0 [ 2115.263422][ T507] ondemand_readahead+0x61e/0x11d0 [ 2115.268584][ T507] page_cache_sync_ra+0x1cb/0x200 15:45:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc8d) [ 2115.273648][ T507] filemap_get_pages+0x2a6/0x1870 [ 2115.278724][ T507] ? is_bpf_text_address+0x77/0x170 [ 2115.283955][ T507] ? __lock_page_async+0x4d0/0x4d0 [ 2115.289112][ T507] filemap_read+0x2ca/0xe50 [ 2115.293639][ T507] ? __kernel_text_address+0x9/0x30 [ 2115.298880][ T507] ? filemap_get_pages+0x1870/0x1870 [ 2115.304176][ T507] ? apparmor_path_mkdir+0x440/0x720 [ 2115.309489][ T507] ? lock_downgrade+0x6e0/0x6e0 [ 2115.314402][ T507] generic_file_read_iter+0x397/0x4f0 15:45:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc8e) [ 2115.319804][ T507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2115.326088][ T507] ? __fsnotify_parent+0x488/0x9d0 [ 2115.331234][ T507] blkdev_read_iter+0x127/0x1c0 [ 2115.336123][ T507] generic_file_splice_read+0x453/0x6d0 [ 2115.341701][ T507] ? do_splice_direct+0x280/0x280 [ 2115.346779][ T507] ? security_file_permission+0xab/0xd0 [ 2115.352352][ T507] ? do_splice_direct+0x280/0x280 [ 2115.357405][ T507] do_splice_to+0x1bf/0x250 [ 2115.361936][ T507] splice_direct_to_actor+0x2c2/0x8c0 [ 2115.367349][ T507] ? generic_file_splice_read+0x6d0/0x6d0 15:45:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc8f) [ 2115.373153][ T507] ? do_splice_to+0x250/0x250 [ 2115.377870][ T507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2115.384179][ T507] ? security_file_permission+0xab/0xd0 [ 2115.389799][ T507] do_splice_direct+0x1b3/0x280 [ 2115.394702][ T507] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2115.401073][ T507] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2115.407347][ T507] ? security_file_permission+0xab/0xd0 [ 2115.412935][ T507] do_sendfile+0xae9/0x1240 [ 2115.417506][ T507] ? do_pwritev+0x270/0x270 [ 2115.422051][ T507] ? __context_tracking_exit+0xb8/0xe0 [ 2115.427607][ T507] ? lock_downgrade+0x6e0/0x6e0 [ 2115.432474][ T507] ? lock_downgrade+0x6e0/0x6e0 [ 2115.437360][ T507] __x64_sys_sendfile64+0x1cc/0x210 [ 2115.442587][ T507] ? __ia32_sys_sendfile+0x220/0x220 [ 2115.447907][ T507] ? syscall_enter_from_user_mode+0x21/0x70 [ 2115.453840][ T507] do_syscall_64+0x35/0xb0 [ 2115.458628][ T507] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2115.464553][ T507] RIP: 0033:0x7f66c83a4a39 15:45:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc90) [ 2115.468988][ T507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2115.488618][ T507] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2115.497039][ T507] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2115.505038][ T507] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2115.513030][ T507] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 15:45:03 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc91) 15:45:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000000)={0xfffc, 0xd0}) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TCXONC(r1, 0x540a, 0x1) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TIOCL_SELLOADLUT(r1, 0x541c, &(0x7f0000000080)={0x5, 0x5, 0x7, 0x1, 0x3}) 15:45:03 executing program 4: ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x7, 0x0, 0x2}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2115.521032][ T507] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2115.529031][ T507] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2115.561652][ T507] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2115.601343][ T531] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 15:45:03 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 14) [ 2115.737280][ T540] FAULT_INJECTION: forcing a failure. [ 2115.737280][ T540] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2115.751868][ T540] CPU: 0 PID: 540 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2115.760507][ T540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2115.770604][ T540] Call Trace: [ 2115.773921][ T540] dump_stack_lvl+0xcd/0x134 [ 2115.778543][ T540] should_fail.cold+0x5/0xa [ 2115.783082][ T540] prepare_alloc_pages+0x17b/0x580 [ 2115.788236][ T540] __alloc_pages+0x12f/0x500 [ 2115.792845][ T540] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2115.799655][ T540] ? lock_downgrade+0x6e0/0x6e0 [ 2115.804545][ T540] alloc_pages+0x1a7/0x300 [ 2115.809056][ T540] __page_cache_alloc+0x303/0x3a0 [ 2115.814080][ T540] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2115.820071][ T540] page_cache_ra_unbounded+0x363/0x950 [ 2115.825557][ T540] ? read_pages+0x8d0/0x8d0 [ 2115.830065][ T540] ? lock_downgrade+0x6e0/0x6e0 [ 2115.834919][ T540] ? __lock_acquire+0xbc2/0x54a0 [ 2115.839865][ T540] ondemand_readahead+0x61e/0x11d0 [ 2115.845022][ T540] page_cache_sync_ra+0x1cb/0x200 [ 2115.850066][ T540] filemap_get_pages+0x2a6/0x1870 [ 2115.855122][ T540] ? is_bpf_text_address+0x77/0x170 [ 2115.860341][ T540] ? __lock_page_async+0x4d0/0x4d0 [ 2115.865479][ T540] filemap_read+0x2ca/0xe50 [ 2115.869987][ T540] ? __kernel_text_address+0x9/0x30 [ 2115.875212][ T540] ? filemap_get_pages+0x1870/0x1870 [ 2115.880500][ T540] ? apparmor_path_mkdir+0x440/0x720 [ 2115.885794][ T540] ? lock_downgrade+0x6e0/0x6e0 [ 2115.890708][ T540] generic_file_read_iter+0x397/0x4f0 [ 2115.896103][ T540] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2115.902369][ T540] ? __fsnotify_parent+0x488/0x9d0 [ 2115.907500][ T540] blkdev_read_iter+0x127/0x1c0 [ 2115.912456][ T540] generic_file_splice_read+0x453/0x6d0 [ 2115.918017][ T540] ? do_splice_direct+0x280/0x280 [ 2115.923069][ T540] ? security_file_permission+0xab/0xd0 [ 2115.928624][ T540] ? do_splice_direct+0x280/0x280 [ 2115.933660][ T540] do_splice_to+0x1bf/0x250 [ 2115.938169][ T540] splice_direct_to_actor+0x2c2/0x8c0 [ 2115.943549][ T540] ? generic_file_splice_read+0x6d0/0x6d0 [ 2115.949278][ T540] ? do_splice_to+0x250/0x250 [ 2115.953960][ T540] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2115.960208][ T540] ? security_file_permission+0xab/0xd0 [ 2115.965776][ T540] do_splice_direct+0x1b3/0x280 [ 2115.970647][ T540] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2115.976214][ T540] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2115.982471][ T540] ? security_file_permission+0xab/0xd0 [ 2115.988033][ T540] do_sendfile+0xae9/0x1240 [ 2115.992561][ T540] ? do_pwritev+0x270/0x270 [ 2115.997071][ T540] ? __context_tracking_exit+0xb8/0xe0 [ 2116.002548][ T540] ? lock_downgrade+0x6e0/0x6e0 [ 2116.007409][ T540] ? lock_downgrade+0x6e0/0x6e0 [ 2116.012266][ T540] __x64_sys_sendfile64+0x1cc/0x210 [ 2116.017486][ T540] ? __ia32_sys_sendfile+0x220/0x220 [ 2116.022796][ T540] ? syscall_enter_from_user_mode+0x21/0x70 [ 2116.028719][ T540] do_syscall_64+0x35/0xb0 [ 2116.033155][ T540] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2116.039066][ T540] RIP: 0033:0x7f66c83a4a39 [ 2116.043494][ T540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.063112][ T540] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2116.071536][ T540] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2116.079511][ T540] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2116.087592][ T540] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2116.095564][ T540] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2116.103631][ T540] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2116.121589][ T540] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2117.056489][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2117.056567][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2117.080401][T11206] Bluetooth: hci7: sending frame failed (-49) [ 2117.696568][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2117.705701][T13853] Bluetooth: hci8: command tx timeout [ 2119.136175][T13261] Bluetooth: hci7: command 0xfc11 tx timeout [ 2119.136309][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:45:07 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xfffffffe) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:45:07 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc92) 15:45:07 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 15) 15:45:07 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)) 15:45:07 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xc) 15:45:07 executing program 3: prlimit64(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000080)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000000)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) prlimit64(0x0, 0xd, 0x0, &(0x7f00000001c0)) dup3(r1, r2, 0x0) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000180)=0x69) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x80100, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x3) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000100)={0x401, 0x9, 0x40, 0x9, 0x11, "e175bbf4b7290469ebb04bd0432e7ca76ee3a1"}) [ 2119.626266][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2119.795521][ T580] FAULT_INJECTION: forcing a failure. [ 2119.795521][ T580] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2119.824073][ T580] CPU: 1 PID: 580 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2119.832724][ T580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2119.842800][ T580] Call Trace: [ 2119.846095][ T580] dump_stack_lvl+0xcd/0x134 [ 2119.850725][ T580] should_fail.cold+0x5/0xa [ 2119.855264][ T580] prepare_alloc_pages+0x17b/0x580 [ 2119.860415][ T580] __alloc_pages+0x12f/0x500 [ 2119.865038][ T580] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2119.871827][ T580] ? lock_downgrade+0x6e0/0x6e0 [ 2119.876724][ T580] alloc_pages+0x1a7/0x300 [ 2119.881261][ T580] __page_cache_alloc+0x303/0x3a0 [ 2119.886308][ T580] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2119.892325][ T580] page_cache_ra_unbounded+0x363/0x950 [ 2119.897837][ T580] ? read_pages+0x8d0/0x8d0 [ 2119.902379][ T580] ? lock_downgrade+0x6e0/0x6e0 [ 2119.907263][ T580] ? __lock_acquire+0xbc2/0x54a0 [ 2119.912239][ T580] ondemand_readahead+0x61e/0x11d0 [ 2119.917417][ T580] page_cache_sync_ra+0x1cb/0x200 [ 2119.922481][ T580] filemap_get_pages+0x2a6/0x1870 [ 2119.927525][ T580] ? is_bpf_text_address+0x77/0x170 [ 2119.932738][ T580] ? __lock_page_async+0x4d0/0x4d0 [ 2119.937916][ T580] filemap_read+0x2ca/0xe50 [ 2119.942415][ T580] ? __kernel_text_address+0x9/0x30 [ 2119.947639][ T580] ? filemap_get_pages+0x1870/0x1870 [ 2119.952941][ T580] ? apparmor_path_mkdir+0x440/0x720 [ 2119.958269][ T580] ? lock_downgrade+0x6e0/0x6e0 [ 2119.963133][ T580] generic_file_read_iter+0x397/0x4f0 [ 2119.968503][ T580] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2119.974744][ T580] ? __fsnotify_parent+0x488/0x9d0 [ 2119.979862][ T580] blkdev_read_iter+0x127/0x1c0 [ 2119.984773][ T580] generic_file_splice_read+0x453/0x6d0 [ 2119.990341][ T580] ? do_splice_direct+0x280/0x280 [ 2119.995386][ T580] ? security_file_permission+0xab/0xd0 [ 2120.000938][ T580] ? do_splice_direct+0x280/0x280 [ 2120.006001][ T580] do_splice_to+0x1bf/0x250 [ 2120.010563][ T580] splice_direct_to_actor+0x2c2/0x8c0 [ 2120.015953][ T580] ? generic_file_splice_read+0x6d0/0x6d0 [ 2120.021675][ T580] ? do_splice_to+0x250/0x250 [ 2120.026389][ T580] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2120.032632][ T580] ? security_file_permission+0xab/0xd0 [ 2120.038192][ T580] do_splice_direct+0x1b3/0x280 [ 2120.043072][ T580] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2120.048643][ T580] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2120.054904][ T580] ? security_file_permission+0xab/0xd0 [ 2120.060459][ T580] do_sendfile+0xae9/0x1240 [ 2120.064968][ T580] ? do_pwritev+0x270/0x270 [ 2120.069468][ T580] ? __context_tracking_exit+0xb8/0xe0 [ 2120.074932][ T580] ? lock_downgrade+0x6e0/0x6e0 [ 2120.079818][ T580] ? lock_downgrade+0x6e0/0x6e0 [ 2120.084675][ T580] __x64_sys_sendfile64+0x1cc/0x210 [ 2120.089874][ T580] ? __ia32_sys_sendfile+0x220/0x220 [ 2120.095167][ T580] ? syscall_enter_from_user_mode+0x21/0x70 [ 2120.101087][ T580] do_syscall_64+0x35/0xb0 [ 2120.105500][ T580] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2120.111390][ T580] RIP: 0033:0x7f66c83a4a39 [ 2120.115802][ T580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2120.135427][ T580] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2120.143853][ T580] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2120.151826][ T580] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2120.159792][ T580] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2120.167761][ T580] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2120.175724][ T580] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 15:45:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc93) 15:45:08 executing program 4: accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, &(0x7f0000001480)=0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000080)=""/184, 0xb8}, {&(0x7f0000000180)=""/154, 0x9a}, {&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/189, 0xbd}, {&(0x7f0000001300)=""/194, 0xc2}], 0x5, 0x44a, 0x7) 15:45:08 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) close(r0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2120.201299][ T580] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc94) 15:45:08 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 16) [ 2120.305590][T11654] Bluetooth: hci7: Frame reassembly failed (-84) 15:45:08 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0x100000000) [ 2120.379808][ T596] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2120.432074][ T600] FAULT_INJECTION: forcing a failure. [ 2120.432074][ T600] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2120.477383][ T600] CPU: 1 PID: 600 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2120.486226][ T600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2120.496293][ T600] Call Trace: [ 2120.499579][ T600] dump_stack_lvl+0xcd/0x134 [ 2120.504181][ T600] should_fail.cold+0x5/0xa [ 2120.508689][ T600] prepare_alloc_pages+0x17b/0x580 [ 2120.513818][ T600] __alloc_pages+0x12f/0x500 [ 2120.518433][ T600] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2120.525202][ T600] ? lock_downgrade+0x6e0/0x6e0 [ 2120.530080][ T600] alloc_pages+0x1a7/0x300 [ 2120.534505][ T600] __page_cache_alloc+0x303/0x3a0 [ 2120.539537][ T600] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2120.545536][ T600] page_cache_ra_unbounded+0x363/0x950 [ 2120.551012][ T600] ? read_pages+0x8d0/0x8d0 [ 2120.555549][ T600] ? lock_downgrade+0x6e0/0x6e0 [ 2120.560421][ T600] ? __lock_acquire+0xbc2/0x54a0 [ 2120.565392][ T600] ondemand_readahead+0x61e/0x11d0 [ 2120.570530][ T600] page_cache_sync_ra+0x1cb/0x200 [ 2120.575572][ T600] filemap_get_pages+0x2a6/0x1870 [ 2120.580617][ T600] ? is_bpf_text_address+0x77/0x170 [ 2120.585823][ T600] ? __lock_page_async+0x4d0/0x4d0 [ 2120.590958][ T600] filemap_read+0x2ca/0xe50 [ 2120.595473][ T600] ? __kernel_text_address+0x9/0x30 [ 2120.600706][ T600] ? filemap_get_pages+0x1870/0x1870 [ 2120.605995][ T600] ? apparmor_path_mkdir+0x440/0x720 [ 2120.611293][ T600] ? lock_downgrade+0x6e0/0x6e0 [ 2120.616165][ T600] generic_file_read_iter+0x397/0x4f0 [ 2120.621557][ T600] ? ___slab_alloc+0xcb5/0x1050 [ 2120.626441][ T600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2120.632683][ T600] ? __fsnotify_parent+0x488/0x9d0 [ 2120.637814][ T600] blkdev_read_iter+0x127/0x1c0 [ 2120.642670][ T600] generic_file_splice_read+0x453/0x6d0 [ 2120.648221][ T600] ? do_splice_direct+0x280/0x280 [ 2120.653288][ T600] ? security_file_permission+0xab/0xd0 [ 2120.658839][ T600] ? do_splice_direct+0x280/0x280 [ 2120.663868][ T600] do_splice_to+0x1bf/0x250 [ 2120.668377][ T600] splice_direct_to_actor+0x2c2/0x8c0 [ 2120.673756][ T600] ? generic_file_splice_read+0x6d0/0x6d0 [ 2120.679483][ T600] ? do_splice_to+0x250/0x250 [ 2120.684166][ T600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2120.690432][ T600] ? security_file_permission+0xab/0xd0 [ 2120.696002][ T600] do_splice_direct+0x1b3/0x280 [ 2120.700862][ T600] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2120.706417][ T600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2120.712663][ T600] ? security_file_permission+0xab/0xd0 [ 2120.718218][ T600] do_sendfile+0xae9/0x1240 [ 2120.722749][ T600] ? do_pwritev+0x270/0x270 [ 2120.727267][ T600] ? __context_tracking_exit+0xb8/0xe0 [ 2120.732736][ T600] ? lock_downgrade+0x6e0/0x6e0 [ 2120.737593][ T600] ? lock_downgrade+0x6e0/0x6e0 [ 2120.742454][ T600] __x64_sys_sendfile64+0x1cc/0x210 [ 2120.747671][ T600] ? __ia32_sys_sendfile+0x220/0x220 [ 2120.752998][ T600] ? syscall_enter_from_user_mode+0x21/0x70 [ 2120.758929][ T600] do_syscall_64+0x35/0xb0 [ 2120.763364][ T600] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2120.769272][ T600] RIP: 0033:0x7f66c83a4a39 [ 2120.773691][ T600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2120.793302][ T600] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2120.801806][ T600] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2120.809792][ T600] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2120.817762][ T600] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2120.825734][ T600] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2120.833726][ T600] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2120.845508][ T600] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2121.775848][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2121.785839][T32747] Bluetooth: hci6: command tx timeout [ 2122.306831][ T1209] Bluetooth: hci6: Frame reassembly failed (-84) [ 2122.347064][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 2122.353305][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2122.402909][T27301] Bluetooth: hci7: Frame reassembly failed (-84) 15:45:12 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xffffffff) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:45:12 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x200) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2124.335526][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2124.335755][T28953] Bluetooth: hci6: command 0xfc11 tx timeout 15:45:12 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 17) 15:45:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc95) 15:45:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TCSBRKP(r2, 0x5425, 0x8001) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x1ff, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r5 = dup3(r0, r3, 0x80000) ioctl$TCSBRKP(r5, 0x5425, 0x7ff) [ 2124.422906][T23375] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:45:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2cc96) 15:45:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x7ff, 0x7, 0x4, 0x0, 0x14, "09967eea73ff46619dbc073a494fd9dc444874"}) ioctl$KDADDIO(r0, 0x400455c8, 0x400000000006) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) read(r1, &(0x7f0000000080)=""/85, 0x55) [ 2124.559182][ T640] FAULT_INJECTION: forcing a failure. [ 2124.559182][ T640] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2124.596348][ T640] CPU: 1 PID: 640 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2124.604994][ T640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2124.615087][ T640] Call Trace: [ 2124.618384][ T640] dump_stack_lvl+0xcd/0x134 [ 2124.623008][ T640] should_fail.cold+0x5/0xa [ 2124.627542][ T640] prepare_alloc_pages+0x17b/0x580 [ 2124.632694][ T640] __alloc_pages+0x12f/0x500 [ 2124.637316][ T640] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2124.644111][ T640] ? lock_downgrade+0x6e0/0x6e0 [ 2124.649018][ T640] alloc_pages+0x1a7/0x300 [ 2124.653474][ T640] __page_cache_alloc+0x303/0x3a0 [ 2124.658526][ T640] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2124.664545][ T640] page_cache_ra_unbounded+0x363/0x950 [ 2124.670065][ T640] ? read_pages+0x8d0/0x8d0 [ 2124.674619][ T640] ? lock_downgrade+0x6e0/0x6e0 [ 2124.679500][ T640] ? __lock_acquire+0xbc2/0x54a0 [ 2124.684478][ T640] ondemand_readahead+0x61e/0x11d0 [ 2124.689681][ T640] page_cache_sync_ra+0x1cb/0x200 [ 2124.694773][ T640] filemap_get_pages+0x2a6/0x1870 [ 2124.699849][ T640] ? is_bpf_text_address+0x77/0x170 [ 2124.705081][ T640] ? __lock_page_async+0x4d0/0x4d0 [ 2124.710247][ T640] filemap_read+0x2ca/0xe50 [ 2124.714781][ T640] ? __kernel_text_address+0x9/0x30 [ 2124.720036][ T640] ? filemap_get_pages+0x1870/0x1870 [ 2124.725392][ T640] ? apparmor_path_mkdir+0x440/0x720 [ 2124.730739][ T640] ? lock_downgrade+0x6e0/0x6e0 [ 2124.735641][ T640] generic_file_read_iter+0x397/0x4f0 [ 2124.741047][ T640] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2124.747325][ T640] ? __fsnotify_parent+0x488/0x9d0 [ 2124.752470][ T640] blkdev_read_iter+0x127/0x1c0 [ 2124.757352][ T640] generic_file_splice_read+0x453/0x6d0 [ 2124.762933][ T640] ? do_splice_direct+0x280/0x280 [ 2124.768044][ T640] ? security_file_permission+0xab/0xd0 [ 2124.773625][ T640] ? do_splice_direct+0x280/0x280 [ 2124.778682][ T640] do_splice_to+0x1bf/0x250 [ 2124.783247][ T640] splice_direct_to_actor+0x2c2/0x8c0 [ 2124.788652][ T640] ? generic_file_splice_read+0x6d0/0x6d0 [ 2124.794389][ T640] ? do_splice_to+0x250/0x250 [ 2124.799082][ T640] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2124.805327][ T640] ? security_file_permission+0xab/0xd0 [ 2124.810883][ T640] do_splice_direct+0x1b3/0x280 [ 2124.815741][ T640] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2124.821298][ T640] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2124.827547][ T640] ? security_file_permission+0xab/0xd0 [ 2124.833104][ T640] do_sendfile+0xae9/0x1240 [ 2124.837624][ T640] ? do_pwritev+0x270/0x270 [ 2124.842132][ T640] ? __context_tracking_exit+0xb8/0xe0 [ 2124.847604][ T640] ? lock_downgrade+0x6e0/0x6e0 [ 2124.852462][ T640] ? lock_downgrade+0x6e0/0x6e0 [ 2124.857320][ T640] __x64_sys_sendfile64+0x1cc/0x210 [ 2124.862528][ T640] ? __ia32_sys_sendfile+0x220/0x220 [ 2124.867820][ T640] ? syscall_enter_from_user_mode+0x21/0x70 [ 2124.873730][ T640] do_syscall_64+0x35/0xb0 [ 2124.878173][ T640] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2124.884076][ T640] RIP: 0033:0x7f66c83a4a39 [ 2124.888493][ T640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 15:45:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x462400, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000840)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="00000038062ef1fd6711b8c1a325a07664cf4beaea28d6e56574b98879fa39e0fe91ab8918fff28a91bb821267155960964fd4d51b8298a1721ba693e95921d49aeaf42c75d1094b73b85f0b9be7d5dd906e9744924ad229789af690165224037a35cea3d133a2ed5b292c1b7c1bfec6646d6e990401fd16f245202279d0f731dcdd3dbe74d4cedc6c013f47f1eacccd0402400c967ce2000000000000000000000000000000000000000000e59e763a04f0ddad8da2b5b56aa986ef156776d2deba031fb3cf15e3d249efcb6e5204ced0b176ddc8c0e59f4d8fa303ea5907729f79e83afd7631e0517a5d2ee359dba8610ce0cf37e059506667710542861409d4738051461876fe057ed2551dca19c1695a979ce3f147ab4db56d588992ce8ce7726a3f5427f50e1b0f849ce3660c9f1fe2d178dd356f829598b05702674ae8f99f388551cfc43fa498f25bdf184e9e7f9a4c99a5ef13b16197e165c8712b17e70097a3536dc29e5583810a20acc461caa11bb315a0fb2bc4f19d2077b455fbf802ce7e270cddcdd96c14be04693fbd6fbecff4e7c53b4dd79290b8e19fdbed241652297dbfbfa9ee31157c8195404b64f1ec5f6c649109a4ce562152d8ccceaae3d9668f6c06000000047f0c198e47e17f467042ff87081b11c34756dd2614a7f37027dbad13aad0c823740978a4e2806dd959e6cca9ff4a21516ce7bf9fdbed107666406787b52e6fe90012775e2ca855eb310da373d7881dc8d629120ed4ef9ffac92fe0763c1ad4c55063e9a0e4f28f62a739e3254a98fb7739b1b760810b65834f4011e2376d995c3941dd873c3c2979afaf3e74c1745e5732faa240ba4ee48ee4cded78efc94c47307d2f4239d4a0e5f7585bc0b2fcf4558b33cd683accbcdf6e50901145684249db34e6537ee2becb31c9f5f25c44a16a19a7ef9c2bc954ae0fde6c662822de551a2db982b7b5b0aef570a4dd8228399f296df0d5e432808ede6200d6aaf4766f04390331f5a2a7009b133ecb6de2bdcb8d6315beeb48099ceedeee23f3e31c3c20d7f6d8157aee300a63f54c49240114dfec63a3f66fcca4fac384b2b75fe0687c70193f052dcdc20362881ef00694878b5d83787c5452e212c440514246dca0a779543daf1f71421551088d8342f0adb5bd461692285ea5e7bc0224a87c2bc8be35233c7fb99fba0ffdce21460b244c7f51cecd0c78f16f99da0859ae8d584c860094db01f3a1dd9c313c"]) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000000c0)={0x7fe8, 0x0, 0x101, 0x400, 0x6, 0xb7b0}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r2 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000180)=0x2) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) r5 = dup3(r3, r0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x1) open_tree(r5, &(0x7f0000000100)='./file1\x00', 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)={0xfffffffe, 0x5, 0xcc76, 0x6, 0xd, "c9ce54654d53ca22d126dfea5b7c133fa325ec"}) 15:45:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x1) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x81000) ioctl$TCFLSH(r3, 0x540b, 0x1) ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000100)) ioctl$TCSETAF(r2, 0x5408, &(0x7f00000000c0)={0x8000, 0xf7ff, 0x7, 0x84, 0x12, "447d8fd5e5c6ea25"}) [ 2124.908100][ T640] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2124.916538][ T640] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2124.924524][ T640] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2124.932499][ T640] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2124.940467][ T640] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2124.948435][ T640] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2124.999665][ T659] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 15:45:13 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000000)={0x7, 0x9, 0x0, 0x1, 0xa, "d29c373b5f73b837"}) [ 2125.064137][ T640] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1fffff) 15:45:13 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 18) [ 2125.223990][ T669] FAULT_INJECTION: forcing a failure. [ 2125.223990][ T669] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2125.237984][ T669] CPU: 1 PID: 669 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2125.246606][ T669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2125.256935][ T669] Call Trace: [ 2125.260252][ T669] dump_stack_lvl+0xcd/0x134 [ 2125.264852][ T669] should_fail.cold+0x5/0xa [ 2125.269379][ T669] prepare_alloc_pages+0x17b/0x580 [ 2125.274505][ T669] __alloc_pages+0x12f/0x500 [ 2125.279123][ T669] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2125.286049][ T669] ? lock_downgrade+0x6e0/0x6e0 [ 2125.290913][ T669] alloc_pages+0x1a7/0x300 [ 2125.296332][ T669] __page_cache_alloc+0x303/0x3a0 [ 2125.301446][ T669] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2125.307474][ T669] page_cache_ra_unbounded+0x363/0x950 [ 2125.312980][ T669] ? read_pages+0x8d0/0x8d0 [ 2125.317517][ T669] ? lock_downgrade+0x6e0/0x6e0 [ 2125.322404][ T669] ? __lock_acquire+0xbc2/0x54a0 [ 2125.327348][ T669] ondemand_readahead+0x61e/0x11d0 [ 2125.332484][ T669] page_cache_sync_ra+0x1cb/0x200 [ 2125.337511][ T669] filemap_get_pages+0x2a6/0x1870 [ 2125.342544][ T669] ? is_bpf_text_address+0x77/0x170 [ 2125.347739][ T669] ? __lock_page_async+0x4d0/0x4d0 [ 2125.352869][ T669] filemap_read+0x2ca/0xe50 [ 2125.357387][ T669] ? __kernel_text_address+0x9/0x30 [ 2125.362663][ T669] ? filemap_get_pages+0x1870/0x1870 [ 2125.367951][ T669] ? apparmor_path_mkdir+0x440/0x720 [ 2125.373262][ T669] ? lock_downgrade+0x6e0/0x6e0 [ 2125.378143][ T669] generic_file_read_iter+0x397/0x4f0 [ 2125.383598][ T669] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2125.389928][ T669] ? __fsnotify_parent+0x488/0x9d0 [ 2125.395061][ T669] blkdev_read_iter+0x127/0x1c0 [ 2125.399923][ T669] generic_file_splice_read+0x453/0x6d0 [ 2125.405468][ T669] ? do_splice_direct+0x280/0x280 [ 2125.410493][ T669] ? security_file_permission+0xab/0xd0 [ 2125.416077][ T669] ? do_splice_direct+0x280/0x280 [ 2125.421118][ T669] do_splice_to+0x1bf/0x250 [ 2125.425629][ T669] splice_direct_to_actor+0x2c2/0x8c0 [ 2125.430999][ T669] ? generic_file_splice_read+0x6d0/0x6d0 [ 2125.436753][ T669] ? do_splice_to+0x250/0x250 [ 2125.441469][ T669] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2125.447712][ T669] ? security_file_permission+0xab/0xd0 [ 2125.453258][ T669] do_splice_direct+0x1b3/0x280 [ 2125.458109][ T669] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2125.463697][ T669] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2125.469962][ T669] ? security_file_permission+0xab/0xd0 [ 2125.475540][ T669] do_sendfile+0xae9/0x1240 [ 2125.480051][ T669] ? do_pwritev+0x270/0x270 [ 2125.484547][ T669] ? __context_tracking_exit+0xb8/0xe0 [ 2125.490027][ T669] ? lock_downgrade+0x6e0/0x6e0 [ 2125.494897][ T669] ? lock_downgrade+0x6e0/0x6e0 [ 2125.499766][ T669] __x64_sys_sendfile64+0x1cc/0x210 [ 2125.504981][ T669] ? __ia32_sys_sendfile+0x220/0x220 [ 2125.510281][ T669] ? syscall_enter_from_user_mode+0x21/0x70 [ 2125.516183][ T669] do_syscall_64+0x35/0xb0 [ 2125.520590][ T669] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2125.526484][ T669] RIP: 0033:0x7f66c83a4a39 [ 2125.531077][ T669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2125.550682][ T669] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2125.559177][ T669] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2125.567142][ T669] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2125.575129][ T669] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2125.583097][ T669] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2125.591077][ T669] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2125.605486][ T669] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2126.495154][T23375] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2126.655490][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2127.055346][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2127.055365][ T551] Bluetooth: hci8: command 0xfc11 tx timeout [ 2127.116366][ T148] Bluetooth: hci6: Frame reassembly failed (-84) [ 2129.134928][ T9935] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2129.135136][T13261] Bluetooth: hci6: command 0xfc11 tx timeout 15:45:17 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = socket$netlink(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001380)={0xb8, 0x19, 0x1, 0x0, 0x0, "", [@generic="015d01be4ff99e42e8264c9d618f093318fae87aa353d949f0d6931f520b60b8bc22cf1329d3eb2ad9ef4e87631e59c6eb80d3a62fbf458ed402552432db26cfdbcb46ffc59efe25b1e1bdb5a6060a51bb3f4a14cd4f713eb8a9f64b3d58ce3497439dc927", @nested={0x3d, 0x0, 0x0, 0x1, [@generic="58ead3a83e07c0b557cb1869ee41896cec0fd835230bbc9df3579aa61018d2cabc82ed585c3a249cbad3299a064e5cae958f639c24885ddf98"]}]}, 0xb8}], 0x1}, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0x400, 0xf2, 0x800, 0x7, 0x9, "02fb5d155f5dc016eb5a2b11dead6f40e0ee18"}) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:45:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1000000) 15:45:17 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 19) 15:45:17 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) splice(r3, &(0x7f0000000080), r0, &(0x7f00000000c0)=0x6, 0x3, 0x7) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000000000)=0x201) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:45:17 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$VT_SETMODE(r3, 0x5602, &(0x7f00000001c0)={0x4, 0x1, 0xa328, 0x1ff, 0x8}) lseek(r2, 0x3, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$F2FS_IOC_GET_PIN_FILE(r4, 0x8004f50e, &(0x7f0000000200)) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$BTRFS_IOC_DEFRAG_RANGE(r4, 0x40309410, 0x0) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000240)) dup3(r1, r2, 0x0) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000000)={0x101, 0xffff, 0x7, 0x1, 0xc8, "30c4a5085d1dc346593e911565b1da9ac65265", 0x6, 0x5}) 15:45:17 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KDADDIO(r0, 0x4b34, 0x58d) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xae3e) r1 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="01000000000000000700000000000000020000000000000000000100000000000200000000000000000003000000a1000000090000004a0000000000000006000000000000000100000001000000b00000000069a877a2d2416300000000000000000000000000000000000000009e950023000000000000"]) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2129.215010][ T8528] Bluetooth: hci7: command 0xfc11 tx timeout [ 2129.215178][T11206] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2129.340808][T27301] Bluetooth: hci6: Frame reassembly failed (-84) [ 2129.379962][ T707] FAULT_INJECTION: forcing a failure. 15:45:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1000080) [ 2129.379962][ T707] name fail_page_alloc, interval 1, probability 0, space 0, times 0 15:45:17 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = socket$isdn(0x22, 0x3, 0x26) preadv(r1, &(0x7f0000000480)=[{&(0x7f0000000080)=""/150, 0x96}, {&(0x7f0000000180)=""/217, 0xd9}, {&(0x7f0000000280)=""/192, 0xc0}, {&(0x7f0000000340)=""/189, 0xbd}, {&(0x7f0000000400)=""/65, 0x41}], 0x5, 0x8, 0x1) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:45:17 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x2) [ 2129.462084][T23375] Bluetooth: hci7: sending frame failed (-49) [ 2129.497425][ T707] CPU: 0 PID: 707 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2129.506082][ T707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2129.516173][ T707] Call Trace: [ 2129.519477][ T707] dump_stack_lvl+0xcd/0x134 [ 2129.524108][ T707] should_fail.cold+0x5/0xa [ 2129.528664][ T707] prepare_alloc_pages+0x17b/0x580 [ 2129.533851][ T707] __alloc_pages+0x12f/0x500 [ 2129.538479][ T707] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2129.545285][ T707] ? lock_downgrade+0x6e0/0x6e0 [ 2129.550205][ T707] alloc_pages+0x1a7/0x300 [ 2129.554664][ T707] __page_cache_alloc+0x303/0x3a0 [ 2129.559893][ T707] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2129.565917][ T707] page_cache_ra_unbounded+0x363/0x950 [ 2129.571429][ T707] ? read_pages+0x8d0/0x8d0 [ 2129.575973][ T707] ? lock_downgrade+0x6e0/0x6e0 [ 2129.580860][ T707] ? __lock_acquire+0xbc2/0x54a0 [ 2129.585842][ T707] ondemand_readahead+0x61e/0x11d0 [ 2129.591044][ T707] page_cache_sync_ra+0x1cb/0x200 [ 2129.593322][ T722] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2129.596625][ T707] filemap_get_pages+0x2a6/0x1870 [ 2129.596676][ T707] ? is_bpf_text_address+0x77/0x170 [ 2129.596707][ T707] ? __lock_page_async+0x4d0/0x4d0 [ 2129.596744][ T707] filemap_read+0x2ca/0xe50 [ 2129.625075][ T707] ? __kernel_text_address+0x9/0x30 [ 2129.630324][ T707] ? filemap_get_pages+0x1870/0x1870 [ 2129.635643][ T707] ? apparmor_path_mkdir+0x440/0x720 [ 2129.641054][ T707] ? lock_downgrade+0x6e0/0x6e0 [ 2129.645958][ T707] generic_file_read_iter+0x397/0x4f0 [ 2129.651363][ T707] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2129.657648][ T707] ? __fsnotify_parent+0x488/0x9d0 [ 2129.662798][ T707] blkdev_read_iter+0x127/0x1c0 [ 2129.667688][ T707] generic_file_splice_read+0x453/0x6d0 [ 2129.673297][ T707] ? do_splice_direct+0x280/0x280 [ 2129.678367][ T707] ? security_file_permission+0xab/0xd0 [ 2129.683955][ T707] ? do_splice_direct+0x280/0x280 [ 2129.689018][ T707] do_splice_to+0x1bf/0x250 [ 2129.693564][ T707] splice_direct_to_actor+0x2c2/0x8c0 [ 2129.698974][ T707] ? generic_file_splice_read+0x6d0/0x6d0 [ 2129.704734][ T707] ? do_splice_to+0x250/0x250 [ 2129.709445][ T707] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2129.715715][ T707] ? security_file_permission+0xab/0xd0 [ 2129.721306][ T707] do_splice_direct+0x1b3/0x280 [ 2129.726230][ T707] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2129.731821][ T707] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2129.738098][ T707] ? security_file_permission+0xab/0xd0 [ 2129.743686][ T707] do_sendfile+0xae9/0x1240 [ 2129.748231][ T707] ? do_pwritev+0x270/0x270 [ 2129.752764][ T707] ? __context_tracking_exit+0xb8/0xe0 [ 2129.758258][ T707] ? lock_downgrade+0x6e0/0x6e0 15:45:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2000000) [ 2129.763140][ T707] ? lock_downgrade+0x6e0/0x6e0 [ 2129.768034][ T707] __x64_sys_sendfile64+0x1cc/0x210 [ 2129.773277][ T707] ? __ia32_sys_sendfile+0x220/0x220 [ 2129.778608][ T707] ? syscall_enter_from_user_mode+0x21/0x70 [ 2129.784639][ T707] do_syscall_64+0x35/0xb0 [ 2129.789094][ T707] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2129.795048][ T707] RIP: 0033:0x7f66c83a4a39 15:45:17 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3000000) [ 2129.799524][ T707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2129.819161][ T707] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2129.827611][ T707] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2129.835610][ T707] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2129.843604][ T707] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2129.851599][ T707] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 15:45:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4000000) [ 2129.859594][ T707] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2129.895534][ T707] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2131.374521][ T8528] Bluetooth: hci6: command 0xfc11 tx timeout [ 2131.384736][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2131.429462][T27301] Bluetooth: hci6: Frame reassembly failed (-84) [ 2131.534611][ T1053] Bluetooth: hci7: command 0xfc11 tx timeout [ 2131.534672][T23375] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2131.540952][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:45:20 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) ioctl$KDADDIO(r0, 0x4b34, 0x100000001) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000080)={0x9, 0xff, 0x5, 0x0, 0x2, [{0x0, 0x2, 0x2, '\x00', 0x8}, {0xfffffffffffffffa, 0x230, 0x71, '\x00', 0x2000}]}) 15:45:20 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 20) 15:45:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5000000) 15:45:20 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = open(&(0x7f0000000080)='./bus\x00', 0x4e141, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./bus\x00', 0x1884, 0x5) fstat(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendfile(r1, r2, 0x0, 0x401ffc000) mount$fuse(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x100010, &(0x7f00000005c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x3}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@obj_user={'obj_user', 0x3d, '%[,\'^\x9c'}}, {@appraise}, {@fsmagic}, {@dont_appraise}, {@smackfsdef={'smackfsdef', 0x3d, '!Z'}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@appraise}, {@obj_type={'obj_type', 0x3d, 'obj_user'}}]}}) r4 = getuid() r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r7 = accept4$tipc(0xffffffffffffffff, &(0x7f0000008700), &(0x7f0000008740)=0x10, 0x80000) r8 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0x40405514, &(0x7f0000000740)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) r9 = gettid() tkill(r9, 0x40) sendmsg$unix(0xffffffffffffffff, &(0x7f00000088c0)={&(0x7f0000000080)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000180)="10a5bfe91c507de46df4ebe1e4b82b4c942d2117de6de53e9d2ac17dcc895cbd2867b5215b7d4c90393a9129ee75b17961bcd3a9d940c897009047a9e9ed430aabaeb7e11edaecf144128141d64f3e3ea4b6dcbdae28cecf22a059ee6a801aedcb01b9253548abc0347c92626ab43e68611b", 0x72}, {&(0x7f0000000200)="0773d32dee18089a9208175829cd3dc90bdd67b578a9ad26ff79d6a75559acc6052e04d7275c337a112281ece153da28d1c5a80c2c1ac0c5ee0189c5dc7b9ade73227e4b52aa521b75fc8d176e21822b7da79584ed8bfa50ea74fba047a599ec4202edeff6a48a9662e1b62de7934f9c190ff5aa491746691430bd82825b2c22490ae03a38b23a61160ac20b4a017d0562f3773f485da43a6036ddfd60d48070a031feb2f9b06d755178f6a72f891317511485048df1cbc1217af554df5c528e903f540c8fe906cc847cc3973beb307361e84e66689fe9c60b8e65878286952799e1756cceeb8418340fe6351b4c7106f2ebdabdf0315bbaac", 0xf9}, {&(0x7f0000000300)="3363306dbbe92d5851ccaa75d25bf59a82479e8fa9168d4b50a3840d5cb0752c2d9f5ef267579748229d251417507b26c6bacbcc9a30b1a07176960c790af721619c37aa5bd5e566127a84910278f91b69bc97c3ce8545b000036883b370c45ea0cd18c2b95debeb03946f265b000f75b63bc2d42dfdb3a4f1f102a0f6bfa2cd1841bf607ac67f368a372fdbb008afd4cb0daf8f70bd2e60c4f9dc9f", 0x9c}, {&(0x7f00000003c0)="633e206536263e2e84c96011eae19ed522db28815cb46007bf1a8d55061ce4b9d9c33e9eeea5174e081de1b086d57e7125d6c22442c422af896b2a2fe6fffd2fc7ca3fba524a01e43ead9556e9d57e9e0b466ca2e5a47e4f6a58b0cf3c4380a31356322bdfec3188047f6dfee41769ecda5154beadba4b2367e97abb1f264bbdb16d2b20de5740161d92f98c7250665b23e40fbe38df589baac96374745255f532028469f49b6a", 0xa7}, {&(0x7f0000000480)="5fe0172766d5f8da86d27f561b0a62f974e439cf6ada15a438b59f37a1b334c9089dfb8bcbc8ed2bdd9623a021136494b0ba6f9f31a765ce6302c80331d5db01256c13c378ac8320f269902523d3ab504bfd1edd3acd8c4f66ec22b1ee08810a1715519ceea11685c14ce3ddbbc31c0fc4b1fb5edc3e1cc77414c45fa250fe64a523b7e8d311a06d12dab8fd9bc1981f634ac4b79301f38103e56d4ca55ce73ca68c46f0c2087ac848451c45c1402c9b51d0b720b27bfee0c7dd4217a331481ac52521b53a28d29d694a7cf3713616f64b2f1f5f0dbdcb37a4e34eed0e58b251f0463f9ceae3f89d9e9f81c6a6a67ebd7cc09800b6eedeaa7936", 0xfa}, {&(0x7f0000000580)="c56a954e7ca883398a107e748a5cdf75274483551a8cdb9a02095c0af48d6983745b2ea3eab695c5055c5d43c75eb5c4ed03d74d16f9ab00f8f58d89d0fd7a38693502b9c4d1bf1b586e209a309cf8b4d247519731", 0x55}, {&(0x7f0000000600)="990d20589dc5660b89e526d5dcff97d7563748e629bba7f69f0884739ac8c1604c42e39d840540c9a7c6b07feb0cfc6e52f5588a4842c2124741f066451a778aa02ae22c72557e7dd14cd04f3ffbcd6667cc013092552a7b0521e11846edd09825479a2e7f6b5b74450a8cac3bb256f5d45627612491a31e624bd56fcc42066e14eb103b58f093427a53f7a6d1059ed032938e5be6a8719c98c4dd81d6463cccb1ae3857f1e983aae55414136695169ec2344a4c5fdad669bf1d", 0xba}], 0x7, &(0x7f0000008780)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, r3}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r4, 0xee01}}}, @rights={{0x18, 0x1, 0x1, [r5, r6]}}, @rights={{0x20, 0x1, 0x1, [r0, r7, r0, r8]}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r9, 0xee01, 0xee01}}}], 0x118}, 0x24000800) syz_usb_connect(0x6, 0xfffffffffffffdfe, 0x0, 0x0) [ 2132.168058][ T756] FAULT_INJECTION: forcing a failure. [ 2132.168058][ T756] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2132.188148][ T760] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2132.190967][ T756] CPU: 1 PID: 756 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2132.204854][ T756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2132.214930][ T756] Call Trace: [ 2132.218231][ T756] dump_stack_lvl+0xcd/0x134 [ 2132.222854][ T756] should_fail.cold+0x5/0xa [ 2132.227390][ T756] prepare_alloc_pages+0x17b/0x580 [ 2132.232522][ T756] __alloc_pages+0x12f/0x500 [ 2132.237119][ T756] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2132.243897][ T756] ? lock_downgrade+0x6e0/0x6e0 [ 2132.248793][ T756] alloc_pages+0x1a7/0x300 [ 2132.253216][ T756] __page_cache_alloc+0x303/0x3a0 [ 2132.258255][ T756] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2132.264265][ T756] page_cache_ra_unbounded+0x363/0x950 [ 2132.269746][ T756] ? read_pages+0x8d0/0x8d0 [ 2132.274263][ T756] ? lock_downgrade+0x6e0/0x6e0 [ 2132.279124][ T756] ? __lock_acquire+0xbc2/0x54a0 [ 2132.284075][ T756] ondemand_readahead+0x61e/0x11d0 [ 2132.289215][ T756] page_cache_sync_ra+0x1cb/0x200 [ 2132.294268][ T756] filemap_get_pages+0x2a6/0x1870 [ 2132.299320][ T756] ? is_bpf_text_address+0x77/0x170 [ 2132.304526][ T756] ? __lock_page_async+0x4d0/0x4d0 [ 2132.309673][ T756] filemap_read+0x2ca/0xe50 [ 2132.314182][ T756] ? __kernel_text_address+0x9/0x30 [ 2132.319405][ T756] ? filemap_get_pages+0x1870/0x1870 [ 2132.324704][ T756] ? apparmor_path_mkdir+0x440/0x720 [ 2132.330009][ T756] ? lock_downgrade+0x6e0/0x6e0 [ 2132.334882][ T756] generic_file_read_iter+0x397/0x4f0 [ 2132.340263][ T756] ? ___slab_alloc+0xcb5/0x1050 [ 2132.345130][ T756] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2132.351377][ T756] ? __fsnotify_parent+0x488/0x9d0 [ 2132.356498][ T756] blkdev_read_iter+0x127/0x1c0 [ 2132.361370][ T756] generic_file_splice_read+0x453/0x6d0 [ 2132.366953][ T756] ? do_splice_direct+0x280/0x280 [ 2132.371991][ T756] ? security_file_permission+0xab/0xd0 [ 2132.377547][ T756] ? do_splice_direct+0x280/0x280 [ 2132.382581][ T756] do_splice_to+0x1bf/0x250 [ 2132.387096][ T756] splice_direct_to_actor+0x2c2/0x8c0 [ 2132.392475][ T756] ? generic_file_splice_read+0x6d0/0x6d0 [ 2132.398224][ T756] ? do_splice_to+0x250/0x250 [ 2132.402912][ T756] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2132.409160][ T756] ? security_file_permission+0xab/0xd0 [ 2132.414723][ T756] do_splice_direct+0x1b3/0x280 [ 2132.419587][ T756] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2132.425149][ T756] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2132.431396][ T756] ? security_file_permission+0xab/0xd0 [ 2132.436968][ T756] do_sendfile+0xae9/0x1240 [ 2132.441489][ T756] ? do_pwritev+0x270/0x270 [ 2132.445995][ T756] ? __context_tracking_exit+0xb8/0xe0 [ 2132.451462][ T756] ? lock_downgrade+0x6e0/0x6e0 [ 2132.456321][ T756] ? lock_downgrade+0x6e0/0x6e0 [ 2132.461194][ T756] __x64_sys_sendfile64+0x1cc/0x210 [ 2132.466404][ T756] ? __ia32_sys_sendfile+0x220/0x220 [ 2132.471798][ T756] ? syscall_enter_from_user_mode+0x21/0x70 [ 2132.477705][ T756] do_syscall_64+0x35/0xb0 [ 2132.482125][ T756] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2132.488029][ T756] RIP: 0033:0x7f66c83a4a39 [ 2132.492460][ T756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2132.512245][ T756] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2132.520677][ T756] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2132.528754][ T756] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2132.536961][ T756] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2132.544937][ T756] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2132.552940][ T756] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2132.630936][ T756] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:21 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) 15:45:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6000000) 15:45:21 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r0, 0x3, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) dup3(r0, r1, 0x0) ioctl$KVM_CAP_MSR_PLATFORM_INFO(r0, 0x4068aea3, &(0x7f0000000080)={0x9f, 0x0, 0x1}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x2) [ 2133.464261][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2133.464325][ T551] Bluetooth: hci6: command 0xfc11 tx timeout [ 2133.614330][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) 15:45:21 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1000000f) ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f0000000080)={{}, 0x7, &(0x7f0000000000)=[0x6, 0xff, 0x8, 0x100, 0x1, 0x4, 0x9], 0x1, 0x5, [0x6, 0x5, 0xd2b]}) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$KDADDIO(r0, 0x4b34, 0x7) 15:45:21 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 21) 15:45:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7000000) 15:45:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8000000) 15:45:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) pwrite64(r0, &(0x7f0000000000)="028529f3ef2ff6317ed1bf521d9661ab6b72150a11cba9249df8203fb944f043bb73013576d9ea5e42b1b301e4d575bb4e3b8e20ea91effcc7", 0x39, 0x9) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:45:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0xb000000) [ 2133.761284][ T785] FAULT_INJECTION: forcing a failure. [ 2133.761284][ T785] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2133.826851][ T785] CPU: 0 PID: 785 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2133.835510][ T785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2133.845623][ T785] Call Trace: [ 2133.848920][ T785] dump_stack_lvl+0xcd/0x134 [ 2133.853544][ T785] should_fail.cold+0x5/0xa [ 2133.858078][ T785] prepare_alloc_pages+0x17b/0x580 [ 2133.863257][ T785] __alloc_pages+0x12f/0x500 [ 2133.867886][ T785] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2133.874698][ T785] ? lock_downgrade+0x6e0/0x6e0 [ 2133.879621][ T785] alloc_pages+0x1a7/0x300 [ 2133.884075][ T785] __page_cache_alloc+0x303/0x3a0 [ 2133.889119][ T785] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2133.895134][ T785] page_cache_ra_unbounded+0x363/0x950 [ 2133.900614][ T785] ? read_pages+0x8d0/0x8d0 [ 2133.905128][ T785] ? lock_downgrade+0x6e0/0x6e0 [ 2133.910084][ T785] ? __lock_acquire+0xbc2/0x54a0 [ 2133.915031][ T785] ondemand_readahead+0x61e/0x11d0 [ 2133.920248][ T785] page_cache_sync_ra+0x1cb/0x200 [ 2133.925301][ T785] filemap_get_pages+0x2a6/0x1870 [ 2133.930343][ T785] ? is_bpf_text_address+0x77/0x170 [ 2133.935562][ T785] ? __lock_page_async+0x4d0/0x4d0 [ 2133.940712][ T785] filemap_read+0x2ca/0xe50 [ 2133.945220][ T785] ? __kernel_text_address+0x9/0x30 [ 2133.950450][ T785] ? filemap_get_pages+0x1870/0x1870 [ 2133.955758][ T785] ? apparmor_path_mkdir+0x440/0x720 [ 2133.961161][ T785] ? lock_downgrade+0x6e0/0x6e0 [ 2133.966035][ T785] generic_file_read_iter+0x397/0x4f0 [ 2133.971427][ T785] ? ___slab_alloc+0xcb5/0x1050 [ 2133.976392][ T785] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2133.982642][ T785] ? __fsnotify_parent+0x488/0x9d0 [ 2133.987775][ T785] blkdev_read_iter+0x127/0x1c0 [ 2133.992662][ T785] generic_file_splice_read+0x453/0x6d0 [ 2133.998215][ T785] ? do_splice_direct+0x280/0x280 [ 2134.003255][ T785] ? security_file_permission+0xab/0xd0 [ 2134.008809][ T785] ? do_splice_direct+0x280/0x280 [ 2134.013839][ T785] do_splice_to+0x1bf/0x250 [ 2134.018359][ T785] splice_direct_to_actor+0x2c2/0x8c0 [ 2134.023736][ T785] ? generic_file_splice_read+0x6d0/0x6d0 [ 2134.029466][ T785] ? do_splice_to+0x250/0x250 [ 2134.034152][ T785] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2134.040401][ T785] ? security_file_permission+0xab/0xd0 [ 2134.045974][ T785] do_splice_direct+0x1b3/0x280 [ 2134.050828][ T785] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2134.056379][ T785] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2134.062625][ T785] ? security_file_permission+0xab/0xd0 [ 2134.068182][ T785] do_sendfile+0xae9/0x1240 [ 2134.072702][ T785] ? do_pwritev+0x270/0x270 [ 2134.077225][ T785] ? __context_tracking_exit+0xb8/0xe0 [ 2134.082704][ T785] ? lock_downgrade+0x6e0/0x6e0 [ 2134.087556][ T785] ? lock_downgrade+0x6e0/0x6e0 [ 2134.092425][ T785] __x64_sys_sendfile64+0x1cc/0x210 [ 2134.097648][ T785] ? __ia32_sys_sendfile+0x220/0x220 [ 2134.102952][ T785] ? syscall_enter_from_user_mode+0x21/0x70 [ 2134.108858][ T785] do_syscall_64+0x35/0xb0 [ 2134.113282][ T785] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2134.119185][ T785] RIP: 0033:0x7f66c83a4a39 [ 2134.123618][ T785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2134.143232][ T785] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2134.151679][ T785] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2134.159652][ T785] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2134.167623][ T785] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 15:45:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x1d) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r4, 0x3, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x34000, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) dup3(r3, r4, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x4) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) ioctl$KDADDIO(r6, 0x400455c8, 0x5) ftruncate(r0, 0x9) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) [ 2134.175594][ T785] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2134.183565][ T785] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2134.217822][ T785] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:22 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 22) [ 2134.372938][ T802] FAULT_INJECTION: forcing a failure. [ 2134.372938][ T802] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2134.387978][ T802] CPU: 0 PID: 802 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2134.396612][ T802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2134.406690][ T802] Call Trace: [ 2134.409997][ T802] dump_stack_lvl+0xcd/0x134 [ 2134.414610][ T802] should_fail.cold+0x5/0xa [ 2134.419259][ T802] prepare_alloc_pages+0x17b/0x580 [ 2134.424470][ T802] __alloc_pages+0x12f/0x500 [ 2134.429106][ T802] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2134.435950][ T802] ? lock_downgrade+0x6e0/0x6e0 [ 2134.440842][ T802] alloc_pages+0x1a7/0x300 [ 2134.445272][ T802] __page_cache_alloc+0x303/0x3a0 [ 2134.450313][ T802] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2134.456435][ T802] page_cache_ra_unbounded+0x363/0x950 [ 2134.461916][ T802] ? read_pages+0x8d0/0x8d0 [ 2134.466465][ T802] ? lock_downgrade+0x6e0/0x6e0 [ 2134.471356][ T802] ? __lock_acquire+0xbc2/0x54a0 [ 2134.476306][ T802] ondemand_readahead+0x61e/0x11d0 [ 2134.481426][ T802] page_cache_sync_ra+0x1cb/0x200 [ 2134.486482][ T802] filemap_get_pages+0x2a6/0x1870 [ 2134.491531][ T802] ? is_bpf_text_address+0x77/0x170 [ 2134.496740][ T802] ? __lock_page_async+0x4d0/0x4d0 [ 2134.501864][ T802] filemap_read+0x2ca/0xe50 [ 2134.506368][ T802] ? __kernel_text_address+0x9/0x30 [ 2134.511592][ T802] ? filemap_get_pages+0x1870/0x1870 [ 2134.516902][ T802] ? apparmor_path_mkdir+0x440/0x720 [ 2134.522198][ T802] ? lock_downgrade+0x6e0/0x6e0 [ 2134.527092][ T802] generic_file_read_iter+0x397/0x4f0 [ 2134.532500][ T802] ? ___slab_alloc+0xcb5/0x1050 [ 2134.537346][ T802] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2134.543596][ T802] ? __fsnotify_parent+0x488/0x9d0 [ 2134.548737][ T802] blkdev_read_iter+0x127/0x1c0 [ 2134.553614][ T802] generic_file_splice_read+0x453/0x6d0 [ 2134.559159][ T802] ? do_splice_direct+0x280/0x280 [ 2134.564202][ T802] ? security_file_permission+0xab/0xd0 [ 2134.569773][ T802] ? do_splice_direct+0x280/0x280 [ 2134.574825][ T802] do_splice_to+0x1bf/0x250 [ 2134.579361][ T802] splice_direct_to_actor+0x2c2/0x8c0 [ 2134.584746][ T802] ? generic_file_splice_read+0x6d0/0x6d0 [ 2134.590535][ T802] ? do_splice_to+0x250/0x250 [ 2134.595237][ T802] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2134.601637][ T802] ? security_file_permission+0xab/0xd0 [ 2134.607207][ T802] do_splice_direct+0x1b3/0x280 [ 2134.612189][ T802] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2134.617764][ T802] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2134.624103][ T802] ? security_file_permission+0xab/0xd0 [ 2134.629676][ T802] do_sendfile+0xae9/0x1240 [ 2134.634214][ T802] ? do_pwritev+0x270/0x270 [ 2134.638764][ T802] ? __context_tracking_exit+0xb8/0xe0 [ 2134.644227][ T802] ? lock_downgrade+0x6e0/0x6e0 [ 2134.649101][ T802] ? lock_downgrade+0x6e0/0x6e0 [ 2134.653976][ T802] __x64_sys_sendfile64+0x1cc/0x210 [ 2134.659196][ T802] ? __ia32_sys_sendfile+0x220/0x220 [ 2134.664487][ T802] ? syscall_enter_from_user_mode+0x21/0x70 [ 2134.670413][ T802] do_syscall_64+0x35/0xb0 [ 2134.674847][ T802] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2134.680760][ T802] RIP: 0033:0x7f66c83a4a39 [ 2134.685175][ T802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2134.704804][ T802] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2134.713236][ T802] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2134.721202][ T802] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2134.729176][ T802] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2134.737334][ T802] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2134.745307][ T802] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2134.758410][ T551] Bluetooth: hci8: command 0xfc11 tx timeout [ 2134.764643][ T8903] Bluetooth: hci8: Entering manufacturer mode failed (-110) 15:45:23 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x20200, 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) fcntl$setown(r0, 0x8, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x6) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2134.793355][ T802] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2135.614068][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2135.623461][T13261] Bluetooth: hci6: command tx timeout [ 2137.693727][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2137.702717][T13261] Bluetooth: hci6: command tx timeout 15:45:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x40543861fc1cd70d, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f0000000180)={0x1f, "f47068acb19fdb87c25bea058a34de65f59e09ac806a76926bc9506a3376823da695a9ac9972c9042354e9aedbcad0dee495420f053bd176d3b80057a72604c238a7045b141f5634b14d5f28d938ce4c2716233ffb3b3fc177cf10e7b0fee9bd3f7451b8c8113bf35bc9855964a7d1d4af7dea36a6caf76f0bc949519554dd33041fe0b493318c45bdb7d30e90fd006d0134c8ec045fe7c13c11e29e90c5dba56436e035bf8ab9f921123ba9ced7d8210e0730d2e6712aa5d8b606f512e06dd404d0f955774c23f2a3e8448c83426f8b15168faedfd1fe0f327549331487cca06ce71a23db7fd7d8cdf4aa3fd095a10acf1e98368c6213c5f9aa795cfe3094ea97bd52dc3441a38848a586a64e7437543b9def2d52e96efe92a0342817a1e5ff6996884e2f773b14a84d9a016d7886438416e422e354a7bd5b7cf6228e5c75bcef5c823078b252aaab279ecb945cac4d7bacf11542ee0ce5420df515c1aea2bf6af01603afc54c2507d07ac5a2d55c729925e95b20a7a31bb7c2912257b0258cde40c27b65d32b45ce00b2d1c35bc97a99f732acbbcc1f76cf5e48d59d3df4effd9c351b7cddaf88c99dfc3ce254a1ab35439a460319622845b9ebcdcf61134c831b4e10a0d4ec54d14690c8deff33c2dad7a0404003b5cab4cbb66ae3ebe406c4c92fd7867c27455e0bcdceaed2f2eb3f511749b400e6cf8659becb7b1da968"}) 15:45:25 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x10000000) 15:45:25 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:45:25 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 23) 15:45:25 executing program 3: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xffffffffffffffff}}, './file0\x00'}) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r0, 0x3ff, 0x15}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xc) ioctl$KDADDIO(r1, 0x400455c8, 0x9) 15:45:25 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x20800, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) [ 2137.849641][ T826] FAULT_INJECTION: forcing a failure. [ 2137.849641][ T826] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2137.867149][ T826] CPU: 0 PID: 826 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2137.875813][ T826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2137.885891][ T826] Call Trace: [ 2137.889194][ T826] dump_stack_lvl+0xcd/0x134 [ 2137.893820][ T826] should_fail.cold+0x5/0xa [ 2137.898360][ T826] prepare_alloc_pages+0x17b/0x580 [ 2137.903520][ T826] __alloc_pages+0x12f/0x500 [ 2137.908181][ T826] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2137.914986][ T826] ? lock_downgrade+0x6e0/0x6e0 [ 2137.919900][ T826] alloc_pages+0x1a7/0x300 [ 2137.924359][ T826] __page_cache_alloc+0x303/0x3a0 [ 2137.929411][ T826] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2137.935474][ T826] page_cache_ra_unbounded+0x363/0x950 [ 2137.940990][ T826] ? read_pages+0x8d0/0x8d0 [ 2137.945557][ T826] ? lock_downgrade+0x6e0/0x6e0 [ 2137.950439][ T826] ? __lock_acquire+0xbc2/0x54a0 [ 2137.955419][ T826] ondemand_readahead+0x61e/0x11d0 [ 2137.960753][ T826] page_cache_sync_ra+0x1cb/0x200 [ 2137.965821][ T826] filemap_get_pages+0x2a6/0x1870 [ 2137.970892][ T826] ? is_bpf_text_address+0x77/0x170 [ 2137.976219][ T826] ? __lock_page_async+0x4d0/0x4d0 [ 2137.981393][ T826] filemap_read+0x2ca/0xe50 [ 2137.985948][ T826] ? __kernel_text_address+0x9/0x30 [ 2137.991198][ T826] ? filemap_get_pages+0x1870/0x1870 [ 2137.996516][ T826] ? apparmor_path_mkdir+0x440/0x720 [ 2138.001836][ T826] ? lock_downgrade+0x6e0/0x6e0 [ 2138.006747][ T826] generic_file_read_iter+0x397/0x4f0 [ 2138.012160][ T826] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2138.018436][ T826] ? __fsnotify_parent+0x488/0x9d0 [ 2138.023583][ T826] blkdev_read_iter+0x127/0x1c0 [ 2138.028480][ T826] generic_file_splice_read+0x453/0x6d0 [ 2138.034070][ T826] ? do_splice_direct+0x280/0x280 [ 2138.039144][ T826] ? security_file_permission+0xab/0xd0 [ 2138.044724][ T826] ? do_splice_direct+0x280/0x280 [ 2138.049784][ T826] do_splice_to+0x1bf/0x250 [ 2138.054320][ T826] splice_direct_to_actor+0x2c2/0x8c0 [ 2138.059732][ T826] ? generic_file_splice_read+0x6d0/0x6d0 [ 2138.065492][ T826] ? do_splice_to+0x250/0x250 [ 2138.070205][ T826] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2138.076483][ T826] ? security_file_permission+0xab/0xd0 [ 2138.082072][ T826] do_splice_direct+0x1b3/0x280 [ 2138.086957][ T826] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2138.092543][ T826] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2138.098817][ T826] ? security_file_permission+0xab/0xd0 [ 2138.104450][ T826] do_sendfile+0xae9/0x1240 [ 2138.109081][ T826] ? do_pwritev+0x270/0x270 [ 2138.113622][ T826] ? __context_tracking_exit+0xb8/0xe0 [ 2138.119275][ T826] ? lock_downgrade+0x6e0/0x6e0 [ 2138.124135][ T826] ? lock_downgrade+0x6e0/0x6e0 [ 2138.128994][ T826] __x64_sys_sendfile64+0x1cc/0x210 [ 2138.134201][ T826] ? __ia32_sys_sendfile+0x220/0x220 [ 2138.139509][ T826] ? syscall_enter_from_user_mode+0x21/0x70 [ 2138.145419][ T826] do_syscall_64+0x35/0xb0 [ 2138.149844][ T826] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2138.155747][ T826] RIP: 0033:0x7f66c83a4a39 [ 2138.160169][ T826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2138.179780][ T826] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2138.188223][ T826] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 15:45:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) syz_open_pts(r0, 0x80000) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f00000000c0)) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KDADDIO(r1, 0x400455c8, 0xfffffffffffffff7) 15:45:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x1f000000) [ 2138.196214][ T826] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2138.204187][ T826] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2138.212173][ T826] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2138.220145][ T826] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 15:45:26 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000002c0)={r1, 0x43}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000100)={r1, 0xf9f7}, 0x8) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) r4 = ioctl$TIOCGPTPEER(r3, 0x5441, 0x10f) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, r4, {0x1}}, './file0\x00'}) ioctl$TCSETS(r5, 0x5402, &(0x7f00000000c0)={0xffffffff, 0xcbf, 0x5, 0x4, 0x18, "d3e062c9407ce66946f51b894e17c6fa59aa38"}) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000000)={0xbaa, 0x800, 0x54, 0x1, 0x1b, "927b318324f62e7db276034787d9237fc141b3"}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, &(0x7f0000000200)=0x8) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000180)) 15:45:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) dup3(r1, r2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x2) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:45:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x20000000) [ 2138.420099][ T850] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2138.531829][ T826] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:26 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 24) 15:45:26 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3e000000) [ 2138.658775][ T867] FAULT_INJECTION: forcing a failure. [ 2138.658775][ T867] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2138.679787][ T867] CPU: 1 PID: 867 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2138.688442][ T867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2138.698521][ T867] Call Trace: [ 2138.701823][ T867] dump_stack_lvl+0xcd/0x134 15:45:26 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0x40405514, &(0x7f0000000080)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$BTRFS_IOC_QUOTA_CTL(r3, 0xc0109428, &(0x7f0000000080)={0x3, 0x81}) dup3(r1, r2, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0), 0xea040, 0x0) ioctl$TCFLSH(r0, 0x540b, 0x400000004) [ 2138.706488][ T867] should_fail.cold+0x5/0xa [ 2138.711033][ T867] prepare_alloc_pages+0x17b/0x580 [ 2138.716189][ T867] __alloc_pages+0x12f/0x500 [ 2138.720818][ T867] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2138.727719][ T867] ? lock_downgrade+0x6e0/0x6e0 [ 2138.732812][ T867] alloc_pages+0x1a7/0x300 [ 2138.737284][ T867] __page_cache_alloc+0x303/0x3a0 [ 2138.742351][ T867] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2138.748379][ T867] page_cache_ra_unbounded+0x363/0x950 [ 2138.753892][ T867] ? read_pages+0x8d0/0x8d0 [ 2138.758437][ T867] ? lock_downgrade+0x6e0/0x6e0 [ 2138.763380][ T867] ? __lock_acquire+0xbc2/0x54a0 [ 2138.768390][ T867] ondemand_readahead+0x61e/0x11d0 [ 2138.773550][ T867] page_cache_sync_ra+0x1cb/0x200 [ 2138.778619][ T867] filemap_get_pages+0x2a6/0x1870 [ 2138.783696][ T867] ? is_bpf_text_address+0x77/0x170 [ 2138.788933][ T867] ? __lock_page_async+0x4d0/0x4d0 [ 2138.794137][ T867] filemap_read+0x2ca/0xe50 [ 2138.798679][ T867] ? __kernel_text_address+0x9/0x30 [ 2138.803931][ T867] ? filemap_get_pages+0x1870/0x1870 [ 2138.809254][ T867] ? apparmor_path_mkdir+0x440/0x720 [ 2138.814580][ T867] ? lock_downgrade+0x6e0/0x6e0 [ 2138.819484][ T867] generic_file_read_iter+0x397/0x4f0 [ 2138.824896][ T867] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2138.831179][ T867] ? __fsnotify_parent+0x488/0x9d0 [ 2138.836336][ T867] blkdev_read_iter+0x127/0x1c0 [ 2138.841227][ T867] generic_file_splice_read+0x453/0x6d0 [ 2138.846812][ T867] ? do_splice_direct+0x280/0x280 [ 2138.851889][ T867] ? security_file_permission+0xab/0xd0 [ 2138.857476][ T867] ? do_splice_direct+0x280/0x280 [ 2138.862553][ T867] do_splice_to+0x1bf/0x250 [ 2138.867101][ T867] splice_direct_to_actor+0x2c2/0x8c0 [ 2138.872520][ T867] ? generic_file_splice_read+0x6d0/0x6d0 [ 2138.878285][ T867] ? do_splice_to+0x250/0x250 [ 2138.883092][ T867] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2138.889401][ T867] ? security_file_permission+0xab/0xd0 [ 2138.894992][ T867] do_splice_direct+0x1b3/0x280 [ 2138.899878][ T867] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2138.905481][ T867] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2138.911765][ T867] ? security_file_permission+0xab/0xd0 [ 2138.917352][ T867] do_sendfile+0xae9/0x1240 [ 2138.921906][ T867] ? do_pwritev+0x270/0x270 [ 2138.926448][ T867] ? __context_tracking_exit+0xb8/0xe0 [ 2138.931944][ T867] ? lock_downgrade+0x6e0/0x6e0 [ 2138.936842][ T867] ? lock_downgrade+0x6e0/0x6e0 [ 2138.941734][ T867] __x64_sys_sendfile64+0x1cc/0x210 [ 2138.946973][ T867] ? __ia32_sys_sendfile+0x220/0x220 [ 2138.952303][ T867] ? syscall_enter_from_user_mode+0x21/0x70 [ 2138.958243][ T867] do_syscall_64+0x35/0xb0 [ 2138.962695][ T867] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2138.968630][ T867] RIP: 0033:0x7f66c83a4a39 [ 2138.973074][ T867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2138.992712][ T867] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2139.001152][ T867] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2139.009154][ T867] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2139.017151][ T867] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2139.025146][ T867] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2139.033181][ T867] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2139.094839][ T867] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2139.863419][T11206] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2139.873693][T13261] Bluetooth: hci6: command tx timeout [ 2139.933572][ T8903] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2140.494253][ T9935] Bluetooth: hci8: Entering manufacturer mode failed (-110) [ 2140.503251][ T551] Bluetooth: hci8: command tx timeout 15:45:28 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x36046319b25807ff, 0x0, 0x0, {{}, {@val={0x8, 0x6}, @val={0xc}}}}, 0x28}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x6c, r1, 0xbc103bc5f0e885fd, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x44, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @random="a5e66d80acb3"}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x14, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x9}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x14, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0xbac}, @NL80211_BAND_6GHZ={0x8, 0x3, 0xba}]}]}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x2}]}, 0x6c}, 0x1, 0x0, 0x0, 0x26008050}, 0x8005) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x9) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 15:45:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3f000000) 15:45:28 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 25) [ 2140.704443][ T1129] FAULT_INJECTION: forcing a failure. [ 2140.704443][ T1129] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2140.752741][ T1129] CPU: 0 PID: 1129 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2140.761478][ T1129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2140.771559][ T1129] Call Trace: [ 2140.774893][ T1129] dump_stack_lvl+0xcd/0x134 [ 2140.779539][ T1129] should_fail.cold+0x5/0xa [ 2140.784053][ T1129] prepare_alloc_pages+0x17b/0x580 [ 2140.789182][ T1129] __alloc_pages+0x12f/0x500 [ 2140.793795][ T1129] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2140.800569][ T1129] ? lock_downgrade+0x6e0/0x6e0 [ 2140.805446][ T1129] alloc_pages+0x1a7/0x300 [ 2140.809873][ T1129] __page_cache_alloc+0x303/0x3a0 [ 2140.814900][ T1129] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2140.820896][ T1129] page_cache_ra_unbounded+0x363/0x950 [ 2140.826375][ T1129] ? read_pages+0x8d0/0x8d0 [ 2140.830891][ T1129] ? lock_downgrade+0x6e0/0x6e0 [ 2140.835752][ T1129] ? __lock_acquire+0xbc2/0x54a0 [ 2140.840703][ T1129] ondemand_readahead+0x61e/0x11d0 [ 2140.845838][ T1129] page_cache_sync_ra+0x1cb/0x200 [ 2140.850876][ T1129] filemap_get_pages+0x2a6/0x1870 [ 2140.855912][ T1129] ? is_bpf_text_address+0x77/0x170 [ 2140.861125][ T1129] ? __lock_page_async+0x4d0/0x4d0 [ 2140.866259][ T1129] filemap_read+0x2ca/0xe50 [ 2140.870779][ T1129] ? __kernel_text_address+0x9/0x30 [ 2140.876003][ T1129] ? filemap_get_pages+0x1870/0x1870 [ 2140.881292][ T1129] ? apparmor_path_mkdir+0x440/0x720 [ 2140.886585][ T1129] ? lock_downgrade+0x6e0/0x6e0 [ 2140.891458][ T1129] generic_file_read_iter+0x397/0x4f0 [ 2140.896837][ T1129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2140.903087][ T1129] ? __fsnotify_parent+0x488/0x9d0 [ 2140.908335][ T1129] blkdev_read_iter+0x127/0x1c0 [ 2140.913221][ T1129] generic_file_splice_read+0x453/0x6d0 [ 2140.918793][ T1129] ? do_splice_direct+0x280/0x280 [ 2140.923844][ T1129] ? security_file_permission+0xab/0xd0 [ 2140.929398][ T1129] ? do_splice_direct+0x280/0x280 [ 2140.934428][ T1129] do_splice_to+0x1bf/0x250 [ 2140.938936][ T1129] splice_direct_to_actor+0x2c2/0x8c0 [ 2140.944318][ T1129] ? generic_file_splice_read+0x6d0/0x6d0 [ 2140.950048][ T1129] ? do_splice_to+0x250/0x250 [ 2140.954727][ T1129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2140.960978][ T1129] ? security_file_permission+0xab/0xd0 [ 2140.966538][ T1129] do_splice_direct+0x1b3/0x280 [ 2140.971568][ T1129] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2140.977123][ T1129] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2140.983367][ T1129] ? security_file_permission+0xab/0xd0 [ 2140.988933][ T1129] do_sendfile+0xae9/0x1240 [ 2140.993449][ T1129] ? do_pwritev+0x270/0x270 [ 2140.997955][ T1129] ? __context_tracking_exit+0xb8/0xe0 [ 2141.003434][ T1129] ? lock_downgrade+0x6e0/0x6e0 [ 2141.008292][ T1129] ? lock_downgrade+0x6e0/0x6e0 [ 2141.013164][ T1129] __x64_sys_sendfile64+0x1cc/0x210 [ 2141.018373][ T1129] ? __ia32_sys_sendfile+0x220/0x220 [ 2141.023665][ T1129] ? syscall_enter_from_user_mode+0x21/0x70 [ 2141.029569][ T1129] do_syscall_64+0x35/0xb0 [ 2141.033989][ T1129] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2141.039907][ T1129] RIP: 0033:0x7f66c83a4a39 [ 2141.044329][ T1129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2141.063950][ T1129] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2141.072381][ T1129] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2141.080363][ T1129] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2141.088342][ T1129] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2141.096325][ T1129] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2141.104292][ T1129] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2141.147812][ T1148] debugfs: Directory 'hci8' with parent 'bluetooth' already present! [ 2141.178118][ T1129] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:30 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x4) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000006c0)=0x1a) lseek(r1, 0x3, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x1a) r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) ioctl$GIO_FONTX(r3, 0x4b6b, &(0x7f0000000680)={0x38, 0x9, &(0x7f0000000280)}) dup3(r1, r2, 0x0) ioctl$KDGETLED(r2, 0x4b31, &(0x7f0000000000)) r4 = accept4(r1, &(0x7f0000000180)=@rc, &(0x7f0000000100)=0x80, 0x80000) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000200)={0x0, 0x5}, 0x8) [ 2142.093126][ T8903] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2142.093137][T13261] Bluetooth: hci6: command 0xfc11 tx timeout 15:45:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x48000000) 15:45:30 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 26) [ 2142.208210][ T1194] FAULT_INJECTION: forcing a failure. [ 2142.208210][ T1194] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2142.239981][ T1194] CPU: 1 PID: 1194 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2142.248711][ T1194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2142.258787][ T1194] Call Trace: [ 2142.262070][ T1194] dump_stack_lvl+0xcd/0x134 [ 2142.266680][ T1194] should_fail.cold+0x5/0xa [ 2142.271192][ T1194] prepare_alloc_pages+0x17b/0x580 [ 2142.276331][ T1194] __alloc_pages+0x12f/0x500 [ 2142.280939][ T1194] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2142.287723][ T1194] ? lock_downgrade+0x6e0/0x6e0 [ 2142.292603][ T1194] alloc_pages+0x1a7/0x300 [ 2142.297028][ T1194] __page_cache_alloc+0x303/0x3a0 [ 2142.302060][ T1194] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2142.308053][ T1194] page_cache_ra_unbounded+0x363/0x950 [ 2142.313530][ T1194] ? read_pages+0x8d0/0x8d0 [ 2142.318039][ T1194] ? lock_downgrade+0x6e0/0x6e0 [ 2142.322908][ T1194] ? __lock_acquire+0xbc2/0x54a0 [ 2142.327865][ T1194] ondemand_readahead+0x61e/0x11d0 [ 2142.333013][ T1194] page_cache_sync_ra+0x1cb/0x200 [ 2142.338050][ T1194] filemap_get_pages+0x2a6/0x1870 [ 2142.343088][ T1194] ? is_bpf_text_address+0x77/0x170 [ 2142.348308][ T1194] ? __lock_page_async+0x4d0/0x4d0 [ 2142.353437][ T1194] filemap_read+0x2ca/0xe50 [ 2142.357967][ T1194] ? __kernel_text_address+0x9/0x30 [ 2142.363183][ T1194] ? filemap_get_pages+0x1870/0x1870 [ 2142.368469][ T1194] ? apparmor_path_mkdir+0x440/0x720 [ 2142.373784][ T1194] ? lock_downgrade+0x6e0/0x6e0 [ 2142.378669][ T1194] generic_file_read_iter+0x397/0x4f0 [ 2142.384133][ T1194] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2142.390393][ T1194] ? __fsnotify_parent+0x488/0x9d0 [ 2142.395779][ T1194] blkdev_read_iter+0x127/0x1c0 [ 2142.400648][ T1194] generic_file_splice_read+0x453/0x6d0 [ 2142.406219][ T1194] ? do_splice_direct+0x280/0x280 [ 2142.411257][ T1194] ? security_file_permission+0xab/0xd0 [ 2142.416825][ T1194] ? do_splice_direct+0x280/0x280 [ 2142.421856][ T1194] do_splice_to+0x1bf/0x250 [ 2142.426367][ T1194] splice_direct_to_actor+0x2c2/0x8c0 [ 2142.431746][ T1194] ? generic_file_splice_read+0x6d0/0x6d0 [ 2142.437474][ T1194] ? do_splice_to+0x250/0x250 [ 2142.442160][ T1194] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2142.448411][ T1194] ? security_file_permission+0xab/0xd0 [ 2142.453986][ T1194] do_splice_direct+0x1b3/0x280 [ 2142.458856][ T1194] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2142.464409][ T1194] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2142.470656][ T1194] ? security_file_permission+0xab/0xd0 [ 2142.476224][ T1194] do_sendfile+0xae9/0x1240 [ 2142.480746][ T1194] ? do_pwritev+0x270/0x270 [ 2142.485284][ T1194] ? __context_tracking_exit+0xb8/0xe0 [ 2142.490752][ T1194] ? lock_downgrade+0x6e0/0x6e0 [ 2142.495607][ T1194] ? lock_downgrade+0x6e0/0x6e0 [ 2142.500469][ T1194] __x64_sys_sendfile64+0x1cc/0x210 [ 2142.505681][ T1194] ? __ia32_sys_sendfile+0x220/0x220 [ 2142.510989][ T1194] ? syscall_enter_from_user_mode+0x21/0x70 [ 2142.516978][ T1194] do_syscall_64+0x35/0xb0 [ 2142.521397][ T1194] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2142.527297][ T1194] RIP: 0033:0x7f66c83a4a39 [ 2142.531716][ T1194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2142.551427][ T1194] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2142.559855][ T1194] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2142.567836][ T1194] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2142.575815][ T1194] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2142.583810][ T1194] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2142.591782][ T1194] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2142.643534][ T1194] vcan0: tx drop: invalid da for name 0x0000000000000003 15:45:30 executing program 3: r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x8300, 0x104) mmap$dsp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000008, 0x10010, r0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) r2 = syz_open_dev$sndctrl(&(0x7f00000004c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0x40405514, &(0x7f0000000080)={{0xffffffff, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) fsetxattr$security_ima(r2, &(0x7f0000000080), &(0x7f00000000c0)=@sha1={0x1, "c64453a1487fd99d7c9e7b0d451aa3398d726e15"}, 0x15, 0x1) ioctl$KDADDIO(r1, 0x400455c8, 0xb) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r2, 0x40405514, &(0x7f00000001c0)={0x2, 0x1, 0xd3e9, 0x5f20, 'syz1\x00', 0x3}) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000240)={0x7fffffff, 0x273, 0x0, 0x9, 0x0, "c06720f1291189440eab9e2222c7a288b4163e"}) ioctl$INCFS_IOC_PERMIT_FILL(r2, 0x40046721, &(0x7f0000000200)={r1}) 15:45:30 executing program 2: setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x6, 0x1, 0x3, 0x8, 0xfffe, 0x54}, 0x20) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xffff) ioctl$TCFLSH(r0, 0x540b, 0x1) ioctl$KDADDIO(r0, 0x400455c8, 0x2) 15:45:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4c000000) 15:45:30 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 27) [ 2142.733047][ T9935] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 2142.830402][ T1206] FAULT_INJECTION: forcing a failure. [ 2142.830402][ T1206] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2142.858031][ T1206] CPU: 1 PID: 1206 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2142.866770][ T1206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2142.876847][ T1206] Call Trace: [ 2142.880149][ T1206] dump_stack_lvl+0xcd/0x134 [ 2142.884782][ T1206] should_fail.cold+0x5/0xa [ 2142.889319][ T1206] prepare_alloc_pages+0x17b/0x580 [ 2142.894472][ T1206] __alloc_pages+0x12f/0x500 [ 2142.899105][ T1206] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2142.905908][ T1206] ? lock_downgrade+0x6e0/0x6e0 [ 2142.910826][ T1206] alloc_pages+0x1a7/0x300 [ 2142.915279][ T1206] __page_cache_alloc+0x303/0x3a0 [ 2142.920327][ T1206] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2142.926385][ T1206] page_cache_ra_unbounded+0x363/0x950 [ 2142.931865][ T1206] ? read_pages+0x8d0/0x8d0 [ 2142.936370][ T1206] ? lock_downgrade+0x6e0/0x6e0 [ 2142.941218][ T1206] ? __lock_acquire+0xbc2/0x54a0 [ 2142.946173][ T1206] ondemand_readahead+0x61e/0x11d0 [ 2142.951368][ T1206] page_cache_sync_ra+0x1cb/0x200 [ 2142.956393][ T1206] filemap_get_pages+0x2a6/0x1870 [ 2142.961438][ T1206] ? is_bpf_text_address+0x77/0x170 [ 2142.966680][ T1206] ? __lock_page_async+0x4d0/0x4d0 [ 2142.971858][ T1206] filemap_read+0x2ca/0xe50 [ 2142.976363][ T1206] ? __kernel_text_address+0x9/0x30 [ 2142.981570][ T1206] ? filemap_get_pages+0x1870/0x1870 [ 2142.986867][ T1206] ? apparmor_path_mkdir+0x440/0x720 [ 2142.992190][ T1206] ? lock_downgrade+0x6e0/0x6e0 [ 2142.997060][ T1206] generic_file_read_iter+0x397/0x4f0 [ 2143.003095][ T1206] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2143.009339][ T1206] ? __fsnotify_parent+0x488/0x9d0 [ 2143.014502][ T1206] blkdev_read_iter+0x127/0x1c0 [ 2143.019350][ T1206] generic_file_splice_read+0x453/0x6d0 [ 2143.024970][ T1206] ? do_splice_direct+0x280/0x280 [ 2143.029998][ T1206] ? security_file_permission+0xab/0xd0 [ 2143.035573][ T1206] ? do_splice_direct+0x280/0x280 [ 2143.040594][ T1206] do_splice_to+0x1bf/0x250 [ 2143.045095][ T1206] splice_direct_to_actor+0x2c2/0x8c0 [ 2143.050477][ T1206] ? generic_file_splice_read+0x6d0/0x6d0 [ 2143.056211][ T1206] ? do_splice_to+0x250/0x250 [ 2143.060898][ T1206] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2143.067144][ T1206] ? security_file_permission+0xab/0xd0 [ 2143.072692][ T1206] do_splice_direct+0x1b3/0x280 [ 2143.077548][ T1206] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2143.083169][ T1206] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2143.089407][ T1206] ? security_file_permission+0xab/0xd0 [ 2143.094959][ T1206] do_sendfile+0xae9/0x1240 [ 2143.099473][ T1206] ? do_pwritev+0x270/0x270 [ 2143.103988][ T1206] ? __context_tracking_exit+0xb8/0xe0 [ 2143.109461][ T1206] ? lock_downgrade+0x6e0/0x6e0 [ 2143.114324][ T1206] ? lock_downgrade+0x6e0/0x6e0 [ 2143.119171][ T1206] __x64_sys_sendfile64+0x1cc/0x210 [ 2143.124370][ T1206] ? __ia32_sys_sendfile+0x220/0x220 [ 2143.129688][ T1206] ? syscall_enter_from_user_mode+0x21/0x70 [ 2143.135578][ T1206] do_syscall_64+0x35/0xb0 [ 2143.140001][ T1206] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2143.145891][ T1206] RIP: 0033:0x7f66c83a4a39 [ 2143.150314][ T1206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2143.169925][ T1206] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 15:45:31 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x68000000) 15:45:31 executing program 3: r0 = getuid() r1 = dup(0xffffffffffffffff) pwritev(r1, &(0x7f0000000940)=[{&(0x7f0000000640)="8afa3598446bf1abd01c17ae815f70b830e02fa98f92013cbbc19407229df2dc8dc1109440a62e394e7159c5b5f182d6726381a04100ee42ea3104c9fdc76d3364c867d20745311e3df5bd40a76a674393de13c3791a8e07ef4a17605f8cbf65d7a1b07979394b042b36058ee1baf5dd2ea7252e51bce7182dd69bd798861f11475a442c81e4b6266c3026ac12a5e56dfae3a6c2d7cc", 0x96}, {&(0x7f00000000c0)="53517665e0eccd7228727c1a48e2cd7d8c041a735f99a8106a656066cd9d856c066883ff63a47dd0063cda34a8", 0x2d}, {&(0x7f0000000700)="b6013db73e0da3c8d616329f90cfc293987f15d81ab2379417144e5f05dfbdfee6accd9b2b5a0638e32c7a6a094b80b303d97136f5e4ad898b9ac44a76945acacea295f21e268db7f604004e7129ec542896ab528b04adae97f97df5d13f02cfaec697e0ee9534d4bcb97276775549ae2ee2426c1dc428a52a8fe10c0e70e090a47621d7bcc10f4472b3bd18e56999008b3adc7f9c4b533d65734ce9e33c11b40d5309a812ed2c46518f555ec123fc1ce6b428a25a4d5aa00c88d68a6fe86a9672b28aca52c0440e21c9", 0xca}, {&(0x7f0000000300)="42f6b2cb31fc3d48cbda3decf3b6157d5c7aaa2226229bf0a8209f703a2e7796d4b01fef4328320f01211b24b015faa1834443e2debe1b829e46e2c393ee3c887a9043de3fbfa4f12ad31988a369a6e7b2c33a92bb44ea1c9a4224934cdcf10a2f9eb89135d508b75aaa13ab", 0x6c}, {&(0x7f0000000800)="16d1e2aee0045b28a2d7f90a7e8df545ce19b10d12b8aefd4a56f45d85e2f99f032a09bf0990e04823c86acd3b7d180a292d7c41fa3b3868383f495d8e395d2a1c28b8478ff0eb822da34f5f448f8247642743c8ca9f80a3ad524b0a790af72809913ab61739bc3cf0547b336d0f03dfeb1ff7d3491476a69aee7aee57e6cffc8dfb726d75ac6a192430c0be21adc9d678b1d29c9a3cb0523785240d76f4d1af0b8b7fec700cd966a48b5fb851b06cd1a4854bc4c28385ae5b5580c14fe9b468c29bffe6257e25e2", 0xc8}, {&(0x7f0000000100)="c9405301d1e1b9b11adeba77453a93e5a027ef14d2f3aee7c0698b52648a5e25b7c04b7b369c9bdf178b092125d6ea0c", 0x30}, {&(0x7f0000000900)="6724d4d7ad2bbdaba934a15f6a1479", 0xf}], 0x7, 0xffff, 0x81) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, 0x0) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10000, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@default_permissions}, {@blksize}, {@default_permissions}], [{@fsname={'fsname', 0x3d, 'prodM\xb0\xea\a\x84c\xaen/\xce\x17\xbb\xa61fode\xd0\x00\x00\x82\x97\x8at\xa24>X@0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 28) 15:45:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6c000000) 15:45:34 executing program 2: sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000002800)={&(0x7f0000002740)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000027c0)={&(0x7f0000002780)={0x38, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xfff, 0x3c}}}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x249}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x101}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x10) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8}}, './file0\x00'}) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000080)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x2) clone3(&(0x7f0000000400)={0x10001000, &(0x7f0000000100), &(0x7f0000000180)=0x0, &(0x7f00000001c0), {0x33}, &(0x7f0000000200)=""/165, 0xa5, &(0x7f00000002c0)=""/244, &(0x7f00000003c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x5, {r0}}, 0x58) r3 = dup(0xffffffffffffffff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, 0x0) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10000, &(0x7f0000000380)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@default_permissions}, {@blksize}, {@default_permissions}], [{@fsname={'fsname', 0x3d, 'prodM\xb0\xea\a\x84c\xaen/\xce\x17\xbb\xa61fode\xd0\x00\x00\x82\x97\x8at\xa24>X@0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000480)={"966babf8fa931306d3c37a969f132746", 0x0, r2, {}, {0x7f, 0x4}, 0x2, [0x5, 0x205, 0x10000000, 0x7, 0x0, 0x2, 0x0, 0xffff, 0x2, 0xfffffffffffffffb, 0x100000000001, 0xfffffffffffffffe, 0x0, 0x18000, 0x4a, 0xffff]}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r3) r4 = perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r3, 0x84009422, &(0x7f0000001d80)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000000c0)={r5, 0x1f, 0x3}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000940)={{}, 0x0, 0x0, @inherit={0x78, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000060000000000000065000000000000000900000000000000200000000000000005000000000000000008000000000000070000000000000000000000010000007c00000000000000fd820000000000000600000000000000bbaf00000000000007002000000000000800000000000000"]}, @devid=r5}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000000180)={{r0}, r2, 0x10, @inherit={0x60, &(0x7f0000000080)={0x0, 0x3, 0xc1db, 0x9, {0x24, 0x0, 0x7ff, 0x2, 0x4}, [0x9bf, 0x8, 0x4]}}, @devid=r5}) [ 2145.949625][ T1249] FAULT_INJECTION: forcing a failure. [ 2145.949625][ T1249] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2145.980487][ T158] Bluetooth: hci7: Frame reassembly failed (-84) [ 2145.991974][ T1249] CPU: 1 PID: 1249 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2146.000794][ T1249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2146.010885][ T1249] Call Trace: [ 2146.014177][ T1249] dump_stack_lvl+0xcd/0x134 [ 2146.018778][ T1249] should_fail.cold+0x5/0xa [ 2146.023285][ T1249] prepare_alloc_pages+0x17b/0x580 [ 2146.028409][ T1249] __alloc_pages+0x12f/0x500 [ 2146.033006][ T1249] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2146.039792][ T1249] ? lock_downgrade+0x6e0/0x6e0 [ 2146.044684][ T1249] alloc_pages+0x1a7/0x300 [ 2146.049130][ T1249] __page_cache_alloc+0x303/0x3a0 [ 2146.054187][ T1249] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2146.060194][ T1249] page_cache_ra_unbounded+0x363/0x950 [ 2146.065700][ T1249] ? read_pages+0x8d0/0x8d0 [ 2146.070214][ T1249] ? lock_downgrade+0x6e0/0x6e0 [ 2146.075077][ T1249] ? __lock_acquire+0xbc2/0x54a0 [ 2146.080027][ T1249] ondemand_readahead+0x61e/0x11d0 [ 2146.085155][ T1249] page_cache_sync_ra+0x1cb/0x200 [ 2146.090193][ T1249] filemap_get_pages+0x2a6/0x1870 [ 2146.095241][ T1249] ? is_bpf_text_address+0x77/0x170 [ 2146.100451][ T1249] ? __lock_page_async+0x4d0/0x4d0 [ 2146.105582][ T1249] filemap_read+0x2ca/0xe50 [ 2146.110092][ T1249] ? __kernel_text_address+0x9/0x30 [ 2146.115312][ T1249] ? filemap_get_pages+0x1870/0x1870 [ 2146.120602][ T1249] ? apparmor_path_mkdir+0x440/0x720 [ 2146.125894][ T1249] ? lock_downgrade+0x6e0/0x6e0 [ 2146.130770][ T1249] generic_file_read_iter+0x397/0x4f0 [ 2146.136149][ T1249] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2146.142403][ T1249] ? __fsnotify_parent+0x488/0x9d0 [ 2146.147540][ T1249] blkdev_read_iter+0x127/0x1c0 [ 2146.152406][ T1249] generic_file_splice_read+0x453/0x6d0 [ 2146.157976][ T1249] ? do_splice_direct+0x280/0x280 [ 2146.163032][ T1249] ? security_file_permission+0xab/0xd0 [ 2146.168787][ T1249] ? do_splice_direct+0x280/0x280 [ 2146.173817][ T1249] do_splice_to+0x1bf/0x250 [ 2146.178345][ T1249] splice_direct_to_actor+0x2c2/0x8c0 [ 2146.183726][ T1249] ? generic_file_splice_read+0x6d0/0x6d0 [ 2146.189470][ T1249] ? do_splice_to+0x250/0x250 [ 2146.194155][ T1249] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2146.200508][ T1249] ? security_file_permission+0xab/0xd0 [ 2146.206068][ T1249] do_splice_direct+0x1b3/0x280 [ 2146.210926][ T1249] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2146.216522][ T1249] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2146.222892][ T1249] ? security_file_permission+0xab/0xd0 [ 2146.228472][ T1249] do_sendfile+0xae9/0x1240 [ 2146.233001][ T1249] ? do_pwritev+0x270/0x270 [ 2146.237520][ T1249] ? __context_tracking_exit+0xb8/0xe0 [ 2146.242998][ T1249] ? lock_downgrade+0x6e0/0x6e0 [ 2146.247854][ T1249] ? lock_downgrade+0x6e0/0x6e0 [ 2146.252713][ T1249] __x64_sys_sendfile64+0x1cc/0x210 [ 2146.257918][ T1249] ? __ia32_sys_sendfile+0x220/0x220 [ 2146.263213][ T1249] ? syscall_enter_from_user_mode+0x21/0x70 [ 2146.269114][ T1249] do_syscall_64+0x35/0xb0 [ 2146.273544][ T1249] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2146.279462][ T1249] RIP: 0033:0x7f66c83a4a39 [ 2146.283878][ T1249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2146.303489][ T1249] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2146.311995][ T1249] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2146.319966][ T1249] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2146.327936][ T1249] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2146.335914][ T1249] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2146.343903][ T1249] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 15:45:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x74000000) [ 2146.375508][ T1249] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2146.445481][ T1260] debugfs: Directory 'hci8' with parent 'bluetooth' already present! 15:45:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0xc00, 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000080)={0x1, 0x1, 0x2, 0x3, 0x15, "be19a6dd812b8bb2"}) ioctl$KDADDIO(r0, 0x400455c8, 0x2) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r2, 0x3, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) lseek(r3, 0x3, 0x0) dup3(r2, r3, 0x0) ioctl$KDSIGACCEPT(r3, 0x4b4e, 0x3e) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 15:45:34 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket(0x18, 0x0, 0x0) close(r1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000480)={0x1d, r4}, 0x18) connect$can_j1939(r1, &(0x7f0000000000)={0x1d, r4, 0x3}, 0x18) sendfile(r1, r0, 0x0, 0x80005) (fail_nth: 29) [ 2146.556017][ T1267] fuse: Bad value for 'user_id' [ 2146.590624][ T1267] fuse: Bad value for 'rootmode' 15:45:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7a000000) [ 2146.659442][ T1273] FAULT_INJECTION: forcing a failure. [ 2146.659442][ T1273] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2146.686732][ T1273] CPU: 1 PID: 1273 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 [ 2146.695477][ T1273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2146.705556][ T1273] Call Trace: 15:45:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7acc0200) [ 2146.708859][ T1273] dump_stack_lvl+0xcd/0x134 [ 2146.713682][ T1273] should_fail.cold+0x5/0xa [ 2146.718210][ T1273] prepare_alloc_pages+0x17b/0x580 [ 2146.723371][ T1273] __alloc_pages+0x12f/0x500 [ 2146.728100][ T1273] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 2146.734902][ T1273] ? lock_downgrade+0x6e0/0x6e0 [ 2146.739986][ T1273] alloc_pages+0x1a7/0x300 [ 2146.744527][ T1273] __page_cache_alloc+0x303/0x3a0 [ 2146.749667][ T1273] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 2146.755763][ T1273] page_cache_ra_unbounded+0x363/0x950 [ 2146.761251][ T1273] ? read_pages+0x8d0/0x8d0 [ 2146.765765][ T1273] ? lock_downgrade+0x6e0/0x6e0 [ 2146.770630][ T1273] ? __lock_acquire+0xbc2/0x54a0 [ 2146.775583][ T1273] ondemand_readahead+0x61e/0x11d0 [ 2146.780823][ T1273] page_cache_sync_ra+0x1cb/0x200 [ 2146.785866][ T1273] filemap_get_pages+0x2a6/0x1870 [ 2146.790910][ T1273] ? is_bpf_text_address+0x77/0x170 [ 2146.796257][ T1273] ? __lock_page_async+0x4d0/0x4d0 [ 2146.801526][ T1273] filemap_read+0x2ca/0xe50 [ 2146.806057][ T1273] ? __kernel_text_address+0x9/0x30 [ 2146.811286][ T1273] ? filemap_get_pages+0x1870/0x1870 [ 2146.816575][ T1273] ? apparmor_path_mkdir+0x440/0x720 [ 2146.821882][ T1273] ? lock_downgrade+0x6e0/0x6e0 [ 2146.826844][ T1273] generic_file_read_iter+0x397/0x4f0 [ 2146.832224][ T1273] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2146.838474][ T1273] ? __fsnotify_parent+0x488/0x9d0 [ 2146.843613][ T1273] blkdev_read_iter+0x127/0x1c0 [ 2146.848476][ T1273] generic_file_splice_read+0x453/0x6d0 [ 2146.854032][ T1273] ? do_splice_direct+0x280/0x280 [ 2146.859096][ T1273] ? security_file_permission+0xab/0xd0 [ 2146.864660][ T1273] ? do_splice_direct+0x280/0x280 [ 2146.869709][ T1273] do_splice_to+0x1bf/0x250 [ 2146.874222][ T1273] splice_direct_to_actor+0x2c2/0x8c0 [ 2146.879601][ T1273] ? generic_file_splice_read+0x6d0/0x6d0 [ 2146.885356][ T1273] ? do_splice_to+0x250/0x250 [ 2146.890048][ T1273] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2146.896298][ T1273] ? security_file_permission+0xab/0xd0 [ 2146.901873][ T1273] do_splice_direct+0x1b3/0x280 [ 2146.906727][ T1273] ? splice_direct_to_actor+0x8c0/0x8c0 [ 2146.912281][ T1273] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 2146.918812][ T1273] ? security_file_permission+0xab/0xd0 [ 2146.924371][ T1273] do_sendfile+0xae9/0x1240 [ 2146.928887][ T1273] ? do_pwritev+0x270/0x270 [ 2146.933397][ T1273] ? __context_tracking_exit+0xb8/0xe0 [ 2146.938879][ T1273] ? lock_downgrade+0x6e0/0x6e0 [ 2146.943739][ T1273] ? lock_downgrade+0x6e0/0x6e0 [ 2146.948615][ T1273] __x64_sys_sendfile64+0x1cc/0x210 [ 2146.953824][ T1273] ? __ia32_sys_sendfile+0x220/0x220 [ 2146.959138][ T1273] ? syscall_enter_from_user_mode+0x21/0x70 [ 2146.965050][ T1273] do_syscall_64+0x35/0xb0 [ 2146.969470][ T1273] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2146.975373][ T1273] RIP: 0033:0x7f66c83a4a39 [ 2146.979793][ T1273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2146.999494][ T1273] RSP: 002b:00007f66c591a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2147.008171][ T1273] RAX: ffffffffffffffda RBX: 00007f66c84a7f60 RCX: 00007f66c83a4a39 [ 2147.016146][ T1273] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 2147.024126][ T1273] RBP: 00007f66c591a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2147.032117][ T1273] R10: 0000000000080005 R11: 0000000000000246 R12: 0000000000000002 [ 2147.040090][ T1273] R13: 00007f66c89dbb2f R14: 00007f66c591a300 R15: 0000000000022000 [ 2147.064810][ T148] Bluetooth: : Invalid header checksum [ 2147.070694][ T148] Bluetooth: : Invalid header checksum [ 2147.086873][ T148] ================================================================== [ 2147.095727][ T148] BUG: KASAN: null-ptr-deref in __pm_runtime_resume+0x154/0x180 [ 2147.103476][ T148] Write of size 4 at addr 0000000000000388 by task kworker/u4:2/148 [ 2147.112322][ T148] [ 2147.114908][ T148] CPU: 0 PID: 148 Comm: kworker/u4:2 Not tainted 5.15.0-rc6-syzkaller #0 [ 2147.123334][ T148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2147.133587][ T148] Workqueue: events_unbound flush_to_ldisc [ 2147.139403][ T148] Call Trace: [ 2147.142696][ T148] dump_stack_lvl+0xcd/0x134 [ 2147.147307][ T148] kasan_report.cold+0x66/0xdf [ 2147.152129][ T148] ? __pm_runtime_resume+0x154/0x180 [ 2147.157431][ T148] kasan_check_range+0x13d/0x180 [ 2147.162376][ T148] __pm_runtime_resume+0x154/0x180 [ 2147.167502][ T148] h5_recv+0x2c4/0x680 [ 2147.171604][ T148] ? h5_slip_one_byte+0x150/0x150 [ 2147.176661][ T148] hci_uart_tty_receive+0x24d/0x710 [ 2147.182145][ T148] ? hci_uart_send_frame+0x6c0/0x6c0 [ 2147.187460][ T148] tty_ldisc_receive_buf+0x14d/0x190 [ 2147.192773][ T148] tty_port_default_receive_buf+0x6e/0xa0 [ 2147.198594][ T148] flush_to_ldisc+0x20d/0x380 [ 2147.203289][ T148] process_one_work+0x9bf/0x16b0 [ 2147.208241][ T148] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 2147.213643][ T148] ? rwlock_bug.part.0+0x90/0x90 [ 2147.218584][ T148] ? _raw_spin_lock_irq+0x41/0x50 [ 2147.223621][ T148] worker_thread+0x658/0x11f0 [ 2147.228321][ T148] ? process_one_work+0x16b0/0x16b0 [ 2147.233521][ T148] kthread+0x3e5/0x4d0 [ 2147.237661][ T148] ? set_kthread_struct+0x130/0x130 [ 2147.242872][ T148] ret_from_fork+0x1f/0x30 [ 2147.247358][ T148] ================================================================== [ 2147.259559][ T148] Disabling lock debugging due to kernel taint [ 2147.269223][ T1273] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 2147.280693][ T148] Kernel panic - not syncing: panic_on_warn set ... [ 2147.287333][ T148] CPU: 1 PID: 148 Comm: kworker/u4:2 Tainted: G B 5.15.0-rc6-syzkaller #0 [ 2147.297312][ T148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2147.307458][ T148] Workqueue: events_unbound flush_to_ldisc [ 2147.313269][ T148] Call Trace: [ 2147.316557][ T148] dump_stack_lvl+0xcd/0x134 [ 2147.321176][ T148] panic+0x2b0/0x6dd [ 2147.325116][ T148] ? __warn_printk+0xf3/0xf3 [ 2147.329708][ T148] ? preempt_schedule_common+0x59/0xc0 [ 2147.335181][ T148] ? __pm_runtime_resume+0x154/0x180 [ 2147.340485][ T148] ? preempt_schedule_thunk+0x16/0x18 [ 2147.345861][ T148] ? trace_hardirqs_on+0x38/0x1c0 [ 2147.350918][ T148] ? trace_hardirqs_on+0x51/0x1c0 [ 2147.355944][ T148] ? __pm_runtime_resume+0x154/0x180 [ 2147.361590][ T148] ? __pm_runtime_resume+0x154/0x180 [ 2147.367318][ T148] end_report.cold+0x63/0x6f [ 2147.371905][ T148] kasan_report.cold+0x71/0xdf [ 2147.376680][ T148] ? __pm_runtime_resume+0x154/0x180 [ 2147.382057][ T148] kasan_check_range+0x13d/0x180 [ 2147.386996][ T148] __pm_runtime_resume+0x154/0x180 [ 2147.392109][ T148] h5_recv+0x2c4/0x680 [ 2147.396180][ T148] ? h5_slip_one_byte+0x150/0x150 [ 2147.401217][ T148] hci_uart_tty_receive+0x24d/0x710 [ 2147.406418][ T148] ? hci_uart_send_frame+0x6c0/0x6c0 [ 2147.411709][ T148] tty_ldisc_receive_buf+0x14d/0x190 [ 2147.416994][ T148] tty_port_default_receive_buf+0x6e/0xa0 [ 2147.422715][ T148] flush_to_ldisc+0x20d/0x380 [ 2147.427394][ T148] process_one_work+0x9bf/0x16b0 [ 2147.432333][ T148] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 2147.437700][ T148] ? rwlock_bug.part.0+0x90/0x90 [ 2147.442633][ T148] ? _raw_spin_lock_irq+0x41/0x50 [ 2147.447660][ T148] worker_thread+0x658/0x11f0 [ 2147.452336][ T148] ? process_one_work+0x16b0/0x16b0 [ 2147.457534][ T148] kthread+0x3e5/0x4d0 [ 2147.461603][ T148] ? set_kthread_struct+0x130/0x130 [ 2147.466802][ T148] ret_from_fork+0x1f/0x30 [ 2147.471497][ T148] Kernel Offset: disabled [ 2147.475844][ T148] Rebooting in 86400 seconds..